Key Learning Points
- How current compliance efforts can be leveraged
- Forward-thinking concepts to make the target on your back harder to hit
- Demographics of companies falling victim to cyber-attacks
- Compromised companies are compliant or very close to compliance
- Organizations need to think beyond the checkbox to foster a sound, adaptive cyber security program.
Level: Intermediate
When looking at the demographics of companies falling victim to cyber-attacks, it’s apparent attackers do not discriminate. Every company in all industries are now fair game; each with their own target painted on their backs. The US companies are especially attractive for those foreign adversaries looking to siphon intellectual property and other sensitive data for use on black markets or to gain competitive advantages. But what you may also pick up on is that many of these compromised companies are compliant or very close to compliance; with some control failures here and there. Successful compliance programs establish a solid foundation for which organizations need to think beyond the checkbox to foster a sound, adaptive cyber security program. As many compliance mandates result from some adverse event or malicious activity, companies must establish cyber security programs in response to a cyber-threat landscape that has no end in sight. This session will not only cover how current compliance efforts can be leveraged to begin building a cyber-security program, but to also discuss some forward-thinking concepts to make the target on your back harder to hit than the company next to you.
About Bob Swanson
Bob Swanson is a Compliance Engineer with LogRhythm Labs where he focuses on developing compliance packages according to new regulations, assisting customers in meeting compliance obligations while leveraging the LogRhythm solution to establish cyber security programs. He has over 5 years of experience in both internal and external IT auditing for Deloitte and Touche, LLP as well as building a risk-based, IT compliance program around SOX, HIPAA and PCI-DSS requirements. His compliance understanding expands into various areas according to customer’s needs to meet an ever changing compliance environment including, but not limited to: NERC-CIP, NIST 800-53, NIST-CSF, ISO 27001, GPG-13, etc.