Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Summit West
By the end of this course, you will have a significantly greater appreciation for the
IT security landscape and how it impacts your organization. The combination of
professional practice information technology experts and the broad landscape of
IT vulnerabilities presented at this conference will increase the operational,
financial and IT auditor’s skill sets to integrate not only information technology
auditing technique, as well as, develop awareness of one of the most significant
changes in the risk profile of businesses today.
Platinum
Gold
Course Outline
DAY 1: Tuesday, October 27, 2015
8:00 – 8:30 Registration and Continental Breakfast
Cyberthreat Landscape
8:30 – 9:20
Eric Brelsford, Special Agent, FBI
Global Honeypot Trends
9:35 – 10:25
Elliott Brink, Sr. Associate, RSM McGladrey
Tracking and Responding to Global
Cybercrime
10:50 – 11:40
John Bambenek, Sr. Analyst, Fidelis
Cybersecurity
11:50 – 12:30 LUNCH
As Sun Tzu famously said: "If you know the enemy and know
yourself you need not fear the results of a hundred battles." The
FBI will provide insight that can help organizations understand
and respond to our common enemies in the cybersecurity space.
CISO Panel
Moderator: Tina LaCroix-Hauri, President & Co-Founder,
Bradford Garrett Group, Inc.
Tina leads the CISO Advisory Services Practice. As the first
executive level Information Security leader hired by both
Discover Financial Services (DFS) and Aon Corporation, Tina
understands the diverse skill set needed to lead as a global
CISO. Tina sits on the Industry Advisory Board of the Masters of
Science in Information Technology in the McCormick School of
Engineering of Northwestern University where she is also an
Adjunct Professor – Risk Management.
Sessions at a Glance: Day 2
Session 1: CISO Panel – Perspectives on
addressing today’s security challenges
8:00 AM – 9:30 AM
Panelists:
Waqas Akkawi, CISO, SIRVA Worldwide
Waqas is responsible for SIRVA’s information security program,
operations, and delivering information security and privacy
protection value to clients globally.
Kevin Novak, CISO & IT Risk Officer, Northern Trust
Kevin is CISO and a member of the Northern Trust Corporate
Risk Group. He is responsible for the security of Company and
Client information and for the management of information
technology risks across Northern Trust's global business. Kevin
joined Northern Trust in August 2011.
Michael Phillips, EVP & CISO, Rosenthal Collins Group LLC
Michael is the Executive Vice President and Chief Information
Security Office at Rosenthal Collins Group, LLC. In this capacity,
he serves as Co-Executive of the Information Technology Group
and senior adviser to the Chairman / CEO, providing insights on
various aspects of Operational Risk Management including
Information Assurance & Privacy Protection.
Richard Rushing, CISO, Motorola Mobility
Richard is CISO for Motorola Mobility and participates in several
corporate, community, private, and government Security
Council’s and working groups. Activities include setting
standards, policies, and solutions to current and emerging
security issues.
Sessions at a Glance: Day 2
Session 2: CryptoLocker Ransomware
Variants Are Lurking “In the Shadows”,
Learn How to Protect Against Them
9:35 AM – 10:45 AM
Recently, attackers employing a CryptoLocker variant have been
removing volume shadow copies on systems, disallowing the
users from restoring those files and then encrypting the files for
ransom. If a user cannot recover from backups, he/she is at the
attacker’s mercy.
In this technical session, we’ll discuss the ins and outs of
shadow copies, reveal how attackers are using them to encrypt
files for ransom and then discuss ways you can quickly, and
easily, detect and respond to these kinds of attacks.
Ryan Nolette, Sr. Threat Researcher, Bit9 + Carbon Black
Ryan draws from intense and active experience in Incident
Response (IR), Threat Research, and IT experience to add a
unique perspective of technical expertise and strategic vision.
Prior to joining Bit9, Ryan was a Technology Risk Analyst for
Fidelity Investments, where he was the malware expert for their
Cyber Security Group and focused on signature verification and
placement for all IPS devices, and provided non‐signature based
malware detection and prevention through manual auditing and
automated tools. Ryan earned a bachelor’s degree in
Information Security and Forensics from the Rochester Institute
of Technology.
Sessions at a Glance: Day 2
Session 3: Software Security Metrics
11:00 AM – 12:00 PM
Often, auditors must interpret the instantiation of how a set of
"must-do" items are getting done to make sure that they meet
the spirit of the person or entity requiring them. These items may
come from regulatory, statutory, contractual, business practice,
insurance, etc. sources and can be jeopardized by bad software.
3:30 PM – 4:30 PM
The complexity of tools to protect a company’s IT assets
continues to grow. What is concerning is that most companies
cannot clearly explain the company's IT architecture, what tools
are in place to protect these assets and what capabilities these
tool possess to mitigate the risks identified. Even more
importantly, few organizations can assess if these tools are
properly configured and what gaps exist, based on the tools and
how they are configured.
Internal Audit needs to be able to articulate the threat vectors
that exist in their company and the TVM Program and tools in
place, and be able to audit these components to help ensure the
risks thought to be addressed are actually reduced.
Paul Hinds & Stephen Asamoah, PwC
Paul is Managing Director and leads a cybersecurity, privacy,
and IT risk management team. Paul also leads ERP security
and control design and implementation teams for SAP, Oracle,
and many other similar enterprise solutions. Paul has served as
the CAE, IT Audit Director and IT security director for several
Fortune 1000 companies.
Stephen is a Senior Consultant for PWC’s cybersecurity
practice. Stephen held prior positions at BMO Harris Bank as a
Security Advisor II, Security Administrator for Affinia and Security
Analyst for Community Health Systems.
Thank You
This is the 2nd Annual Chicago Hacking Conference and has been
developed, organized and presented in large part due to the efforts of
Jason Torres and Corbin Del Carlo. I would like to thank both Jason and
Corbin for their extensive efforts in creating this conference to educate
the profession on emerging trends in the IT Security arena. This
conference attracted well over 100 participants in 2014. In 2015, due to
the leadership of Jason, Corbin, and a team of volunteers from both the
IIA and ISACA Chicago chapters, registration has grown to nearly 200
participants. Please join me in providing a thank you for the efforts of
Jason, Corbin and the team for making this a successful new event for the
Internal Audit professional annual events calendar.
Sincerely,
Michael L. Davidson
Vice President of Education
The Institute of Internal Auditors, Chicago Chapter
Scott Shinners
Our Sponsors
Platinum
www.mcgladrey.com
Gold
www.nexuminc.com
www.threatconnect.com