Date: Thurs, March 25, 2021
Time: 8:30 AM – 4:30 PM
Location Name: Virtual - Zoom Link to be provided by MISTI
Credits: 8.0
Fee: $50 for members, $100 for non-members
Instructor: Fred C. Roth
Company: MIS Training Institute (MISTI)
Bio:
Fred C. Roth is a Senior Instructor for MISTI. He is a frequent speaker at international conferences and delivers IT control and security training on a worldwide basis. As a former Vice President of MISTI’s IT Audit Division for 15 years, he facilitated and coordinated the IT audit curriculum.
Previously, as IT Audit Manager at Eastman Kodak Company, he had worldwide responsibility for planning and coordinating Kodak’s IT audits in the United States, Asia, Europe and South America. Mr. Roth was a key player in Eastman Kodak’s successful worldwide SAP implementation, where he was responsible for the Corporate Audit partnership on the project.
Session Description:
The COVID-19 pandemic has resulted in many employees working from home. The transition from working in the office to working at home was abrupt with minimal time to establish a strategy for a secure telecommuting environment. As a result, there is solid evidence of a significant increase in cyberattacks focused on employees working from home.
Audit’s charter is to assess risk and provide an independent opinion to Management and Board of Directors. Enterprise information security risks have significantly increased due to COVID-19. Should Audit address this new information security risk environment?
During this one-day seminar we will review the short-term and long-term security and control challenges resulting from the COVID-19 pandemic.
Course Agenda:
- COVID-19 Risk Assessment and Audit Planning
- COVID-19 related security threats, risks, and exposures
- Identifying short-term and long-term information security risks
- Review of recent security incidents including increased phishing, ransomware, and attacks on working from home environments.
- Addressing Working from Home (WFH) Risks
- Risks and advantages of working remotely
- Determining appropriate WFH controls
- WFH ideal security & control scenarios
- Malware / ransomware protection
- End Point Security / Zero Trust Model
- Assessing long term risks and controls
- Defining what the “New World” will look like
- Determining long term risks & controls including:
- Multi-factor authentication
- Privileged access monitoring
- Vulnerability assessments
- Log management / threat detection
- Patch management
- Web application / server risks
- Recommended control and security resources to include:
- Center for Internet Security 20 Controls
- NIST Cybersecurity Framework
- OWASP – Top Ten Web Application Security Risks
Registration Links:
Summary: https://www.cvent.com/d/sjq199
Straight to Registration: https://www.cvent.com/d/sjq199/4W