Tag: cyber

Categories
Coffee and Regs

Cybersecurity Awareness Month – Reducing Cyber Incidents Through Vendor Due Diligence

Cybersecurity Awareness Month – Reducing Cyber Incidents Through Vendor Due Diligence

 
In this episode, CSS’s team of cybersecurity experts E.J. Yerzak and Mike Farrell kick off Cybersecurity Awareness Month discussing the importance of vendor due diligence and the role that service providers can play in cyber incidents.
 

About Our Guest Speakers:


E.J. Yerzak CISA®, CISM®, CRISC™ assists firms in assessing and managing their cybersecurity risk – from network vulnerability scanning and penetration testing to onsite cybersecurity assessments and assistance in implementing the NIST cybersecurity framework. E.J. has authored articles and alerts on emerging regulatory and technology issues, and is regularly requested to speak as a cybersecurity expert at industry conferences.
 

 

 

 
Mike Farrell is a Certified Information Systems Auditor (CISA®) and Certified Information Security Manager (CISM®), and Cybersecurity Consultant at CSS. He analyzes data and conducts cybersecurity risk assessments, policy gap analyses, vulnerability scanning and social engineering testing. His Information technology experience includes network installations and management, hardware and software configuration, and troubleshooting.
Categories
Coffee and Regs

The Mood of Compliance

The Mood of Compliance

 

In this episode, CSS’s Executive Director, Jackie Hallihan and Senior Consultant, Adam DiPaolo discuss observations on the mood of compliance, with predictions of heavy regulatory activity, and key areas of focus including enforcement, ESG, cryptocurrency, whistleblowers and cybersecurity.

 

About Our Guest Speakers:

Jackie Hallihan is the Co-Executive Director of CSS’s Compliance Services team and has over 25 years’ regulatory and risk management experience. She was the founder of National Regulatory Services (NRS) which started the compliance resource business and served as its President for over 20 years. She also founded the National Society of Compliance Professionals (NSCP), a non-profit organization for compliance officers, staff and lawyers serving the compliance industry. It now boasts over 2000 memberships. Jackie has been a leading speaker to compliance professionals, including in-house training programs and various other industry association conferences, and has received numerous industry awards. Jackie also serves as Director, Clerk of the New England Broker Dealer Investment Adviser Association (NEBDIAA), a non-profit organization, incorporated in 1997. The purpose of NEBDIAA is to provide a forum for the professional exchange of information among investment advisers, broker dealers, and persons who provide services to investment advisers and broker dealers, and to direct communication among its members which will improve their ability to serve the needs of their respective clients. The forum will help NEBDIAA’s members meet the increased regulatory demands placed on investment advisers, broker dealers, and persons who provide services to investment advisers and broker-dealers.

 

Adam DiPaolo CISA, CRISC is a Section 13 Reporting Manager, Senior Consultant and Associate General Counsel at CSS. Adam designs practical solutions to manage regulatory challenges faced by hedge funds, private equity funds, funds of funds, and other investment advisers. In addition to providing compliance services such as annual compliance program reviews, risk assessments and acquisition due diligence, Adam established Section 13 reporting capabilities and EDGAR filing agent services for CSS’s Compliance Services division. He drafts and maintains corporate filings ranging from Forms ADV and PF to Forms 13F and 13H. Adam also provides cybersecurity risk management services to CSS clients – ranging from network vulnerability scanning to onsite cybersecurity risk assessments to assistance in implementing the NIST cybersecurity framework. He is a Certified Information Systems Auditor (CISA®), and Certified in Risk and Information Systems Control (CRISC™). Adam practiced corporate law prior to joining CSS and has an extensive background in both the public and private sectors. Adam served as Assistant General Counsel at Capgemini – one of the world’s largest providers of Consulting, Technology and Outsourcing services. As in-house counsel to a global consulting business, he implemented pragmatic strategies to resolve complex legal and regulatory issues. Adam earned his B.A. from Pitzer College, his J.D. degree from UC Berkeley – Boalt Hall School of Law, and his LL.M. in Taxation from New York University School of Law. He is a member of the New York State Bar.

 

Categories
Coffee and Regs

Data Privacy & Building Compliance into the Product Development Lifecycle


 

Data Privacy & Building Compliance into the Product Development Lifecycle

 
In this episode, CSS’s Director of Cyber IT Services, E.J. Yerzak sits down with Co-Founder and COO of TerraTrue, Chris Handman to discuss data privacy and how compliance can keep up with the ambitions of product teams by building data privacy controls into the product development lifecycle.
 

 

About Our Guest Speakers:

E.J. Yerzak CISA®, CISM®, CRISC™ assists firms in assessing and managing their cybersecurity risk – from network vulnerability scanning and penetration testing to onsite cybersecurity assessments and assistance in implementing the NIST cybersecurity framework. E.J. has authored articles and alerts on emerging regulatory and technology issues, and is regularly requested to speak as a cybersecurity expert at industry conferences.

 
 
 


Before co-founding TerraTrue, Chris Handman was the first General Counsel at Snap, where he built the company’s legal, compliance, public policy, and law-enforcement teams. During his time there, Chris developed a transformative privacy program that coupled rigorous review with tools and systems that were nimble enough not to restrain the relentless pace of execution. Chris is a Homeland Security Project fellow at Harvard’s Belfer Center for Science and International Affairs. And he’s constructed two crossword puzzles that have been published in the New York Times (one of which was featured on the Colbert Report). He graduated from Yale Law School.

 
 

Categories
Coffee and Regs

Ransomware Attacks – Cybersecurity Concerns & Best Practices to Mitigate Risk

Ransomware Attacks – Cybersecurity Concerns & Best Practices to Mitigate Risk

 
In this episode, our team of cybersecurity experts, E.J. Yerzak and Mike Farrell discuss the latest ransomware attacks in the news, best practices to keep your data secure and hackers out, and what to do first if your firm is hit by an attack.
 

 

About Our Guest Speakers:

E.J. Yerzak CISA®, CISM®, CRISC™ assists firms in assessing and managing their cybersecurity risk – from network vulnerability scanning and penetration testing to onsite cybersecurity assessments and assistance in implementing the NIST cybersecurity framework. E.J. has authored articles and alerts on emerging regulatory and technology issues, and is regularly requested to speak as a cybersecurity expert at industry conferences.

 
 
 


Mike Farrell is a Certified Information Systems Auditor (CISA®) and Certified Information Security Manager (CISM®), and Cybersecurity Consultant at CSS. He analyzes data and conducts cybersecurity risk assessments, policy gap analyses, vulnerability scanning and social engineering testing. His Information technology experience includes network installations and management, hardware and software configuration, and troubleshooting.

 
 

Categories
Coffee and Regs

Managing Cyber Insurance Risk

Managing Cyber Insurance Risk
 

In this episode, CSS’s Director of Cyber IT Services E.J Yerzak sits down with AVP, Program Executive at Varney Agency and cyber insurance expert Nick Weiner to discuss the recent NYDFS guidance for insurers that underwrite cyber insurance policies. The guidance includes a Cyber Insurance Risk Framework that provides best practices for managing cyber insurance risk amid concerns of systemic and “silent” risks to the financial sector.

 

 

About Our Guest Speakers:

 

E.J. Yerzak CISA®, CISM®, CRISC™ assists firms in assessing and managing their cybersecurity risk – from network vulnerability scanning and penetration testing to onsite cybersecurity assessments and assistance in implementing the NIST cybersecurity framework. E.J. has authored articles and alerts on emerging regulatory and technology issues, and is regularly requested to speak as a cybersecurity expert at industry conferences.

 
 

Nick Weiner is a commercial insurance agent, with ten years of experience focused on cyber, professional & management liability insurance for financial institutions. Nick firmly believes every professional organization deserves access to a specialist who can design, administer and implement a custom insurance solution. Working with an independent insurance agency gives Nick the opportunity to use his experience, knowledge, and understanding of the marketplace to assist his clients in finding the insurance solutions that meets their needs. At twenty-two, Nick started his own national insurance agency focused solely with the goal of servicing entrepreneurs in the financial services industry. Seven years later, Nick’s business was purchased, and he joined forces with Varney Agency (Portland, ME) to assist in the continued growth of their financial institution’s division. Nick often participates in thought leader groups for the industry and works closely with some advisory focused publications to provide input on insurance related topics.

 
 

Categories
Life with GDPR

Life With GDPR: Episode 23- Looking into the 2019 Crystal Ball

In this episode, I visit with Jonathan Armstrong consider some of his predictions for the rest of 2019. Even if these predictions do not become fully formed, you should consider them in light of your data privacy/data protection policies and protocols. Some of the issues and highlights are:

  1. Drones-what are the GDPR implications.
  2. The number of data breach notifications under GDPR. Through the end of January there were over 42,000 in the EU alone.
  3. Will AI and self-driving cars follow the rules on safe driving standards, or will there be new rules for the road?
  4. What will be the effects of data, big data and AI in elections going forward? What will be the fallout from Cambridge Analytica going forward?
  5. How will businesses respond to the industrialization of internet crime? What happens when there is a Zero-Day exploit?
  6. Cybersecurity insurance. Will standard insurance rules and regulations apply, or will new policy language be drafted for such coverage?

For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.