18th Annual Compliance & Ethics Institute 2019

#P06

Cyber Security Due Diligence: Will You Be the One to Save Your Company & CEO From Disaster? Charles Shugg, Partner | Chief Operating Officer, Sylint Group, Inc View Description

• Discuss the importance and criteria for cyber security due diligence and how it affects corporate or organizational reputation damage, judicial punishment and senior executive careers
• Review case studies that highlight the lack of "reasonable" corporate cyber security due diligence regarding processes, assets and incident response actions
• Provide best practice guidance to improve senior executive awareness, reduce corporate risk and increase the likelihood of C-Staff career survival following a cyber security breach

IT

#P14

GDPR Compliance Post-Mortems: Lessons Learned from Facebook, Uber, and Others Scott Giordano, VP, Data Protection , Spirion View Description

• In the nearly 18 months since the EU GDPR was brought into force, several well-known companies have been penalized by EU data protection authorities for misuse and loss of personal data.
• In this session, we will review these post-mortems, determine what went wrong, and discuss the implications for complying with the GDPR and other multinational data protection regulations going forward.
• We will also examine recent European Data Protection Board (EDPB) opinions and discuss how they affect overall compliance strategy

IT

#P22

Move the Needle - Active Agent Approach to Cybersecurity and Data Protection Compliance Brian Novack, Lead Compliance Analyst, AT&T Oleg Vasilyev, Director Compliance, AT&T View Description

• Core products and processes at each company are dependent on IT. Active threats continue to evolve and drain resources. This limits a company's ability to reinvest, develop products, expand offerings to drive the next wave of growth, or to remain viable.
• To help, compliance must become an active partner supporting all facets of a company to establish the expectation for compliance, plan for compliance upfront, and drive compliance through strategic resource investment that is balanced with the risk.
• We will discuss an approach to help move companies towards active compliance, enabling each of us to build a solid foundation on which to reduce the threat opportunity and most importantly: Move the Needle.

IT

#P30

Software License Compliance & Vendor Management: Why It's Mission-Critical To Reputation & Cybersecurity, 10 Reasons It's Hard (& Getting Harder), & 10 Available Action Tips To Optimize Your Organization & Team (& Your Career & Skills) Henry Jones, Owner, Law Office of Henry W Jones III & Intersect Tech. View Description

• Non-Compliance, Now: How Traditional Purchasing & IT Processes + Vendor & Technology Changes Have Landed Nearly Every Entity In Contract Breach, Copyright Infringement, & Security & Reputation Risk
• Digital Dependency Reduction & Organizational Quality Control: Best Practices: Recommended, Rank-Ordered Action Items For Compliance Professionals To Help Purchasing, IT & Other Colleagues See & Fix Software License Compliance
• Get To Not Just Yes & Fixed, But Also Thank You: Tips For Software-Specific Change Enablement, Quantification, Persuasion, Charm, Evidence, Appreciation, Budgeting, & Career Benefits

IT

#106

A DFARS Compliance Journey Michael Perdunn, Principal Consultant, MKP Solutions View Description

• The Department of Defense has implemented cybersecurity requirements for all subcontractors. DFARS 252.204-7012 presents both a security challenge but also a challenge to many other areas of the business due to provisions around risk and supply chain.
• How do organizations comply with these new requirements that impact far more than IT cybersecurity controls.
• Regulations like DFARS are not going away. What can this iteration of regulations tell us about what may come in the future.

IT

#206

Password Techniques and Strategies to Promote a Higher Level of IT Security Frank Ruelas, Principal, HIPAA College View Description

-Learn key criteria applicable to passwords that have the potential t o contribute to a higher level of security with respect to the organization’s information system - Common myths and mistakes that may compromise the strength of passwords - Review and consideration of effective administrative, physical, and technical safeguards to apply to your organization’s password management policy

IT

#306

Demystifying Government Cybersecurity Compliance David Kessler, Public Sector Product Compliance Counsel, Verizon View Description

• Understand the alphabet soup of the Federal government cyber security landscape, including FISMA, NIST, FIPS, FedRAMP, CNSSI 1253, IRS 1075, and similar requirement
• Learn techniques for encouraging compliance-by-design for Federal cyber security requirements in a commercial company
• Appreciate how compliance with Federal cybersecurity requirements can reduce a commercial company’s overall cyber security risk

IT

#406

Using Automation for Compliance Management and Reporting That Will Bring a Smile to the Face of Any Prosecutor Theodore Banks, Partner, Scharf Banks Marmor LLC Heidi Rudolph, Managing Director, Morae Global Gene Stavrou, Compliance Director, Ingredion View Description

-Technology tools to facilitate collaboration/delegation with other parts of the business (including case management systems, learning management, policy management, etc.) -Aligning & evaluating your compliance program to fit the recommendations of the Federal Sentencing Guidelines and the DOJ Evaluation of Corporate Compliance Programs tool -Using technology tools for management reporting and engagement (including risk assessment, financial management, ROI, etc.)

IT

#506

Optimize IT Compliance Processes to Meet New Data Privacy Challenges Ralph Villanueva, IT Security and Compliance Analyst, Diamond Resorts International View Description

• The audience will learn the common data privacy requirements across several legislations such as the GDPR and the California Privacy Act, and understand the interrelatedness of IT compliance and data privacy
• The speaker will demonstrate how IT compliance processes can be leveraged to meet data privacy requirements
• Audience will pick up techniques to make their organizations more data privacy compliant upon returning to the office

IT

#606

Compliant Technology - The Future is Now Stephen Majerowicz, Technical Director, Office of Compliance for Capabilities, DOD View Description

Analytics - replacing the human - tools that make our work easier can be compliant. They have to be compliant in the context of government access to data. The future of analytics - is now - the development of analytics is proceeding at breakneck speeds and compliance must keep pace. Use case - streaming analytics - to show how human-only functions are being replaced and where compliance fits into the equation.

IT

#706

Automating Privacy Operations at Scale in Azure David Marcos, Chief, Privacy Operations: Cloud & Artificial Intelligence, Microsoft View Description

• Built on Trust: operationalizing privacy compliance for Cloud
• Data-driven continuous monitoring of privacy
• Looking to the future: laying the groundwork for ethical computation

IT