global ciso forum 2017: a ciso's journey
TRANSCRIPT
A CISO’s Journey
Objectives
• From Banking to Energy to Healthcare to Criminal Justice Systems to Academia
• Where have we been: Remember the basics
• Standards Everywhere
• Attacking the Future
I will NEVER work with Computers!!!! - 1977
EDP AUDIT: Banking (1982)
ENERGY (1987)
• My First Hack
• Social Engineering
• From Mainframe to Distributed Processing
Data Security Officer: HEALTHCARE (1993)
• HIPAA – 1996
• What is Compliance?
• Why Protect Healthcare Information?
Keep Your Head in Sand
ciso.eccouncil.org 7
Breach Notification Laws
• HIPAA
• States
• Other Countries?
ciso.eccouncil.org 8
Criminal Justice & HIPAA (2015)
ciso.eccouncil.org 9
Back to the Future or The Wild Wild West (CISO-2016)
Standards, Standards, Everywhere
• Standards, Standards, Everywhere
NIST 800-171 to other standards
Attack Vectors
Have controls changed?
THE FUTURE: 2017-2057
• CYBORGS
• Driverless Cars – Drones
• IOT
• Artificial Intelligence
• The Circle?
• 1984? All Remote Workers? No Human Workers?
• Look at the last 40 years, what can we imagine in the next 40 years?