JOIN TODAY | |

IAOP Chapter: Data Security & Privacy


Next webinar plans are underway!  

The IAOP Data Security & Privacy Chapter is co-chaired by JANUS Associates and Ernst & Young.  


Stay tuned for more information! 


MISSED A MEETING?
Check the Past Meetings tabs to the right for links to presentation content.

 Join IAOP's Data Security Chapter LinkedIn group!
  

REGISTER HERE

Register Now!

Click here if you'd like to be notified of or register for this chapter's next meeting.

Professional Members may attend an unlimited number of chapter meetings. Not yet a member? Why not become a Professional Member today!

IAOP also offers complimentary Associate Membership which allows you to attend up to two chapter meetings as our guest and access select online resources. Create your Associate Membership now and then register online for the chapter meeting of your choice.

We're sure that once you learn more about IAOP you'll want to upgrade to a full Professional Membership.

Earn 1 CEH Credit

LEAD ORGANIZATIONS





 

LEADERSHIP



Ben Trowbridge, Co-chair
Managed Services Leader, Cyber Security
Ernst & Young LLP
 I
 

 

PRIMARY PURPOSE

The Data Security Chapter is for providers, their customers and advisors that use sensitive digital information in the course of conducting outsourcing business and need to secure data from unauthorized access. Sensitive data may be regulated, such as health and financial records or intellectual property such as source code and designs. 

Chapter members can expect to learn and stay on top of data security and how it affects their company, their job, and the outsourcing industry. Members will exchange knowledge and ideas on the legal, technical, organizational, and competitive issues related to data security and outsourcing.  

MEETING FREQUENCY

Bi-annually

MEETING TYPE

Face-to-face (office, meeting room); social (restaurant); teleconference

 

NON-SOLICITATION POLICY

All IAOP Chapters adhere to the non-solicitation policy. Click here to view the policy.


Past Meetings

LAST 10 MEETINGS


Meeting held on September 24, 2015

A meeting of the IAOP Data Security & Privacy Chapter, chaired by JANUS Associates  was held in conjunction with the IAOP Chicago Chapter, co-chaired by Kirkland & Ellis LLPAccentureDeloitte ConsultingDePaul University,  Northern Trust and AbbVie , on September 24, 2015, from 3:30 pm to 7 pm, at Kirkland & Ellis LLP Offices, 300 North LaSalle, Chicago, IL, 60654.

Topic: "What's Trending in Data Security and Privacy?"

Experts shared their insights on this key topic including recent trends, insurance, forensics, and technical issues.
 
Agenda:
 
3:30 PM – 3:45 PM: Registration
 
3:45 PM –3:55 PM: Welcome and Introductions -- Neil Hirshman, Kirkland & Ellis (co-chair)
 
3:55 PM – 4:10 PM:  Vendor Liability in the Wake of Privacy and Security Incidents -- Bill Helmstetter, Kirkland & Ellis LLP
Discussed third party contractors involved in data security incidents, including contingent workers stealing personal data and contractors losing laptops with sensitive personal data as well lawsuits brought against vendors providing app dev/patch management services as well as others.  Highlight various scenarios and the ways in which customers can protect themselves (e.g., contractual warranties, security/audit requirements, obligations in connection with an incident, liability caps/carve outs, screening and monitoring of vendors).

Vendor Liability in the Wake of Privacy and Security Incidents
  
4:10 PM - 4:25 PM:  Forensics -- Warren Daniel, PwC, Director, Cybercrime and Breach Response
When outsourcing, it is vital to understand your risk on the basis of the threat posed by other members in the global chain of providers.  Successfully negotiating with vendors to not only monitor their specific threat environment, but to assess their own risk through forensic analysis of monitoring results, and reporting to you how they are managing these risks, is an important strategy reducing risk.  Such an approach is not unprecedented, and can be based on the U.S. Securities and Exchange Commission 2011 Cyber Risk Guidance framework.  Creating vendor awareness and offensive mitigation will reduce your risk profile and vulnerability.  Requiring vendors to acquire cyber insurance will also help reduce your risk in several critical ways

Forensics

4:25 PM - 4:40 PM:  Outsourcing Security, Privacy, and Compliance – Can it be done? -- Matthew J. Lane, CIO, JANUS Associates
The threat landscape is constantly evolving and as fast as one risk is mitigated, another is discovered or worse yet, created. Attempting to manage your organization’s security, privacy, and compliance programs in-house requires significant resources, both human and capital.  Outsourcing part or all of these tasks to professionals will allow you to focus your energies on your internal operations and most importantly, on your clients. The key to success is understanding and prioritizing your risks, and creating a sustainable roadmap to achieve your goals.  Understanding how to team with the best provider for your business model is mission critical, and this is the focus of this short conversation.

Outsourcing Security, Privacy, and Compliance - Can it be done?
 
4:40 PM - 4:55 PM:  Cyber Insurance -- What is it and Why Has it Become so Popular? -- John Brosnan, JD, Senior Vice President, Aon Risk Solutions
As significant breaches continue to increase in frequency and severity, the interest in purchasing Cyber Insurance has grown dramatically.  What is driving the interest in Cyber Insurance?  What is Cyber Insurance and what does it cover?  Should I purchase Cyber Insurance?  What insurance should I require of my outsourced service providers to protect my company in the event of a cyber breach?  And how do I know the right limit to purchase or require?

Cyber Insurance - What is it and Why Has it Become so Popular?
 
4:55 PM - 5:50 PM: Panel Discussion -- moderator Dwayne Prosko, Deloitte (co-chair)
• Bill Helmstetter
• Warren Daniel
• Matthew Lane
• John Brosnan
 
5:50 PM – 6:00 PM: Meeting Wrap Up -- Dwayne Prosko
 
6:00-7:00: Networking Reception -- Sponsored by PwC & Kirkland & Ellis LLP


Webinar held on June 17, 2014!

The IAOP Data Security & Privacy Chapter, chaired by JANUS Associates and Mayer Brown, held a webinar on June 17, 2014 at 2pm EDT.

Industry experts discussed the topic of The Impact of Recent US Security and Privacy Law Developments and the NSA’s Data Collection Activities on Outsourcing”

A spotlight has been focused on cybersecurity as a result of high-profile data breaches as well as the data collection activities of the National Security Agency.  Mayer Brown partners, Marcus Christian and Howard Waltzman, discussed the impact on outsourcing of these developments as well as some of the more recent laws, regulations and agency issuances.

Download the presentation
Play back the webinar

Webinar held on November 14, 2012

A meeting of the IAOP Data Security and Privacy Chapter, chaired by JANUS Associates and Mayer Brown, was held on November 14, 2012.

This Outsourcing centric webinar explored the technical and business perspectives of Cyber Warfare.

Modern warfare has always been governed by rules of engagement including the Geneva and Hague conventions. Humanitarian interests during conflicts have been clearly spelled out as far back as the Old Testament. Cyber Warfare is different. There are no conventions, norms, or protections for governments, industry or private citizens. Every system and individual is fair game and at risk.

The purpose of this presentation was to clearly define the who, what, when, where of a Cyber attack, how it will affect your business and how to prepare and respond should you come under attack.

"Cyber Warfare – The Reality Is We Are All Under Attack" will answer the following questions:
  • Who is actually attacking, what are they after, what are their motivations, and how are they getting your data?
  • How a successful Cyber Attack will affect your business
  • What is different about current attacks? A comparison of Cyber Warfare vs. Stand Alone attacks of 12 months ago
  • What do you need to look for to know if you are really under attack
  • How to measure the effectiveness of safeguards you currently have in place and know whether they are effective or not against this new type of attack
  • How to proactively move your corporate IT security program forward in a direction that will properly address this new threat landscape.
About the Presenter: Matthew J. Lane, IAM, QSA, CFCP is the V.P. & CTO of JANUS Associates. A sought after public speaker and a recognized subject matter expert in IT Security, Privacy, and Cloud Computing, Mr. Lane frequently presents to public and industry groups in addition to both domestic and international government entities.

Webinar held on April 28, 2011

A meeting of the IAOP Data Security and Privacy Chapter, chaired by JANUS Associates and Mayer Brown, was held on April 28, 2011.

Anders Kjellander, Chief Security Officer (CISSP) of BlockMaster discusses "A Practical Approach for Protection Against Financial Malware"

The threat against financial institutions and their customers is mounting as malicious software targets the financial systems of the world. As the financial attacks are increasing it is clear that the time has come to find a better solution for protecting sensitive online services such as online banks. Anders Kjellander will discuss on a high level a practical solution for these pressing issue that protects customer data and blocks keylogging, phising and other malicious software attacks.

Download the presentation

Meeting held on January 27, 2010

A Data Security Chapter meeting chaired by JANUS Associates was held on January 27, 2010 from 8:00 am to 10:30 am at Mayer Brown’s New York City offices at 1675 Broadway, New York, NY 10019. 

The meeting featured presentations and a panel discussion on the rapidly changing Information Security and Privacy regulations affecting outsourcing, with a focus on developments, trends and practical applications.

Presentations were delivered by Rebecca S. Eisner of Mayer Brown and Karl Muenzinger of JANUS. A panel discussion featured speakers from IBMBlackRockMayer Brown and JANUS. The panel addressed security and privacy challenges and discussed how customers and providers of outsourcing services can address these critical needs.

Agenda

Registration, Continental Breakfast & Networking

Welcome & Introductions

"New Developments – US Security and Privacy Laws Affecting Outsourcing"
Rebecca Eisner, Partner, Mayer Brown

"Technical Challenges and a Practical Approach to Vendor Compliance Management"Karl Muenzinger, Senior Compliance Consultant, JANUS

Panel Discussion: "Managing the Data Security and Privacy Risks and Opportunities in Outsourcing"
David Hudanish (Moderator), Partner, Mayer Brown
Phil Hausler, Vice President, Banking Industry, IBM
Benjamin Smith, Chief Information Security Officer, BlackRock, Inc.
John Mancini, Partner, Mayer Brown
Matthew Lane, Chief Technology Officer, JANUS 

Closing Remarks & Networking

Download the presentation


Webinar held on July 16, 2009

A Data Security Chapter webinar, hosted by corporate member JANUS Associates, was held Thursday, July 16.

Industry expert, Patricia Fisher from JANUS Associates, shared valuable insights on the“Changing Security Issues Involved in the ARRA (Stimulus) Act and How it Might Affect Outsourcing.”  Members learned about the significant developments that occurred with the passage of the ARRA and how they may impact the outsourcing industry.  Pat identified major changes and focused on the new penalties that may be applied if a data breach occurs as well as outlined the expectation of greater enforcement due to increased government incentives to the entities that will be monitoring the new requirements.  

In addition, Pat outlined specific action steps members would want to take to lower their risks and liabilities.

Download the presentation
 

Meeting held - October 21, 2008


A Data Security Chapter webinar, hosted by corporate member JANUS Associates, was held on Tuesday, October 21, 2008.

The program topic was “Outsourcing in Today’s New Risk Averse Business Climate:  Why Information Security is becoming a top business priority and what you need to do.” Karl W. Muenzinger, CISSP, CISM, MBCI and Project Manager of JANUS Associates, shared his expertise about the dramatic effect the rapidly changing financial landscape will have on outsourcing.  He shared valuable information about what you need to do to prepare for it!  

He covered real-life business cases where strong information security was used as a market differentiator and where information security breaches cost more than any benefit they derived.  He provided insight about how lax information security can be a deal breaker.  He reviewed the regulatory trend for increased due diligence, information security standards and approaches to demonstrating strong security.

Download the presentation


Webinar Held Wednesday, April 30, 2008

The latest Data Security Webinar took place on April 30, 2008 at 11:00 a.m. (PDT).  Data Security chapter chair, Frank Teruel of Vormetric, and guest speakers Tom Grubb of Polivec and Gabe Zubizaretta conducted a dynamic discussion concerning: “The Impending US Economic Down-turn…What does it mean for Outsourcing and the Safety of Your Data”.  

The presentation was split into three parts beginning with Gabe Zubizaretta who spoke to the subject of outsourcing trends among emerging technical and non-technical enterprises, Tom Grubb who addressed extending your behavioral infrastructure to ensure the protection of your data and Frank Teruel who wrapped up with developing and extending a data security eco-system across your outsourcers’ environment.  A question and answer session completed the program.

Download the presentation

Face to Face Meeting of the Data Security Chapter

The Data Security Chapter of IAOP held a face to face meeting at the 2006 Summit on February 20, 2006. Pat Fisher, President of Janus Associates, Tom Grubb, Chapter Chair and Heather Mark (CISSP) presented growing evidence that data security poses a significant challenge to service providers and their customers.   An informal survey was conducted to determine the attitude of those in the outsourcing industry regarding the protection of sensitive data. Download the survey results hereAfter the formal presentation, suggestions for future topics and speakers were discussed.

Download the presentation

Inaugural Meeting of the Data Security Chapter

The inaugural meeting of the Data Security Chapter was held on February 14th, 2006 at 2:00 pm Eastern Time via web conference. The meeting was hosted by chapter chair Tom Grubb of Vormetric. To keep consumers' trust and minimize the risk of a security breach when outsourcing, the premise of the meeting suggests that organizations need to take steps to ensure that personal data is safeguarded in vendor relationships.

Chairman’s Summary

The Data Security Chapter of the IAOP, bringing together providers, their customers and advisors that use sensitive digital information in the course of conducting outsourcing business, held its first meeting on February 14th, 2006 via teleconference and web-seminar.  

IAOP Executive Director Michael Corbett provided an overview of the outsourcing industry and the IAOP. Tom Grubb described the Data Security chapter goals and objectives, followed by information describing why data security matters to outsourcing professionals. Mr. Grubb explained that disclosure laws such as California SB1386 push data theft into the media, which prompts customers and consumers to demand more legislation to protect data. Then he used a case study to show how a single public data breach at an India-based service provider caused long lasting brand damage evidenced by almost 10,000 Google many months after the breach occurred.

Dr. Larry Ponemon, chairman and founder of Ponemon Institute, and Sandra Hughes, chief privacy officer of Procter & Gamble presented the Vendor Information Clearinghouse, a framework developed by the Ponemon Institute. Ponemon and Hughes explained that the VIC is a Web-based infrastructure and process for registering qualified vendors and for disclosing baseline qualifications for handling information about people and households. They invited outsourcing professionals to consider adopting the VIC as a means for customers to validate service providers they are dealing with.  This validation process will help construct and corroborate confidence in doing business where private data is exchanged between service provider and vendor.

Tom Grubb from Vormetric wrapped up the meeting with the encouragement to submit ideas, thoughts and suggestions to IAOP in order for the group to continue to grow and remain topically focused for 2006. Topic suggestions may be sent to her directly at tgrubb@vormetric.com.

Meeting Agenda:

  •  5-10 minute introduction by Mike Corbett, IAOP Executive Director
  •  10 minutes by Tom Grubb, Why data securitys is important to Outsourcing Professionals
  •  30 minutes by Dr. Larry Ponemon and Sandy Hughes, Lose Their Data — Lose Their Trust: Enabling Secure Vendor Relationships
Download the presentation

ALL OTHER MEETINGS

 

 

© 2024 IAOP® All Rights Reserved. IAOP, Certified Outsourcing Professionals®, The Outsourcing World Summit® and The Global Outsourcing 100® are registered trademarks of IAOP.