Post-Conference Workshops

W1 Data Privacy Fundamentals For Auditors

Thursday July 26, 2018 
12:15 PM – 5:15 PM
Half-Day, 6 CPEs
Shawna Flanders, Director of Instructional Technology and Innovations and Senior Trainer, MISTI

With identity theft and regulatory requirements on the rise, data privacy should be a part of every audit that deals with the collection and use of consumer, customer or employee PII. In this workshop, we will explore the standard components of a data privacy policy and how that policy impacts the way an organization stores, protects and disposes of information assets.

Learning Objectives:

  • Why data privacy matters
  • Data privacy regulations in US and worldwide
  • Data privacy governance and management
  • Necessary data privacy policy content
  • Connection between data privacy policy and IT and shadow IT controls
  • Auditing the data privacy policy

Level: Basic

W2 Cybersecurity Begins With A View From The Top

Thursday, July 26, 2018  
12:15 PM – 5:15 PM
Half-Day, 6 CPEs 
Mark Edmead, IT Transformation Consultant and Trainer, MTE Advisors

Cybercrime is big business. Money is spent to solve the problem, but perhaps the approach is all wrong. Maybe a top-down approach is necessary. For that to work, IT leaders must communicate effectively with the board of directors and C-level executives. This workshop will provide tips to help enable the discussion with the C-level executives on the impact of cybercrime and how to obtain their support in the fight against this growing cybersecurity threat.

Learning Objectives:

  • The "real" cost of cyber-crime and what it means to the bottom line of an organization.
  • The impact of NOT having board level and C-level support against cybercrime
  • Tips on how to communicate effectively with the board level and C-level executives
  • How to implement and support cyber security planning with leading frameworks such as NIST
  • Align cybersecurity, cybercrime and information compliance within the organization with related initiatives, including HR training and legal departments

Level: Intermediate

W3 Understanding DevOps

Friday, July 27, 2018  
8:00 AM – 5:00 PM
One-Day, 8 CPEs 
Brad Coons, Risk & Compliance Manager, Atlassian
Guy Herbert, IT Risk & Compliance, Atlassian

Latest rage or future of software development? That is the question in software development shops today. Is DevOps just another passing fancy that will fade away in a few years? Or does its structure have the promise with withstand the test of time and be the gold standard in the years to come? In this workshop we will provide the basics about DevOps and why it is an important for IT auditors to develop a working understanding of DevOps no matter your company’s current state of deployment.

Learning Objectives:

  • Describe DevOps: What it is and how it works?
  • Understand why DevOps? Overview of current and historic trends including the transformation from Waterfall to Agile to DevOps
  • Learn the benefits of a DevOps approach: Lessons learned from the trenches
    • How DevOps aides in meeting software security obligations
    • How DevOps can improve SDLC
  • Gain insight into how DevOps can aide in compliance with industry standards and regulatory compliance
  • Explore an interactive simulation of a DevOps pipeline
  • Address DevOps and software development from an auditor’s perspective

W4 Ethical Hacking For Auditors  (Hands-On)

Friday, July 27, 2018
9:00 AM – 5:00 PM
One-Day, 8 CPEs
Lee Neely, Cybersecurity Expert, Lawrence Livermore National Lab

An Ethical Hacker exposes vulnerabilities in software to help business owners fix those security holes before a malicious hacker discovers them. In this workshop, you learn all about what Ethical Hacking is and how you, as an auditor, can use some of these tools to assess the effectiveness of your company’s controls. Your laptop and mobile device are recommended to get the most out of this workshop.

Learning Objectives:

  • Hacking Fundamentals
  • Common vulnerabilities and threats to computer networks and software applications
  • Common tools of the hacker’s trade
  • How to hack using social media
  • Fundamentals of password cracking
  • How they hack a wireless network; cell phone; website; and web server
  • How the use SQL Injections and Cross Site Scripting in hacks and prevention techniques

Level: Basic