Topic 1: Securing Critical Infrastructure: Addressing the Culture Gap Between Engineering and Network Security - Joe Weiss
Brief: The presentation will address what makes securing control systems different than securing networks. It will include discussions of actual control system cyber incidents. It will provide recommendations of what can be done to secure control systems that will also improve reliability, availability, product quality, and process safety.
Speaker Bio: Joseph Weiss is an industry expert on control systems and electronic security of control systems, with more than 40 years of experience in the energy industry. Mr. Weiss spent more than 14 years at the Electric Power Research Institute (EPRI), the first 5 years managing the Nuclear Instrumentation and Diagnostics Program. He was responsible for developing many utility industry security primers and implementation guidelines. Mr. Weiss serves as a member of numerous organisations related to control system security.
Topic 2: How to Assess Your Third Party Risk Management Program Using a Model that Forecasts Data Breaches - Dr Thomas Lee
Brief: Data breaches are not as random as you might think. We discovered something often overlooked by practitioners. Insufficient staffing is a strong predictor of data breach, and surprisingly, audit staff is just as effective at preventing a data breach as staff working in information technology. In this session, I will demonstrate how a model that forecasts data breaches can be used to objectively assess your Third Party Risk Management program and determine if it is within management's tolerance levels as required by COBIT APO 12. I will show how to identify and manage risk from the number of vendors as well as the risk from fourth-parties as required by COBIT APO 10.04. I will talk about new ways to perform vendor due-diligence and how Internal Audit can discuss model based findings with the board of directors.
Speaker Bio: Dr. Thomas Lee is the CEO of VivoSecurity, a Silicon Valley based company focused on data collection, regression modeling and A.I. to bring predictability to the randomness of data breach. In cybersecurity, Thomas has developed models to forecast fraud in online banking, probability for PII data breach, probability for lawsuits and costs in the event of a PII data breach, and the likelihood of a shareholder lawsuit for public companies in the event of a stock drop. He has developed models to forecast PII data breaches by state and models to forecast the number of data breaches in the healthcare industry.