Triangle InfoSeCon - Join two of our experts on October 30!
Event date 30 October 2020
CCPA & the New United States Privacy Laws
Fri, October 30, 2020 3:40 PM - 4:30 PM
Learning Objective: During this session attendees will learn:
- What CCPA and other Privacy Acts require for compliance
- Why so many organizations struggle
- Where to look for guidance
- What should be included in a Privacy Risk Screening/ Analysis
This session is to help navigate which States “laws” are actually passed, which ones are still in limbo, and what are the common criteria for compliance between them all. Sifting through the Buffet options to find something healthy and appropriate is what we’re looking to walk away with from this session.
- VP Infrastructure
- VP Applications
- VP/Director Information Security
- VP/Director Internal Audit
Director at NCC Group
Joe has over 18 years of experience working in the information technology arena. His experience expands across multiple industries including retail, healthcare, finance/banking, pharmaceutical, education, and government. Joe is a current and active member of the Technical Advisory Service for Attorneys (TASA) and was a key note speaker at the NYC Law Summit on Healthcare Law. In addition, Joe is a panelist for the HHS/ NIST Healthcare Summit & has been invited to speak at several of the top Cyber Security & Risk Conferences in the nation over the past several years. He’s best known for his presentations on “Migration to the Cloud & Its False Senses of Security”; how to conduce OCR HIPAA Assessments the correct way, and the applicability of Privacy Laws to people, businesses, and everything in between. Mr. Meyer is also a recipient of the 2014 Security Insiders Blogger of the Year for his work on Biometric security, and formalizing secure coding training. Joe’s skills are utilized to develop and lead multiple service disciplines and offerings, and for ensuring the quality and timeliness of Consulting services. Joe also provides subject matter expertise to help clients align their security goals with regulatory and industry standards, to include GDPR, CCPA, PIPEDA, APEC/CBPR, ISO 27001/2, HIPAA/HITECH, PCI DSS, FISMA, and SOC.
- Global Privacy & Risk Program development, implementation, and management.
- Strategic and operational planning for Enterprise Privacy & Risk Assessment suite of services.
- APAC, LATM, and Americas Privacy Rules, Laws, and Roles.
- Healthcare Privacy and Compliance
- Alignment of client strategic and operational objectives with security solutions.
- Delivery of services to meet client expectations and timelines.
- Client advocate within Compliance, Risk, and Assessments.
Psychology of the Phish: Leveraging the Seven Principles of Influence
Fri, October 30, 2020 4:40 PM - 5:30 PM
• Understand how phishers leverage psychology; by understanding the mind of the attacker, we can devise better protections for our environments
• Identify multiple security controls to combat phishing, leveraging the concept of Defense in Depth
• Learn from my mistakes and lessons learned
According to the X-Force Threat Intelligence Index 2020, produced by IBM X-Force Incident Response and Intelligence Services, phishing is still the number one attack vector in use today. Security professionals often overlook the "social" aspect of "social engineering", focusing on tool deployment instead. The success of phishing is predicated on exploiting normal human behavior for nefarious purposes. This session looks at phishing through this psychological lens, specifically on how the Seven Principles of Influence as expounded by Robert Cialdini are leveraged by attackers.
Session includes the following:
- Why phishing is popular
- Seven principles of influence
- How phishers exploit psychology
- Security controls against phishing
- Tales from the trenches - real-life phishing anecdotes from my experience
Principal Security Consultant at NCC Group
I'm a Principal Security Consultant in the Risk Management & Governance (RM&G) practice at NCC Group, the largest pure play security consulting firm in the world, headquartered and listed in the UK with a major and growing US subsidiary. I have 15 years of experience in Information Risk and Security, as both an operator and a consultant. I have several articles on cloud computing available online and served as technical editor for an authoritative textbook on the subject. I hold an undergrad degree in Information Technology from IIIT Calcutta and an MBA from the University of Notre Dame. I'm a certified CISSP, CISA, CISM, CRISC, CGEIT, PMP and also have several ITIL Intermediate certifications. I'm a regular writer on my company's official blog and my speaking credits include Geek Week, BSidesSF and InfoSec World. That's all about my second job. My first job is being a father to two adorable and naughty munchkins, 3 and 2 years old.
About NCC Group
NCC Group exists to make the world safer and more secure.
As global experts in cyber security and risk mitigation, NCC Group is trusted by over 15,000 clients worldwide to protect their most critical assets from the ever-changing threat landscape.
With the company’s knowledge, experience and global footprint, it is best placed to help businesses identify, assess, mitigate and respond to the evolving cyber risks they face.
To support its mission, NCC Group continually invests in research and innovation, and is passionate about developing the next generation of cyber scientists.
With over 1,800 colleagues in 12 countries, NCC Group has a significant market presence in North America, continental Europe and the UK, and a rapidly growing footprint in Asia Pacific with offices in Australia and Singapore.