Hi [[ session.user.profile.firstName ]]

Department of Labor’s Guidance on Cybersecurity Best Practices ​

Today’s talk will dive into the guidance released in April 2021 from the DOL related to Employee Benefit Plans and the responsibilities of plan fiduciaries.​
Live online Oct 29 4:00 pm UTC
or after on demand 60 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Candace Jackson, CPA​ Partner and Practice Leader​ & Jon Powell, CPA, CITP, CISA​ Partner and Cybersecurity Practice Leader​
Presentation preview: Department of Labor’s Guidance on Cybersecurity Best Practices ​

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Bringing AI into Vaccine Safety & Saving Lives Nov 19 2021 5:00 pm UTC 60 mins
    Dr. Dharani Munirathinam, Chief Scientific Officer
    3Analytics has developed a platform that aggregates AE data sets from multiple sources (FDA, EMA, Epidemiology, Twitter etc.) and also leverages its own mobile app for data collection. The platform includes AI algorithms and a communication module as well (for periodic follow-ups with patients & alerts to all stakeholders). The main objective is to enable real time safety monitoring, mitigate AE risks and allay safety concerns.
  • Discussion on GRC Trends Nov 12 2021 4:00 pm UTC 60 mins
    Christian Hyatt | David Muxfeld | Ben Sady | Kevin Carlson | Mosi Platt | Jewel Hefner
    Join this panel discussion wrapping up the ISACA Atlanta Chapter GRC Conference 2021.

    Christian Hyatt, Managing Director & Co-Founder, risk3sixty
    David Muxfeld, Director of IT GRC, www.davidmuxfeld.com
    Ben Sady, Principal, Dixon Hughes Goodman LLP
    Kevin Carlson, Partner | CTO, TechCXO
    Mosi Platt, Security Partner for Governance, Risk, Compliance & Assurance, Netflix
    Jewel Hefner, Manager, Cloud Compliance & Risk Management, Citrix
  • Cybersecurity Risk Trends Nov 12 2021 3:00 pm UTC 60 mins
    Jesse Magenheimer, Vice President & Chief Information Security Officer, State Farm
    Major trends discussed will include ransomware, phishing and email tactics of bad actors. Common tactics, measures and recommended practices will be included.
  • IT Compliance Hot Topics Nov 12 2021 2:00 pm UTC 60 mins
    Ben Sady, Principal, DHG Advisory | Patrick Catton, Director, DHG Advisory | Tom Tollerton, Managing Director, DHG Advisory
    Technology and data play a crucial role in today’s organization. Compliance with industry frameworks and regulations within your company and also within your third parties is essential to managing and reducing your risk. The objective of our discussion will be to outline the current landscape, hot topics, and opportunities to organize the many moving parts of technology compliance.
  • Introduction and IT Governance Nov 12 2021 12:50 pm UTC 60 mins
    Brian Albertson, ISACA Atlanta Chapter | David Muxfeld, www.davidmuxfeld.com
    Introduction and Welcome (10 min)

    IT Governance: Organizing the Chaos (50 min)

    IT governance, functioning as a component of enterprise governance, can provide assurance as to the sound management of risks, resource utilization, and delivery of organizational objectives. With increasing regulatory scrutiny and board-level expectations, the need for effective IT governance has become more critical. This presentation will discuss how to navigate a chaotic IT environment while designing and enabling an effective IT governance program.

    Brian Albertson, Director of Programs, ISACA Atlanta Chapter
    David Muxfeld, Director of IT GRC, www.davidmuxfeld.com
  • Department of Labor’s Guidance on Cybersecurity Best Practices ​ Oct 29 2021 4:00 pm UTC 60 mins
    Candace Jackson, CPA​ Partner and Practice Leader​ & Jon Powell, CPA, CITP, CISA​ Partner and Cybersecurity Practice Leader​
    Today’s talk will dive into the guidance released in April 2021 from the DOL related to Employee Benefit Plans and the responsibilities of plan fiduciaries.​
  • Is Government Contracting Worth It? Recorded: Oct 15 2021 52 mins
    Madhu Chatterji, Director for Records Management and Federal Contracting
    The US Government is the world's largest buyer of goods and services! The government annual budget exceeds $1000 billion!
    There is certainly a piece of the pie waiting for your company if you can provide services or products to the government. The opportunities are infinite but the number of successful players in this field are still very low. It is not popular knowledge that providing services or products to the government is quite different from selling to the commercial sector. What is also less known is the benefits any business reaps once they get to become a strong player. Government contracts can guarantee ongoing revenue to your business, a stable cash flow and business development opportunities.
  • The Demand for Skilled Talent Recorded: Oct 8 2021 58 mins
    Justin Thomason, Vice President, Software & Applications at Robert Half
    The Demand for Skilled Talent is your look into the technology hiring trends making noise across the country. Learn why strong job optimism among U.S. workers is signaling career moves on the horizon. Explore the new hiring and retention challenges employers are facing as they adapt to the needs of a more mobile workforce. This presentation also delves into the latest numbers on hiring, hybrid work and the cost of a bad hire.
  • Bug Bounties, Security Research, and Smoking Mirrors. Recorded: Oct 1 2021 61 mins
    Tony UcedaVelez, CEO at VerSprite and Robert Hawes, Practice Manager at VS-Labs
    Bug Bounties, Security Research, and Smoking Mirrors. Research or simply Crowd Sourced Penetration Testing that Placates Security Budgets? Tales around vulnerability research, responsible disclosure, and failures not commonly shared in the industry.

    In this talk, we’ll speak on the perception vs. reality between bug bounties, security research, and responsible disclosure. We’ll examine both sides of the vulnerability equation – the researcher and the product owner. We’ll explore the modern bug bounty formats and if they live up to the definition of vulnerability research and if MNCs investing in this service are getting what they were expecting. We’ll also explore the residual risks that companies may be sitting back with as blackhats continue to hold prized vulns for more lucrative online/ offline markets vs. cashing in for smaller payouts in bug bounty programs.
  • Linear Enterprise Endpoint Management... Recorded: Sep 17 2021 53 mins
    John Kimberly, Technical Solution Engineer - SLED at Tanium
    Linear Enterprise Endpoint Management - "You think you know your enterprise? What you don't know really can hurt (and cost) you"

    Endpoint management, including both servers and workstations, is one of the greatest challenges IT organizations face today. As IT make the digital transformation from on-prem data centers to hybrid cloud environment, including ephemeral servers and containers, not to mention all the users “working from anywhere”, IT has found itself stretched thin trying to manage all the devices, and their comings, goings and mobility. In the past, IT has relied on a plethora of tools, installed on the endpoints, to provide this visibility, but in today’s highly dynamic IT world, those tools simply don’t work anymore. Ask most any CTO, or CIO, a question like, “how many devices are connected to your network right now?”, and usually the response is a “range” of numbers. Other dynamic processes like Patching, Compliance/Vulnerability scanning and remediation, Performance monitoring, among others are just too complicated to manage in today’s enterprises using existing point solutions. What’s needed is a paradigm shift in how endpoints are managed. This discussion will explore the available possibilities for just such a shift.
  • Ransomware and other Attacks Recorded: Sep 9 2021 64 mins
    ULF MATTSSON, Chief Security Strategist
    Attackers may already be in your environment and constantly find new ways to avoid detection. Attacks involving Phishing, Ransomware, Misconfiguration, Stolen credentials, and Mis-delivery continued to increase in 2020 according to Verizon DBIR and 10% of all breaches involved ransomware.

    The U.S. Secret Service noted that most organizations had adequate data backup, but cyber actors shifted their focus to the exfiltration of sensitive data and threatening to publicize the data unless additional ransom was paid. In early 2021 ransomware hit for example hit COLONIAL PIPELINE, QUANTA, NATIONAL BASKETBALL ASSOCIATION (NBA), BRENNTAG, ACER, JBS FOODS, AXA, and other victims according to Illinois.touro.edu. A ransom of between $7.5 million and $50 million US Dollars was demanded in several of these attacks and the hacker group disrupted gas supplies all along the East Coast of the United States, gained access to more than 3 TB of data including Apple product blueprints and other confidential data.

    We will discuss how to use the “NIST CYBERSECURITY FRAMEWORK FOR RANSOMWARE” to Prevent Attacks and Recover after Attacks. 80% of all attacks in 2020 involved servers and 53% target WEB servers according to Verizon DBIR. We will discuss the Top 10 Web Application Security Risks according to OWASP and the Top Ten Proactive Controls that describes the most important control and control categories that every architect and developer should include in every project.

    Make sure that your data is private and protected in transit, in use, in memory, and at rest. Sensitive data can be secured and protected by a robust data backup plan so systems can quickly be restored. A multi-layered defense can help to create a good security posture and how to discover unusual activity on your sensitive data.
  • Workshop on API Governance & Risk Management Recorded: Sep 2 2021 63 mins
    Dr Baljeet Malhotra, Founder & CEO at TeejLab Inc.
    APIs are software glue that is revolutionizing our digital worlds by helping enable the next industrial revolution driven by AI/ML and IoT. Implications of APIs are profound on organizations both positive (innovation, newer business models, competitive differentiation etc.) and negative (hidden attack vector, business continuity impact etc.).

    Industry Trends...
    96% of applications contain some Open Source. Source: Black Duck 2020;
    83% of internet traffic is via APIs vs 17% HTML. Source: Akamai 2019;
    By 2021, 90% of web-enabled applications will have more surface area for attack in the form of exposed APIs rather than the UI, up from 40% in 2019. Source: Gartner.
    By 2022, API abuses will be the most frequent attack vector resulting in data breaches for enterprise web applications. Source: Gartner Research, "How to Build an Effective Security Strategy".

    Given these trends it is imperative for Security, Compliance and Audit professionals to get a handle on APIs before things get out of control, if not already, by managing API risks proactively.
    This session will provide an overview of an effective governance framework that enterprises can adopt to manage their API security and compliance risks. This framework includes best practices, both manual and automated, with relevant tools recommendation. Participants will have an opportunity to exercise use case(s) using existing technologies.
  • A Ransomware Tale Recorded: Jul 27 2021 59 mins
    Justin S. Daniels, Shareholder at Baker Donelson
    Cybersecurity is a strategic business enterprise risk. Double extortion ransomware is the latest iteration of cybercrime that literally keeps the C-suite up at night. The gaps in your privacy program are laid bare in a ransomware situation.

    What do you do when your IT director calls and tells you your network has been encrypted and there is a ransom note demanding $1,000,000? Did the threat actor access or exfiltrate data? Do you contact the threat actor and how do you negotiate? What do you tell your customers and employees while you try to get your network restarted? When do you call law enforcement? How long will your forensic investigation take? Will you get a not so lovely letter from the state Attorney General?

    Join Justin Daniels, a cybersecurity and business attorney, as he weaves for you a ransomware tale that has become commonplace in 2021. He will discuss the people, processes, and technology that help you respond thoughtfully and resiliently.
  • Machine Learning Ethics Recorded: Jun 16 2021 57 mins
    Kevin Carlson, Partner, Fractional CTO | CISO at TechCXO
    Machine Learning and Artificial Intelligence are changing the way businesses gather, relate to, and act on data. Much of that data comes from you or your company, aka users. What are your rights with regard to how your data is used to construct and train a machine learning model? Do you have the right to ask that your data not be used or that an existing model exclude your data in the future? How can seemingly innocuous data lead to models that may be inherently biased? We'll discuss those and other topics as well as how you can protect yourself from unintended use of your data and your company's data.
  • Auditing the Cloud: Azure Recorded: May 14 2021 62 mins
    Jim Rumph, CISA, CISSP, CEH Title: Risk Advisory Services Senior Manager at WIPFLI
    Jim will discuss how to secure and audit the Azure environment. You will walk away with an understanding of the cloud service model, Azure terminology, redundancy and backup strategies, key security roles, and logging.
  • Scaling Enterprise Risk Management Recorded: May 7 2021 61 mins
    Jason Rohlf Vice President of Solutions at Onspring and Beth Strobel Director at Onspring
    Overwhelmed by the volume of manual effort required to manage global oversight of their enterprise risk management program, a leader in global financial services sought to increase operational efficiency while decreasing risk exposure. By applying process automation to their workflows and driving insights from custom real-time reports, this global enterprise took its risk management program to the next level, creating a 20% increase in employee efficiencies and 100% visibility into compliance and third-party risk.
  • Auditing Continuous Integration/Continuous Deployment Recorded: Apr 22 2021 48 mins
    Mary Beth Marchione, MBA, CPA, CISA, CISSP and RAS Senior Manager at WIPFLI
    During this session you will learn the role of DevOps, key control points and phases within CI/CD, and tips for auditing a process that is highly automated.
  • POSSIBILITY LEADERSHIP Recorded: Apr 16 2021 58 mins
    Jonathan McCoy & Crystal Fernando at WhatBox Partners
    Level up your ability to lead effectively in increasingly uncertain and complex environments. Possibility leadership unlocks leaders to lead effectively in an impossible world, enabling a more agile approach to leading people through problems,
  • Understanding your Threat Surface and How to Prevent Attacks Recorded: Mar 30 2021 48 mins
    Cornelius “Skeet” Spillane, Ralph Pasquariello, Ted Claypoole, Oren J. Falkowit, Ben Opel and Daniel H. Gallancy
    We will examine a couple of different real world attack scenarios. We will discuss TTP’s (Tactics, Techniques and Procedures) that the attackers deploy as well as some of their motivations. As we walk through the attack scenarios we will explore the types of tools and skills necessary to Identify, Protect and Detect these scenarios and safeguard your organizations.

    Cornelius “Skeet” Spillane, CEO, Pillar Technology Partners
    Ralph Pasquariello, Snellings Walters
    Ted Claypoole, Womble Bond & Dixon
    Oren J. Falkowitz, Founder, Area 1 Security
    Ben Opel, Senior Director, Customer Success, AttackIQ
    Daniel H. Gallancy, CEO, Atakama
  • Decoupling IAM from information security: The use of multifactor encryption Recorded: Mar 30 2021 45 mins
    Daniel H. Gallancy, CEO, Atakama
    Cybersecurity and information security are not the same thing. Join Daniel H. Gallancy, the CEO of Atakama to discuss:

    - How, broadly speaking, cybersecurity protects the perimeter
    - Information security is singularly focused on protection of data
    - Most security programs don’t make a distinction between the two

    Daniel H. Gallancy is the CEO and a founding member of Atakama, a NYC-based software company. Atakama hardens security by providing a fully distributed cryptographic key management system as well as the elimination of shared secrets (passwords, ID numbers, etc.) All aspects of Atakama are decentralized: storage of cryptographic keys, key revocation and key reissuance. Mr. Gallancy has provided bitcoin andblockchain-related advisory services for private corporations, investment management firms, post-trade processing companies, central counterparties, and US State and Federal regulators.

    Prior to founding Atakama, Mr. Gallancy spent ten years in the asset management industry. Mr. Gallancy was an investment professional at Beaconlight Capital and, before that, at Alson Capital Management. Mr. Gallancy's areas of focus included semiconductor capital equipment, IT hardware, software and telecommunications. Mr. Gallancy was responsible for corporate diligence, financial analysis and investment decision-making.

    Daniel was raised in Queens where he attended public school. He taught himself to program in C at age 10. Daniel graduated from Stuyvesant High School before attending the University of Pennsylvania where he earned a BA in Physics and a BSE in Electrical Engineering. During college Daniel built a wireless, laser based network communication link (back in the days before WiFi). He earned an MBA from Columbia University and is a CFA Charterholder.
Creating meaning engagements for our membership
Welcome to the ISACA Atlanta Chapter web site. The aim of our Chapter is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help further promote and elevate the visibility of the IT audit, risk, control and security professions throughout the local area.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Department of Labor’s Guidance on Cybersecurity Best Practices ​
  • Live at: Oct 29 2021 4:00 pm
  • Presented by: Candace Jackson, CPA​ Partner and Practice Leader​ & Jon Powell, CPA, CITP, CISA​ Partner and Cybersecurity Practice Leader​
  • From:
Your email has been sent.
or close