ISACA North Texas September Monthly Meeting

Dates: 9/27/2024

Time: 10:30 a.m. - 2 p.m. Central Time

CPE: 3

Fee:

• ISACA Member Cost: $40.00
• Non-Member: $50.00

Agenda:

• 10:30 am - 11:30 am - Got Crowdstriked? Let’s learn how to mitigate software change management risk.
• 11:30 am - 12:00 pm - Lunch
• 12:00 pm - 1:00 pm - Mastering Data Security: Key Drivers, Techniques, and Threat Mitigation
• 1:00 pm - 2:00 pm - Speaker, Josh Reid, Partner, Crowe

Session 1: Got Crowdstriked? Let’s learn how to mitigate software change management risk.

Let’s explore the critical importance of software change management controls in mitigating risks associated with inappropriate changes and cyber threats. We'll dive into why blind reliance on automated processes and software outputs can lead to vulnerabilities, using real-world examples such as recent breaches at companies like Change Healthcare and Crowdstrike. By examining these cases, we'll underscore the need for robust testing, oversight protocols, and effective software change management strategies to safeguard against operational risks.

Learning Objectives:
Understand the fundamentals of AI and its widespread adoption in various industries.

• Recognize the risks associated with unquestioning reliance on software outputs, including potential fraud and errors.
• Appreciate the real-world implications of inappropriate software changes through breaches and exploits including case studies on Change Healthcare and Crowdstrike
• Acquire strategies for implementing effective software change management practices to protect against AI and ensure operational integrity.

Speaker: Taylor Meadows, CEO, Change Captain

Session 2: Mastering Data Security: Key Drivers, Techniques, and Threat Mitigation

Cyber threats are becoming more advanced and sophisticated around us and becoming more advanced every day, posing serious threats to organizations. An effective and strong data protection defense against these threats comes with a thorough understanding of encryption. Our introduction to advanced data protection gives you all the information you need to build a secure data protection strategy that covers everything from masking to tokenization. Get a thorough walkthrough of potential threat scenarios and cyber risks, both internal and external, with practical steps for mitigation. Discuss the broader aspects of data protection beyond technology and learn about a detailed methodology that considers your unique risks, requirements, and resources.

Key Takeaways

Discover the key drivers for encryption adoption with a detailed overview of encryption, tokenization, and masking.

• Explore the strengths and weaknesses of encryption, tokenization, and masking.
• Learn more about the data security applicability depending on your business needs.
• Get a complete walkthrough of the threat scenarios for cyber risks related to encryption, tokenization, and masking, both inside and outside the organization.
• Know more about the threats inside the organization, techniques used, and effective steps to mitigate them.
• Discuss the different elements of data protection that extend beyond technology issues.
• Introduction to a detailed methodology based on the nature of the risks, applicable requirements and regulations, budget, and timelines.
• Learn more about the common challenges organizations face in successfully deploying data security.
• Gain insights about holistic data security implementation approach.
• Discover the steps you can take to accelerate the adoption of technological solutions.

Speaker: Puneet Singh, Principal, Encryption Consulting

Session 3: TBD

Josh Reid, Partner, Crowe

Speaker Bios:

Puneet Singh - Puneet Singh is an expert in Applied Cryptography. With three decades of expertise in Data Protection, he specializes in PKI, Encryption, HSMs, and Code-Signing. With a proven track record, he advises on privacy laws compliance, conducts successful risk assessments, and implements preventative measures against data breaches. He has extensive consulting experience with Fortune 500 companies in regards to Enterprise Data Security Strategies, RFP and requirements development, Product selection, Designing solution, Implementing & integration work on different Data Protection technologies.

Taylor Meadows: CPA, CISA, PMP, AWS CCP is the Founder and CEO of Change Captain. Frustrated by the lack of innovation and automation in compliance and audit, Taylor set out to build the tools he had been waiting over a decade for someone to create. Leveraging a team of technical co-founders, Taylor was able to launch preventative software change management, aka Seal, enabling organizations to mitigate risk like never before. Change Captain has also launched Seal Plus, automated software capital expenditure that can aid in R+D tax credit support, advanced planning and forecasting, and more. Prior to Change Captain, Taylor spent over a decade in public and private audit, with a strong emphasis in IT Audit. Taylor is passionate about making compliance more accessible to organizations of all sizes and championing understanding of technical concepts so that everyone can be on the same level of understanding the risks of modern business.

Josh Reid:

Host or Publisher North Texas Chapter of ISACA