| 8 a.m. |
Registration and Continental Breakfast — Exhibits Open |
| 8:30 a.m. |
Welcome and Opening Comments
— Adam Friscia, Membership and Events Executive, PA Chamber |
| 8:35 a.m. |
How to Do a Forensic Investigation of an Insider Threat
— Kate Davenport, Director of Digital Forensic Division, Information Network Associates, Inc. (INA)
Businesses are under siege with continuous, frequent security attacks, and many of these come from inside. With hybrid now the way most companies have employees working, there are even more opportunities for the “bad apple” employee to do damage. You suspect an insider threat, what should you do as part of your forensic investigation? We will discuss:
- As the IT professional you find disturbing information that may show an employee is sabotaging the data systems. What are the first steps you should take to immediately protect the company? How should you notify HR, the CFO and the President?
- When do you step back and let HR and the CFO handle this?
- How do you protect the evidence?
- The forensics you follow may be needed in a court hearing. What are the forensic steps to uncover all sabotage, and what are the general protocols you need to follow that HR may need?
- What steps should you put in place to ensure no other employee can cause the same type of potential damage?
|
| 9:30 a.m. |
Staying Ahead of Ever-Changing Security Compliance Standards
— Michael T. McAllister, CPA, Partner and Leader of IS Assurance and Advisory Services, RKL
Whether managed by your company or outsourced to third-party service providers, staying compliant with growing regulatory demands and multiple security standards requires maintaining and monitoring the proper controls. We will discuss:
- How to identify the difference between various standards, including but not limited to CMMC, ISO, PCI DSS and SOC
- Tips to manage controls, whether maintained internally or outsourced to third-party service provides, to ensure compliance
|
| 10:15 a.m. |
Refreshment Break — Exhibits Open |
| 10:30 a.m. |
The 3 W’s of Penetration Testing (Pen Test)
—Joel Prentice, Security Engineer, Appalachia Technologies, LLC
A penetration test, known as a Pen Test, is a simulated cyber-attack against your computer systems to identify exploitable vulnerabilities, so you can fix them. We will discuss:
- Why do a Pen Test and how do you set it up?
- What to expect from a Pen Test; how to use the results to begin fixing any vulnerabilities
- When is the right time to do a Pen Test?
|
| 11:15 a.m. |
Common Data Breaches Faced by Businesses
— Sean Stajkowski, Intelligence Analyst II, Pennsylvania State Police, Bureau of Criminal Investigation
As we enter our third year of the pandemic, cyber crimes against companies are at an all-time high and escalating rapidly. We will discuss:
- What are the most frequent attacks occurring to PA businesses?
- Are there any forensic solutions companies can take to protect themselves?
- Are there any surprises that IT professionals should know about?
- Best practices that help protect companies from the most frequent attacks will be reviewed.
|
| 12:00 Noon |
Lunch — Exhibits Open |
| 12:45 a.m. |
Keynote: Legal IT Considerations and Challenges Facing Companies
— Ronald Plesco, Partner, Intellectual Property and Technology Practice, DLA Piper
Ronald Plesco, a former prosecutor, is an internationally known information security and privacy lawyer with more than 20 years of experience in cyber investigations, privacy, threat intelligence, information assurance, identity management, cyber threats and cyber-enabled frauds, data analytics and artificial intelligence. With his vast global experience, he will present:
- What are some of the new changes companies are making to IT Departments, and what is forecast that IT professionals should concentrate on moving forward? Examples are companies are moving to decentralizing; how companies are dealing with the severe labor shortage, and more
- An overview of the expanding threat landscape including the rise in social engineering attacks; and the increasing acceptance by companies that the “net zero” attack will come in the next 10 – 15 years, yet companies are not prepared
- A discussion of the most prevalent IT legal challenges facing companies
- Strategies and best practices companies should consider for future protection
|
| 1:45 p.m. |
Final Questions
— Adam Friscia, Membership and Events Executive, PA Chamber |
| 2:00 p.m. |
Adjourn |