Welcome to Your 2019 Cybersecurity Roadmap
Presented by: Gelman, Rosenberg & Freedman CPAs and Tabush Group
The program will start promptly at 1:00 PM ET
Please note: Use the “Chat” panel to speak with the administrator if you experience any technical issues while
logging into GoToWebinar. For the best audio quality, please call-in by phone vs. connecting via your computer.
Call: +1 (914) 614-3221 | Access code/event number: 154-393-475
GELMAN, ROSENBERG
& FREEDMAN Certified Public Accountants 2
HousekeepingGeneral Information/Technical Questions
We strongly recommend that you connect by phone instead of your computer for the best
audio quality. Call +1 (914) 614-3221. The event number is 154-393-475.
Please use the “Chat” panel for any technical questions, or you may contact Dominic Acosta
This presentation will be recorded and made available to download at
www.grfcpa.com/webinars/.
GELMAN, ROSENBERG
& FREEDMAN Certified Public Accountants
• Important: Three (3) CPE words will be provided during the presentation. Please write them down
– we will not provide them again via GoToWebinar or email (no exceptions).
• Please complete the electronic survey that will appear automatically at the end of the webinar.
Turn off your pop-up blocker (leaving it on could block the survey).
• Attendees seeking CPE for this presentation must complete the survey and enter all three CPE
words. You cannot claim CPE unless we receive a completed evaluation with the correct words.
• Technical questions about the survey can be addressed to Dominic Acosta at [email protected].
3
HousekeepingCPE Credit
GELMAN, ROSENBERG
& FREEDMAN Certified Public Accountants 4
Webinar Objectives
Learning ObjectiveTo understand the IT challenges and opportunities small and midsize
businesses will be facing in 2019.
Instructional Delivery MethodsGroup Internet-based
Recommended CPE1.0 CPE Credit
Recommended Fields of StudyInformation Technology
PrerequisitesNone required
Advance PreparationNone
Program LevelBasic
Course Registration RequirementsNone
Refund PolicyNo fee is required to participate in this session.
Cancellation PolicyIn the event that the presentation is cancelled or rescheduled, participants will
be contacted immediately with details.
Complaint Resolution PolicyGelman, Rosenberg & Freedman CPAs is committed to our seminar participants’ 100% satisfaction and will make every reasonable effort to resolve complaints as
quickly as possible. Please contact [email protected] with any concerns.
DisclaimerThis webinar is not intended as, and should not be taken as, financial, tax, accounting, legal, consulting or any other type of advice. Readers and users of this
webinar information are advised not to act upon this information without seeking the service of a professional accountant.
Housekeeping
Ricardo Trujillo, CPA, CITP, CISA
Gelman, Rosenberg & Freedman CPAs
Nonprofit Audit Partner
Melissa Musser, CPA, CITP, CISA
Gelman, Rosenberg & Freedman CPAs
Risk & Advisory Services Principal
Morris Tabush
Tabush Group
Founder & President
Darren Hulem
Gelman, Rosenberg & Freedman CPAs
Network Administrator Auditor
Your 2019 Cybersecurity Roadmap
November 14, 2018
Co-hosted by:
Presenters Moderator
GELMAN, ROSENBERG
& FREEDMAN Certified Public Accountants 66|
Ricardo Trujillo, CPA, CITP, CISA
Gelman, Rosenberg & Freedman CPAs
Nonprofit Audit Partner
Our TeamMeet Your Presenters
Morris Tabush
Tabush Group
Founder & President
Melissa Musser, CPA, CITP, CISA
Gelman, Rosenberg & Freedman CPAs
Risk & Advisory Services Principal
GELMAN, ROSENBERG
& FREEDMAN Certified Public Accountants 77|
Business IT in 2019
More businesses are embracing modern technology than ever before
Each year more goes from physical to digital
Polling Question #1
GELMAN, ROSENBERG
& FREEDMAN Certified Public Accountants 99|
Business IT in 2019
Business IT is not only from office computers
Cloud is a huge enabler of this trend
Continued
GELMAN, ROSENBERG
& FREEDMAN Certified Public Accountants 1010|
Today’s Business IT Challenges
• Anyone can “DIY” and some people do
• Accessibility vs Security
GELMAN, ROSENBERG
& FREEDMAN Certified Public Accountants
Where’s This All Going?
11
IT and cloud will continue to grow.• 89% of companies expect their IT budgets to either grow or stay
the same in 2019*
Connectivity continues to get faster and more reliable.
*Spiceworks, The 2019 State of IT, The Annual Report on IT Budgets and Tech Trends, www.spiceworks.com/marketing/state-of-it/report/.
GELMAN, ROSENBERG
& FREEDMAN Certified Public Accountants 1212|
The Role of Cloud in the Future
Today, entire IT infrastructures are moving to the cloud
GELMAN, ROSENBERG
& FREEDMAN Certified Public Accountants 1313|
Cyber Risk LandscapeClimbing Rate of Risk
Polling Question #2
GELMAN, ROSENBERG
& FREEDMAN Certified Public Accountants 1515|
Cyber Risk Landscape
Digital Transformation - the integration of digital
technology into all areas of an organization changing
how you operate and deliver value.
1. Third Parties
2. Data Privacy
3. Ethics and Integrity
4. Operational Resilience
5. Internet of Things
Digital Transformation Risk
GELMAN, ROSENBERG
& FREEDMAN Certified Public Accountants 16
CybersecurityInformation
SecurityData
Privacy
Definitions - What's the difference?
Cyber Risk Landscape
GELMAN, ROSENBERG
& FREEDMAN Certified Public Accountants
Pentagon Staff Hit by Major Data Breach
30,000 civilian and military personnel PII Compromised
“The department is continuing to gather additional
information about the incident, which involves the potential
compromise of personally identifiable information (PII) of
DoD personnel maintained by a single commercial vendor that
provided travel management services to the department,” the
statement noted. “This vendor was performing a small
percentage of the overall travel management services of DoD.”
17
Negative Media Attention
Cyber Risk Landscape
https://www.infosecurity-magazine.com/news/pentagon-staff-hit-by-major-data/
GELMAN, ROSENBERG
& FREEDMAN Certified Public Accountants 18
Many CISOs are now from non-technical backgrounds: "The most prominent CISOs have a good
technical foundation but often have business backgrounds, an MBA, and the skills needed to
communicate with other C-level executives and the board.”
CISOs are shifting into a coaching role: "Lines of business are taking on more responsibility for the
risk, and so we're seeing more CISOs go from holding all the risk to becoming more like a coach,
helping all lines of business to understand the things that need to be done to ensure cybersecurity.”
Cyber Risk LandscapeCISO vs. CIO and How Things Are Changing Now
https://www.secureworldexpo.com/industry-news/ciso-vs-cio-relationship
GELMAN, ROSENBERG
& FREEDMAN Certified Public Accountants 19
• Ideal #1: Chief Information Security Officer (CISO) or the like
• Ideal #2: Info Sec Committee
• CFO
o In smaller organizations CFO’s often find themselves acting as the Chief Information Security Officers. Or at least
participating on privacy or information security committees. Why? - CFO understand internal controls and data flows to
third party providers such as cloud accounting software, payroll, payables, membership or donor databases, marketing,
travel providers etc.
• CEO, COO, Executive Director - Other possible internal “owners”
• vCISO (Virtual Chief Information Security Officer) - Advisory solution gaining in popularity and
need for small to midsized organizations – Note “responsibility” is never fully outsourced!
Cyber Risk LandscapeWho owns Information Security?
Polling Question #3
GELMAN, ROSENBERG
& FREEDMAN Certified Public Accountants 2121|
IT Strategy for 2019
Assess Policies Train Monitor
GELMAN, ROSENBERG
& FREEDMAN Certified Public Accountants 2222|
Implement proper controls – need to understand threats
• Patch applications
• Consistency in the application of controls
• Automate where possible
• Physical security
• Software security
• Manage vendor risks
• CISecurity.org – a non-profit that provides great tools for control implementation
IT Strategy for 2019Proper Controls
GELMAN, ROSENBERG
& FREEDMAN Certified Public Accountants
IT Strategy for 2019
23
Legal Review
Insurance ReviewRisk Assessment (Documentation,
Categories of Risk)
Financial projections &
review
Background checkVendor Assessments
and/or SOC reports
Third Party Due Diligence
GELMAN, ROSENBERG
& FREEDMAN Certified Public Accountants 2424|
How can hackers be stopped?
• Focus on Active Directory
• Evaluate what the organization currently has, i.e. digital assets, devices, applications, etc.
• Gain support from governance – support from the top
• Conduct a Cyber Risk Assessment
• Regular and Frequent Training
• Implement Security Frameworks and procedures
• Regular phishing emails campaigns to make sure training is working
IT Strategy for 2019Stopping Hackers
GELMAN, ROSENBERG
& FREEDMAN Certified Public Accountants 2525|
IT Strategy for 2019Implement Incident Handling Program
GELMAN, ROSENBERG
& FREEDMAN Certified Public Accountants 2626|
Email and email security
Backups
Phones
Applications
Desktops
IT Strategy for 2019What Can and Should Go in the Cloud
GELMAN, ROSENBERG
& FREEDMAN Certified Public Accountants 2727|
• Problem before the solution
• Connectivity and network infrastructure
• User account maintenance
• Security
• Clear contracts with cloud providers
• Best practices and safe computing training
• BYOD policies
IT Strategy for 2019The More You Go Cloud, Be Sure To…
GELMAN, ROSENBERG
& FREEDMAN Certified Public Accountants 2828|
Moving to the cloud is a project!
• Target/goal
• Plan
• Prepare
• Execute – test and migrate
IT Strategy for 2019Plan for Success – Have a clear, defined roadmap
GELMAN, ROSENBERG
& FREEDMAN Certified Public Accountants 29
• Organization:
o Assemble Your Team
o Roles & Responsibilities
o Know your data
o Security Obligation
• Monitor & Enforce:
o Encourage Communication
o Make Good Conduct Visible
o Manage Employee Error
• Processes:
o Determine Systems tied to Data
o Employee Outreach
o Collaboration
o Training
• Document:
o Privacy Policy
o Security Policies
o Breach Response Plan
o Document Retention Plan
IT Strategy for 2019Summary: What to do to comply with expectations and standards
Questions?We’d like to hear from you!
Join us againDecember 11, 2018 | 11:00 am – 12:00 pm
Expense Allocations & Indirect Rates – Changes in Trends & Implementation for New
ASU 2016-14 (webinar)
December 13, 2018 | 1:00 pm – 2:00 pm
Enterprise Risk Management for Nonprofits & Associations: Where Strategy Meets
Risk (webinar)
Registration is now open at https://www.grfcpa.com/resources/webinars/.
4550 Montgomery Avenue, Suite 650 N
Bethesda, MD 20814
301-951-9090| www.grfcpa.com
Get In Touch
148 West 37th Street, 6th Floor
New York, NY 10018
212-252-0571 | www.tabush.com
Ricardo Trujillo, CPA, CITP, [email protected]
Melissa Musser, CPA, CITP, [email protected]
Morris [email protected]
DisclaimerThis seminar is not intended as, and should not be taken as, financial, tax, accounting, legal, consulting or any other type of
advice. While we use reasonable efforts to furnish accurate and up-to-date information, we do not warrant that any
information contained in or made available in this webinar is accurate, complete, reliable, current or error-free. We assume no
liability or responsibility for any errors or omissions in the content of this seminar.
The use of the information provided in this seminar does not establish any contractual or other form of client engagement
between Gelman, Rosenberg & Freedman P.C., Tabush Group and the reader or user. Any U.S. federal tax advice contained in
this seminar is not intended to be used for the purpose of avoiding penalties under U.S. federal tax law. Readers and users of
this seminar information are advised not to act upon this information without seeking the service of a professional accountant.
Top Related