Recorded: November 4 | 2014 Play
Albert Einstein once observed: "Technological progress is like an axe in the hands of a pathological criminal." His words were eerily prophetic of the continuous news of data breaches in the retail and banking sectors.
Data breaches can be financially catastrophic as they drive costs to repair the damage, costs to secure their systems, costs to repay the consumers, losses in profits, losses in consumer confidence, and lawsuits seeking damages for alleged negligence. Intense media and Congressional scrutiny have classified all data breaches as direct attacks on privacy, and any company that has possession of personal identification information should consider itself in possession of potentially explosive material.
Although the headline-making breaches are highly sophisticated, most attacks simply exploit lax security practices. In fact, Verizon's 2014 Data Breach Investigations Report found that 78 percent of the attacks were of very low or low difficulty. That means that in more than three-quarters of all breaches, attackers used basic methods that required few resources and no software customization. That's the bad news. The good news is that the vast majority of security breaches can be prevented by implementing and enforcing basic security best practices with proven technologies.
Join our panel of experts as they discuss how to implement data security best practices, and how to prepare your experts with a crisis response plan to avoid being another headline.
Speakers
Brandon Dunlap is the Managing Director of research at Brightfly. He has more than 15 years of experience managing business technology risk in large and small organizations. He has served in a variety of roles across heavily regulated industries, successfully leading all aspects of IT security programs, including policy and procedure management, oversight and control, strategy, architecture, development, and training. Currently, he is the Managing Director of Research of Brightfly, an independent, advisory and research firm that focuses on building a collaborative IT practitioner communities and bridging the gaps within information technology, security, risk, compliance, and audit disciplines.
Bob Russo, the General Manager of the PCI Security Standards Council, works with representatives from American Express, Discover, JCB International, MasterCard Worldwide, and Visa Inc. to drive awareness and adoption of the PCI Data Security Standard. Mr. Russo is responsible for driving the organization's growth and development, as well as meeting its goals to create educational programs, establish pools of certified Qualified Security Assessors (QSAs), Internal Security Assessors (ISAs), PCI Forensic Investigators (PFIs), and Approved Scanning Vendors (ASVs), and incorporate feedback from all stakeholders across the payment chain into the work of the Council and the development of new standards. In addition, Mr. Russo oversees the PCI Security Standards Council's training, testing, and certification programs for QSAs, ISAs, PFIs, and ASVs.
Mr. Rick Dakin is the CEO, Co-Founder and Chief Security Strategist at Coalfire. He provides strategic management IT security program guidance for Coalfire and its clients. Rick has more than 25 years of experience in senior management with leading IT firms. Mr. Dakin combines an in-depth knowledge of IT controls with a comprehensive understanding of organizational needs and the rapidly emerging legislation affecting IT security. After serving in the U.S. Army following graduation from the U.S. Military Academy at West Point, Mr. Dakin began his management career at United Technology Corporation. Prior to co-founding Coalfire, he was President of Centera Information Systems, a leading eCommerce and systems integration firm. He is a past president of the FBI's InfraGard program, Denver chapter, and a member of a committee hosted by the U.S. Secret Service and organized by the Joint Council on Information Age Crime.
Terence Spies is the Chief Technology Officer at Voltage Security. He has over 19 years of security and systems software development experience, working with leading companies such as Microsoft, Asta Networks and others. Terence now serves as Chief Technology Officer, overseeing the expansion of Voltage technology into new application areas such as mobility, payments and other areas where application data security is required. He is active within the standards community and currently serves as chair of X9F1, the Cryptographic Tools group of X9 whose charter is to draft cryptographic algorithm standards for use in the financial industry. Terence graduated with a Bachelor of Science degree in Logic and Computation from Carnegie Mellon University.
Yo Delmar is the Vice President of GRC Solutions, MetricStream. Ms. Delmar comes to MetricStream with over 30 years of experience in Information Technology and Management, with a focus on Governance, Risk and Compliance over the past 10 years. Most recently, as Director, GRC, EMC Consulting, Ms. Delmar was responsible for launching GRC Advisory Services for the Security and Risk Management Practice of EMC's consulting division.Prior to EMC, through her own company, Delmar Consulting, Ms. Delmar held interim executive positions at GRC and Security Risk Management companies and provided advisory services to F1000 on the implementation of GRC programs. Ms. Delmar holds a B.Sc. (Honors) in Mathematics and Computer Science and an M.B.A. from Dalhousie University in Canada. She is also a Certified Management Consultant (CMC), Certified in Governance of Enterprise IT (CGEIT), and a Certified Information Security Manager (CISM).