CYBERSECURITY VIGILANCE FOR BDs AND IAs

Transcription

1 EARN UP TO 11 CPE CREDITS AT THIS MUST-ATTEND EVENT! FINANCIAL RESEARCH ASSOCIATES PRESENTS CYBERSECURITY VIGILANCE FOR BDs AND IAs Compliance and IT Collaboration on Data and Network Protection August 24-25, 2015 Princeton Club New York, NY What specific readiness steps should investment advisory firms and broker-dealers be taking to prepare for attacks that are no longer hypothetical, but assured? The new defense against cyberattacks must be flexible and able to react instantaneously and preemptively to breaches from hackers who represent an agile and unrelenting force seeking to expose vulnerabilities. Get the facts on cybersecurity resilience for IAs and BDs, including case studies and discussions from: Rich Hannibal, SEC Office of Compliance Inspections and Examinations Steven J. Randich, FINRA Andrew Hartnett, Missouri Secretary of State s Office Tate Jarrow, United States Secret Service Jay Leek, Blackstone Matthew Lehman, Cetera Financial Group Benjamin Eason, The Carlyle Group Melissa Soiefer, Barclays Jim Jones, PhD, George Mason University Cindy Donaldson, FS-ISAC SILVER SPONSOR BRONZE SPONSOR TO REGISTER: CALL OR VISIT US AT

2 Investment advisory firms and broker-dealers face stiff odds in the fight against cyberattacks. Across all industries, financial services were the most frequently targeted by hackers as well as the most vulnerable the average cost of an attack being upwards of 22 million dollars, a figure that also amounted the greatest average loss for any industry. The number of breaches represented an increase of almost 44 percent from the previous year. Obviously investment advisory firms and broker-dealers are a lucrative target for hackers an agile and diverse assortment of hacktavists, organized criminals, and nation states but what can IAs and BDs do when cybersecurity already attracts the highest level scrutiny from government and regulators? Join Financial Research Associates on August 24-25, at the Princeton Club in New York, for the Cybersecurity Vigilance for BDs and IAs, a collaborative event that will offer practical, implementable options for firms and brokerages of all sizes looking for protection against threats that are now both persistent, and all but assured. The event will bring together regulators, federal agents, top cyber experts, CISOs, and compliance professionals to collaborate on specific readiness steps to repel hackers determined to access clients data, personal information, and assets. This conference provides crucial new cybersecurity intelligence on topics such as: How to assemble a crisis management plan for firms of all sizes How to maintain a nimble, swift response protocol that balances the needs of employees and clients How to conduct adequate vendor due diligence, what questions to ask, what to require to ensure you re safe Cybersecurity Vigilance for BDs and IAs provides a high-value, comprehensive look at cybersecurity before, during, and after a breach. The event offers a mix of roundtable discussion and actionable strategy sessions; don t miss a chance to see how industry leaders from large and small firms are advancing their cyber defense systems. This event will give even the shrewdest firms implementable strategies worth millions compared with expensive cybersecurity lapses. Register today! Call or online at Sincerely, Ryan Matthews, Conference Director FINANCIAL RESEARCH ASSOCIATES, LLC P.S. This is the MOST COMPREHENSIVE event of its kind! Don t miss an unparalleled networking opportunity! Sponsorship and Exhibit Opportunities Enhance your marketing efforts through sponsoring a special event or exhibiting your product at this event. We can design custom sponsorship packages tailored to your marketing needs, such as a cocktail reception or a custom-designed networking event. To learn more about sponsorship opportunities, please contact Jennifer Clemence at (704) or her at [email protected]. Our Renowned Speaking Faculty: Rich Hannibal, Esq., Assistant Director, SEC Office of Compliance Inspections and Examinations Steven J. Randich, Executive Vice President, Chief Information Officer, FINRA Andrew Hartnett, Commissioner of Securities, Missouri Secretary of State s Office Laura L. Grossman, Assistant General Counsel, Investment Adviser Association Eric Hess, Founder and Managing Director, Hess Legal Counsel Jason Harrell, Corporate SIRO - Investment Management, BNY Mellon Glenn A. Siriano, Principal - Information Protection & Business Resiliency, KPMG Michelle Wraight, Vice President & Chief Privacy Officer, Pershing LLC, a BNY Mellon company Tate Jarrow, Special Agent, New York Electronic Crimes Task Force, United States Secret Service Jay Leek, Chief Information Security Officer, Information Technology, Blackstone Michael L Woodson, Information Systems Security Director, VP State Street Corporation Peter Keenan, Global Information Security, Head of Information Risk Governance, Citi Jim Jones, PhD, Associate Professor of Computer Forensics, George Mason University Matthew Lehman, CISO, Cetera Financial Group Benjamin Eason, CISO & Vice President Information Technology, The Carlyle Group Melissa Soiefer, Vice President Global Information Security, Barclays James Markakis, Security Analyst, Systems Engineer, Campbell and Company Adam J. Reback, Chief Compliance Officer, J. Goldman & Co Joseph V. DeMarco, Partner, DeVore & DeMarco Colleen Brown, Associate, Sidley Austin Cindy Donaldson, Vice President of Products and Services, FS-ISAC Merton E. Thompson IV, Partner, Burns & Levinson Eldon Sprickerhoff, Founder and Chief Security Strategies, esentire Inc. Who Should Attend This conference is designed for staff from Investment Advisory Firms and Broker-Dealers including (but not limited to): CISOs (Chief Information Security Officers) CCOs (Chief Compliance Officers) CPOs (Chief Privacy Officers) CTOs (Chief Technology Officers) CSIRO (Chief Security Information Risk Officer) General Counsel/In-house Legal Counsel AND: Tech providers (cybersecurity software, network protection, etc.) IT and Enterprise Risk Management Professionals/Consultants Law firms specializing in: Privacy Data Protection Information Security Consumer Finance Regulatory Compliance E-Commerce & Technology

3 DAY ONE: Monday, August 24, :15 1:30 Welcome and Chair s Opening Remarks 1:30 2:30 Regulator Roundtable: Regulatory Perspectives on Cybersecurity and Beyond Having the right protective measures in place is critical and regulators are placing increased emphasis on cyber-readiness. In the first push of cybersecurity initiatives we ve seen pilot surveys, sweep exams, and risk alerts; the next phase will potentially include a focus on legislation and rulemaking. This panel of top regulators and cybersecurity experts will provide critical insights for firms of all sizes into the current and future threat landscape and best practices to consider in terms of where regulation and enforcement may be headed. Focuses of SEC and FINRA sweeps for the rest of 2015 and into 2016 How are institutions complying with cyber security frameworks? Suggestions on balancing regulatory and internal requirements The latest regulatory thoughts on vendor management How information sharing integrating cybersecurity, IT, fraud prevention, and security may be a way forward How to create an incident response plan that articulates regulatory and legal requirements Specific risks involving terminated employees, theft of hardware, and password sharing A look at the 47 state privacy notification laws Laura L. Grossman, Assistant General Counsel Investment Adviser Association Rich Hannibal, Esq., Assistant Director SEC Office of Compliance Inspections and Examinations Steven J. Randich, Executive Vice President, Chief Information Officer FINRA Andrew Hartnett, Commissioner of Securities Missouri Secretary of State s Office 2:30 2:50 Networking Break sponsored by 2:50 4:00 Effective Governance and Risk Management: Keys to Assessing and Reducing Risks in the Real World Establishing and improving your cybersecurity framework: advantages of incorporating a standard like NIST or ISO/IEC Providing meaningful metrics and cogent analysis to leadership and boards; the responsibility of boards and management in assessing risks and giving IT the tools it needs Framing cybersecurity in the same terms as other business risks Differing models firms can utilize to address the multitude of diverse and agile cyber threats The pitfalls of today s network assessments in terms of measuring risk Small firms and effectively dealing with cybersecurity on a budget Focusing on realistic questions like am I hacked?, rather than can I be hacked? Eldon Sprickerhoff, Founder & Chief Security Strategist esentire Inc. Eric Hess, Founder and Managing Director Hess Legal Counsel Jason Harrell, Corporate SIRO - Investment Management BNY Mellon Glenn A. Siriano, Principal - Information Protection & Business Resiliency KPMG 4:00 5:00 Code Blue: Developing and Implementing a Cyber- Response Plan What does an incident response plan look like? What written protocols need to be in place for a plan to be most effective? What are the must have elements of a breach response plan? Who should you contact and how to contact them? How to run effectual and efficient drills? How often should mock breach exercises be used AND updated? Cyber response for smaller firms How to maintain a nimble, swift response protocol that balances the needs of employees and clients in the face of a rapidly evolving threat landscape Is a uniform data breach response plan possible? Dianne Mattioli, Principal Regulatory Compliance Solutions Michelle Wraight, Vice President & Chief Privacy Officer Pershing LLC, a BNY Mellon company Tate Jarrow, Special Agent, New York Electronic Crimes Task Force United States Secret Service 5:00-6:00 Cocktail Reception Contact Jennifer Clemence for information on sponsoring this reception and/or more at or [email protected] DAY TWO: Tuesday, August 25, :00 8:45 Continental Breakfast 8:45 9:00 Welcome and Chair s Recap of Day One 9:00 10:00 What Hackers Don t Want You to Know: Monitoring, Testing, and the Detection of Threats Analysis of a breach in real-time what are they after and how long have they been inside A look at the types of monitoring available and the procedures, processes, and policies that support strong monitoring Making use of big data analytics for event and anomaly detection and maintaining strong detective controls Penetration tests, fire drills, and vulnerability assessments: best practices for white-hat hackers and some alternatives to standard network vulnerability detection tools Effectively analyzing tests: examining the forensic DNA of a breach to retool and better defend yourself in the future An effective cyber audit how often, and how thoroughly, should the protocol be reviewed and reassessed

4 Peter Keenan, Chief Information Security Officer Lazard Jay Leek, Chief Information Security Officer, Information Technology Blackstone Michael L Woodson, Information Systems Security Director, VP State Street Corporation Peter Keenan, Global Information Security, Head of Information Risk Governance Citi Jim Jones, PhD, Associate Professor of Computer Forensics George Mason University 10:00 11:00 We re Hit: Minimizing Damage and Saving Face after an Attack From fear to acceptance: the philosophically necessary realization that you will be compromised and how anticipate the inevitable How to respond to, and recover from, security breaches large and small Restoring systems the keys to rebooting Lessons learned: implementing process improvements and making sure it doesn t happen again Communicating with clients, regulators, constituents, and the public about a cyber-attack Benjamin Eason, CISO & Vice President Information Technology The Carlyle Group Matthew Lehman, CISO Cetera Financial Group James Markakis, Security Analyst, Systems Engineer Campbell and Company 11:00 11:15 Morning Break 11:15 12:15 Protecting Against Vendor Vulnerability What risks do third-party vendors pose and how much vendor risk management is sufficient to cover financial and legal liabilities? How to conduct adequate vendor due diligence, what questions to ask, what to require in order to do business with them and ensure you re safe? What metrics are useful for effective vendor management? Would your vendors survive a data security audit and not expose the company to major risk? What are the indemnification issues and what happens if a vendor is responsible for a breach? Negotiating changes to contracts with vendors to ensure proper security What are the current regulatory requirements and how may they change in the near future? Melissa Soiefer, Vice President Global Information Security Barclays Adam J. Reback, Chief Compliance Officer J. Goldman & Co 12:15 1:30 Networking Luncheon 1:30 2:30 The Soft Skills of Communicating Cyber Threats: Getting Internal Buy-In Excelling at the business communication s side: shaping the message to organizational decision makers and C-Suite executives Understanding leadership s view of security and how best to present the cyber landscape from training to after a breach Tactical approaches to managing internal expectations Tips to foster a top-down focus on risk management the big picture versus the bottom line Changing the conversation communicating security as an enterprise risk rather than a tech department problem Hiring decisions crafting the best team through effective leadership that empowers while dealing with a dearth of IT talent Joseph V. DeMarco, Partner DeVore & DeMarco Colleen Brown, Associate Sidley Austin 2:30 3:00 Networking Break 3:00 4:00 Learning and Benefiting from Information Sharing What are the benefits to sharing information about attacks? What the threat landscape looks like today A look at information sharing examples How information sharing and threat intelligence can be automated Collecting and collaborating on intelligence in order to retool, rebuild, and redefine your cyber strategy Building partnerships within the industry and across other industries to support situational awareness of threats Cindy Donaldson, Vice President of Products and Services FS-ISAC 4:00 5:00 Cybersecurity Insurance: Protection from the Expected An analysis of the options and need for cybersecurity insurance What should your coverage be understanding your exposure from internal and external threats Preparing for insurance audits: making certain that systems are adequate for your coverage so that your claims aren t denied With such a diverse landscape of cyber need, and such complex systems, what is being covered? Merton E. Thompson IV, Partner Burns & Levinson 5:00 End of Forum

5 Venue Details The Princeton Club 15 West 43rd Street, New York, NY (212) If you require overnight accommodation for this conference, please contact any of the following nearby hotels to check their best available corporate rate over this time frame, or consult your local travel agent. Please note that FRA has not negotiated rates with any of these hotels. Area Hotels: InterContinental Times Square Westin Times Square Millennium Broadway Hotel Hotel Sofitel New York Team Discounts Three people will receive 10% off Four people will receive 15% off Five people or more will receive 20% off In order to secure a group discount, all delegates must place their registrations at the same time. Group discounts cannot be issued retroactively. For more information, please contact Whitney Betts at or [email protected]. Refunds and Cancellations For information regarding refund, complaint and/or program cancellation policies, please visit our website: thefineprint.aspx CPE CREDITS Financial Research Associates, LLC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: Top Reasons to Attend Identify the focus of SEC, FINRA, and possible FCA sweeps for the rest of 2015 and into 2016 Learn how to create a crisis management plan for firms of all sizes that articulates regulatory and legal requirements Hear how to maintain a nimble, swift response protocol that balances the needs of employees and clients in the face of a rapidly evolving threat landscape Uncover the best penetration tests, fire drills, and vulnerability assessments and best practices for white-hat hackers, as well as some alternatives to standard network vulnerability detection tools Understand the philosophically necessary realization that you will be compromised and how to anticipate the inevitable Network with peers and industry thought leaders! The Conference Organizer Financial Research Associates provides the financial community with access to business information and networking opportunities. Offering highly targeted conferences, FRA is a preferred resource for executives and managers seeking cutting-edge information on the next wave of business opportunities. Please visit for more information on upcoming events. Silver Sponsor 3Threat Protection solutions and services, the most comprehensive way to defend enterprises from advanced and never-before-seen cyber threats. esentire s flagship offering, Network Interceptor, challenges legacy security approaches, combining behavior-based analytics, immediate mitigation and actionable intelligence on a 24x7x365 basis. The company s dedicated team of security experts continuously monitors customer networks to detect and block cyber attacks in real-time. For more information visit and on Twitter. Bronze Sponsor The recommended CPE credit for this course is 11 credits in the following field(s) of study: Specialized Knowledge and Applications For more information, visit our website: Media Partners

6 tttb CYBERSECURITY VIGILANCE FOR BDs AND IAs Four Ways to Register Fax Call Web Mail FRA NE Cedar Drive Battle Ground, WA Please Mention This Priority Code When Registering FINANCIAL RESEARCH ASSOCIATES 200 WASHINGTON ST. SUITE 201 SANTA CRUZ, CA ATTENTION MAILROOM: If undeliverable, please forward to the CHIEF COMPLIANCE OFFICER OR CHIEF INFORMATION SECURITY OFFICER Standard Conference $2095 Early Bird Rate - on and before July 17, 2015 $1895 Payment Method: Payments must be received no later than (insert August date 17, one 2015 week before conference start date) Please bill my: MC VISA AMEX DISCOVER Card Holder s Name: Name Company Address City Phone Title State INCORRECT MAILING INFORMATION: If you are receiving multiple mailings, have updated information or would like to be removed from our database, please fax our database team at or call Please keep in mind that amendments can take up to 8 weeks. Zip Exp. Date: Signature: Check enclosed: Please bill me later: Make checks payable to Wilmington Financial Research Associates, and write B973 on your check Conference Code: B973 (tax i.d ). EARN UP TO 11 CPE CREDITS AT THIS MUST ATTEND EVENT! FINANCIAL RESEARCH ASSOCIATES PRESENTS CYBERSECURITY VIGILANCE FOR BDs AND IAs Compliance and IT Collaboration on Data and Network Protection August 24-25, 2015 Princeton Club New York, NY It s time to take your information security programs to the next level with this event featuring the thought-leadership of the industry! TO REGISTER: CALL OR VISIT US AT