October 2017 Monthly Meeting
Topic I -
VPN Global Audit.
Abstract:
The topic is audit focused with the objective to provide reasonable assurance that VPN infrastructure is appropriately managed and secured to support 100K users. The scope of audit covered - change management of gateways and client software, configuration management, patch management, and privilege access to the gateways. The audit performed risk assessment to assess the high risk areas, and used the sampling approach and automation to audit the gateways of different GEOs. The audit led to improvements in the following areas: configuration, change, and privilege access management
Speaker:
Rajiv Agarwal worked as manager/senior manager at PwC, EY and KPMG. Rajiv has been at Intel for over 12+ years in various roles - area manager, project manager and plays a key role in audit planning and execution. Managed audits in the area of cloud, mobile devices, networking (DMZ) and continuous monitoring. Rajiv is CISA and CISM certified.
______________________________________________________________
Topic 2: Equifax Breach - Panel Discussion
Panelist:
Stephanie O. Sparks is a partner at Hoge Fenton in San Jose and chairs the firm’s Privacy ; Data Security Group. Since early 2008, Stephanie has been in the trenches, managing the aftermath of traumatic data breaches, and keeping companies defensible in California ever since.
She counsels companies on privacy and data security laws, including the Privacy Shield and GDPR (General Data Protection Regulation going into effect in May 2018). She helps companies develop and implement privacy and information security policies, retention/destruction schedules, and data incident response plans. Stephanie also drafts and negotiates B2B agreements for data protection, hosting, migration and transfer, among other things.
Christine Lanois is Head of IT Audit at the Albertsons Companies, one of the largest food and drug retailers in the United States. She started her career at Ernst & Young with a focus on technology clients, and then moved into industry, managing IT audit and compliance at Warner Bros. Entertainment and subsequently Seagate Technology. Christine is a Certified Information Systems Auditor and holds Masters degrees from both the University of Notre Dame (Accountancy) and the University of California Los Angeles (MBA).