Our online guides to information security (infosec) and compliance are scattered across our website and blog, but here’s a roundup of our best and most relevant resources that relate to this year’s Detroit SecureWorld security and compliance sessions, tomorrow and Thursday.
Online Tech’s Senior Product Architect Steve Aiello will be speaking on a panel discussion tomorrow, October 16, about network security:
Industry Expert Panel: Network Security
Room: Suite 3
Time: 1:15pm – 2:15pm
Description: Network Security is defined as, “the protection of a computer network and its services from unauthorized modification, destruction or disclosure.” Cyber security professionals are tasked with keeping up with new threats to the network while maintaining efficient workflow and access to information. This panel discussion aims to explore current issues being raised in the area of Network Security and solutions available to make the network more secure.
Other key sessions on the agenda include:
Vendor Oversight: How to Perform a Vendor Security Due Diligence Review
Speaker: Dr. Faith Heikkila
Time: 8:30am – 9:15am
Description: Vendors are an important part of any business, but there are inherent risks to assess and mitigate. How do you evaluate the viability, security, and disaster recovery capabilities of a vendor? Effective due diligence practices that assess, mitigate, or accept the risks associated with third party vendors will be discussed.
At Online Tech, our third-party audits are but one facet of our dedication to security and compliance for our clients and within our company. Another place to start when initially vetting a vendor’s security due diligence is by asking a few simple questions. Check out the following guides to hosting security:
Four Ways to Gain Transparency with PCI Hosting Providers – What are the top (and, in most cases, required) ways you can ensure you have complete visibility into your PCI cloud hosting provider’s environment and not only achieve PCI compliance demands but also a peace of mind?
Five Questions to Ask Your HIPAA Hosting Provider – Hosting your critical data and applications with a provider requires trust and confidence in their ability to meet HIPAA compliance requirements. What questions should you, as covered entity, ask your HIPAA hosting provider?
What to Look for in a HIPAA Cloud Provider – Choosing a HIPAA compliant cloud provider isn’t simple in these times, and as a healthcare organization or SaaS company, you need to know the basics to ensure you’re covered by September 23.
Seeking a Disaster Recovery Solution? Five Questions to Ask Your DR Provider – When you look to a third party disaster recovery provider, what kind of questions should you ask to ensure your critical data and applications are safe? Read on for tips on what to look for in a disaster recovery as a service (DRaaS) solution from your hosting provider.
Speaker: David Barton
Time: 8:30am – 9:15am
Description: Technology and security providers along with other service organizations are being bombarded with compliance demands from all quarters, including PCI, HIPAA, Fedramp, ISO, and certainly by customers asking for SSAE 16 and/or SOC 2 audits. Given all the demands, how are smart companies coping? This session will provide some insight into how some innovative companies have been working with their audit and compliance firms to “normalize” the compliance process and reduce the impact of all these differing compliance standards. If you want to maximize your compliance and minimize your professional fees, you should attend this session.
Data Center Standards Cheat Sheet – From HIPAA to SOC 2 – Compliance, audits, reports plus recent updates make for a confusing regulatory landscape. What are auditors, security-conscious organizations and vendors to do? Read our quick cheat sheet to see what each standard is used for and how it relates to your company.
Industry Expert Panel: Bring Your Own Device-BYOD
Room: Keynote Theater
Time: 1:15pm – 2:15pm
Description: Companies have embraced the idea of the mobile worker. Smart phones, tablets, and laptops are now the norm in many organizations even if the official blessing has not been given by the security team. What new headaches does this create? What is being done to effectively secure these devices in the event of loss, intrusion, or the disgruntled employee? Our experts will tackle these questions and more on this panel.
Mobile Security White Paper – This white paper explores approaches to mobile security from risk assessment (what data are truly at risk), enterprise architecture (protect the data before the devices), policies and technologies, and concludes with an example of a mobile security architecture designed and implemented within a hospital environment in which both enabling caregivers and protecting privacy, integrity, and confidentiality are paramount.
View the full Detroit SecureWorld agenda here.