Join the WMIIA and WMISACA for two exciting presentations.
What can Internal Audit do for you?
We all know quality is a continual process that evolves as your company ebbs and flows. Having processes in place to monitor and track that continual improvement and make good decisions based on that information is critical to a business. As the cyber security landscape changes, businesses have to be fluid and responsive to the ever elusive vulnerabilities and threats targeting them. This may involve reviewing your cyber security processes and realizing that things may not have to be done just because you have always done them that way. Instead, take the opportunity to really ensure your cyber security processes are adding value to your organization.
One way to accomplish this is through reviewing your standard operating procedures and policies on a continual basis through an internal audit. Internal audits benefit the immediate departmental team as well as the overall organization. The departmental team benefits by taking time to review what they are doing, why they are doing it, and make necessary changes. In the process, they are documenting the activity to demonstrate to an external auditor or regulator that they are following the policies and processes that they have established to best protect the organization as a whole.
Kyle Kunnen is the Information Security Officer for Mercantile Bank of Michigan. He has been in the banking industry for 23 years, focusing on Operations, Disaster Recovery & Business Continuity, Privacy and more recently focused primarily on Information Security. Kyle will share his experience on how he works with Internal Audit to continuously improve Mercantile’s security posture.
From zero to Incident Response in 60 minutes
The presentation will cover lessons learned from building incident response program based on NIST SP-800 61r2. By using a given attack scenario, we will explore the cyber-attack kill chain and typical attacker modus operandi. We will go over preparation and planning; detection and analysis; containment, eradication, and recovery; and post-mortem activities. The presenter will share sample incident response playbooks, cheat sheets, first responder toolkit, and other customizable templates for the needs of any given organization.
Vel Pavlov is an information security professional with over 10 years of experience in the field. Vel manages the IT Security team for Ferris State University including SIEM, DLP, WAF, FDE/FFE, MDM, HIPAA & PCI DSS compliance, etc. Outside of the management responsibilities, Vel’s focus is on risk and vulnerability assessment, incident handling lifecycle management, and building information security program based on the ISO27001/27002 framework. Vel holds a number of certifications including CISSP, C|EH, C|HFI, C)PTE, ITILv3 Foundations, Security+, A+, Rapid7 Certified Nexpose Administrator, and Metasploit Pro Certified Specialist. He is a co-author on the subjects of mobile malware and digital antiforensics. Vel serves as an adjunct faculty and cyber-security course designer for Excelsior College, Ferris State, and most recently Walsh College. He contributes to the Excelsior College Faculty Advisory Council. Vel had the opportunity to present for West Michigan ISSA, MCRCon, ISC2, law enforcement initiatives, high schools, and even local TV on the subjects of network forensics, OSINT, vulnerability lifecycle management, penetration testing, incident response, and IoT security.
8:30 AM - 9:00 AM - Breakfast and Registration
9:00 AM - 10:00 AM - What can Internal Audit do for you?
10:00 AM - 11:00 AM - From zero to Incident Response in 60 minutes
Location & Parking:
The meeting will be held at Gordon Food Service Headquarters, 1300 Gezon Parkway SW, Wyoming, MI 49509. Please park in the guest parking lot in the front of the facility on the west side (in front of the flagpole). Enter through the lobby where you'll be directed to the meeting location.