Moving From Security to Governance, Risk, and Compliance? Campus Perspectives Panel

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Moving From Security to Governance, Risk, and Compliance? Campus Perspectives Panel"

Transcription

1 Peter Murray Co-Chair Higher Ed Information Security Council (HEISC) Moving From Security to Governance, Risk, and Compliance? Campus Perspectives Panel

2 Today s Panelists Peter Murray University of Maryland Rob Adams University of Florida Michele Norin University of Arizona Joe St. Sauver University of Oregon [ # ] 2014 Internet2

3 Moving From Security to Governance, Risk, and Compliance? Campus Perspectives Panel Joe St Sauver, Ph.D. Internet2 Global Summit, Denver Colorado Tuesday, April 8 th, :45-10:00AM Governor's Square 11 Disclaimer: all opinions expressed are strictly my own.

4 A Lot Has Been Changing in Security, Par7cularly in the Higher Ed Community Higher ed organiza7ons that have been involved with security have been evolving (including the Higher Educa7on Informa7on Security Council (HEISC). Personnel and their roles have also been changing, and some higher ed security ac7vi7es have (for whatever reason) seemingly have gone dormant. Security threats haven't disappeared, however. We're s7ll seeing as many or MORE technical security threats as in the past. Our topic today, however, relates to the (poten7al) evolu7on of higher "opera7onal/technical security" to "governance, risk and compliance" (hereaher "GRC"). 4

5 Paul Proctor (Gartner) on "What Is GRC?" "GRC is the most worthless term in the vendor lexicon. Vendors use it to describe whatever they are selling and Gartner clients use it to describe whatever problem they have. For seven years I have balled this monolithic term and I fear I m losing the balle. The alterna7ve is to try to bring some clarity to its usage by defining some boundaries. "Here is our published GRC defini7on, which I [e.g., Paul Proctor] like[s]: "GRC is neither a project nor a technology, but a corporate objec7ve for improving governance through more- effec7ve compliance and a beler understanding of the impact of risk on business performance. Governance, risk management and compliance have many valid defini7ons. The following defini7ons illustrate the rela7onship of the three terms and serve for Gartner s GRC research: Governance The process by which policy is set and decision making is executed. Risk Management The process for preven7ng an unacceptable level of uncertainty in business objec7ves with a balance of avoidance through reconsidera7on of objec7ves, mi7ga7on through the applica7on of controls, transfer through insurance and acceptance through governance mechanisms. It is also the process to ensure that important business processes and behaviors remain within the tolerances associated with policies and decisions set through the governance process. Compliance The process of adherence to policies and decisions. Policies can be derived from internal direc7ves, procedures and requirements, or external laws, regula7ons, standards and agreements." hlp://blogs.gartner.com/paul- proctor/2013/05/13/why- i- hate- the- term- grc/ 5

6 Opera7onal/Tech Security: Technical focus Audiences: users, "techies" Prac77oner background: o`en computer science Tools: improved coding, encryp7on, ac7ve scanning, passive monitoring, firewalls, an7- virus, forensics, etc. Success? system usable and not hacked/cracked; no breach of PII, etc. Some Challenges: personnel (huge demand for technical talent, limited pipeline); resources (huge popula7on to help but few resources); security v. user convenience Opera7onal/Tech Security vs GRC GRC NON- technical focus Audience: board, sr. execs, auditors, policy folks Prac77oner background: o`en law, public policy, management, etc. Tools: statutes/regula7ons/ policies, plans, audits/other reports, cost analyses, resource alloca7on choices Success? Followed plan and on budget; complied with all laws/ specs; no bad publicity. Some Challenges: s7ll seeing breaches even when "fully compliant;" all that "techie" security stuff... 6

7 CIOs/CISOs And How We're GeTng To GRC... Assume you're a Chief Informa7on Officer (CIO) [or maybe a Chief Informa7on Security Officer (CISO)]. Cyber security is increasingly "in the news." Execu7ve leadership wants to know "what's going on" in cyber security and "what steps are being taken to keep our ins7tu7on safe?" Given the "importance of the issue" you've been given a "long" presenta7on slot (e.g., ten minutes) at the next execu7ve leadership mee7ng to explain "in detail" what's being done [including five minutes for Q&A]. Members of the execu7ve leadership team are smart men and women, but they're juggling a million other major issues, too, and they're not really highly technical people. So what do you cover during that session? 7

8 Maybe Opera7onal Security Issues? The implica7ons of MS Windows XP going end- of- life and no longer gejng security patches from Microso`, including your strategy for handling those EOL systems? Recent alempts to phish members of the campus community, and the role of mul7factor authen7ca7on? Cryptolocker and other major recent malware threats? New results from scanning the campus for hitherto- unknown caches of personally iden7fiable informa7on? The security benefits of the latest cloud- based security applica7on the university would like to adopt, if funded? All terrific and important opera7onal security topics, but NONE can be part of your presenta7on to the board: it would take too long to cover even just one such topic. Mr. Fail Boat says, "Ah ooh gah... now depar7ng, pier #1..." 8

9 OR... Do You Talk About "GRC"? Governance: someone's in charge of cybersecurity. There's a firm hand on the security 7ller, and oversight. An "adult" is paying alen7on to what's going on in that area. Risk: We're "business savvy." We "get it" that fixing stuff costs money. We're not going to try to fix "everything," or buy solu7ons just because they're technically "cool," we're only going to fix the security stuff that's really a problem, and only when it makes financial sense. There's a responsible hand on the ins7tu7onal checkbook. Compliance: If the law says we have to do something (par7cularly i`here are consequences if we don't), we know what we're supposed to do and we're going to do it, we're not ignoring specific legal requirements. Audits aren't going to come back full of embarrassing findings. GRC == a well- tailored approach for *that* audience. 9

10 GRC Uptake Is Also Driven By "The Cloud" If you're outsourcing facili7es and applica7ons to third par7es, your ability to even a/empt to do technical security may be disappearing (you may simply not have the access you need to do technical security any more e.g., you may not be allowed to check data center physical security, sniff traffic or ac7vely scan the systems that are hos7ng your cloud based applica7ons). So what's le`? Governance decisions about what applica7ons will move to the cloud and who the organiza7on will use and trust. Risk management via SLAs and contractually enforced protec7ve mechanisms Audit reports ales7ng to compliance with all applicable standards and requirements... If you're going to the cloud, you ARE going toward GRC. 10

11 Contras7ng Approaches: Awareness & Training Opera7onal security approach: many of the vulnerabili7es we see are associated with badly wrilen web applica7ons. Let's bring in some experts in the OWASP Top 10 web security issues, and ensure our developers know how to avoid accidentally allowing those bugs into the applica7ons that they write. [in- depth technical training, selec7vely targeted, driven by observed local vulnerabili7es] The GRC approach: The security framework we've adopted requires us to do annual security awareness training for our community, and if we don't do that training, we won't be in compliance and some users may end up gejng phished. Let's buy SANS "Securing the Human" training for end users. It not only ensures we're compliant, "it offers training that changes behaviors and reduces risk." Non- rhetorical ques7on: which approach is "beler?" 11

12 Compe77on for Resources In an ideal world, we'd want BOTH opera7onal/technical security AND GRC- based approaches. Unfortunately, in the real world, you've got finite budget and personnel slots. If you buy more OpSec people, you have less money le` for GRC people, and vice- versa. Note that GRC has an "unfair" advantage in this compe77on: GRC- oriented people have direct access to senior leadership, and "they talk the language of those that hold the purse strings:" we've got a plan, there's an adult in charge, we're business savvy, and if you do what we tell you, you won't end up embarrassed. But "bea7ng" OpSec people and successfully pushing GRC- based approaches may be a Pyrrhic victory (a victory with such a terrible cost that it is tantamount to defeat). 12

13 100% Compliant, But Also 100% P0n3d? You've made some hard choices, and allocated your limited resources. You're 100% compliant with all applicable requirements. You've assessed the risks your school faces, and your governance commilee has signed off on a plan that follows a well known security framework. Unfortunately, doing so has meant that you didn't have much money (or many staff slots) le` for opera7onal/technical cyber security. Late one Friday night you're contacted by a reporter from CNN... the "unthinkable" has happened and a major breach has occurred, exploi7ng a technical vulnerability that you knew about, but which was deemed "low risk..." [Pinkie Pie graphic from hlp://mlp.wikia.com/wiki/pinkie_pie, CC- BY- SA] 13

14 What Will You Say/Do? We can talk about the hypothe7cal case from the preceding slide, or about decisions in real life (someday, the two may even be exactly the same, unfortunately) You can fully meet all expecta7ons of a GRC- oriented approach, and STILL end up experiencing a breach. If you'd spent more of your resources on technical/opera7onal security, you might not have experienced a breach - - but then again, inves7ng in technical/opera7onal security also might make no difference. What will YOU say/do? 14

15 Governance, Risk, & Compliance 15

16 Governance Engaging the Campus Security landscape is changing Level of resources can t compete Openness vs. lock- down strained Assets at risk are shi`ing Rethinking tolerance for risk Need more ver7cal and horizontal involvement in security planning 16

17 Commonly targeted types of data* Sensi7ve Enterprise Data Employee data Student records Financial data Recruitment and marke7ng data Research with Poten7al Economic Value Energy technology Biotechnology, medical, and pharmaceu7cals Engineering New materials, such as semi- conductors Informa7on technology * Adapted from: Universi7es UK. Cyber security and universi7es: managing the risk. November Poli7cally or Commercially Sensi7ve Informa7on Climate modeling Economic data and projec7ons Live animal research Product development data Informa7on used for expert tes7mony 17

18 Poten7al impact of cyber alacks Reputa7on May harm the University s reputa7on in the eyes of alumni, students, partners, businesses, and government agencies Legal May leave the University in viola7on of laws or contract requirements Risk of prosecu7on, financial penal7es, or withdrawal of exis7ng and future funding Economic May undermine the University s ability to capitalize on poten7al intellectual property or knowledge transfer Opera7onal May disrupt normal opera7ons and result in significant remedial cost 18

19 Governance, Risk, & Compliance 19

20 Moving From Security to Governance, Risk and Compliance Informa7on Security Informa7on Security and the Informa7on Security Council (HEISC) Established by EDUCAUSE and Internet2 in July 2000 Successfully providing a wealth of helpful resources to the higher educa7on community The Higher Educa7on Informa7on Security Council (HEISC) mission has been to improve informa7on security, data protec7on, and privacy programs across the higher educa7on sector. It has ac7vely developed and promoted leadership; awareness and understanding; effec7ve prac7ces and policies; and solu7ons for the protec7on of cri7cal data, IT assets, and infrastructures for the higher educa7on community.

21 Moving From Security to Governance, Risk and Compliance Three Areas of Focus for HEISC in 2014 Strengthen Founda7ons The council will strengthen communica7ons and marke7ng of exis7ng resources, especially to CIOs. HEISC will strengthen collabora7on and coordinate conversa7ons and ac7vi7es with partner organiza7ons such as Educause, Internet2, InCommon, and the REN- ISAC. Con7nue to Build the Informa7on Security Profession Annual Security Professionals Conference Expand and enhance a mentoring pilot program, while crea7ng career development tools and resources that balance the technical and business needs of the profession. Promote the use of its key publica7on, the InformaDon Security Guide, to security prac77oners and other campus business groups. Advance Informa7on Security Strategies in Higher Educa7on Begin building an Informa7on Security Peer Review Program to be used by ins7tu7ons for benchmarking and maturity assessment. Assist with building the EDUCAUSE Governance, Risk, and Compliance (GRC) program.

22 Moving From Security to Governance, Risk and Compliance Governance, Risk and Compliance (GRC) Moving from a specific focus on informa7on security ac7vi7es to: An alignment with an ins7tu7on s broader strategic goals; A process for iden7fying, assessing and mi7ga7ng risks; Policies and procedures for complying with audit requirements, laws and regula7ons.

23 Moving From Security to Governance, Risk and Compliance Let s Talk About the R : IT Risk Management IT risk management refers to the process of iden7fying risk, assessing risk, and priori7za7on of the major IT risks associated with the organiza7on s key objec7ves. Once the risks have been priori7zed, the organiza7on proceeds with taking steps to reduce risk to acceptable levels, or in some cases, to assume the iden7fied risk. This typically means developing policies, procedures and ac7on items (projects) to engage changes to exis7ng systems, and integra7ng risk mi7ga7on strategies into the life cycle for new systems. The process includes monitoring risk mi7ga7on ac7vi7es to ensure that the risk has been reduced.

24 Moving From Security to Governance, Risk and Compliance Let s Talk About the R : Enterprise IT Risk Management Enterprise IT risk management programs move beyond informa7on systems and security risks associated with the IT organiza7on. Ins7tu7onal focus, not unit- specific. Aligns and priori7zes ac7vi7es to address the iden7fied IT risks that impact university- wide academic and business opera7ons. These are IT risks that have a substan7al financial impact, lead to lost produc7vity, a distrac7on from ins7tu7onal goals, cause nega7ve publicity, affect ins7tu7onal reputa7on, etc. Enterprise IT risk management strategies help protect the ins7tu7on so that it can achieve its strategic goals. Enterprise IT risk management requires collabora7on between IT and the other academic and business areas of the university it will not be effec7ve if it is just an IT organiza7on ac7vity. One ques7on to ask in iden7fying these enterprise IT risks is: What are the IT risks that would cause the university to fail to achieve its ins7tu7onal goals and opera7onal excellence?

25 Moving From Security to Governance, Risk and Compliance Let s Talk About the R : Enterprise Risk Management Enterprise risk management (ERM) is con7nuing to mature and be implemented in higher educa7on ins7tu7ons. In 2003, Felix Kloman, founder and editor of Risk Management Reports, said that in the future ins7tu7ons will look at risks affec7ng the whole of an organiza7on and they will be enterprise- wide, integrated and holis7c. 1 In 2013, Janice M. Abraham, President and CEO of United Educators, says the future is here for enterprise risk management. 1 Colleges and universi7es are assessing risks associated with physical assets, people assets, and cyber assets. 1 Good Risk Management Is Good Governance an ar7cle excerpted from Risk Management: An Accountability Guide for University and College Boards (AGB Press, 2013), by Janice M. Abraham.

26 Moving From Security to Governance, Risk and Compliance Let s Talk About the R : Enterprise Risk Management Sponsored and led by the President; It is a process effected by an organiza7on s leadership; Developed and managed at the enterprise level with all key academic and business areas included; Designed to iden7fy and mi7gate risks that would impact strategic objec7ves; Provides a framework for determining risk tolerance, developing mi7ga7ng strategies, and alloca7ng resources.

27 Moving From Security to Governance, Risk and Compliance Let s Talk About the R : Enterprise Risk Management ERM Structure at the University of Maryland, Bal7more President Execu7ve Commimee ERM Steering Commimee Subject Area Workgroups: IT Systems and Security Academic Affairs Campus security and public safety Clinical prac7ce External and internal rela7ons Facili7es Environmental Health and Safety Finance and internal controls Global ac7vi7es Government regulatory/compliance Human resources Research Risk management and insurance Collabora7on across the enterprise Added visibility and value to IT Systems and Security

28 Moving From Security to Governance, Risk and Compliance Let s Talk About the R : Enterprise Risk Management The ERM process is just as important as the product it s a process not a project; Creates a risk aware culture throughout the enterprise; And influences an important posi7ve change as the ins7tu7on moves from security to an enterprise program of governance, risk and compliance.

29 Governance, Risk, & Compliance 29

30 Compliance: Not Alphabet Soup GLBA CFA DPPA ITAD A pcidss ECPA A CPNI

31 What is Compliance? The process of adherence to policies and decisions. Policies can be derived from internal direc7ves, procedures and requirements, or external laws, regula7ons, standards and agreements. Compliance focuses on valida7on, security focuses on protec7on Compliance standards tend to be sta7c in nature and are slow to be updated where security is dynamic and ever changing hlp://blogs.gartner.com/paul- proctor/2013/05/13/why- i- hate- the- term- grc/

32 How is Compliance Achieved? It is achieved through management processes which Iden7fy the applicable requirements (e.g. laws, regula7ons, contracts) Assess the current state of compliance Assess the risks and poten7al costs of non- compliance against the projected expenses to achieve compliance Priori7ze and ini7ate any correc7ve ac7ons deemed necessary

33 Does Compliance Equal Security? Two different measurements which are not interchangeable You may be compliant, yet not secure You may be secure, yet not compliant

34 The Evolving Landscape ALacks con7nue to grow beyond most preven7on & detec7on technologies and techniques Barriers to entry for bad actors are low Ability to apply invasive controls will be limited as IT will not directly own a user s device or the services provisioned to the device

35 Importance of Governance, Risk Management and Compliance Informa7on security is not only a technical issue It is a business and governance challenge that involves adequate risk management, repor7ng and accountability. Effec7ve security requires the ac7ve involvement of management to assess emerging threats and the response to them. Risk Decisions Transfer Accept Reduce Share University Mission Pa7ent care Service Research Educa7on The goal is to reduce adverse impacts to an acceptable level of risk Balance risk with the missions of educa7on, research, service and pa7ent care.

Protec'ng Informa'on Assets - Week 8 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protec/ng Informa/on Assets Greg Senko

Protec'ng Informa'on Assets - Week 8 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protec/ng Informa/on Assets Greg Senko Protec'ng Informa'on Assets - Week 8 - Business Continuity and Disaster Recovery Planning MIS5206 Week 8 In the News Readings In Class Case Study BCP/DRP Test Taking Tip Quiz In the News Discuss items

More information

Top Practices in Health IT Compliance. Data Breach & Leading Program Prac3ces

Top Practices in Health IT Compliance. Data Breach & Leading Program Prac3ces Top Practices in Health IT Compliance Data Breach & Leading Program Prac3ces Overview Introduc3on to ID Experts & Secure Digital Solu3ons Healthcare Data Breach Trends & Drivers Data Incident Management

More information

San Francisco Chapter. Presented by Mike O. Villegas, CISA, CISSP

San Francisco Chapter. Presented by Mike O. Villegas, CISA, CISSP Presented by Mike O. Villegas, CISA, CISSP Agenda Information Security (IS) Vision at Newegg.com Typical Issues at Most Organizations Information Security Governance Four Inter-related CoBIT Domains ISO

More information

Channel Bytes. Accelera'ng Managed Services

Channel Bytes. Accelera'ng Managed Services Channel Bytes Accelera'ng Managed Services Housekeeping Webinar is being recorded. Slides and recording link will be available tomorrow.? Contact informa8on is provided at the end of the webinar. #channelbytes

More information

Developing Your Roadmap The Association of Independent Colleges and Universities of Massachusetts. October 3, 2013

Developing Your Roadmap The Association of Independent Colleges and Universities of Massachusetts. October 3, 2013 Developing Your Roadmap The Association of Independent Colleges and Universities of Massachusetts October 3, 2013 Agenda 1. Introductions 2. Higher Ed Industry Trends 3. Technology Trends in Higher Ed

More information

Program Model: Muskingum University offers a unique graduate program integra6ng BUSINESS and TECHNOLOGY to develop the 21 st century professional.

Program Model: Muskingum University offers a unique graduate program integra6ng BUSINESS and TECHNOLOGY to develop the 21 st century professional. Program Model: Muskingum University offers a unique graduate program integra6ng BUSINESS and TECHNOLOGY to develop the 21 st century professional. 163 Stormont Street New Concord, OH 43762 614-286-7895

More information

Computer Security Incident Handling Detec6on and Analysis

Computer Security Incident Handling Detec6on and Analysis Computer Security Incident Handling Detec6on and Analysis Jeff Roth, CISSP- ISSEP, CISA, CGEIT Senior IT Security Consultant 1 Coalfire Confiden+al Agenda 2 SECURITY INCIDENT CONTEXT TERMINOLOGY DETECTION

More information

Information and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework

Information and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework Information and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework Don t screw with my chain, dude! Jon Boyens Computer Security Division IT Laboratory November

More information

MAXIMIZING THE SUCCESS OF YOUR E-PROCUREMENT TECHNOLOGY INVESTMENT. How to Drive Adop.on, Efficiency, and ROI for the Long Term

MAXIMIZING THE SUCCESS OF YOUR E-PROCUREMENT TECHNOLOGY INVESTMENT. How to Drive Adop.on, Efficiency, and ROI for the Long Term MAXIMIZING THE SUCCESS OF YOUR E-PROCUREMENT TECHNOLOGY INVESTMENT How to Drive Adop.on, Efficiency, and ROI for the Long Term What We Will Cover Today Presenta(on Agenda! Who We Are! Our History! Par7al

More information

Poten&al Impact of FDA Regula&on of EMRs. October 27, 2010

Poten&al Impact of FDA Regula&on of EMRs. October 27, 2010 Poten&al Impact of FDA Regula&on of EMRs October 27, 2010 Agenda The case for regula&ng Impact on manufacturers Impact on providers Recommenda&ons and best prac&ces 2 A Medical Device Is an instrument,

More information

Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES

Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP EVA.KUIPER@HP.COM HP ENTERPRISE SECURITY SERVICES Agenda Importance of Common Cloud Standards Outline current work undertaken Define

More information

Selling Hosted MS Exchange 2010 & SharePoint

Selling Hosted MS Exchange 2010 & SharePoint Selling Hosted MS Exchange 2010 & SharePoint Presenters: David Kidd, Senior Manager, Product Management Verio Tim Shields, President and Owner Shields Technologies Moderator: Janine Soika, Channel Market

More information

Main Research Gaps in Cyber Security

Main Research Gaps in Cyber Security Comprehensive Approach to cyber roadmap coordina5on and development Main Research Gaps in Cyber Security María Pilar Torres Bruna everis Aerospace and Defence Index CAMINO WP2: Iden8fica8on and Analysis

More information

FTC Data Security Standard

FTC Data Security Standard FTC Data Security Standard The FTC takes the posi6on (Being tested now in li6ga6on) that Sec6on 5 of the FTC Act requires Reasonable Security under the circumstances: that companies have reasonable controls

More information

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector New York State Department of Financial Services Report on Cyber Security in the Insurance Sector February 2015 Report on Cyber Security in the Insurance Sector I. Introduction Cyber attacks against financial

More information

Oracle Solu?ons for Higher Educa?on

Oracle Solu?ons for Higher Educa?on Presented with Oracle Solu?ons for Higher Educa?on Cole Clark Global Vice President Oracle, Educa?on & Research June 12, 2014 Oracle Confiden?al Internal/Restricted/Highly Restricted Safe Harbor Statement

More information

HIPAA Breaches, Security Risk Analysis, and Audits

HIPAA Breaches, Security Risk Analysis, and Audits HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC What cons?tutes PHI? HIPAA provides a list of 18 iden?fiers that cons?tute PHI. Any one of these iden?fiers

More information

Part 1 : STRATEGIC : But let s begin with WHY : Why are we doing this?

Part 1 : STRATEGIC : But let s begin with WHY : Why are we doing this? Part 1 : STRATEGIC : Why DO we care?? What is YOUR cri=cal message? And WHO do you need to reach? : I ll try and give you some pointers and ideas for where to look and how to figure that out for your cons=tuents

More information

Founda'onal IT Governance A Founda'onal Framework for Governing Enterprise IT Adapted from the ISACA COBIT 5 Framework

Founda'onal IT Governance A Founda'onal Framework for Governing Enterprise IT Adapted from the ISACA COBIT 5 Framework Founda'onal IT Governance A Founda'onal Framework for Governing Enterprise IT Adapted from the ISACA COBIT 5 Framework Steven Hunt Enterprise IT Governance Strategist NASA Ames Research Center Michael

More information

How To Perform a SaaS Applica7on Inventory in. 5Simple Steps. A Guide for Informa7on Security Professionals. Share this ebook

How To Perform a SaaS Applica7on Inventory in. 5Simple Steps. A Guide for Informa7on Security Professionals. Share this ebook How To Perform a SaaS Applica7on Inventory in 5Simple Steps A Guide for Informa7on Security Professionals WHY SHOULD I READ THIS? This book will help you, the person in the organiza=on who cares deeply

More information

High School Juniors Views on Free Enterprise and Entrepreneurship: A Na<onal Survey

High School Juniors Views on Free Enterprise and Entrepreneurship: A Na<onal Survey High School Juniors Views on Free Enterprise and Entrepreneurship: A Na

More information

Cloud Compu)ng in Educa)on and Research

Cloud Compu)ng in Educa)on and Research Cloud Compu)ng in Educa)on and Research Dr. Wajdi Loua) Sfax University, Tunisia ESPRIT - December 2014 04/12/14 1 Outline Challenges in Educa)on and Research SaaS, PaaS and IaaS for Educa)on and Research

More information

Developing a Full- Spectrum Security Training Program

Developing a Full- Spectrum Security Training Program Developing a Full- Spectrum Security Training Program Wayne State University Compu3ng & Informa3on Kevin Hayes, CISSP, CISM Informa)on Security Officer Geoff Nathan Faculty Liason Agenda Background Our

More information

David S. Lee, MPH. Campus sexual violence preven;on: An overview of opportuni;es and challenges in policy and programs

David S. Lee, MPH. Campus sexual violence preven;on: An overview of opportuni;es and challenges in policy and programs David S. Lee, MPH Campus sexual violence preven;on: An overview of opportuni;es and challenges in policy and programs APHA Annual Mee+ng, Chicago, IL, November 2015 Disclosures I have no disclosures to

More information

The Road To Project Governance at Utah State University

The Road To Project Governance at Utah State University The Road To Project Governance at Utah State University Three Key Things About Project Governance: 1. Project governance is a cri2cal element of any project 2. It provides a... consistent method... ensuring...

More information

Cyber Threat Intelligence Sharing: Lessons Learned, ObservaMons, RecommendaMons

Cyber Threat Intelligence Sharing: Lessons Learned, ObservaMons, RecommendaMons Cyber Threat Intelligence Sharing: Lessons Learned, ObservaMons, RecommendaMons Bob Gourley, Partner, Cognitio September 9, 2015 How we think. Disclaimer There is a great deal of text on these slides.

More information

Project Por)olio Management

Project Por)olio Management Project Por)olio Management Important markers for IT intensive businesses Rest assured with Infolob s project management methodologies What is Project Por)olio Management? Project Por)olio Management (PPM)

More information

Project Management Introduc1on

Project Management Introduc1on Project Management Introduc1on Session 1 Part I Introduc1on By Amal Le Collen, PMP Dr. Lauren1u Neamtu, PMP Session outline 1. PART I: Introduc1on 1. The Purpose of the PMBOK Guide 2. What is a project?

More information

Informa.on Systems in Organiza.ons

Informa.on Systems in Organiza.ons Informa.on Systems in Organiza.ons MIS 2101 Week 7 / Chapter 7 Enhancing Business Processes Using Enterprise Informa.on Systems Photo: Objet Mathema+que by Man Ray, 1934 Chapter 7 Learning Objec.ves Core

More information

Change Management Strategies to Increase Adop5on of Systems, Programs and Processes

Change Management Strategies to Increase Adop5on of Systems, Programs and Processes Change Management Strategies to Increase Adop5on of Systems, Programs and Processes Theresa Rabe, Deputy Director of HR, County of San Mateo Jay Krishnan, Director, Product Marke5ng, GuideSpark October

More information

Building your cloud porbolio APS Connect

Building your cloud porbolio APS Connect Building your cloud porbolio APS Connect 5 th November 2014 Duncan Robinson, Parallels Business Consul3ng Introduc/on to BCS Who are we? Created 3 years ago in response to partner demand Define the strategy

More information

Covered En**es Should Periodically Audit Third Party Vendors/Business Associates Why, What, & How?

Covered En**es Should Periodically Audit Third Party Vendors/Business Associates Why, What, & How? Covered En**es Should Periodically Audit Third Party Vendors/Business Associates Why, What, & How? March 27 th 12 pm EDT Moderator: Gerry Blass Panelists: Mac McMillan, Francois Bodhuin, Lou Dignam Webinar

More information

DTCC Data Quality Survey Industry Report

DTCC Data Quality Survey Industry Report DTCC Data Quality Survey Industry Report November 2013 element 22 unlocking the power of your data Contents 1. Introduction 3 2. Approach and participants 4 3. Summary findings 5 4. Findings by topic 6

More information

Cyber Supply Chain Risk Management Portal

Cyber Supply Chain Risk Management Portal Cyber Supply Chain Risk Management Portal Dr. Sandor Boyson, Director, Supply Chain Management Center& Holly Mann, Chief InformaBon Officer R.H. Smith School Of Business The Cyber Supply Chain Challenge

More information

Legacy Archiving How many lights do you leave on? September 14 th, 2015

Legacy Archiving How many lights do you leave on? September 14 th, 2015 Legacy Archiving How many lights do you leave on? September 14 th, 2015 1 Introductions Wendy Laposata, Himforma(cs Tom Chase, Cone Health 2 About Cone Health More than 100 loca=ons 6 hospitals, 3 ambulatory

More information

S24 Virtualiza.on Security from the Auditor Perspec.ve

S24 Virtualiza.on Security from the Auditor Perspec.ve S24 Virtualiza.on Security from the Auditor Perspec.ve Rob Clyde, CEO, Adap.ve Compu.ng; former CTO, Symantec David Lu, Senior Product Manager, Trend Micro Hemma Prafullchandra, CTO/SVP Products, HyTrust

More information

Managed Services. An essen/al set of tools for today's businesses

Managed Services. An essen/al set of tools for today's businesses Managed Services An essen/al set of tools for today's businesses Manage your enterprise better with a holis/c solu/on to all your IT worries only at Infolob What are Managed Services? By far the most cu/ng

More information

Webinar Series on Internal Carbon Pricing

Webinar Series on Internal Carbon Pricing Webinar Series on Internal Carbon Pricing Prac&cal Experiences from the Private Sector Featuring Nov 2, 2016 A webinar series from Housekeeping Par&cipants are invited to submit their ques&ons via the

More information

Mastering Your Data Center Move

Mastering Your Data Center Move Mastering Your Data Center Move Steps to a Successful Project PRESENTERS: Dean Evans and Art Dooling Introduc;ons Dean Evans: Director of the Empower prac;ce at Align 15+ years of experience in technology

More information

Achieving Global Cyber Security Through Collaboration

Achieving Global Cyber Security Through Collaboration Achieving Global Cyber Security Through Collaboration Steve Purser Head of Core Operations Department November 2013 European Union Agency for Network and Information Security www.enisa.europa.eu Agenda

More information

PCI VERSION 2.0 AND RISK MANAGEMENT. Doug Landoll, CISSP, CISA, QSA, MBA Practice Director Risk and Compliance Management

PCI VERSION 2.0 AND RISK MANAGEMENT. Doug Landoll, CISSP, CISA, QSA, MBA Practice Director Risk and Compliance Management PCI VERSION 2.0 AND RISK MANAGEMENT Doug Landoll, CISSP, CISA, QSA, MBA Practice Director Risk and Compliance Management Objec&ve: Protect cardholder data (CHD) wherever it resides Applica&on: All card

More information

Range of Organiza7onal Approaches

Range of Organiza7onal Approaches Status of Design and Implementa7on Plan for UH System and Mānoa Organiza7onal Changes and Consolida7ons to Improve the Efficiency and Effec7veness of Support Services Presenta7on to UH Board of Regents

More information

Paco Hope <paco@cigital.com> Florence Mo ay <fmo ay@cigital.com> 2012 Cigital. All Rights Reserved. SecAppDev. Define third party so ware

Paco Hope <paco@cigital.com> Florence Mo ay <fmo ay@cigital.com> 2012 Cigital. All Rights Reserved. SecAppDev. Define third party so ware Paco Hope Florence Moay 2012 Cigital. All Rights Reserved. SecAppDev 1 Objectives Define third party soware What it is, why we use it Define the risks from third

More information

Build a HIPAA- Compliant Prac5ce. Wes Strickling, Founder & CEO

Build a HIPAA- Compliant Prac5ce. Wes Strickling, Founder & CEO Build a HIPAA- Compliant Prac5ce Wes Strickling, Founder & CEO Agenda What is HIPAA Compliance? What does it mean to your prac5ce? What should you do? Q & A What Is HIPAA Compliance? Health Insurance Portability

More information

First Na)on Project Management Boot Camp

First Na)on Project Management Boot Camp First Na)on Project Management Boot Camp Links to Learning - Ontario: Building a Sustainable Future Thunder Bay, Ontario What is a Project / Project Management? A project can be defined as a temporary

More information

How Do You Secure An Environment Without a Perimeter?

How Do You Secure An Environment Without a Perimeter? How Do You Secure An Environment Without a Perimeter? Using Emerging Technology Processes to Support InfoSec Efforts in an Agile Data Center PTC Briefing January 18, 2015 About the Presenters CHARLA GRIFFY-BROWN

More information

Qubera Solu+ons Access Governance a next genera0on approach to Iden0ty Management

Qubera Solu+ons Access Governance a next genera0on approach to Iden0ty Management Qubera Solu+ons Access Governance a next genera0on approach to Iden0ty Management Presented by: Toby Emden Prac0ce Director Iden0ty Management and Access Governance Agenda Typical Business Drivers for

More information

How and When to Use Social Media Channels to Strategically Support Government Goals

How and When to Use Social Media Channels to Strategically Support Government Goals How and When to Use Social Media Channels to Strategically Support Government Goals October 2012 Prepared by Craig Thomler Managing Director Delib Australia Pty Ltd Email: craig@delib.net.au Phone: 0411

More information

Roles for Local Health Departments in Accountable Care Organiza;ons Richard Ingram, Dr.P.H., Julia Cos8ch, Ph.D., J.D., F. Douglas Scutchfield, M.D.

Roles for Local Health Departments in Accountable Care Organiza;ons Richard Ingram, Dr.P.H., Julia Cos8ch, Ph.D., J.D., F. Douglas Scutchfield, M.D. Roles for Local Health Departments in Accountable Care Organiza;ons Richard Ingram, Dr.P.H., Julia Cos8ch, Ph.D., J.D., F. Douglas Scutchfield, M.D. University of Kentucky College of Public Health Disclaimer

More information

Academic Career Paths and Job Search

Academic Career Paths and Job Search Academic Career Paths and Job Search Padma Raghavan, Penn State Susan Rodger, Duke University Modified Slides from Margaret Martonosi, Mary Lou Soffa, Tiffani Williams and Erin Solovey About this session

More information

RTPD project. 10 steps to replicate development empowerment medium in developing countries. NGO: REDDES Country: Mexico Region: Latin Amercia

RTPD project. 10 steps to replicate development empowerment medium in developing countries. NGO: REDDES Country: Mexico Region: Latin Amercia RTPD project 10 steps to replicate development empowerment medium in developing countries NGO: REDDES Country: Mexico Region: Latin Amercia What is RTPD? RTPD stands for: Red de Talleres de Producción

More information

HIPAA Compliance and Electronic Protected Health Informa6on: Ignorance is not bliss!

HIPAA Compliance and Electronic Protected Health Informa6on: Ignorance is not bliss! Maxxum, Inc. HIPAA Compliance and Electronic Protected Health Informa6on: Ignorance is not bliss! Medical Device ephi Risk Iden6fica6on and Mi6ga6on Webinar Overview Relevance why this topic? Risk a perspective

More information

What does it mean to be a leader in healthcare?

What does it mean to be a leader in healthcare? What does it mean to be a leader in healthcare? Lead and inspire others Make a meaningful and significant impact in the industry Create new business opportuni+es Manage effec+vely and efficiently Learn, engage

More information

Multi-Factor Authentication: Do I Need It, and How Do I Get Started? [And If I Do Need It, Why Aren't Folks Deploying It?]

Multi-Factor Authentication: Do I Need It, and How Do I Get Started? [And If I Do Need It, Why Aren't Folks Deploying It?] Multi-Factor Authentication: Do I Need It, and How Do I Get Started? [And If I Do Need It, Why Aren't Folks Deploying It?] Joe St Sauver, Ph.D. (joe@internet2.edu) Internet2 Global Summit, Denver Colorado

More information

Security Requirements

Security Requirements Security Requirements Security in Compu4ng, Chapters 1 & 10. 1 Topics What are the key requirements to implement a secure system? Privacy Anonymity Authen4ca4on & Authorisa4on Integrity Audit 2 Privacy

More information

Speaker, )tle, company Moderator: ABC

Speaker, )tle, company Moderator: ABC Speaker, )tle, company Moderator: ABC LARRY CLINTON PRESIDENT & CEO INTERNET SECURITY ALLIANCE lclinton@isalliance.org Office (703) 907-7028 Cell (202) 236-0001 During the Last Minute 45 new viruses 200

More information

Powerful Change Management Communica4on A Benefits Case Study

Powerful Change Management Communica4on A Benefits Case Study Powerful Change Management Communica4on A Benefits Case Study Agenda The Story (Case Study) Change Management Communica7on Tools Benefits (Within the Case Study) Revisi7ng the Case Flex Plans Flex Plan

More information

CSER & emerge Consor.a EHR Working Group Collabora.on on Display and Storage of Gene.c Informa.on in Electronic Health Records

CSER & emerge Consor.a EHR Working Group Collabora.on on Display and Storage of Gene.c Informa.on in Electronic Health Records electronic Medical Records and Genomics CSER & emerge Consor.a EHR Working Group Collabora.on on Display and Storage of Gene.c Informa.on in Electronic Health Records Brian Shirts, MD, PhD University of

More information

UAB Cyber Security Ini1a1ve

UAB Cyber Security Ini1a1ve UAB Cyber Security Ini1a1ve Purpose of the Cyber Security Ini1a1ve? To provide a secure Compu1ng Environment Individual Mechanisms Single Source for Inventory and Asset Management Current Repor1ng Environment

More information

IT Governance in Organizations Experiencing Decentralization. Jelena Zdravkovic

IT Governance in Organizations Experiencing Decentralization. Jelena Zdravkovic IT Governance in Organizations Experiencing Decentralization Jelena Zdravkovic Department of Computer & Systems Sciences (DSV), Stockholm University, Sweden Giannoulis About the Speaker Title: Associate

More information

Governance as Leadership: Reframing the Work of Nonprofit Boards

Governance as Leadership: Reframing the Work of Nonprofit Boards Governance as Leadership: Reframing the Work of Nonprofit Boards Tradi

More information

Building an Effec.ve Cloud Security Program

Building an Effec.ve Cloud Security Program Building an Effec.ve Cloud Security Program Laura Posey Senior Security Strategist, Microso3 Corpora6on Co- Chair, CSA CAIQ Programming Chair, NY Metro CSA Chapter Is Cloud worth it? Yes! Pla?orm for Innova.on

More information

AMSAC Open Mee*ng, Internet2 Member Mee*ng 10/4/2011 4:30PM 306A

AMSAC Open Mee*ng, Internet2 Member Mee*ng 10/4/2011 4:30PM 306A Client (Personal) Cer/ficates: Should We Be Thinking About Cer/ficate Use Cases or Should We Be Thinking About The Sort of Creden/al Deployment Model We Need? AMSAC Open Mee*ng, Internet2 Member Mee*ng

More information

3B Strategic Planning: Giving your Association or Charity Purpose plus Direction. 25 26 November 2014 1:30pm 3:00pm #FL14

3B Strategic Planning: Giving your Association or Charity Purpose plus Direction. 25 26 November 2014 1:30pm 3:00pm #FL14 3B Strategic Planning: Giving your Association or Charity Purpose plus Direction 25 26 November 2014 1:30pm 3:00pm #FL14 (Strategic) Planning for Associations & Charities John Peacock General Manager Associa/ons

More information

A R o a d t o y o u r C l o u d. Professional Service. C R M a n d C l o u d C o n s u l t i n g

A R o a d t o y o u r C l o u d. Professional Service. C R M a n d C l o u d C o n s u l t i n g RM-C A R o a d t o y o u r C l o u d Professional Service C R M a n d C l o u d C o n s u l t i n g CRM-C Highlights! A Unique Cloud CRM Consulting service firm! Specializing in cloud CRM and Office Collaboration

More information

Reali9es of Being PCI Compliant

Reali9es of Being PCI Compliant Reali9es of Being PCI Compliant Miguel (Mike) O. Villegas CISA, CISSP, GSEC, CEH, QSA, PA- QSA, ASV Vice President- K3DES LLC Professional Strategies S23 CRISC CGEIT CISM CISA Abstract PCI DSS compliance

More information

So#ware quality assurance - introduc4on. Dr Ana Magazinius

So#ware quality assurance - introduc4on. Dr Ana Magazinius So#ware quality assurance - introduc4on Dr Ana Magazinius 1 What is quality? 2 What is a good quality car? 2 and 2 2 minutes 3 characteris4cs 3 What is quality? 4 What is quality? How good or bad something

More information

Community and Economic Development: Collaborative Leadership To Promote Regional Workforce Development

Community and Economic Development: Collaborative Leadership To Promote Regional Workforce Development Community and Economic Development: Collaborative Leadership To Promote Regional Workforce Development Presented By: Todd Greene Vice President ATLANTA SKYLINE Photo by Chuck Koehler, Creative Commons

More information

GÉANT Cloud Ac-vity Towards Pan- European Cloud Services Kris?n Selvaag

GÉANT Cloud Ac-vity Towards Pan- European Cloud Services Kris?n Selvaag GÉANT Cloud Ac-vity Towards Pan- European Cloud Services Kris?n Selvaag Coordinator IaaS Procurement NTW, Copenhagen Sept. 15 16, 2015 About Includes 36 Na?onal Members, which are European na?onal research

More information

Privileged Administra0on Best Prac0ces :: September 1, 2015

Privileged Administra0on Best Prac0ces :: September 1, 2015 Privileged Administra0on Best Prac0ces :: September 1, 2015 Discussion Contents Privileged Access and Administra1on Best Prac1ces 1) Overview of Capabili0es Defini0on of Need 2) Preparing your PxM Program

More information

Disrup've Innova'ons Track

Disrup've Innova'ons Track Disrup've Innova'ons Track Product Disrup-ons: Medical Device Cybersecurity Presenter: Adam Brand, Associate Director, Pro-vi- V. 1.1 FACULTY DISCLOSURE The faculty reported the following financial relationships

More information

Update on the Cloud Demonstration Project

Update on the Cloud Demonstration Project Update on the Cloud Demonstration Project Steven Wallace Joint Techs Summer 2011 13- July- 2011 Project Par4cipants BACKGROUND Twelve Universi,es: Caltech, Carnegie Mellon,Cornell George Mason, Indiana

More information

A wiki is nothing more than a website that is op-mized for easy edi-ng,

A wiki is nothing more than a website that is op-mized for easy edi-ng, Welcome to Collabora-on Tools 105, Using Wikis and Online Project Management Tools in Poverty Law. We re going to spend the next 90 minutes discussing what exactly these tools are, how they re being used

More information

Phone Systems Buyer s Guide

Phone Systems Buyer s Guide Phone Systems Buyer s Guide Contents How Cri(cal is Communica(on to Your Business? 3 Fundamental Issues 4 Phone Systems Basic Features 6 Features for Users with Advanced Needs 10 Key Ques(ons for All Buyers

More information

Cybersecurity in the States 2012: Priorities, Issues and Trends

Cybersecurity in the States 2012: Priorities, Issues and Trends Cybersecurity in the States 2012: Priorities, Issues and Trends Commission on Maryland Cyber Security and Innovation June 8, 2012 Pam Walker, Director of Government Affairs National Association of State

More information

Financial Fraud Threats & Preven3on. Mark Frank EVP, Senior Opera3ons Officer Colorado Business Bank

Financial Fraud Threats & Preven3on. Mark Frank EVP, Senior Opera3ons Officer Colorado Business Bank Financial Fraud Threats & Preven3on Mark Frank EVP, Senior Opera3ons Officer Colorado Business Bank Why Pay ACen3on to Fraud Risks? Fraud occurs everywhere, and NO organiza3on is immune Changing business

More information

IE 618 Spring 2013 Slide content extracted from Hansen, Mowen, & Guan

IE 618 Spring 2013 Slide content extracted from Hansen, Mowen, & Guan IE 618 Spring 2013 Slide content extracted from Hansen, Mowen, & Guan 1 (c) 2013 Cengage Learning 1 IE 618 Spring 2014 Grade: 25 % Exam 1 25 % Exam 2 30 % Team Project 10 % Corporate Profiles 10 % Homework

More information

Na#onal Cybersecurity Network. Advancing Innova,ve Workforce Solu,ons for America s High- Skilled, High- Demand Jobs December 2, 2014

Na#onal Cybersecurity Network. Advancing Innova,ve Workforce Solu,ons for America s High- Skilled, High- Demand Jobs December 2, 2014 Na#onal Cybersecurity Network Advancing Innova,ve Workforce Solu,ons for America s High- Skilled, High- Demand Jobs December 2, 2014 BHEF s Na*onal Higher Educa*on and Workforce Ini*a*ve (HEWI) BHEF Strategy

More information

Quick Start Guide to Managed Print Services. May 2015

Quick Start Guide to Managed Print Services. May 2015 Quick Start Guide to Managed Print Services May 2015 CompTia Overview 2 CompTia Communi;es 3 Today s Agenda: The Opportunity MPS A Defini;on Market Size, growth Customer benefits You as the trusted advisor

More information

5 Reasons to Leverage regional cloud services. Reduce Your Business s IT Risks & Costs While Adding Agility & Flexibility

5 Reasons to Leverage regional cloud services. Reduce Your Business s IT Risks & Costs While Adding Agility & Flexibility 5 Reasons to Leverage regional cloud services Reduce Your Business s IT Risks & Costs While Adding Agility & Flexibility Cloud Benefits: Eliminates Complexity Reduces Cost IT Expertise on Demand Reliability

More information

Capitalize on your carbon management solu4on investment

Capitalize on your carbon management solu4on investment Capitalize on your carbon management solu4on investment Best prac4ce guide for implemen4ng carbon management so9ware Carbon Disclosure Project +44 (0) 20 7970 5660 info@cdproject.net www.cdproject.net

More information

USE OF EXPERT WITNESSES IN CONTESTED CASES BY: JAMES (DUSTY) JOHNSTON GENERAL COUNSEL TEXAS BOARD OF NURSING

USE OF EXPERT WITNESSES IN CONTESTED CASES BY: JAMES (DUSTY) JOHNSTON GENERAL COUNSEL TEXAS BOARD OF NURSING USE OF EXPERT WITNESSES IN CONTESTED CASES BY: JAMES (DUSTY) JOHNSTON GENERAL COUNSEL TEXAS BOARD OF NURSING SCOPE OF PRESENTATION WARNING Although most jurisdic0ons may have similar, or even iden0cal

More information

Mobility in the Modern Factory. Discussion of Mobile Adop7on for the Factories of the Future

Mobility in the Modern Factory. Discussion of Mobile Adop7on for the Factories of the Future Mobility in the Modern Factory Discussion of Mobile Adop7on for the Factories of the Future Talking Points History Lesson The Reasons for Going Mobile Mobile Infrastructure Mobile Device Security BYOD

More information

Leveraging Expert Instructional Design Strategies to Develop Quality Online Courses

Leveraging Expert Instructional Design Strategies to Develop Quality Online Courses Leveraging Expert Instructional Design Strategies to Develop Quality Online Courses Kevin Hulen Assistant Director, Online Course Development Center for Instruc7on and Research Technology University of

More information

Update on the Cloud Demonstration Project

Update on the Cloud Demonstration Project Update on the Cloud Demonstration Project Khalil Yazdi and Steven Wallace Spring Member Meeting April 19, 2011 Project Par4cipants BACKGROUND Eleven Universi1es: Caltech, Carnegie Mellon, George Mason,

More information

Learning and Learning Environments. Broadening Par2cipa2on in STEM. STEM Professional Workforce

Learning and Learning Environments. Broadening Par2cipa2on in STEM. STEM Professional Workforce Learning and Learning Environments Broadening Par2cipa2on in STEM STEM Professional Workforce Learning and Learning Environments Develop understanding of the founda3ons of STEM learning; emerging contexts

More information

Intenionality was not a considera1on but because of the role as leaders has lead to a legacy and gold standard

Intenionality was not a considera1on but because of the role as leaders has lead to a legacy and gold standard 1 Intenionality was not a considera1on but because of the role as leaders has lead to a legacy and gold standard physicians involved in cross- func1onal decision- making, inputs beyond medicine- based

More information

Workshop : Open and Big Data for Life Imaging

Workshop : Open and Big Data for Life Imaging Workshop : Open and Big Data for Life Imaging Chris'an Barillot Michel Dojat March 2015 FLI- IAM 1 Many Good Reasons for Sharing Data and Tools in In Vivo Imaging Scien'fic At Least 3. «Power failure:

More information

Pu?ng B2B Research to the Legal Test

Pu?ng B2B Research to the Legal Test With the global leader in sampling and data services Pu?ng B2B Research to the Legal Test Ashlin Quirk, SSI General Counsel 2014 Survey Sampling Interna6onal 1 2014 Survey Sampling Interna6onal Se?ng the

More information

Healthcare Informa/on at Risk: Prac/cal Strategies to Avoid Breaches

Healthcare Informa/on at Risk: Prac/cal Strategies to Avoid Breaches Healthcare Informa/on at Risk: Prac/cal Strategies to Avoid Breaches Sam Pierre- Louis, CISSP- ISMP - - MDAnderson Cancer Center David Houlding, CISSP, CIPP - - Intel David S. Finn, CISA, CISM, CRISC -

More information

Research in Simulation: Research and Grant Writing 101

Research in Simulation: Research and Grant Writing 101 Research in Simulation: Research and Grant Writing 101 Amar Patel, MS, NREMT-P, CFC Director, Center for Innovative Learning WakeMed Health & Hospitals Geoff Miller Director Eastern Virginia Medical School

More information

Case Study. The SACM Journey at the Ontario Government

Case Study. The SACM Journey at the Ontario Government Case Study The SACM Journey at the Ontario Government Agenda Today s Objec=ves The Need for SACM Our SACM Journey Scope and Governance Process Ac=vi=es Key Process Roles Training and Measurement Lessons

More information

The Elusive U,lity Customer: How Big Data & Analy,cs Connects U,li,es & Their Customers

The Elusive U,lity Customer: How Big Data & Analy,cs Connects U,li,es & Their Customers The Place Analy,cs Leaders Turn to for Answers Member.U(lityAnaly(cs.com The Elusive U,lity Customer: How Big & Analy,cs Connects U,li,es & Their Customers Mike Smith Vice President, U(lity Analy(cs Ins(tute

More information

What s Driving Adop2on of IT Governance? ISACA North Texas Chapter. Aus2n Hu@on Hu@on Consul2ng October 11, 2012

What s Driving Adop2on of IT Governance? ISACA North Texas Chapter. Aus2n Hu@on Hu@on Consul2ng October 11, 2012 What s Driving Adop2on of IT Governance? ISACA North Texas Chapter Aus2n Hu@on Hu@on Consul2ng October 11, 2012 Learning Objec2ves Overview of the history of IT Governance The rela2onship to corporate

More information

Building an Information Security Organization

Building an Information Security Organization Building an Information Security Organization Jason Taule, Chief Security and Privacy Officer, FEi Systems Joy Poletti, Director IT Security Compliance, Catholic Health Initiatives Michael Pinch, Chief

More information

U.S.UCAN and its role in Wisconsin

U.S.UCAN and its role in Wisconsin U.S.UCAN and its role in Wisconsin Mark Johnson Interim Execu=ve Director, U.S. UCAN May 8, 2012 1 6/6/12, 2011 U.S. UCAN February 2009: An inflec=on point From BroadbandUSA.gov: The American Reinvestment

More information

Top 5 Ways to Improve Your Billing & Collec=ons

Top 5 Ways to Improve Your Billing & Collec=ons Top 5 Ways to Improve Your Billing & Collec=ons Presenters: Jillian Longpre Vice President Franco Rizzolo, DC CEO Brought to you by: Industry leading Educa1on Cer1fied Partner Program Please ask ques1ons

More information

Hawaii s Phased Plan for Alignment and Implementa7on of NGA s A Call to Ac-on for Cybersecurity

Hawaii s Phased Plan for Alignment and Implementa7on of NGA s A Call to Ac-on for Cybersecurity Hawaii s Phased Plan for Alignment and Implementa7on of NGA s A Call to Ac-on for Cybersecurity Sanjeev Sonny Bhagowalia Governor s Chief Advisor on Technology and Cybersecurity State of Hawaii 11 Defini7on:

More information

Impact of HIPAA and HITECH on Lockbox Processing

Impact of HIPAA and HITECH on Lockbox Processing Impact of HIPAA and HITECH on Lockbox Processing Discussion Agenda Overview of Applicable Regula3ons (HIPAA & HITECH) Evolu3on of Financial Services & Resul3ng Rules & Regula3ons Implica3ons for Financial

More information

AGENDA Morning Session

AGENDA Morning Session AGENDA Morning Session 8:00 8:30 Breakfast and Social Networking 8:30 8:45 Welcome & Introduc@ons, Bill Sieglein, Founder CSO Breakfast Club 8:45 9:30 Keynote: Benita Kahn Partner, Vorys Sater Seymour

More information