2017 CyberSecure
 
12/04/2017
8:00 am - 8:30 amBreakfast & Registration
8:30 am - 9:15 amOpening Address: The New Realities of Post-Breach Crisis Management
Invited Speaker: NY State Attorney General's Office
9:15 am - 10:30 amMorning Keynote: Trends & Priorities to Manage the Cyber Frontier
Invited Speaker: FBI Cyber Division, New York Field Office
10:15 am - 11:15 amNetworking Break
11:15 am - 12:15 pmRegulatoryRisk ManagementIndustry and Technical
The Year in Data Breach and Privacy Litigation


With data breaches becoming more commonplace the occurrence of litigation has spiked. Whether it be class action or vendor breach of contract litigation, the loss or misuse of proprietary information can lead to a serious disruption in delivery of products and services. This session will cover how to effectively partner with outside counsel during litigation and the key factors to consider during breach reporting, disclosure notifications, insurance claim submission and restoration of services.
Integrating Periodic Risk Assessment to Avoid Becoming the Next Target of a High-Profile Cyber-Attack
Moderator: Rich Blumberg, Director of Business Development, CyberScout
Speaker: Ronald N Sarian, Vice President & General Counsel, E-Harmony Inc
Speaker: Justin Castillo, Head of Legal, BT Americas
Speaker: Ashok Marin, Vice President, Chief Compliance & Privacy Officer, Mallinckrodt Pharmaceuticals

Many cybersecurity regulation updates, such GDPR and those issued by NYDFS now require formal risk assessment. While this may add to the workload, identifying your company’s weak spots during the assessment period will help inform data security initiatives to reduce your chances of experiencing a major cyber-attack. This hour will cover how to integrate, in real-time, assessment findings into existing security programs, and highlight some of the major regulatory consequences when failing to address security threat discoveries.
Mitigating Cybersecurity Vulnerabilities in Your Supply Chain
Speaker: Ryan Lobato, Corporate Counsel, ExxonMobil
Speaker: Holly Brady, Senior Counsel, Altria Client Services
Speaker: Buck De Wolf, Vice President, Chief Intellectual Property Counsel & General Counsel, GE Global Research

Companies are improving their supply chain through the use of interconnected technologies, but with increased interconnectivity comes increased cyber risk. This panel will highlight the importance of specific checklist items to consider and address for secure interconnected relationships, including:

• Vendor access to a company's internal system

• Network segmentation

• Vendor selection, guidelines, standards and controls, including required reporting and validation of performance

• Password and monitoring safeguards, policies and practices

• Insider threat training, both intentional and unintentional

• Audit programs to monitor security protocols within the company and at supply chain vendors
12:15 pm - 1:30 pmLunch
1:30 pm - 2:30 pmRegulatoryRisk ManagementIndustry and Technical
Deep Dive of the NYDFS Cyber Security Regulation Update: How to Ensure Compliance
Speaker: Monique Edwards, Assistant General Counsel - Data Privacy, HoneyWell
Speaker: Alex Greenberg, Head of Intellectual Property & Cybersecurity Legal, Barclays
Speaker: Paul Caulfield, Chief Risk & Compliance Officer, Israel Discount Bank

This session will offer a timely discussion of NYDFS’ new cyber security provisions and upcoming deadlines to prove compliance. Panelists will offer guidelines for small to mid-sized organizations on how to prove compliance in time with limited resources and budget. This panel will also explore the potential impact on organizations who fail to meet the new requirements issued by NYDFS.
Revamping Employee Cybersecurity Policies and Training to Mitigate the Legal Risks of BYOD
Speaker: Daniel Pepper, Vice President & Deputy General Counsel, Comcast Corporation
Speaker: Adam Rubin, General Counsel, PrizeLogic

The use of personal devices remains a major culprit of data breaches, but balancing employee monitoring with privacy concerns is challenging. This session will look at the specific privacy issues to consider when constructing your BYOD policies. Learn the importance of reviewing other company policies, implementation of technological safeguards (such as encryption), incident response guidelines, employee training, remote working rules and rules covering data ownership. Panelists will also dive into the employer's potential privacy liability when monitoring employees' BYODs.
Practicing Good Data Hygiene to Effectively Manage Data Security in eDiscovery
Speaker: Brian Corbin, Vice President & Assistant General Counsel, JPMorgan Chase

Breaches in data security during e-discovery can lead to spoliation claims by opposing counsel. With new requirements for secure data disposal and increased responsibilities for all across the organization, in-house counsel can’t solely rely on law firms and vendors to ensure data integrity. This session will cover how to improve data management internally to document an unbroken chain of custody during litigation, and guidelines during eDiscovery for your vendor and outside counsel.
2:30 pm - 2:45 pmSession Rotation
2:45 pm - 3:45 pmRegulatoryRisk ManagementIndustry and Technical
GDPR: The Rush for Compliance and Moving the Needle on Your Company’s Cybersecurity Culture
Moderator: Daniel K. Alvarez, Partner, Willkie Farr & Gallagher LLP
Speaker: Antonious Porch, General Counsel, Shazam
Speaker: Kimberly Goldberg, Assistant General Counsel, Horizon Blue Cross Blue Shield
Speaker: Alfredo Della Monica, Vice President & Senior Counsel, American Express
Speaker: Farrah Zaman, Senior Counsel, Nielsen
Speaker: Allison Dodd, Senior Counsel, The WhiteWave Foods Company

With the onset of GDPR quickly approaching, now is the time for multi-national companies to pause and revisit their planned action to meet the requirements of GDPR. This session will cover the key steps that will ensure your organization is free from costly penalties; including review of privacy notices, evaluation of your detection and data breach reporting procedures, and how to handle data access requests. Leave this session understanding how an updated compliance program that falls in line with GDPR can move the needle on companies’ cybersecurity culture.
The Emergence of Ransomware - Emergence and Prevention
Moderator: Eric Hodge, Director of Consulting, CyberScout
Speaker: Christopher Pierson, Executive Vice President & General Counsel, ViewPost

Many high-profile law firms and large corporations have been in the spotlight recently due to far-reaching ransomware attacks. Hear first-hand some of the blind spots and key takeaways that speak to improving early detection efforts and effective crisis management strategies. This session will also examine the benefits of cyber liability insurance and what’s missing in your policy to help mitigate the effects of a ransomware attack.
Exploitation of PII—Securing Employee Data to Prevent Targeted Attacks

Credit card information and bank accounts are not the only valuable data for cyber criminals. Employee benefit plans, which contain personally identifiable information (PII) and are exploited over a longer period of time, is quickly becoming the preferred target. Asking questions early on, such as “Who is responsible for cyber security of the plan sponsor?” will help minimize risks of an attack on benefit plans. This session will cover some of the immediate steps you can take to help protect employee benefit plans, including: purchase of cyber-liability insurance, reassessing third party vendor access to sensitive information, supplementing passwords with multifactor authentication and best practices for data disposal and storage.
3:45 pm - 4:30 pmNetworking Break
4:30 pm - 5:30 pmRegulatoryRisk ManagementIndustry and Technical
Building Holistic Compliance Strategies to Navigate the Complexities of State, International and Federal Regulations
Speaker: Catherine Mulrow - Peattie, Lead Counsel Enterprise Security Solutions , MasterCard
Speaker: Erez Liebermann, Chief Counsel, Cybersecurity & Privacy, Prudential Financial
Speaker: Annemarie Giblin, Senior Counsel, Cyber Liability Attorney, Chubb

With more states issuing cybersecurity regulations and the upcoming onset of GDPR, keeping track of all the varying requirements and deadlines can become overwhelming. For multinational companies that operate in various states and abroad, hear about what to consider when trying to simultaneously ensure compliance with multiple agencies and regulations such as the EU’s NIS Directive and the latest NYDFS cybersecurity provisions. Learn what questions to ask and the benefits of working with cross-functional team members to construct and implement a compliance program that adheres to all regulation changes.
Strengthening your Data Security: Third Party Vendor Risk Classification and Screening
Speaker: Kevin Fumai, Managing Counsel, Oracle
Speaker: Michael Avalos, Assistant General Counsel, AIG Insurance
Speaker: Jordan Thompson, Associate General Counsel & Chief Privacy Officer, New York Institute of Technology


By making sure your vendors comply with federal and state regulations, you avoid costly fines, disruption to your operation of business, and reduce the number of vendor-sourced data breaches. Learn some of the key factors to consider before screening vendors and how to classify vendor risk. Discussion will cover how to determine risk appetite, the hallmarks of a solid vendor vetting process, including developing and analyzing vendor questionnaires, establishing scope of services and supporting documentation from vendors.

Technology Patent Law Suits—How to Avoid Getting Caught in the Crossfire

A surge in cybersecurity patent litigation involving large corporations has led to heightened concern among in-house counsel from small and mid-sized companies. In this hour panelists will discuss the hallmarks of a comprehensive plan that protects company patents and trade secrets: agreements and procedures that establish document protection, prioritization of trade secret vulnerabilities, creation of third party data management procedures, implementation of employee training and monitoring policies. Also hear about the latest technology used to safeguard patents and trade secrets and how to reassess your cyber insurance policy to ensure your IP is protected.
5:30 pm - 6:30 pmCocktail Reception

12/05/2017
8:30 am - 9:00 amBreakfast & Registration
9:00 am - 9:55 amKeynote: Cyber-Physical and Other Growing Threats to Critical Infrastructure
Invited Speaker: National Protection and Programs Directorate, Department of Homeland Security
10:00 am - 11:00 amBenchmarkingCrisis ManagementData Governance
Data & Trends: Challenges at the Intersection of Cybersecurity and Legal Services
Moderator: Daniella Isaacson, Senior Analyst, ALM Intelligence
Speaker: Michal Rosenn, General Counsel, KickStarter
Speaker: Steve Kovalan, Senior Analyst, ALM Intelligence


Recent breaches at top law firms have led many to question whether law firms are up to the task of ensuring confidentiality in an era of free-flowing digital information networks. At the same time, the resignation of Yahoo’s general counsel amid accusations its legal team failed to properly respond to a 2014 breach has brought the issue of data security to the doorstep of corporate law departments

In this session, ALM Intelligence analysts will discuss the state of the legal services sector in the age of ever present cybersecurity threats. Drawing on ALM Intelligence’s latest surveys of corporate law departments and law firms on the topic of data security, the presentation will give attendees an inside look at the challenges at the intersection of cybersecurity and legal services

The Hacking Update
Larger companies are being proactive in the fight against cybercrime and using Dark Web threat intelligence to help inform both their prevention and incident response playbook. This conversation will cover monitoring strategies to alert your organization to planned adversary attacks and take a deep dive into the latest adversary techniques to help your organization stay on top of prevention strategies.
The Cloud and your Database: Rethinking Data Governance
Speaker: Lawrence Montle, Chief Information Security and Privacy Officer, New York State Insurance Fund
Speaker: John Whiting, Chief Security Officer, DDB
Speaker: Catherine Atterbury, Director & Associate General Counsel Cyber, Information Technology & Intellectual Property, Deutsche Bank

This panel will dive into how to tackle some of the most common threats to your database security, including multiple access points to data on the cloud, privilege abuse, limited security education for all employees, generating security audit reports and lack of clearly defined remediation efforts post breach.
11:00 am - 11:30 amNetworking Break
11:30 am - 12:30 pmBenchmarkingCrisis ManagementData Governance
Cyberinsurance Tune Up—Reassessing Your Policy
How often do you reassess your cyber insurance policy? This session will address new categories of risk when revisiting your policy and what to consider with regard to third party risk coverage. Hear from cyber liability underwriters on what they assess when creating your premiums and policy limitations, and how to prove actual injury for a successful claim.
Speaking a Common Language with your C-Suite when Setting Risk Responsibility Across the Organization
Speaker: Andrew Tannenbaum, Cybersecurity Counsel, IBM
Speaker: Marc Berger, General Counsel, FlatIron Health
Speaker: Elise Houlik, Associate General Counsel, Fannie Mae

Cyber risk and overall business performance are becoming increasingly more interdependent. As a result, effective cyber risk management includes awareness at the C-suite level. This panel will present some of the key questions to discuss with your C-Suite during evaluation of your company’s cyber risk programs/policies and provide strategies for setting risk responsibility at various levels across the organization. Leave this session with guidelines for how to establish a common language between organizational members to effectively discuss crisis response and how to engage external stakeholders during risk mitigation.
What You Need to Know about IoT, AI and the Blockchain: Buzz Words Demystified
Speaker: Richard Timbol, Chief Information Security Officer, Davis Polk & Wardwell LLP

There will be roughly 24 billion IoT devices connected to the Internet by 2020, according to a Business Insider Intelligence Report. What’s on the horizon for efficient data security in the midst of heightened interconnectivity? Many of the larger banks are testing Blockchain as a way to prevent threat actors from carrying out an attack and reduce office spending on data breach response. Similarly, AI is being discussed as a long-term cost and time saver; potentially turning to AI to sift through numerous security incident logs. This panel will talk about what’s new in the area of IoT network security and the benefits of AI behavioral analysis and Blockchain.
12:30 pm - 1:30 pmStrolling Lunch in the Exhibition Hall
1:30 pm - 2:30 pmBenchmarkingCrisis ManagementData Governance
Benchmarking your Cyber Resiliency
Speaker: David Kessler, General Counsel, McAfee
Speaker: Brent Kidwell, Chief Information Security Officer, Jenner & Block LLP

The growing sophistication of cyber-attacks are forcing companies to reshape their strategies for becoming cyber resilient. Hear about the latest protection against ransomware, the benefits of cyber insurance and what questions to ask when implementing new strategies to bounce back. This session will cover the benefits of integrating encryption, IoT network security, and a multi factor authentication process to protect your network and devices in the office.
Stress Testing your Crisis Management
Speaker: David Peach, Chief Information Security Officer, The Economist Group
Speaker: Jonathan Wright, Chief Legal Officer & General Counsel, Qpharma Inc

When confidential information/sensitive data is leaked your company can experience a serious blow to its credibility and consumer base. Swift action is key to preventing a negative impact to your company’s financial earnings. Hear about the lessons learned from table top exercises and other incident response simulations. Leave this session with tips for conducting an incident response stress test, how to best partner within the organization to apply lessons learned, and the importance of comprehensive training.
Enforcing Third Party Vendor Compliance
Speaker: Noga Rosenthal, Chief Privacy Officer, Epsilon
Speaker: Catherine Castaldo, Global Chief Privacy Officer, Nuance Communications
Speaker: Patrice Brusko, Senior Vice President, US Chief Privacy Officer, TD


Strengthening your compliance risk strategy means full management of your third party vendor’s activities. Now more than ever companies are being held accountable for all customer data mismanagement. Learn about structuring vendor contract deliverables (including penalties for not abiding by certain regulations) to help enforce third party data security compliance. This panel will also discuss how to monitor vendor processes and the importance of assessing third party’s employee training.