Category Archives: Events

Upcoming cybersecurity events featuring BH Consulting

Here, we list upcoming events, conferences, webinars and training featuring members of the BH Consulting team presenting about cybersecurity, risk management, data protection, GDPR, and privacy. 

Tech Connect Live 2019: Dublin, 30 May

BH Consulting COO Valerie Lyons will be presenting at this event which takes place at the RDS in Dublin on Thursday 30 May. The conference is a business and technology event, with talks on a range of related subjects happening throughout the day. The event is free to attend, and more than 5,000 delegates are expected on the day. To find out more and to register for a free pass, visit here

Data Protection Officer certification course: Vilnius/Maastricht June/July

BH Consulting contributes to this specialised hands-on training course that provides the knowledge needed to carry out the role of a data protection officer under the GDPR. This course awards the ECPC DPO certification from Maastricht University. Places are still available at the courses scheduled for June and July, and a link to book a place is available here

IAM Annual Conference: Dublin, 28-30 August

Valerie Lyons is scheduled to speak at the 22nd annual Irish Academy of Management Conference, taking place at the National College of Ireland. The event will run across three days, and its theme considers how business and management scholarship can help to solve societal challenges. For more details and to register, visit the IAM conference page. 

The post Upcoming cybersecurity events featuring BH Consulting appeared first on BH Consulting.

TrustArc at International Privacy + Security Forum

TrustArc is proud to be sponsoring, speaking and exhibiting at the International Privacy + Security Forum this week in Washington, DC. The International Privacy + Security Forum brings together global leaders in privacy and security to discuss how these two important topics impact the real world. This event will bring together privacy professionals, security professionals, chief information officers, attorneys, academics, experts from NGOs & thinks tanks, technologists, and policymakers from all over the world. Several TrustArc privacy experts will be session speakers during the International Privacy + Security Forum: Hilary Wandall, Chief Data Governance Officer, General Counsel & Corporate Secretary, … Continue reading TrustArc at International Privacy + Security Forum

The post TrustArc at International Privacy + Security Forum appeared first on TrustArc Blog.

TrustArc Kicks-Off the Privacy Innovation & Technology Meetup in 2019 with Geolocation-Focused Event

TrustArc was pleased to re-launch the Privacy Innovation & Technology Meetup group on March 13, 2019.  Begun in 2012, this regularly scheduled San Francisco Bay Area group is open to anyone interested in learning about privacy, hearing about cutting edge topics in technology, and engaging in collegial networking (along with optional fizzy libations).  The PI&T Meetup group continues to bring together individuals from leading cross-industry companies, academics, consumer rights advocates, students, non-profit organizations and other thought leaders, to describe just a few of the group’s nearly 500 members. The most recent PI&T session was entitled “Geolocation: The Real-World ‘Cookie’ Eaten … Continue reading TrustArc Kicks-Off the Privacy Innovation & Technology Meetup in 2019 with Geolocation-Focused Event

The post TrustArc Kicks-Off the Privacy Innovation & Technology Meetup in 2019 with Geolocation-Focused Event appeared first on TrustArc Blog.

Special Webinar Event: Current State of Brexit and Data Protection Impact

TrustArc is proud to present a special webinar event: “Current State of Brexit and Data Protection Impact.” This webinar will take place this Thursday, March 28th at 12pm GMT | 8am ET | 5am PT. Don’t miss this opportunity to learn more about how Brexit will affect data protection – register today! Can’t make it? Register anyway – we’ll automatically send you an email with both the slides and recording after the webinar! Click here for answers to the most commonly asked webinar related questions. The impact of a potential “Brexit” will play an important role on the data protection … Continue reading Special Webinar Event: Current State of Brexit and Data Protection Impact

The post Special Webinar Event: Current State of Brexit and Data Protection Impact appeared first on TrustArc Blog.

4th Annual Cyber Security Conference for Executives

Cyber Security for Executives (including deans and small business owners).

This year’s conference at the Johns Hopkins University covered ground of interest to business leaders, especially with respect to the implications cyber risk has for their legal and contracting activities. The executives for whom the conference was organized were expansively and quite properly defined to include not just the denizens of a Fortune 500 C-suite, but small business owners, partners in medical and accounting practices, college deans, and so on.

In his opening remarks, Anton Dahbura, Director of the Information Security Institute at the Johns Hopkins University’s Whiting School of Engineering, reviewed his “Unlucky Top 13” list, an inventory of recent security horror-shows. He thinks these incidents (the Equifax breach being the one that’s arrived with most éclat) may have induced the public to pay attention, and may finally be moving people away from what Dahbura called “the gazelle mentality,” that is, the comforting thought that if you stay close to the herd, you’ll be OK. (You won’t.)

Other speakers discussed the opportunity costs sound security inevitably imposes on organizations. One new addition to the faculty at the Johns Hopkins School of Advanced International Studies, Thomas Rid (who’d just arrived from his previous appointment in London) offered an overview of the attribution challenge. Historically informed, Rid’s account argued that attribution is as much art as science. A panel of legal experts offered advice for businesses. (One highlight: Whiteford Taylor Preston’s Howard Feldman reminded everyone of the importance of contracts, and that you may be bound by contracts you hadn’t realized were contracts at all. “Your privacy policy, on your website, is a contract.”)

And Bob Olsen, CEO of event sponsor COMPASS Cyber Security, closed with some effective analogies security professionals can use to communicate with the business leaders they support.

Strategic perspective from US Cyber Command.

Guy Walsh, Brigadier General (retired), US Air Force, and currently responsible for strategic initiatives at US Cyber Command, delivered the conference’s opening keynote. He began with a quick observation about Equifax, saying that the incident should serve as a reminder that it can take time to patch and address known vulnerabilities.

He described the emergence of cyberspace as a fifth operational domain, joining land, sea, air, and space, and he described US Cyber Command as a warfighting organization recently elevated in status and sharply distinguished in its mission from the National Security Agency.

Walsh reviewed some Air Force history, and claimed that the first insider hack of the USAF was done in 1963, by John Boyd, the leading thinker of the Fighter Mafia. Boyd is more familiar as the officer who formulated the concept of the OODA loop, the cycle of Observe, Orient, Decide, and Act that he outlined in his Discourse on Winning and Losing. Boyd argued that if one could execute that cycle faster than one’s adversary, “get inside their OODA loop,” one would have a decisive advantage in combat. Getting inside the OODA loop, Walsh argued, was as important in cyberspace as it was in air-to-air combat.

After describing Buckshot Yankee, a Russian attack against US Central Command with Agent BZT, Walsh outlined the strategic adversaries the US faces. They are, as many others have said, Russia, China, North Korea, Iran, and terrorists. In this threat environment Cyber Command operates National Mission Forces, Combat Mission Forces, Cyber Protection Forces, and, against ISIS, Joint Task Force Ares.

One trend and two observations Walsh made have implications for most enterprises, not just Cyber Command. The trend he sees is that big data and artificial intelligence will change the dynamic in cyberspace. His two observations with broader implications were, first, the point that retaliation against cyber attack need not be exclusively or primarily cyber retaliation. It may not need to be cyber retaliation at all. And second, when he described the three major Cyber Command exercises (Cyber Flag, Cyber Guard, and Cyber Knight) he said they took their inspiration from Red Flag, the Air Force’s realistic training against a dissimilar adversary opposing force. Like Red Flag, these exercises have been vital in increasing readiness and capability.

The risk landscape as seen from the perspective of the healthcare sector.

Stephanie Reel (CIO, the Johns Hopkins University Health Systems) brought the perspective of a healthcare organization (and a “hybrid organziation”) to the discussion. She claimed that healthcare has surpassed financial services as the most-targeted sector. In some ways the sector’s modernization has increased its vulnerabilities. Unification and aggregation of data have exposed the sector to “unintentional negligence among the players.” That unification is striking: about 60% of patient data in the United States is currently held by a single vendor.

With greater risk has come more spending on security, and Reel pointed out that this is not only a direct expense, but it imposes opportunity costs as well. “Money spent on security is not being spent to cure disease,” she said, nor is it being used to improve public health. But the reality of the threat requires that security be addressed. Ransomware has been a particular problem for healthcare, Reel said as she reviewed their own experience with the Medstar incident of 2016.  Medical care and patient safety require that digitized records and networked devices have high availability, and it’s that availability that ransomware attacks. Direct manipulation of medical devices themselves (“still sort of science fiction; we haven’t seen it at Johns Hopkins”) also remains a very real threat, although not yet a common one.

Reel seconded Dahbura’s call for a national conversation about an identification system, and, although she feared that people were too ready to concede defeat on identity management, still closed on a hopeful note. She thought the tensions a hybrid organization like hers faces among the competing claims of security, operations, healthcare, research, and education could ultimately be resolved.

For the full article, visit The CyberWire. If you would like to be informed about next year’s event, please CONTACT US.

This is an excerpt from an article originally written by The CyberWire