Information Security and Financial Institutions: FTC Workshop to Examine Safeguards Rule

Jul 13, 2020 9:00AM

Online

Tags:

Event Description

This past event was held online only.

The workshop will explore some of the issues raised in response to amendments the FTC has proposed making to the Gramm-Leach-Bliley Act’s Safeguards Rule, which requires financial institutions to develop, implement, and maintain a comprehensive information security program. In 2019, the FTC sought comments on the proposed amendments to the Safeguards Rule.

The workshop is seeking information, empirical data, and testimony on such topics as:

price models for specific elements of information security programs;
standards for security in various industries;
the availability of third party information security services aimed at different sized institutions;
information about penetration and vulnerability testing; and
the costs of and possible alternatives to encryption and multifactor authentication.

Event Details

Agenda

9:00 am	Welcome and Opening Remarks David Lincicum Attorney, Federal Trade Commission, Division of Privacy & Identity Protection
9:30 am	The Costs and Benefits of Information Security Programs *Panelists:* Chris Cronin Partner, HALOCK Security Labs Serge Jorgensen CTO, Sylint Group Pablo Molina AVP and CISO, Drexel University; Faculty Lecturer, Georgetown University Sam Rubin Vice President, Crypsis *Moderator:* David Lincicum Attorney, Federal Trade Commission, Division of Privacy & Identity Protection
10:30 am	Break
10:45 am	Information Security Programs and Smaller Businesses *Panelists:* Rocio Baeza CEO, CyberSecurity Base James Crifasi Chief Technical Officer and VP, RedZone Technologies Brian McManamon CEO and President, Techlock Kiersten Todt Managing Director, Cyber Readiness Institute Lee Waters IT Manager, McCloskey Motors *Moderator:* Katherine McCarron Attorney, Federal Trade Commission, Division of Privacy & Identity Protection
11:45 am	Lunch Break
1:00 pm	Continuous Monitoring, Penetration, and Vulnerability Testing *Panelists:* Thomas Dugas Assistant Vice President and Chief Information Security Officer (CISO), Duquesne University Fredrick Lee Chief Information Security Officer, Gusto Scott Wallace Penetration Tester, Department of Homeland Security Nicholas Weaver Researcher, International Computer Science Institute *Moderator:* Alex Iglesias IT Specialist, Federal Trade Commission, Division of Privacy & Identity Protection
2:00 pm	Break
2:15 pm	Accountability, Risk Management, and Governance of Information Security Programs *Panelists:* Adrienne Allen Director of Security, Governance, Risk, and Compliance, Coinbase Michele Norin Senior Vice President and Chief Information Officer, Rutgers, The State University of New Jersey Karthik Rangarajan Head of Security, Robinhood *Moderator:* Robin Wetherill Attorney, Federal Trade Commission, Division of Privacy & Identity Protection
3:15 pm	Break
3:30 pm	Encryption and Multifactor Authentication *Panelists:* Matthew Green Associate Professor, John Hopkins University Randy Marchany CISO, Virginia Tech Wendy Nather Head of the Advisory CISO Team at Duo Security (now Cisco) *Moderator:* Katherine McCarron Attorney, Federal Trade Commission, Division of Privacy & Identity Protection

Agenda (513.63 KB)

Event Speakers

Speaker Bios (524.64 KB)

Event Materials

Presentation Slides (425.25 KB)

Transcripts

Transcript (788.86 KB)

Video

FTC Workshop to Examine Safeguards Rule (Part 1)

FTC Workshop to Examine Safeguards Rule (Part 2)

Public Comments

FTC Privacy Policy

Under the Freedom of Information Act (“FOIA”) or other laws, we may be required to disclose to outside organizations the information you provide when you pre-register. The Commission will consider all timely and responsive public comments, whether filed in paper or electronic form, and as a matter of discretion, we make every effort to remove home contact information for individuals from the public comments before posting them on the FTC website.

The FTC Act and other laws we administer permit the collection of your pre-registration contact information and the comments you file to consider and use in this proceeding as appropriate. For additional information, including routine uses permitted by the Privacy Act, see the Commission’s comprehensive Privacy Policy.

This event is open to the public and may be photographed, videotaped, webcast, or otherwise recorded. By participating in this event, you are agreeing that your image — and anything you say or submit — may be posted indefinitely at ftc.gov or on one of the Commission's publicly available social media sites.

Information Security and Financial Institutions: FTC Workshop to Examine Safeguards Rule

Event Description

Event Details

Welcome and Opening Remarks

The Costs and Benefits of Information Security Programs

Break

Information Security Programs and Smaller Businesses

Lunch Break

Continuous Monitoring, Penetration, and Vulnerability Testing

Break

Accountability, Risk Management, and Governance of Information Security Programs

Break

Encryption and Multifactor Authentication

FTC Privacy Policy

About the FTC

News & Events

Enforcement

Policy

Tips & Advice

I Would Like To...

Site Information