Day One: Sunday, May 19, 2019
10:30 am - 10:40 am Orientation
10:40 am - 10:50 am Thoughtexchange App Introduction
10:55 am - 11:30 am Holistic Threat Management- Minimizing Threats and Increasing Resilience
Healthcare has many connected points- a much larger attack surface than any other vertical. Confidential patient data is often accessible to multiple care providers, both in clinical/research settings and online, and through different devices. Patient care takes precedence over security. Organizations need to establish holistic risk management programs that safeguard electronic health information along with other sensitive and proprietary data.
Security involves a deliberate, multi-layered approach across payers, providers and medical suppliers. This includes process improvement, user training, and better integrating existing technologies. Basic cyber hygiene is at the core including: blocking and tackling, firewall logging, password protection, access management, email security and authentication controls. Some emerging cyber tools enhance productivity, (which includes single-sign on to control access and identity management) -- and simplifies workflows and increase time on work tasks.
Executives must learn and keep in balance the interests of stakeholders, the mission, asset value and the real impact of an attack. Breaches will happen; the focus needs to be how the organization should minimize disruptions, handle ransomware and other attacks including proactive incident response and business continuity measures. Efforts to automate include integrating emerging technologies with existing security tools and bolstering processes to protect from human errors and insider threats. Executives must convey security is a continued enterprise investment.
Allison MillerVP of Global Enterprise Information Security
11:30 am - 11:45 am Collaborative & Creative Leadership
Learn how innovative and dynamic leaders are leading the way by having courageous conversations within their organization. Discover how organizations are creating a culture that promotes openness, transparency and collaboration by empowering their employees to share their voice and consider the thoughts and ideas of others; shifting the corporate paradigm from closed and knowing to open and learning. In this session you’ll learn what collaborative and courageous leadership means to you and those around you.
Darin RecchiSales Enablement, Community Development & Talent Initiatives
12:50 pm - 1:20 pm Mitigating and Containing Threat: A Prescriptive Approach
Effective security necessitates people, processes, and technology working on concert to mitigate and contain threats. Effective processes do not require a prescriptive approach and allows flexibility. Through this flexibility we are able to adjust the processes themselves as well as track and identify gaps in people and technology.
In this session, we explore maturing security operations and incident response using a process driven approach.
Tyler MullicanAssociate Chief Information Security Officer
1:25 pm - 1:55 pm Business Meetings
1:55 pm - 2:25 pm Business Meetings
2:25 pm - 2:55 pm Business Meetings
3:00 pm - 3:30 pm Human Deception Problem: Understanding and Defending Against Social Engineering Attacks
The most successful method of cyber-attacks continues to be phishing. These attacks cost organizations millions of dollars each year and things are just getting worse. As these attacks intensify and become more refined, technology is failing to keep up and your users will continue to fall prey. To effectively defend yourself against this, you have to understand how the attacks work, including the psychological triggers and tricks the attackers are using. This session will explore the different levers that social engineers and scam artists pull to make your users more likely to do their bidding.
Join Erich Kron CISSP, Security Awareness Advocate at KnowBe4, as he provides fun and engaging examples of mental manipulation in everyday life: from the tactics used by common criminals, to sophisticated social engineering and online scams. Additionally, he'll look at how you can ethically use the very same levers when educating your users.
- The Perception vs. Reality Dilemma
- Understanding the OODA (Observe, Orient, Decide, Act) Loop
- How social engineers and scam artists achieve their goals by subverting critical thinking steps
- How you can defend your organization and create your human
Erich KronSecurity Awareness Advocate
3:45 pm - 4:15 pm Business Meetings
4:15 pm - 4:45 pm Business Meetings
Ignite Sessions: Three Quick Fire Presentations in Twenty Minutes. Talk about getting to the crux of the matter, fast!
5:15 pm - 6:15 pm Practitioner Roundtables
Earlier in the Exchange, we collected your insights and challenges using the Thoughtexchange social learning tool. We identified the highest rated topic areas. During this session, you’ll have the opportunity to choose a topic and participate in a small group discussion. You will work in groups to develop an action plan for improvement.