Message From The Chair, Fred C. Roth:
New regulatory compliance requirements, increasing numbers of headline-making information breaches, evolving technologies and staff shortages challenge today’s IT Audit and Information Security management to jointly address these increasing enterprise IT risks. This Summit’s agenda is based on the needs expressed by those attending the 2014 Summit to help management get up to speed on a wide range of issues, meet the new challenges posed by technological change and provide assurance that IT risks are being adequately addressed. Key interactive agenda topics include managing a breach event, threat management, data analytics on a budget, integrating exception management into ERM practices, harnessing the power of relationships, creating high impact audit reports, implementing an effective integrated auditing strategy, contributing to successful system development projects as well as other timely audit and security management agenda items. We hope you can join us!
Wednesday, March 25
1:00 PM – 1:45 PM Chair Opening Remarks & Summit Survey Review
Fred C. Roth, CISA, Vice President, IT Audit Division, MIS Training Institute
1:45 PM – 3:15 PM Critical Challenges Facing IT Audit and Security Management
Fred Roth, CISA, Vice President, IT Audit Division, MIS Training Institute
IT auditors and information security professionals are working in increasingly complicated and multifaceted organizations, with new regulations, security threats and technology evolving at an alarming rate. With this in mind, help us to kick off the symposium by identifying the key challenges that you deal with on a daily basis. This session will be your opportunity to influence the agenda and make sure your pressing concerns will be addressed during the next two days.
3:30 PM – 5:00 PM Breach Behavior: Prevention and Cure
Darrin A. Reynolds, CISSP, CISM, Vice President, Information Security, Diversified Agency Services, a Division of Omnicom Group
•
How to tell your customer you just lost their data..to the Internet
How to tell your customer you just lost their data..to the Internet•Common mistakes to avoid when responding to a breach incident
Common mistakes to avoid when responding to a breach incident•Critical factors for conducting a breach investigation
Critical factors for conducting a breach investigation•Managing a breach event for an improved client relationship
Managing a breach event for an improved client relationship•Counter-intuitive tips for breach prevention.
Counter-intuitive tips for breach prevention.5:00 PM – 6:00 PM Networking Reception
Thursday, March 26
7:45 AM – 9:15 AM Threat Management: Looking for Trouble
Darrin A. Reynolds, CISSP, CISM, Vice President, Information Security, Diversified Agency Services, a Division of Omnicom Group
•Threat management is more than getting alert bulletins from our favorite vendors
Threat management is more than getting alert bulletins from our favorite vendors•Defending the doors BEFORE the siege ramp is built
Defending the doors BEFORE the siege ramp is built•Don’t just lock the organization’s windows. Look beyond them.
Don’t just lock the organization’s windows. Look beyond them.•Choosing the types of tools and capabilities to gain the visibility needed
Choosing the types of tools and capabilities to gain the visibility needed•“Facing” the enemy. The challenges and myths of attribution
“Facing” the enemy. The challenges and myths of attribution7:45 AM – 9:15 AM Data Analytics on a Budget
Jim Tarantino, CISA, CRISC, ACDA, Client Solutions Director, High Water Advisors
•Features and capabilities of free and low-cost data analytic technologies
Features and capabilities of free and low-cost data analytic technologies•Common data tasks including importing, preparing, analyzing, and visualizing data
Common data tasks including importing, preparing, analyzing, and visualizing data •Use of free and low cost datasets to enhance analytic tests
Use of free and low cost datasets to enhance analytic tests•Best-practices for considering and using budget-friendly technologies
Best-practices for considering and using budget-friendly technologies•Business case development and transitioning to more full-featured, premium data analytics technologies
Business case development and transitioning to more full-featured, premium data analytics technologies9:30 AM – 11:00 AM The Power of Relationships
Robert Mainardi, CFSA, CRMA, President, Mainardi & Company
•Defining a relationship
Defining a relationship•Listening for needs
Listening for needs•Key communication mistakes
Key communication mistakes•Identifying, building, and maintaining a relationship
Identifying, building, and maintaining a relationship•Meeting facilitation keys
Meeting facilitation keys9:30 AM – 11:00 AM Implementing an Effective Integrated Auditing Strategy
Fred Roth, CISA, Vice President, IT Audit Division, MIS Training Institute
•Defining integrated auditing
Defining integrated auditing•Strategic planning for integrated auditing success
Strategic planning for integrated auditing success•Establishing enterprise risk coverage
Establishing enterprise risk coverage•Using COSO as a basis
Using COSO as a basis•Integrated auditing good practices
Integrated auditing good practices11:15 AM - 12:45 PM Security vs. Privacy: Painting a Clearer Picture
Darrin A. Reynolds, CISSP, CISM, Vice President, Information Security, Diversified Agency Services, a Division of Omnicom Group
•Understanding the critical difference between "security" and "privacy"
Understanding the critical difference between "security" and "privacy"•Protecting the data without breaking the bank
Protecting the data without breaking the bank•Responding to security inquiries, audits and contractual obligations without breaking your back
Responding to security inquiries, audits and contractual obligations without breaking your back•Understanding the “Privacy Purpose” behind “Security Safeguards”
Understanding the “Privacy Purpose” behind “Security Safeguards” •Painting the picture: Adding the privacy color to the black and white of security
Painting the picture: Adding the privacy color to the black and white of security•Accomplishing compliance goals without becoming mired in the technical implementation
Accomplishing compliance goals without becoming mired in the technical implementation11:15 AM – 12:45 PM You’ve Found Exceptions, Now What?
Jim Tarantino, CISA, CRISC, ACDA, Client Solutions Director, High Water Advisors
•Methods to deal with false-positives
Methods to deal with false-positives•Using a triage process to organize and prioritize exceptions
Using a triage process to organize and prioritize exceptions•Routing exceptions to responsible parties for follow up and resolution
Routing exceptions to responsible parties for follow up and resolution•Monitoring the exception remediation process
Monitoring the exception remediation process•Integrating exception management into ERM and governance practices
Integrating exception management into ERM and governance practices1:30 PM – 3:00 PM Creating High Impact Audit Reports
Robert Mainardi, CFSA, CRMA, President, Mainardi & Company
•Five component writing
Five component writing•Documenting audit exceptions
Documenting audit exceptions•Starting with a strong condition – blank sheet of paper approach
Starting with a strong condition – blank sheet of paper approach•Current report writing themes
Current report writing themes•Writing in a clear, concise, format
Writing in a clear, concise, format•Keeping it simple – avoiding noise
Keeping it simple – avoiding noise1:30 PM – 3:00 PM Contributing to Successful System Development Projects
Fred Roth, CISA, Vice President, IT Audit Division, MIS Training Institute
•Getting involved EARLY
Getting involved EARLY•Providing effective coverage
Providing effective coverage•Determining appropriate staffing skills
Determining appropriate staffing skills•Addressing project management risks
Addressing project management risks•Making value added contributions
Making value added contributions•Adding to the probability of success
Adding to the probability of success3:15 PM – 5:00 PM Can Audit and Security Add REAL Value?
Fred Roth, CISA, Vice President, IT Audit Division, MIS Training Institute
•Strategically positioning IT Audit & Information Security
Strategically positioning IT Audit & Information Security•Selling Audit and Security’s value to senior management
Selling Audit and Security’s value to senior management•Providing value-added contribution in this compliance era
Providing value-added contribution in this compliance era•Strategies for leveraging relationships
Strategies for leveraging relationships•Earning respect throughout the organization
Earning respect throughout the organization•Making the most out of your “good deeds”
Making the most out of your “good deeds”Summit Chair
Fred C. Roth, CISA
Vice President, IT Audit Division, MIS Training Institute
Top-notch training. Compelling speakers. Meaningful interactions.
Join the conversation using #InfoSecWorld
Contact Us
Registration/General Inquiries:
Customer Service
(508) 879-7999 ext. 501
Speaking Opportunities:
Katherine Teitler
Director of Content Development
[email protected] or (508) 532-3624
Exhibit Sales:
Vendors A-L
CJ Oliveri
Director of Sales, Conference Division
[email protected] or (508) 532-3609
Vendors M-Z
Howard Weinman
Director of Sales, Conference Division
[email protected] or (508) 532-3652
