Event: ISACA Q3, 2024 Quarterly Meeting
Speaker: Shelby Nelson, Partner at Frazier & Deeter
Title: SEC, Federal and Sector Cyber Update
Topic: An overview of the SEC’s final rules on public company cybersecurity disclosures, timeline, and requirements, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), and the NGCs Cybersecurity Regulation 5. The topics of defining cyber “materiality”, service provider risks and risks of cyber disclosures will also be discussed. The AICPA SOC for Cybersecurity Risk Management will be defined and discussed as to how management can leverage the framework and independent attestation to support the efficacy of its cybersecurity risk management program.
Synopsis: As a Partner in Frazier & Deeter’s Advisory Practice and SOC National Practice Leader for the firm, Shelby contributes 25 years of diverse experience in external and internal IT audit, cyber security and risk management with specialization in System and Organization Controls (SOC) examinations. Her career includes responsibility for the successful creation, execution, implementation, optimization and testing of operational and IT controls. She is a nationally recognized as industry leader in SOC consulting, instruction, and reporting for organizations ranging from small start-ups to large public organizations.
Shelby has worked with a variety of institutions and industries, assisting clients with reviewing and establishing internal controls over IT environments, regulatory compliance and industry framework assessments (SOC, COSO, COBIT, CMS, NIST, ISO, HIPAA, etc). During her career, she has served on an internal financial services leadership council, information technology working group, data governance steering committee and as a SOC examination subject matter expert, an AICPA SOC published author and
certified instructor and contributor to the CPA examination. Her industry experience encompasses financial services, healthcare, insurance, pharma, telecom, manufacturing, utility, staffing, automotive, software as a service, and government.
From beginning her career at PricewaterhouseCoopers, to IT Audit Manager of a global insurance and investment company and then becoming the longest tenured and only female Chief of Staff of a multi-billion-dollar investment organization, she understands the importance of internal control, operational, business and investment risk management, communication, compliance, transparency and delivery.
Shelby possesses the CISA, CISSP, CDPSE and AICPA CyberSOC and Advanced SOC certifications. Leveraging those credentials, Shelby has been the author and instructor of the AICPA SOC for Service Organizations School since 2020.
Join us for the Q3 ISACA Quarterly Meeting!