Name
G3. Realistic Cyber Security Practices – Conducting Cyber Security Assessments
Track
Audit, Risk & Compliance
Date
Thursday, May 10, 2018
Time
2:00 PM - 3:00 PM
Description
Session Description:
 
Cyber criminals are relentlessly attacking our firms looking for any entry point, foot hold or crack in our defenses. Protecting our information and our client’s information is a critical part of our business. Developing a systematic, repeatable, program to assess security is one aspect of the security program. 

We will discuss in detail how to develop a security assessment approach that is repeatable, systematically addresses the environment, adapts to changes in the environment and how to use the results of the assessment activities to feed cyber security audits (internal and external). The approach can be adopted by a firm just starting the process or integrated into an existing program, we will explain options for both and how to start the process. 
 
 
Learner Objectives
Upon completion of this session, the learner will:
• Understand how to start your own security assessment program 
• Understand how to prepare for information security audits 
• Review current trends in cyber security compliance auditing 
• Understand how to best leverage previous information security audits to benefit future audits
Speakers
Robert Rudloff - RubinBrown LLP
Speaker Bio(s)
Rob is a Business Advisory Services Partner at RubinBrown, LLP, with more than 20 years of information security experience on security reviews, mitigation, strategy and architecture development. He consults with clients on a variety of information security projects ranging from penetration testing to security assessments to implementation of security architectures. His background includes security work for the Air Force, NSA, Pentagon and PwC. Recently serving as a Chief Information Security Officer, Rob brings strategic consulting expertise balanced with a voice of reason.