Welcome to Your 2019 Cybersecurity Roadmap

Welcome to Your 2019 Cybersecurity Roadmap

Presented by: Gelman, Rosenberg & Freedman CPAs and Tabush Group

The program will start promptly at 1:00 PM ET

Please note: Use the “Chat” panel to speak with the administrator if you experience any technical issues while

logging into GoToWebinar. For the best audio quality, please call-in by phone vs. connecting via your computer.

Call: +1 (914) 614-3221 | Access code/event number: 154-393-475

GELMAN, ROSENBERG

& FREEDMAN Certified Public Accountants 2

HousekeepingGeneral Information/Technical Questions

We strongly recommend that you connect by phone instead of your computer for the best

audio quality. Call +1 (914) 614-3221. The event number is 154-393-475.

Please use the “Chat” panel for any technical questions, or you may contact Dominic Acosta

at [email protected].

This presentation will be recorded and made available to download at

www.grfcpa.com/webinars/.

GELMAN, ROSENBERG

& FREEDMAN Certified Public Accountants

• Important: Three (3) CPE words will be provided during the presentation. Please write them down

– we will not provide them again via GoToWebinar or email (no exceptions).

• Please complete the electronic survey that will appear automatically at the end of the webinar.

Turn off your pop-up blocker (leaving it on could block the survey).

• Attendees seeking CPE for this presentation must complete the survey and enter all three CPE

words. You cannot claim CPE unless we receive a completed evaluation with the correct words.

• Technical questions about the survey can be addressed to Dominic Acosta at [email protected].

3

HousekeepingCPE Credit

GELMAN, ROSENBERG


Webinar Objectives

Learning ObjectiveTo understand the IT challenges and opportunities small and midsize

businesses will be facing in 2019.

Instructional Delivery MethodsGroup Internet-based

Recommended CPE1.0 CPE Credit

Recommended Fields of StudyInformation Technology

PrerequisitesNone required

Advance PreparationNone

Program LevelBasic

Course Registration RequirementsNone

Refund PolicyNo fee is required to participate in this session.

Cancellation PolicyIn the event that the presentation is cancelled or rescheduled, participants will

be contacted immediately with details.

Complaint Resolution PolicyGelman, Rosenberg & Freedman CPAs is committed to our seminar participants’ 100% satisfaction and will make every reasonable effort to resolve complaints as

quickly as possible. Please contact [email protected] with any concerns.

DisclaimerThis webinar is not intended as, and should not be taken as, financial, tax, accounting, legal, consulting or any other type of advice. Readers and users of this

webinar information are advised not to act upon this information without seeking the service of a professional accountant.

Housekeeping

Ricardo Trujillo, CPA, CITP, CISA

Gelman, Rosenberg & Freedman CPAs

Nonprofit Audit Partner

Melissa Musser, CPA, CITP, CISA


Risk & Advisory Services Principal

Morris Tabush

Tabush Group

Founder & President

Darren Hulem


Network Administrator Auditor

Your 2019 Cybersecurity Roadmap

November 14, 2018

Co-hosted by:

Presenters Moderator

GELMAN, ROSENBERG

& FREEDMAN Certified Public Accountants 66|

Ricardo Trujillo, CPA, CITP, CISA


Nonprofit Audit Partner

Our TeamMeet Your Presenters

Morris Tabush

Tabush Group

Founder & President

Melissa Musser, CPA, CITP, CISA


Risk & Advisory Services Principal

GELMAN, ROSENBERG


Business IT in 2019

More businesses are embracing modern technology than ever before

Each year more goes from physical to digital

Polling Question #1

GELMAN, ROSENBERG


Business IT in 2019

Business IT is not only from office computers

Cloud is a huge enabler of this trend

Continued

GELMAN, ROSENBERG


Today’s Business IT Challenges

• Anyone can “DIY” and some people do

• Accessibility vs Security

GELMAN, ROSENBERG


Where’s This All Going?

11

IT and cloud will continue to grow.• 89% of companies expect their IT budgets to either grow or stay

the same in 2019*

Connectivity continues to get faster and more reliable.

*Spiceworks, The 2019 State of IT, The Annual Report on IT Budgets and Tech Trends, www.spiceworks.com/marketing/state-of-it/report/.

GELMAN, ROSENBERG


The Role of Cloud in the Future

Today, entire IT infrastructures are moving to the cloud

GELMAN, ROSENBERG


Cyber Risk LandscapeClimbing Rate of Risk

Polling Question #2

GELMAN, ROSENBERG


Cyber Risk Landscape

Digital Transformation - the integration of digital

technology into all areas of an organization changing

how you operate and deliver value.

1. Third Parties

2. Data Privacy

3. Ethics and Integrity

4. Operational Resilience

5. Internet of Things

Digital Transformation Risk

GELMAN, ROSENBERG


CybersecurityInformation

SecurityData

Privacy

Definitions - What's the difference?


GELMAN, ROSENBERG


Pentagon Staff Hit by Major Data Breach

30,000 civilian and military personnel PII Compromised

“The department is continuing to gather additional

information about the incident, which involves the potential

compromise of personally identifiable information (PII) of

DoD personnel maintained by a single commercial vendor that

provided travel management services to the department,” the

statement noted. “This vendor was performing a small

percentage of the overall travel management services of DoD.”

17

Negative Media Attention


https://www.infosecurity-magazine.com/news/pentagon-staff-hit-by-major-data/

GELMAN, ROSENBERG


Many CISOs are now from non-technical backgrounds: "The most prominent CISOs have a good

technical foundation but often have business backgrounds, an MBA, and the skills needed to

communicate with other C-level executives and the board.”

CISOs are shifting into a coaching role: "Lines of business are taking on more responsibility for the

risk, and so we're seeing more CISOs go from holding all the risk to becoming more like a coach,

helping all lines of business to understand the things that need to be done to ensure cybersecurity.”

Cyber Risk LandscapeCISO vs. CIO and How Things Are Changing Now

https://www.secureworldexpo.com/industry-news/ciso-vs-cio-relationship

GELMAN, ROSENBERG


• Ideal #1: Chief Information Security Officer (CISO) or the like

• Ideal #2: Info Sec Committee

• CFO

o In smaller organizations CFO’s often find themselves acting as the Chief Information Security Officers. Or at least

participating on privacy or information security committees. Why? - CFO understand internal controls and data flows to

third party providers such as cloud accounting software, payroll, payables, membership or donor databases, marketing,

travel providers etc.

• CEO, COO, Executive Director - Other possible internal “owners”

• vCISO (Virtual Chief Information Security Officer) - Advisory solution gaining in popularity and

need for small to midsized organizations – Note “responsibility” is never fully outsourced!

Cyber Risk LandscapeWho owns Information Security?

Polling Question #3

GELMAN, ROSENBERG


IT Strategy for 2019

Assess Policies Train Monitor

GELMAN, ROSENBERG


Implement proper controls – need to understand threats

• Patch applications

• Consistency in the application of controls

• Automate where possible

• Physical security

• Software security

• Manage vendor risks

• CISecurity.org – a non-profit that provides great tools for control implementation

IT Strategy for 2019Proper Controls

GELMAN, ROSENBERG


IT Strategy for 2019

23

Legal Review

Insurance ReviewRisk Assessment (Documentation,

Categories of Risk)

Financial projections &

review

Background checkVendor Assessments

and/or SOC reports

Third Party Due Diligence

GELMAN, ROSENBERG


How can hackers be stopped?

• Focus on Active Directory

• Evaluate what the organization currently has, i.e. digital assets, devices, applications, etc.

• Gain support from governance – support from the top

• Conduct a Cyber Risk Assessment

• Regular and Frequent Training

• Implement Security Frameworks and procedures

• Regular phishing emails campaigns to make sure training is working

IT Strategy for 2019Stopping Hackers

GELMAN, ROSENBERG


IT Strategy for 2019Implement Incident Handling Program

GELMAN, ROSENBERG


Email and email security

Backups

Phones

Applications

Desktops

IT Strategy for 2019What Can and Should Go in the Cloud

GELMAN, ROSENBERG


• Problem before the solution

• Connectivity and network infrastructure

• User account maintenance

• Security

• Clear contracts with cloud providers

• Best practices and safe computing training

• BYOD policies

IT Strategy for 2019The More You Go Cloud, Be Sure To…

GELMAN, ROSENBERG


Moving to the cloud is a project!

• Target/goal

• Plan

• Prepare

• Execute – test and migrate

IT Strategy for 2019Plan for Success – Have a clear, defined roadmap

GELMAN, ROSENBERG


• Organization:

o Assemble Your Team

o Roles & Responsibilities

o Know your data

o Security Obligation

• Monitor & Enforce:

o Encourage Communication

o Make Good Conduct Visible

o Manage Employee Error

• Processes:

o Determine Systems tied to Data

o Employee Outreach

o Collaboration

o Training

• Document:

o Privacy Policy

o Security Policies

o Breach Response Plan

o Document Retention Plan

IT Strategy for 2019Summary: What to do to comply with expectations and standards

Questions?We’d like to hear from you!

Join us againDecember 11, 2018 | 11:00 am – 12:00 pm

Expense Allocations & Indirect Rates – Changes in Trends & Implementation for New

ASU 2016-14 (webinar)

December 13, 2018 | 1:00 pm – 2:00 pm

Enterprise Risk Management for Nonprofits & Associations: Where Strategy Meets

Risk (webinar)

Registration is now open at https://www.grfcpa.com/resources/webinars/.

https://www.grfcpa.com/resources/webinars/

4550 Montgomery Avenue, Suite 650 N

Bethesda, MD 20814

301-951-9090| www.grfcpa.com

Get In Touch

148 West 37th Street, 6th Floor

New York, NY 10018

212-252-0571 | www.tabush.com

Ricardo Trujillo, CPA, CITP, [email protected]

Melissa Musser, CPA, CITP, [email protected]

Morris [email protected]

DisclaimerThis seminar is not intended as, and should not be taken as, financial, tax, accounting, legal, consulting or any other type of

advice. While we use reasonable efforts to furnish accurate and up-to-date information, we do not warrant that any

information contained in or made available in this webinar is accurate, complete, reliable, current or error-free. We assume no

liability or responsibility for any errors or omissions in the content of this seminar.

The use of the information provided in this seminar does not establish any contractual or other form of client engagement

between Gelman, Rosenberg & Freedman P.C., Tabush Group and the reader or user. Any U.S. federal tax advice contained in

this seminar is not intended to be used for the purpose of avoiding penalties under U.S. federal tax law. Readers and users of

this seminar information are advised not to act upon this information without seeking the service of a professional accountant.

Welcome to Your 2019 Cybersecurity Roadmap

Documents

Transcript of Welcome to Your 2019 Cybersecurity Roadmap