The Challenges and Opportunities Facing Today's CISO

Summary

Data Breach History

Marc Punzirudu, Manager of Security Consulting Services, ControlScan, Social Media Director of SC Midlands ISACA Chapter 

A look at the buildup to “2015 – The year of the Data Breach” and how we have done in the year 2016.  What are the changes if any, that companies have made in their security departments?  So, have we done better?  Will it get worse?  Hear details on the history and hear from local security departments about the changes and approaches taken to recover and/or prevent an even bigger year of the breach.

Incident Response – Are you prepared for an information security incident?

Tom Scott, Executive Director of SC Cyber, Professional Advocacy Director, SC Midlands Chapter of ISACA

What if a security incident is more than you can handle? In such situations, pulling an incident response manual from the shelf is largely unhelpful.  Proper planning and team training are key to successfully surviving an incident. In this talk, Tom Scott discusses the key components of building and managing an incident response process and team as well as some strategies for successfully handling a breach.

Pen Testing – How to get it done

Marc Punzirudu, Manager of Security Consulting Services, ControlScan, Social Media Director of SC Midlands ISACA Chapter

Choosing the right company to partner with for your penetration test can be a gamble if you don’t know what you’re buying. And, to make matters more complex, before you know what to buy, you need to know what you need.

During this presentation, our security expert helps you assess which vendor is right for you.  In addition:

• Advice for understanding your requirements, your scope and defining testing objectives;


• A high level overview of what a penetration test is and what it should be;


• Tips on engaging and researching potential vendors—which questions to ask, what to watch out for; and


• How to evaluate and compare your choices.

The Challenges and Opportunities Facing Today's CISO 

Eddie Schwartz, CISA, CISM, President and COO, White Ops, Inc., ISACA Board Director

It seemed like a visionary idea in the mid-1990’s – cyber security finally would be taken seriously by inventing a C-suite position. The CISO was born, and every organization wanted one.  But unfortunately, expectations and results through the years have not matched the outcome.  Can a CISO ensure compliance with myriad regulations or international standards? Can a CISO provide for ROI and develop clear risk metrics?  Can a CISO defend against the hordes of Chinese, Russian, Syrian, ISIS, and other hackers?  The answer to all these questions is a resounding NO.  This talk traces the history of the CISO, the unfulfilled dreams and hopes of both security practitioners and the companies that hire them, epic failures and successes, and what the future holds for this evolving profession in the face of advanced threats and technology change.