Acquisitions: Your Latest Zero Day Presented by: Mitch Greenfield, CISA, CEH, Scott MacArthur, CISSP, CISA, CEH, LPT 1.

Slides:

Advertisements

Similar presentations

Managing Outsourced Service Providers By: Philip Romero, CISSP, CISA.

Advertisements

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

Frameworks, Standards and Regulations IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA, MS, CIA, CISA, CISSP)

Security and Personnel

The Regulation Zoo: Dealing With Compliance Within The Firewall World

CSF Roadmap 2015 and Beyond Presented By Bryan S. Cline, Ph.D.

Risk Management a Case Study DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.

I NDULGENC E There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.

Security Controls – What Works

Quality Management Initiatives Planning Group 26 August 2003.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

ISA–The Instrumentation, Systems, and Automation Society SP99 Work Group 2 TR#2 “Second Edition” Long Beach Meeting April 28, 2004.

Project Management Methodology More about Quality Control.

Information Security Framework & Standards

Flowers North Development of a Web Site and Online Store for.

Module 8: Risk Management, Monitoring and Project Control We would like to acknowledge the support of the Project Management Institute and the International.

Adam Ely CISO, Heroku at salesforce.com Founder & COO, Bluebox Managing Security in The Cloud.

N-Wave Shareholders Meeting May 23, 2012 N-Wave Security Update Lisa

1 The Discovery Phase Why it’s the most important phase of any project A TUSC PMO Presentation.

CMGT400 Intro to Information Assurance and Security (University of Phoenix) Lecture, Week 5 Tom Olzak, MBA, CISSP.

Slide Heading Enhanced Professional Development Skills Norm Kelson, CPA, CISA, CGEIT The Kelson Group November 18, 2009 © The Kelson Group, 2009.

Günter Griesmayr 29. April 2010

IIA_Tampa_ Beth Breier, City of Tallahassee1 IT Auditing in the Small Audit Shop Beth Breier, CPA, CISA City of Tallahassee

Systems and Software Consortium | 2214 Rock Hill Road, Herndon, VA Phone: (703) | FAX: (703) Best.

Nata Raju Gurrapu Agenda What is Information and Security. Industry Standards Job Profiles Certifications Tips.

Meaningful Use Security Risk Analysis Passing Your Audit.

HIGH INTENSITY DRUG TRAFFICKING AREA FINANCIAL MANAGEMENT DATABASE PROJECT.

PCI Compliance Update Presented by: Jeff Gassaway, Information Security Officer – CISSP Lucas Walker, Information Security Analyst – GSEC 1.

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

Cloud Security & Compliance Presented by: Matt Stamper, CISA VP of Professional & Security Services

Database Security and Data Protection Suseel Pachalla, CISSP.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

The Security Dashboard Visualizing IT and Business Risk Information Security Decisions October 6, 2004.

PLUG IT IN 6 Project Management. 1.Project Management for Information Systems Projects 2.The Project Management Process 3.The Project Management Body.

Cloud Compliance Considerations March 24, 2015 | Jason Smith, CISSP.

SAP Identity Management 7.2 Implementation

Introduction to Information Security

Frontline Enterprise Security

Company: FirstGroup Position: IT Auditor or Senior IT Auditor Location: Cincinnati, OH About the Company : FirstGroup plc, headquartered in Aberdeen, Scotland,

Hitting the Leadership Target Through Leadership and Accountability.

MVHS Career Night 2015 Information Security. Agenda What is Information and Security. Industry Standards Job Profiles Certifications Tips.

Action Tracker · Status Report | Bill Moss, Assistant Secretary Oct 6, 2015 Aging and Long-Term Support, Administration Background Group Topic / Strategic.

HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.

BUSINESS CLARITY ™ PCI – The Pathway to Compliance.

CYBER SECURITY PRACTICES: AN EXPERT PANEL DISCUSSION February 12, 2015 Harvard Business School Association of Boston.

NEM201 Week 4 Project Plan Create and complete outstanding items. 01. Front Cover 02. Document details 03. Scope Document 04. Technical Design 05. Creative.

Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.

CSC4003: Computer and Information Security Professor Mark Early, M.B.A., CISSP, CISM, PMP, ITILFv3, ISO/IEC 27002, CNSS/NSA 4011.

Presenter Gene Geiger, A-LIGN Partner -HITRUST Practitioner -CPA -CISSP -CCSK -QSA -PCIP -ISO 27K LA.

#327 – Legal and Regulatory Risk: Silent and Possibly Deadly Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.

Risk Assessments in Many Flavors George J. Dolicker, CISA, CISSP.

Information Security What every CFO needs to consider Joe Fracchia, CPA, CISA November 22, 2013.

David C. Brown, CISSP, PMP, CEH IUP Information Assurance Day 2011 November 10, 2011 Four Essential Requirements for Securing Your Enterprise.

Vulnerability Management Programs & The Lessons Learned

Managing Compliance for All Departments

INDULGENCE There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.

Data Architecture World Class Operations - Impact Workshop.

Dr. Ir. Yeffry Handoko Putra

I have many checklists: how do I get started with cyber security?

Building the Foundation of Compliance

WEBINAR: Becoming Agile In Software Testing: The Government Edition

Building the Foundation of Compliance

[Project Name] Project Report

Risk Analysis and HIPAA Security

[Project Name] Project Report

Mary Kay Jewelry Stores

ComplyCORE: Why didn’t I think of that?

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Executive visibility to critical business assets

Presentation transcript:

Acquisitions: Your Latest Zero Day Presented by: Mitch Greenfield, CISA, CEH, Scott MacArthur, CISSP, CISA, CEH, LPT 1

Agenda Phases of the Review Review Goals – Why are we doing this? Minimum Necessary Technical Testing Interviewing Reporting Wrap-up Integration Compliance Risks Value to the Business 2

Goals for the Review Understand the risk Articulate the risk(s) to the business Develop an integration strategy – Technologies – Process – People – Timeline (Integration speed vs. Risk) Understanding compliance with regulating bodies (PCI, SOX, HIPAA, etc.) 3

Phases of the Review Pre-close / diligence (quiet period) – Who is “under the tent” – Diligence Trip(s) – Budgeting – Planning for day/week 1 – Pre-assessment requirements (network diagrams, org charts, interview targets, etc.) – Communication Strategy Post-Close – Week 1 – Month 1 – Integration 4

Minimum Necessary Phases – week 1, month 1, everything else Separate but equal Moving to common security technology platforms When is it appropriate to start opening connections What is acceptable risk Communication Strategy Our Experience 5

Technical Testing Goals Scoping / When is it enough? Value of the data QA vs. Production Network / OS vulnerability Scanning Databases Websites Communication Strategy Our Experience 6

Interviewing Audit programs Are all acquisitions treated equally? Payer / Provider / Tire store Audit.net CSF OCR CoBIT Auditing against your own internal security framework Communication Strategy Our Experience 7

Reporting Report writing Peer review Audience Tracking issues Risk Acceptance Communication Strategy Our Experience 8

Integration Risks of integration Risks of not integrating Costs associated with both Process integration Value of an integrated security program Communication Strategy Our Experience 9

Compliance Risks PCI – When should a QSA be used for a pre-audit HIPAA – OCR audit protocol SOX – Internal Audit to perform a review Our Experience 10

Value to the business Understanding risk Understanding costs associated with integration 11

Questions 12