Data Breaches: Defending Against and Responding To
Strategies to help your organization prepare for, defend against and respond to breaches.
December 4, 2019
7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded
Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois
It is not a matter of if, but when your organization will be breached. Against these threats, enterprises try to build higher and more secure walls around their data and networks. This seems to be a never-ending arms race, as even the most sophisticates systems may, before long, present weaknesses that malicious technology can overcome.
What You Will Learn
In this one day conference attendees will learn:
Conference Price: $289.00 per person
Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.
8:00am – 8:30am: Registration and Continental Breakfast
8:30am-9:15am: Aftermath of a Data Breach: Lessons Learned
Dr. Michael Chahino, Chief Information Officer, Elgin Community College, President of the Information Technology Commission at ICCCA (Illinois Council of Community College Administrators)
As data breaches continue to hammer organizations with devastating outcomes, monetary as well as reputation costs continue to rise year after year. And while Cybersecurity professionals are tasked with securing and enhancing the information security posture of their organizations, they could find themselves consumed with gathering forensic evidence, executing data recovery plans, gathering facts, containing the damages and dealing with the aftermath in case of a data breach. Having a tested and verified data breach recovery plan is becoming more crucial than ever.
This session explores lessons learned from the aftermath of experiencing the discovery of and recovery from a data breach and provides some recommendations to help organizations deal with disruptive cyber-attacks.
9:15am-10:00am: 2019 Data Breach Trends and Mitigation Controls
Michael Manske, Security Practice Lead, Managed Services, West Monroe Partners
Joseph Rogalski, Director National & Strategic Partners, eSentire Inc.
10:00am -10:30am: Refreshment Break
10:30am-11:15am: Is it an Incident or a Breach? How to Tell and Why it Matters
Trevor Bidle, Information Security and Compliance Officer, US Signal
How you determine whether it is an incident or a breach that may or may not involve the exposure of sensitive customer data will determine, among other things:
How you respond will determine can minimize the monetary, regulatory, and reputational damages and risks to you, your enterprise, and your customers.
11:15am-12:00pm: Security Incident Response Processes
Derek Milroy, Enterprise Security Architect, U.S. Cellular
In this session, Derek will discuss:
12:00pm – 12:45pm Luncheon
12:15pm – 12:35pm: Incident Response Challenges in a Global Arena
Phil Campeau, Global Systems Engineering Manager, WireX Systems
This session discusses incident response in 2020 and how to stay ahead of the alert game. This presentation is geared for any security practitioner but heavily focused on those that have lead, managed or had experience as/are Tier Three security operations analysts. Either outsourced managed services or in house leverage of a SIEM, it is critical to be efficient in handling incidents. These range from a standard consultant or employee leaving and a Human Resources request or a call from a government agency letting you know you were identified by a breach. The impact is especially focused on how you respond and something that takes practice as you prepare for the inevitable.
12:45pm – 1:30pm: Tool Sprawl – What It Is, and Why It Is Time For a New Approach to Cybersecurity
Ray Hicks, Founder & CEO, 5th Column
Despite the prolific expanse of new products and technologies, breach occurrence is on the rise. Record money each year is being poured into cybersecurity R&D, tools, and risk management. More money, more tools, more breaches, WHY? Tools and shoring up the defenses are not the answer so perhaps it’s time for a new approach to cybersecurity. Let’s explore a key problem facing security teams today, how to solve this problem, and a framework for improving the existing toolset(s) organizations have in place today.
1:30pm-2:15pm: Third Party Assessment Prioritization: “Vendor Tiering and Due Diligence Levels”
Chris Goettl, Director of Product Management, Ivanti
How do you balance limited resources with assuring 3rd party provider security?
2:15pm – 2:45pm: Refreshment Break
2:45pm – 3:30pm: THE ZERO TRUST FRAMEWORK: What the heck is it, and why is it important to me?
Matt Johnson, Systems Engineer, Illumio
In this session, you will learn about the Zero Trust framework, how it pertains to your infosec environment, provides some methodology, and gives you a teaser of the Forrester Zero Trust Wave from October 2019.
3:30pm-4:15pm: What Public Data Breaches Can Teach Us About Protecting Mainframe Applications
Barbara Ballard, Sr. Product Manager, Micro Focus
When it comes to delivering access to mainframe applications, organizations are faced with new and ever-evolving challenges. These challenges include access control (authentication and authorization), data privacy, endpoint management, and regulatory compliance audits.
And, even though organizations address these challenges at the enterprise level, the mainframe is often forgotten. This happens because (1) mainframe systems are viewed as secure because they are running in a private network, isolated from the public environment, and (2) security organizations do not often know how to extend enterprise security controls to the mainframe.
This session will provide valuable insights and lessons learned from past data breaches as well ways organizations can deliver reliable access to mainframe applications while meeting security, privacy, and regulatory demands.
4:15pm-5:00pm: Breaches & Ransomware: How to Handle, How to Respond (Panel Discussion)
Grant Garnett, RSM, Tanium
James Mountain, CISO, Palmer College of Chiropractic
Dave Gochenaur, Sr. Director, CyberSecurity, Ensono
Keith Conlee, CSO, IT, College of DuPage
Umesh K. Tiwari, Enterprise Security Architect and Sr. PCI Security Compliance Consultant, US Bank
Arlene Yetnikoff, Director of Information Security, DePaul University
and other enterprise IT CISOs sharing experiences and lessons learned
Mountain Gochenaur Conlee Tiwari Yetnikoff
As is always the case at CAMP IT Conferences events, the talks will not include product presentations. During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.