Overview

Internal Auditors Society Education Day: Afternoon Session – Track #1

< Back to full Education Day website

Internal Auditors Society Education Day: Afternoon Session – Track #1

Date

May 16, 2019

Location

New York, NY

Hosted by

SIFMA IAS

Overview

Internal Auditors Society Education Day: Afternoon Session – Track #1

< Back to full Education Day website

Program

1:15pm – 2:15pm

Financial and insurance institutions face a mix of risk, compliance, and IT operational challenges and cyber threats. To get a handle on these pressures, organizations are using risk frameworks like…

Financial and insurance institutions face a mix of risk, compliance, and IT operational challenges and cyber threats. To get a handle on these pressures, organizations are using risk frameworks like MITRE ATT&CK and the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). Furthermore, they are adopting Zero Trust or least-privilege security strategies to protect high-value systems such as SWIFT, payments infrastructure, and cardholder data environments (CDE); stop the lateral movement of bad actors; and keep up with compliance and cybersecurity regimes.

This session will discuss how to achieve compliance and reduce risk using real-time application dependency mapping and apply environmental micro-segmentation to comply with Payment Card Industry Data Security Standard (PCI DSS) and isolate protected systems such as SWIFT and payments infrastructure.

Participants

Ron Isaacson

Speaker

Ron Isaacson

Office of the CTO

Illumio

Ron Isaacson’s Biography

2:15pm – 3:15pm

Check-the-box compliance is a thing of the past in most enterprises today. They don’t just want to run the occasional, required network audit — they want ongoing situational awareness to…

Check-the-box compliance is a thing of the past in most enterprises today. They don’t just want to run the occasional, required network audit — they want ongoing situational awareness to survive in the era of continuous compromise.

This session will discuss how security management has matured to meet the demands of a sophisticated threat landscape and adhere to a rainbow of regulatory compliance mandates. We’ll explore risk-based prioritization as a compensating control, continuous compliance management in a changing network environment and risk assessments woven into operational workflows.

Participants

Michelle Johnson Cobb

Speaker

Michelle Johnson Cobb

Chief Marketing Officer

Skybox Security

Michelle Johnson Cobb’s Biography

3:15pm – 3:30pm

Networking Break

3:30pm – 4:30pm

Every business is a software company or is using software as their competitive advantage.  How does Audit keep up with the pace of innovation from a Risk perspective? The adoption…

Every business is a software company or is using software as their competitive advantage.  How does Audit keep up with the pace of innovation from a Risk perspective? The adoption of DevOps and the continuous change to the business creates new challenges from a risk management perspective.  The traditional audit approach of Point In Time audits only provide a reflection of risk at a past date. The new objective for executives in Corporate IT audit is to identify a new paradigm shift towards continuous audits to keep up with the speed of business.

This Session will present how the adoption of Orchestrated Risk Management is an approach for Corporate IT Audit to maintain velocity to continuous risk management.

Participants

Ernesto DiGiambattista

Speaker

Ernesto DiGiambattista

Chief Executive Officer

ZeroNorth

Ernesto DiGiambattista’s Biography