RSS:2023 Track 3 (Day 1) :: Rochester Security Summit

RSS:2023 Track 3 (Day 1)

Cybersecurity for Small Businesses

Brandon Finton
October 25, 2023 10:00 am - 10:50 am

In this presentation we examine how to implement common sense, affordable cybersecurity controls for small businesses that may not have an IT budget or staff, let alone cybersecurity expertise. We will analyze why cybersecurity is important, some of the requirements and expectations imposed by various cybersecurity standards and regulations, and effective technical, administrative and physical controls.

Some of these recommendations will include creating a culture of security, implementing strong defenses through use targeted technologies, as well as analyzing the company’s unique risks through a risk assessment. If you’re not sure where to start with your cybersecurity program, this presentation will be an excellent first step.

How Not to Build a Cybersecurity Startup

JP Bourget
October 25, 2023 11:00 am - 11:50 am

This presentation will discuss the presenter's journey going from $0 to $1M+ in revenue building a cybersecurity company. We will explore the wins, the losses, the wasted time, running out of money, getting more money, running out again, and finally selling the company (during Covid).

Thinking Like a Regulator - Making the Most of Your Data Protection Compliance Efforts

F. Paul Greene, CIPP/US, CIPP/E, CIPM, FIP
October 25, 2023 1:00 pm - 1:50 pm

It's tough being a security professional. Your adversaries are highly motivated and well funded. Your users are your greatest risk. And regulators regularly move the goalposts, or go so far as to change the playing field entirely, when writing the rules on how you must protect your data and your systems. The key to mastering the complexity of data protection regulation is learning to think like a regulator. This involves focusing on the issues that regulators care about, and being aware of the pitfalls of regulatory sprawl. By grasping the key issues that matter to regulators, you can streamline your organization's compliance efforts, and create a defensible and robust approach to data protection.

This is Not a Drill: The Importance of Incident Response Testing

Dan Altieri
October 25, 2023 2:00 pm - 2:50 pm

The ever-present danger of ransomware incidents, phishing attacks, and hacking demand strong preparation practices. It is difficult to prepare for incident response in a vacuum, as many incidents involve issues that an organization may be seeing for the first time. This workshop demystifies the incident response process, addresses the need for (and value of) incident response table-top testing and includes discussion of important issues, such as Incident Response Plan structure and content, insurance concerns, communications strategies, and best practices for leveraging necessary stakeholders. The goal of the workshop is to provide attendees with tools to promote and inform incident response planning within their respective organizations.