Dr. Dharani Munirathinam, Chief Scientific Officer
3Analytics has developed a platform that aggregates AE data sets from multiple sources (FDA, EMA, Epidemiology, Twitter etc.) and also leverages its own mobile app for data collection. The platform includes AI algorithms and a communication module as well (for periodic follow-ups with patients & alerts to all stakeholders). The main objective is to enable real time safety monitoring, mitigate AE risks and allay safety concerns.
Ben Sady, Principal, DHG Advisory | Patrick Catton, Director, DHG Advisory | Tom Tollerton, Managing Director, DHG Advisory
Technology and data play a crucial role in today’s organization. Compliance with industry frameworks and regulations within your company and also within your third parties is essential to managing and reducing your risk. The objective of our discussion will be to outline the current landscape, hot topics, and opportunities to organize the many moving parts of technology compliance.
Brian Albertson, ISACA Atlanta Chapter | David Muxfeld, www.davidmuxfeld.com
Introduction and Welcome (10 min)
IT Governance: Organizing the Chaos (50 min)
IT governance, functioning as a component of enterprise governance, can provide assurance as to the sound management of risks, resource utilization, and delivery of organizational objectives. With increasing regulatory scrutiny and board-level expectations, the need for effective IT governance has become more critical. This presentation will discuss how to navigate a chaotic IT environment while designing and enabling an effective IT governance program.
Brian Albertson, Director of Programs, ISACA Atlanta Chapter
David Muxfeld, Director of IT GRC, www.davidmuxfeld.com
Madhu Chatterji, Director for Records Management and Federal Contracting
The US Government is the world's largest buyer of goods and services! The government annual budget exceeds $1000 billion!
There is certainly a piece of the pie waiting for your company if you can provide services or products to the government. The opportunities are infinite but the number of successful players in this field are still very low. It is not popular knowledge that providing services or products to the government is quite different from selling to the commercial sector. What is also less known is the benefits any business reaps once they get to become a strong player. Government contracts can guarantee ongoing revenue to your business, a stable cash flow and business development opportunities.
Justin Thomason, Vice President, Software & Applications at Robert Half
The Demand for Skilled Talent is your look into the technology hiring trends making noise across the country. Learn why strong job optimism among U.S. workers is signaling career moves on the horizon. Explore the new hiring and retention challenges employers are facing as they adapt to the needs of a more mobile workforce. This presentation also delves into the latest numbers on hiring, hybrid work and the cost of a bad hire.
Tony UcedaVelez, CEO at VerSprite and Robert Hawes, Practice Manager at VS-Labs
Bug Bounties, Security Research, and Smoking Mirrors. Research or simply Crowd Sourced Penetration Testing that Placates Security Budgets? Tales around vulnerability research, responsible disclosure, and failures not commonly shared in the industry.
In this talk, we’ll speak on the perception vs. reality between bug bounties, security research, and responsible disclosure. We’ll examine both sides of the vulnerability equation – the researcher and the product owner. We’ll explore the modern bug bounty formats and if they live up to the definition of vulnerability research and if MNCs investing in this service are getting what they were expecting. We’ll also explore the residual risks that companies may be sitting back with as blackhats continue to hold prized vulns for more lucrative online/ offline markets vs. cashing in for smaller payouts in bug bounty programs.
John Kimberly, Technical Solution Engineer - SLED at Tanium
Linear Enterprise Endpoint Management - "You think you know your enterprise? What you don't know really can hurt (and cost) you"
Endpoint management, including both servers and workstations, is one of the greatest challenges IT organizations face today. As IT make the digital transformation from on-prem data centers to hybrid cloud environment, including ephemeral servers and containers, not to mention all the users “working from anywhere”, IT has found itself stretched thin trying to manage all the devices, and their comings, goings and mobility. In the past, IT has relied on a plethora of tools, installed on the endpoints, to provide this visibility, but in today’s highly dynamic IT world, those tools simply don’t work anymore. Ask most any CTO, or CIO, a question like, “how many devices are connected to your network right now?”, and usually the response is a “range” of numbers. Other dynamic processes like Patching, Compliance/Vulnerability scanning and remediation, Performance monitoring, among others are just too complicated to manage in today’s enterprises using existing point solutions. What’s needed is a paradigm shift in how endpoints are managed. This discussion will explore the available possibilities for just such a shift.
Attackers may already be in your environment and constantly find new ways to avoid detection. Attacks involving Phishing, Ransomware, Misconfiguration, Stolen credentials, and Mis-delivery continued to increase in 2020 according to Verizon DBIR and 10% of all breaches involved ransomware.
The U.S. Secret Service noted that most organizations had adequate data backup, but cyber actors shifted their focus to the exfiltration of sensitive data and threatening to publicize the data unless additional ransom was paid. In early 2021 ransomware hit for example hit COLONIAL PIPELINE, QUANTA, NATIONAL BASKETBALL ASSOCIATION (NBA), BRENNTAG, ACER, JBS FOODS, AXA, and other victims according to Illinois.touro.edu. A ransom of between $7.5 million and $50 million US Dollars was demanded in several of these attacks and the hacker group disrupted gas supplies all along the East Coast of the United States, gained access to more than 3 TB of data including Apple product blueprints and other confidential data.
We will discuss how to use the “NIST CYBERSECURITY FRAMEWORK FOR RANSOMWARE” to Prevent Attacks and Recover after Attacks. 80% of all attacks in 2020 involved servers and 53% target WEB servers according to Verizon DBIR. We will discuss the Top 10 Web Application Security Risks according to OWASP and the Top Ten Proactive Controls that describes the most important control and control categories that every architect and developer should include in every project.
Make sure that your data is private and protected in transit, in use, in memory, and at rest. Sensitive data can be secured and protected by a robust data backup plan so systems can quickly be restored. A multi-layered defense can help to create a good security posture and how to discover unusual activity on your sensitive data.
Dr Baljeet Malhotra, Founder & CEO at TeejLab Inc.
APIs are software glue that is revolutionizing our digital worlds by helping enable the next industrial revolution driven by AI/ML and IoT. Implications of APIs are profound on organizations both positive (innovation, newer business models, competitive differentiation etc.) and negative (hidden attack vector, business continuity impact etc.).
96% of applications contain some Open Source. Source: Black Duck 2020;
83% of internet traffic is via APIs vs 17% HTML. Source: Akamai 2019;
By 2021, 90% of web-enabled applications will have more surface area for attack in the form of exposed APIs rather than the UI, up from 40% in 2019. Source: Gartner.
By 2022, API abuses will be the most frequent attack vector resulting in data breaches for enterprise web applications. Source: Gartner Research, "How to Build an Effective Security Strategy".
Given these trends it is imperative for Security, Compliance and Audit professionals to get a handle on APIs before things get out of control, if not already, by managing API risks proactively.
This session will provide an overview of an effective governance framework that enterprises can adopt to manage their API security and compliance risks. This framework includes best practices, both manual and automated, with relevant tools recommendation. Participants will have an opportunity to exercise use case(s) using existing technologies.
Cybersecurity is a strategic business enterprise risk. Double extortion ransomware is the latest iteration of cybercrime that literally keeps the C-suite up at night. The gaps in your privacy program are laid bare in a ransomware situation.
What do you do when your IT director calls and tells you your network has been encrypted and there is a ransom note demanding $1,000,000? Did the threat actor access or exfiltrate data? Do you contact the threat actor and how do you negotiate? What do you tell your customers and employees while you try to get your network restarted? When do you call law enforcement? How long will your forensic investigation take? Will you get a not so lovely letter from the state Attorney General?
Join Justin Daniels, a cybersecurity and business attorney, as he weaves for you a ransomware tale that has become commonplace in 2021. He will discuss the people, processes, and technology that help you respond thoughtfully and resiliently.
Kevin Carlson, Partner, Fractional CTO | CISO at TechCXO
Machine Learning and Artificial Intelligence are changing the way businesses gather, relate to, and act on data. Much of that data comes from you or your company, aka users. What are your rights with regard to how your data is used to construct and train a machine learning model? Do you have the right to ask that your data not be used or that an existing model exclude your data in the future? How can seemingly innocuous data lead to models that may be inherently biased? We'll discuss those and other topics as well as how you can protect yourself from unintended use of your data and your company's data.
Jim Rumph, CISA, CISSP, CEH Title: Risk Advisory Services Senior Manager at WIPFLI
Jim will discuss how to secure and audit the Azure environment. You will walk away with an understanding of the cloud service model, Azure terminology, redundancy and backup strategies, key security roles, and logging.
Jason Rohlf Vice President of Solutions at Onspring and Beth Strobel Director at Onspring
Overwhelmed by the volume of manual effort required to manage global oversight of their enterprise risk management program, a leader in global financial services sought to increase operational efficiency while decreasing risk exposure. By applying process automation to their workflows and driving insights from custom real-time reports, this global enterprise took its risk management program to the next level, creating a 20% increase in employee efficiencies and 100% visibility into compliance and third-party risk.
Jonathan McCoy & Crystal Fernando at WhatBox Partners
Level up your ability to lead effectively in increasingly uncertain and complex environments. Possibility leadership unlocks leaders to lead effectively in an impossible world, enabling a more agile approach to leading people through problems,
Cornelius “Skeet” Spillane, Ralph Pasquariello, Ted Claypoole, Oren J. Falkowit, Ben Opel and Daniel H. Gallancy
We will examine a couple of different real world attack scenarios. We will discuss TTP’s (Tactics, Techniques and Procedures) that the attackers deploy as well as some of their motivations. As we walk through the attack scenarios we will explore the types of tools and skills necessary to Identify, Protect and Detect these scenarios and safeguard your organizations.
Cornelius “Skeet” Spillane, CEO, Pillar Technology Partners
Ralph Pasquariello, Snellings Walters
Ted Claypoole, Womble Bond & Dixon
Oren J. Falkowitz, Founder, Area 1 Security
Ben Opel, Senior Director, Customer Success, AttackIQ
Daniel H. Gallancy, CEO, Atakama
Cybersecurity and information security are not the same thing. Join Daniel H. Gallancy, the CEO of Atakama to discuss:
- How, broadly speaking, cybersecurity protects the perimeter
- Information security is singularly focused on protection of data
- Most security programs don’t make a distinction between the two
Daniel H. Gallancy is the CEO and a founding member of Atakama, a NYC-based software company. Atakama hardens security by providing a fully distributed cryptographic key management system as well as the elimination of shared secrets (passwords, ID numbers, etc.) All aspects of Atakama are decentralized: storage of cryptographic keys, key revocation and key reissuance. Mr. Gallancy has provided bitcoin andblockchain-related advisory services for private corporations, investment management firms, post-trade processing companies, central counterparties, and US State and Federal regulators.
Prior to founding Atakama, Mr. Gallancy spent ten years in the asset management industry. Mr. Gallancy was an investment professional at Beaconlight Capital and, before that, at Alson Capital Management. Mr. Gallancy's areas of focus included semiconductor capital equipment, IT hardware, software and telecommunications. Mr. Gallancy was responsible for corporate diligence, financial analysis and investment decision-making.
Daniel was raised in Queens where he attended public school. He taught himself to program in C at age 10. Daniel graduated from Stuyvesant High School before attending the University of Pennsylvania where he earned a BA in Physics and a BSE in Electrical Engineering. During college Daniel built a wireless, laser based network communication link (back in the days before WiFi). He earned an MBA from Columbia University and is a CFA Charterholder.
Welcome to the ISACA Atlanta Chapter web site. The aim of our Chapter is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help further promote and elevate the visibility of the IT audit, risk, control and security professions throughout the local area.
Department of Labor’s Guidance on Cybersecurity Best Practices Candace Jackson, CPA Partner and Practice Leader & Jon Powell, CPA, CITP, CISA Partner and Cybersecurity Practice Leader[[ webcastStartDate * 1000 | amDateFormat: 'MMM D YYYY h:mm a' ]]60 mins