January 2017 Meeting w/ISACA

Date: January 12, 2017

Location: Renaissance Dallas Richardson Hotel

Address: 900 E Lookout Dr., Richardson, TX 75082

Time: 10:30am to 2:30pm (Lunch will be provided)

Registration is Closed. No Walk-ins will be accepted!


Pre-Session: 10:30 – 11:30 AM

Meeting Title: Emerging Risks and Security Challenges


Attendees will learn about:

  • Understanding and identifying the risk landscape
  • What solutions work and which do not
  • Understanding the attacks enterprises are seeing today

Session Description The information security landscape is constantly changing. We have to understand the attacks that are occurring, as well as the emerging risks that exist. During this presentation, we will look at some of the recent successful attacks and identify what we can learn from the attacks. What solutions work? What solutions don’t work? How can these attacks be combated, and what does it mean to me as I provide security solutions?

CPEs Offered: 1 Hour Continuing Professional Education

Speaker: Tanya Baccam, Baccam Consulting

About the Speaker: 

Tanya is a SANS senior instructor, as well as a SANS courseware author. With more than a decade of information security experience, Tanya has consulted with a variety of clients about their security architecture in areas such as perimeter security, network infrastructure design, system audits, Web server security, and database security. Currently, Tanya provides a variety of security consulting services for clients, including system audits, vulnerability and risk assessments, database assessments, Web application assessments, and penetration testing. She has previously worked as the director of assurance services for a security services consulting firm and served as the manager of infrastructure security for a healthcare organization. She also served as a manager at Deloitte & Touche in their Security Services practice. Tanya has played an integral role in developing multiple business applications and currently holds the CPA, GPPA, GCIH, GSEC, CITP, CISSP, CISM, CISA and OCP DBA certifications. Tanya completed a bachelor of arts degree with majors in accounting, business administration and management information systems.

Lunch Session: 12:30 – 1:30 PM

Meeting Title: Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know


Attendees will learn about

  • Why cybersecurity is as much a legal issue as it is a business or technology issue.
  • How most legal and regulatory compliance actions support a “take reasonable measures” approach instead of a “strict liability” approach to companies’ pre-breach activities.
  • The 2 primary legal and regulatory compliance areas that pose the most risk to companies and key action items that can help mitigate that risk.
  • The 3 pre-breach must-haves for every company to have in place.
  • Understanding the importance of cybersecurity and privacy focused contractual agreements have on companies and how such agreements can be negotiated

 Session Description: Year after year the cybersecurity landscape continues to change for the worse with more and more companies being breached and then pursued in legal and regulatory actions. If one thing has become certain, it is that cybersecurity is as much of a legal issue as it is an information technology or business issue. While this may be the perfect scenario for selling FUD — fear, uncertainty, and doubt — there is hope and that is where we should focus.

In this discussion we will cover how cybersecurity professionals can help empower companies to do what is reasonable, even if they can’t do everything. Using this backdrop, we will discuss several recent legal and regulatory compliance developments and examine how they encourage companies to take this reasonableness approach. We will also examine some of the more wide-reaching regulations that will be implemented in 2017 and how they impact this approach. We will then discuss some critical action items to take from these that virtually all companies can implement to better prepare in this regard – especially if they find themselves in a breach situation.

CPEs Offered: 1 Hour Continuing Professional Education

Speaker: Shawn Tuma, Cybersecurity & Data Privacy Partner, Scheef & Stone, L.L.P. and General Counsel, Cyber Future Foundation

About the Speaker: 

Shawn Tuma is an attorney with an internationally recognized reputation in cybersecurity, computer fraud and data privacy law. He regularly serves as outside cybersecurity counsel advising a wide variety of businesses ranging from small mom & pop businesses to Fortune 100 enterprises. He also serves on the Advisory Board of the University of North Texas Cyber Forensics Lab, the Council for the Computer & Technology Section of the State Bar of Texas, among his many other activities. Shawn has been working at the forefront of cybersecurity law since prior to Y2K and is consistently selected for honors such as D Magazine’s Best Lawyers in Dallas and Texas SuperLawyers. In 2016, he was selected by Texas SuperLawyers for the Top 100 Lawyers in DFW and by the National Law Journal as a Cybersecurity Law Trailblazer.

Post Session: 1:30 – 2:30 PM

Meeting Title: The Fight Against Phishing: Defining Metrics That Matter Session


Attendees will learn about

    • Actual stories of phishing tests that worked … or did not!
    • Methods to drive actionable metrics in the social engineering space
    • Typical challenges for a successful program


Session Description: Phishing and social engineering attacks are at the heart of most significant data breaches. Threats targeting the human layer continue to evolve beyond the obvious. In this session, explore how a risk-based approach applied at the human layer improves organizational resilience and user level resistance to these threats.

CPEs Offered: 1 Hour Continuing Professional Education

Speaker: Mark T Chapman President and Founder, PhishLine LLC

About the Speaker: 

Mark is the president and founder of PhishLine and has spent the majority of his 20+ year career leading talented teams in the development of cutting-edge solutions in the areas of risk management, information security, and social engineering. Mark has extensive experience addressing security concerns for a wide variety of enterprise customers who keep him closely connected to the information security community and the challenges within.

PhishLine provides a social engineering and learning platform that applies a risk-based strategy to combat phishing. With PhishLine, customers gain access to thousands of different data points that provide visibility into risky patterns of user behavior and can drive change at the human layer in a measurable and objective manner.

Mark resides with his wife of 20 years, Cheri, in Muskego, Wisconsin. They have three sons who are all avid musicians. His family enjoys outdoor activities including boating, fishing, and hiking.

Leave a Reply


Subscribe to Our Newsletter

Register below to receive updates, news, and breaking Chapter developments via periodic e-mail notes.

Event Calendar

IIA Meetings, Conferences, and Seminars

December 2016

    Upcoming Events:

    • No events.

Audit Links

Dallas IIA