agenda

IT Security Roundtable

IT Security Roundtable

Hershey Lodge
325 University Drive | Hershey, PA 17033
Thursday, February 8, 2018 | 8 am to Noon
Print Agenda

 

8 a.m. Registration – Continental Breakfast
8:30 a.m.

Welcome

-Alex Zelesko, Director of Information Technology, Pennsylvania Chamber

8:35 a.m.

Digital Transactions and the Intersection of Technology and the Law
-    Evan J. Foster, Partner, Saul Ewing Arnstein & Lehr LLP

  • With many crucial business transactions and contracts now commonly handled digitally, it is important to understand the technology and the legal aspects to ensure that the transactions are handled properly and securely. We will cover:
    • Best practices a company should follow and recommended protocols to have in place to ensure the secure handling of important electronic business transactions
    • Vendor management and how that plays into a strong security strategy, including how to ensure your company’s third party vendors are following correct safeguarding procedures and are maintaining the same security standards as your company
    • An overview of the current digital legal landscape, with details on legal issues facing companies, and recent court cases and rulings
9:30 a.m. Refreshment Break
9:45 a.m.

Overview of Risk Assessments, Vulnerability Assessments and Penetration Tests

- Charles Sgrillo, CISSP, Senior IT Security Specialist, Kreischer Miller

  • Organizations need risk assessment programs in place to properly identify weaknesses and be able to mitigate vulnerabilities before an attack occurs. We will describe the three crucial steps and elements to safeguarding your company’s systems and resources:
    • Risk Assessments – vulnerability assessments and penetration tests are the first steps to evaluate your existing system, identify pressure points and categorize the likelihood for potential damage. This provides the big picture assessment on where potential vulnerabilities exist, hazards your company may face, and measures the effectiveness of the protections you currently have in place. 
    • Mitigation—now that you’ve identified where the risks are, it’s about mitigation. You must choose what risks are acceptable to the company and what risks are not acceptable, and then take the necessary steps to implement your security program.
    • Testing—now that the solution is in place thoroughly test to ensure it is achieving what you want. Monitor the feedback so if something changes you can deal with it.  Then return to step one to continue the assessment cycle.
10:45 a.m.

Developing and Implementing a Security Awareness Program

- Joseph Harford, President and Founder, Reclamere, Inc.
- Angie Singer Keating, Chief Executive Officer, Reclamere, Inc.

  • As IT professionals know all too well, the weakest link in the information security chain is the human element, with employees unintentionally allowing breaches to occur. Because of this, security awareness programs and education have quickly moved to the forefront as an increasingly important component of IT security strategy.
  • Learn the key elements to include and the critical steps to take when building a successful Security Awareness Program:
    • Educating employees so they understand their role in security awareness
    • How to evaluate and ensure your IT policies and processes are aligned with your Security Awareness Program, including password protection, forwarding suspect attachments, and when to “scrub” devices
    • The importance of educating and developing a culture of security awareness, including how to handle the blurred lines of personal vs. work devices
Noon

Adjourn