Venue (click here for more details)
Interncontinental Hotel, Isla Verde Puerto Rico
Symposium Program Agenda
The agenda, topics, speakers and time allotment is subject to changes without prior notification.
| 2014_symposium_agenda_v7.pdf |
Topics and Synopsis
NOTE: click on the topic's name to see the Speaker's Bio
101 - Keynote Speaker - Debbie Lew, CISA, CRISC
ISACA International BOD Director
ISACA International BOD Director
|
201 - HIPAA Omnibus Rule: Is your organization ready for the compliance audits? is nos n is not
Miguel Mercado Principal Bcon, LLC |
Synopsis:
The HIPAA Omnibus Rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first introduced. The changes not only enhance a patient’s privacy rights and protections, but also strengthen the ability of the Department of Health and Human Services (HHS) to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates. The changes are also accompanied by strengthened audit requirements, which significantly increase the risks for organizations that manage Protected Health Information (PHI).. HIPAA Omnibus Rule requires Covered Entities to protect against any reasonably anticipated threats to the security and integrity of electronic Protected Health Information (“ePHI”). To meet this requirement organizations must have the required security framework and methodology to identify these key areas of risk. Is your organization ready for passing the compliance audits? |
|
301 - A Disciplined Approach to Cyber Security Transformation
Luke Nelson, Director / David Remick, Partner KPMG |
Synopsis:
Cyber security is an important concern for every organization. Daily occurrences demonstrate the risk posed by cyber attackers—from individual, opportunistic hackers, to professional and organized groups of cyber criminals with strategies for systematically stealing intellectual property and disrupting business. The management of any organization faces the task of ensuring that its organization understands the risks and sets the right priorities. This is no easy task in light of the technical jargon involved and the pace of change. Focusing on technology alone to address these issues is not enough. Effectively managing cyber risk means putting in place the right governance and the right supporting processes, along with the right enabling technology. This complexity, however, cannot be an excuse for company management to divest responsibility to technical “experts.” It is essential that leaders take control of allocating resources to deal with cyber security, actively manage governance and decision making over cyber security, and build an informed and knowledgeable organizational culture. This presentation provides essential insights for management to get the basics right. We’ll cover the world of cyber crime today, explore five common cyber security mistakes, explain the importance of customizing cyber security policies, outline the critical dimensions of a strong cyber security model, and look at key questions to help you navigate the “new normal” of cyber security. |
|
202 - Creating Added Value in Corporate Security
Dr. Hector Torres, PhD, MBA, CPP, CFE Lead Faculty Area Chair University of Phoenix, Puerto Rico Campus |
Synopsis:
The global business environment in the 21 century is highly volatile, continuously changing, and very competitive. Business organizations must have the capability of rapidly adapting themselves to their business environments. Reasons to adapt include: - Surviving and competing in the global marketplace. - Avoiding becoming non-competitive and/or obsolete. - Avoiding extinction. In order to adapt to their business environment, organizations should restructure and reorganize their processes to become agile. Managerial functions must change. Corporate security as a management function must also change. As a management function it must not only protect organizational assets but create added value for the organization. |
|
302 - ISO 27001 Risk Management Approach
Cristobal López Information Security Manager Universal Group, Inc. |
Synopsis:
Keeping the companies out of trouble through the execution of information security standard practices is no longer enough in today’s IT scenario. The companies are no longer afraid of the compliance with regulations threats, they want their IT and security areas to leave the cost center and enter to the profit centers and add value to the organization. ISO 27001 promises that you no longer will have to worry to explain yourself to the auditors, regulators, agencies and other companies if you provide services but is not an easy road to take. In this session you will see the roadmap of what are we building to accept the challenge to move the information security function, from firefighters to business enablers using the ISO 27001. |
|
203 - COSO-based Internal Audit, 2014 Update
Lolita Vargas Socia Principal Grupo Nova |
Synopsis:
During this session we will present and discuss the updated COSO Framework, focusing on the recent key changes to the Framework and how they will impact your organization: - Why are changes occurring and what factors influenced the update. - What has not changed from the original guidance. - The elements that have changed and which directly impact internal audit. We will also, explore key concepts and the implications of using the updated COSO’s Internal Control – Integrated Framework to enhance the value Internal Audit adds to the organization. This session is a good starting point to assess how these changes will impact your current practices! |
|
303 - Cyber Security Current Trends & Emerging Threats in DDOs
Edgar Mercado System Engineer Fortinet |
Synopsis:
TBP |
|
204 - Strategies and Best Practices to Implement a Successful Data Loss Program
Sebastian Brenner Principal System engineer Symantec |
Synopsis:
Organizations everywhere rely on high-speed networks and mobile computing to easily share and access information at all levels. Unfortunately, this wide open world also presents new challenges for data protection. Whether those challenges are related to maintaining compliance in the tightly regulated financial services, insurance and retail industries, or protecting intellectual property in the highly competitive high-tech and manufacturing industries, companies need to know where their confidential information is stored, how it is being used, and how best to prevent its loss. The first step to long-term, sustainable data protection is recognizing these challenges, and committing to an enterprise-wide initiative, involving people, processes and technology, to address this risk head-on. Once the decision is made to address this risk, organizations need a clearly defined plan for success, with specific steps, tasks, resources, and objectives to reach their short and long term goals. Comprehensive, clearly-defined, business-focused DLP programs achieve greater risk reduction, faster and with fewer resources, by integrating Data Loss Prevention into their existing security program and leveraging software to promote enterprise-wide initiatives that drive change across the organization. |
|
304 - New Security Paradigms
Jesus German Corporate Security Manager Cortelco |
Synopsis:
Es un hecho que las tácticas y amenazas cibernéticas continúan evolucionando y están sorprendiendo a las empresas que creían estar seguras. En esta presentación analizaremos 5 paradigmas que entendemos debes de considerar en tu nueva estrategia de seguridad corporativa. |
|
102 - La tecnología móvil y la nube como vectores de ataque
Fabio Assolini Kaspersky Lab |
Synopsis:
Con más dispositivos móviles en funcionamiento que habitantes en la tierra, los cibercriminales han seguido de cerca esta tendencia apostando al brillante futuro de smartphones, tablets y otros dispositivos inteligentes. Desde las neurociencias acuñando el término nomofobia (no mobile phone phobia) para referirse a la adicción móvil, hasta los ambientes corporativos apresurándose a entender la adopción forzada de políticas BYOD (bring your own device), el usuario ha quedado en el medio de esta acelerada evolución, expuesto a un gran número de amenazas digitales. Fuga de información por falta de cifrado, códigos maliciosos que envían mensajes a números premium, o que roban sus credenciales bancarias, son solo algunos de los peligros presentes en este mundo hiperconectado. La “internet de las cosas” ya está con nosotros, y la comodidad de almacenar nuestra vida en línea se está enfrentando a la falta de control sobre nuestra privacidad y disponibilidad de la información. A través de la presentación de un panorama general del ambiente móvil en la actualidad y su relación con los servicios en la nube como vector de ataque, podremos ser testigos de esta creciente amenaza. Con estos servicios, disponibles a toda hora, nuestros datos necesitan constante protección contra aquellos atacantes que disponen de todo el tiempo del mundo y tienen por objetivo obtenerlos a cualquier costo. |