Event Description
This past event was held online only.
The workshop will explore some of the issues raised in response to amendments the FTC has proposed making to the Gramm-Leach-Bliley Act’s Safeguards Rule, which requires financial institutions to develop, implement, and maintain a comprehensive information security program. In 2019, the FTC sought comments on the proposed amendments to the Safeguards Rule.
The workshop is seeking information, empirical data, and testimony on such topics as:
- price models for specific elements of information security programs;
- standards for security in various industries;
- the availability of third party information security services aimed at different sized institutions;
- information about penetration and vulnerability testing; and
- the costs of and possible alternatives to encryption and multifactor authentication.
-
9:00 am
Welcome and Opening Remarks
David Lincicum
Attorney, Federal Trade Commission, Division of Privacy & Identity Protection9:30 am
The Costs and Benefits of Information Security Programs
Panelists:
Chris Cronin
Partner, HALOCK Security Labs
Serge Jorgensen
CTO, Sylint Group
Pablo Molina
AVP and CISO, Drexel University; Faculty Lecturer, Georgetown University
Sam Rubin
Vice President, CrypsisModerator:
David Lincicum
Attorney, Federal Trade Commission, Division of Privacy & Identity Protection10:30 am
Break
10:45 am
Information Security Programs and Smaller Businesses
Panelists:
Rocio Baeza
CEO, CyberSecurity Base
James Crifasi
Chief Technical Officer and VP, RedZone Technologies
Brian McManamon
CEO and President, Techlock
Kiersten Todt
Managing Director, Cyber Readiness Institute
Lee Waters
IT Manager, McCloskey Motors
Moderator:
Katherine McCarron
Attorney, Federal Trade Commission, Division of Privacy & Identity Protection11:45 am
Lunch Break
1:00 pm
Continuous Monitoring, Penetration, and Vulnerability Testing
Panelists:
Thomas Dugas
Assistant Vice President and Chief Information Security Officer (CISO), Duquesne University
Fredrick Lee
Chief Information Security Officer, Gusto
Scott Wallace
Penetration Tester, Department of Homeland Security
Nicholas Weaver
Researcher, International Computer Science Institute
Moderator:
Alex Iglesias
IT Specialist, Federal Trade Commission, Division of Privacy & Identity Protection
2:00 pm
Break
2:15 pm
Accountability, Risk Management, and Governance of Information Security Programs
Panelists:
Adrienne Allen
Director of Security, Governance, Risk, and Compliance, Coinbase
Michele Norin
Senior Vice President and Chief Information Officer, Rutgers,
The State University of New Jersey
Karthik Rangarajan
Head of Security, RobinhoodModerator:
Robin Wetherill
Attorney, Federal Trade Commission, Division of Privacy & Identity Protection
3:15 pm
Break
3:30 pm
Encryption and Multifactor Authentication
Panelists:
Matthew Green
Associate Professor, John Hopkins University
Randy Marchany
CISO, Virginia Tech
Wendy Nather
Head of the Advisory CISO Team at Duo Security (now Cisco)Moderator:
Katherine McCarron
Attorney, Federal Trade Commission, Division of Privacy & Identity ProtectionFileAgenda (513.63 KB)
- FileSpeaker Bios (524.64 KB)
-
Event Materials
FilePresentation Slides (425.25 KB)
-
Transcript - Files
FileTranscript (788.86 KB)