5th Annual CUNA Technology Council Security Summit
September 11-12, 2018 | San Francisco, CA
Meet with fellow CIOs and IT professionals in this face-to-face learning and networking event.
Rates: CUNA Members - $195 / Non-CUNA Members - $520
(no discounts apply to this event)
Registration: You may register for the Security Summit only, or it may also be added when registering for the 2018 CUNA Technology Council Conference.
Please make your choice below:
Tuesday, September 11, 2018
|12:30 p.m.||Registration for Security Summit|
|1:00 p.m.||Introduction of Team and Agenda Review
Thomas Lea, VP- IT Infrastructure & Security, Royal CU
|1:10 p.m.||BlockChain 101
Pete Nohelty, CTO, Royal Credit Union
By now you’ve heard the buzz around blockchain and distributed ledger technologies. In this informative session, you will be introduced to the concept of blockchain and distributed ledger, and how it will be impacting our security, compliance and operational landscape. This session will start out with exposing this technology as it applies to the financial industry and will evolve to a more specific overview of what is happening in the Credit Union movement and with CU Ledger, Sovrin authentication, digital trust framework, verifiable claims, XDI, Hashgraphs and more!
|2:00 p.m.||Risk Appetite
Does your organization struggle with who accepts risk and what level of risk is tolerable to the Board, Executive Team, and the business? In this collaborative moderated tabletop exercise we will practice creating risk appetite statements that will help define your organization’s risk profile and tolerance levels, which will help you decide where to focus your efforts and at what level are controls considered effective. Once your risk appetite is defined, this interactive session will help define practical ways to implement controls to meet your risk tolerance.
|3:30 p.m.||Networking Break|
|3:45 p.m.||Vendor Access Control
Panel discussion – This session will discuss how various CU’s are handling vendor access control. Learn how your peers are dealing with securing the enterprise without becoming an obstacle to system implementation and support. We will take a deep dive into granular access permissions, monitoring/reporting, session recording all with the goal of controlling vendor access. Today’s credit union’s usually have a variety of ways vendors connect and administer systems using a variety of tools (and usually vendor driven). Should this access be consolidated to one solution that is owned and operated by the credit union and not the vendor? Find out what your peers think in this technical vendor discussion.
|4:45 p.m.||Wrap-up of Day 1
Discussion of day’s learnings. Overview of various actionable items that CU’s can apply when they return to their organizations.
Wednesday, September 12, 2018
|8:00 a.m.||Anatomy of a Ransomware attack
Chris Schatz, info@risk
In this mock Red/Blue team presentation, we will examine how ransomware works, how your organization can be impacted, and what you can do to monitor, control, and respond to a ransomware event. This presentation will cover a live demo of a system compromise and then go over multiple defensive strategies that will help identify and mitigate these attacks using strong passwords, ingress/egress network controls, process auditing, DNS Sinkholing, and other vendor neutral techniques and processes.
|9:00 a.m.||Insights from the NCUA on the new ACET exam process
Wayne Trout, NCUA, Regional Information Systems Officer
Presentation and open Q&A with a RISO from the NCUA on common gaps in baseline controls. Wayne will share his insights from the field on hurdles CU’s are facing with identifying and managing the identified gaps discovered during the ACET process. Attendees will all participate in this interactive session, so we can help solve real world issues.
|10:00 a.m.||Networking Break|
|10:15 a.m.||Compensating Controls Roundtable
Are you facing financial, regulatory, or vendor-related challenges with implementing controls? What happens when a new risk is introduced, but the time, money, and effort to manage the risk is not reasonable or will take time to implement an effective control. This Interactive session will discuss some creative ways various organizations are managing risk when the standard controls are not an option.
|12:30 p.m.||Legacy Systems Roundtable
Sometimes the business requires us to keep legacy systems around. In this roundtable we will discuss how organizations are dealing with risks posed by our existing business systems that create this unique challenge. We will hear from other experts on how they implement the necessary control structures to better secure these systems. From documentation to risk assessments, mitigation steps, hardening, and other control objectives we will discuss the optimal ways to understand the risks of legacy systems and how to mitigate the risk.
|1:30 p.m.||Enterprise Risk and Security Metrics
Ken Schaafsma, VP ERM, Alliant Credit Union
Presentation and Panel – Presentation and Panel Discussion – Is your CEO and the Board worried about cyber security events and if their investment for security is helping to keep the organization safe? Hear from your peers on how they utilize security metrics to drive action and make security-based decisions, how to report your security program using metrics, and what is the right content for a varying audience. In this 2-part presentation and panel, you will hear some tips and insight into building and maintaining an Enterprise Risk Management Program and how to incorporate cyber risk and metrics into your ERM programs.
|2:45 p.m.||Conference Overview and Recap
|3:15 p.m.||CUNA Technology & Operations & Member Experience Council Conference begins|