February 18, 2016 @ 6:00 pm – 9:30 pm
Nova Southeastern University - Carl DeSantis Building
Carl Desantis Bldg
Davie, FL 33314
Visit the SFISSA Website
05:30p – 06:00p Registration & Sign in
06:00p – 06:15p Chapter Announcements
06:15p – 07:00p Talk One
07:00p – 07:45p Talk Two
07:45p – 08:00p Chapter Recap
08:00p – 09:30p Networking / Appetizers / Beverages
Cybersecurity risks and controls around Cloud environments
Talk One Speaker:
Virtualization, and by extension Cloud Computing, have created amazing benefits for IT in the forms of increased agility and efficiency with a decrease in spending on physical infrastructure, power, & cooling. With these great operational benefits also comes a new concentration of risk by the addition of the Hypervisor and all of the corresponding tools for management and automation. During this discussion we will examine the typical IT journey towards Cloud Computing and map back how the existing security & compliance controls available in the industry today may or may not provide adequate compensating controls for that risk. Finally we will discuss the gaps in those control sets and how an IT organization can work to augment their existing controls to fill in the gaps and once again provide a secure and compliant IT infrastructure.
NIST-based Information Risk Management Essentials and Maturity
Talk Two Speaker:
Even with the dramatic increase in the number and severity of data breaches in all industries, including huge increases in healthcare organizations, too many organizations are still disengaged from holistic, mature information risk management. Many organizations are stuck in a tactical-technical-spot-welding loop when they should be moving to adoption of an industry-standard framework and a more strategic-business-architectural approach. Organizations must begin to mature their information risk management programs, and the use of a risk management maturity model can assist in that improvement, allowing an organization to have its methods and processes assessed according to management best practices, against a clear set of external benchmarks. In this session, we will cover the essentials of establishing, operationalizing and maturing an information risk management program using the NIST Security Process as a starting point.
KEY LEARNING OBJECTIVES FOR THE PRESENTATION:
1. Speak the “language of risk”
2. Describe the 4-Step NIST Information Risk Management Process
3. Access NIST and other resources to assist organizations in Information Risk Management
4. Explain the essential steps of establishing, operationalizing and maturing an information risk management program
Over the past 35 years, Bob has worked as an educator, an executive and an entrepreneur. He assists businesses in developing highly effective privacy, security, compliance and information risk strategies that are tightly linked with their business strategies and goals. Bob is no stranger to managing and protecting large amounts of data – his experience includes managing some of the world’s largest and most sensitive financial, HR, benefits and healthcare databases, requiring the most stringent levels of controls. Bob’s experience as an EVP & CIO and general manager in leading publicly-traded global organizations at GE, Johnson & Johnson and Healthways for 30+ years equips him to help leaders make informed decisions about information privacy and security investments. His business career spans many years of increasingly greater responsibility for all aspects of regulatory compliance and information security, with 25+ of those years covering the highly regulated healthcare industry. Mr. Chaput earned his undergraduate and graduate degrees in mathematics and two advanced post-graduate certificates from the Vanderbilt University School of Engineering. He holds numerous certifications in privacy, security, compliance and risk management.