Sorry, you need to enable JavaScript to visit this website.
Skip to main content
Image
Room
Online

Event Description

This past event was held online only.

The workshop will explore some of the issues raised in response to amendments the FTC has proposed making to the Gramm-Leach-Bliley Act’s Safeguards Rule, which requires financial institutions to develop, implement, and maintain a comprehensive information security program. In 2019, the FTC sought comments on the proposed amendments to the Safeguards Rule.

The workshop is seeking information, empirical data, and testimony on such topics as:

  • price models for specific elements of information security programs;
  • standards for security in various industries;
  • the availability of third party information security services aimed at different sized institutions;
  • information about penetration and vulnerability testing; and
  • the costs of and possible alternatives to encryption and multifactor authentication.
  • 9:00 am

    Welcome and Opening Remarks

    David Lincicum
    Attorney, Federal Trade Commission, Division of Privacy & Identity Protection

    9:30 am

    The Costs and Benefits of Information Security Programs

    Panelists:
    Chris Cronin
    Partner, HALOCK Security Labs
    Serge Jorgensen
    CTO, Sylint Group
    Pablo Molina
    AVP and CISO, Drexel University; Faculty Lecturer, Georgetown University
    Sam Rubin
    Vice President, Crypsis

    Moderator:
    David Lincicum
    Attorney, Federal Trade Commission, Division of Privacy & Identity Protection

    10:30 am

    Break

    10:45 am

    Information Security Programs and Smaller Businesses

    Panelists:
    Rocio Baeza
    CEO, CyberSecurity Base
    James Crifasi
    Chief Technical Officer and VP, RedZone Technologies
    Brian McManamon
    CEO and President, Techlock
    Kiersten Todt
    Managing Director, Cyber Readiness Institute
    Lee Waters
    IT Manager, McCloskey Motors

    Moderator:
    Katherine McCarron
    Attorney, Federal Trade Commission, Division of Privacy & Identity Protection

    11:45 am

    Lunch Break

    1:00 pm

    Continuous Monitoring, Penetration, and Vulnerability Testing

    Panelists:
    Thomas Dugas
    Assistant Vice President and Chief Information Security Officer (CISO), Duquesne University
    Fredrick Lee
    Chief Information Security Officer, Gusto
    Scott Wallace
    Penetration Tester, Department of Homeland Security
    Nicholas Weaver
    Researcher, International Computer Science Institute

    Moderator:
    Alex Iglesias
    IT Specialist, Federal Trade Commission, Division of Privacy & Identity Protection

    2:00 pm

    Break

    2:15 pm

    Accountability, Risk Management, and Governance of Information Security Programs

    Panelists:
    Adrienne Allen
    Director of Security, Governance, Risk, and Compliance, Coinbase
    Michele Norin
    Senior Vice President and Chief Information Officer, Rutgers,
    The State University of New Jersey
    Karthik Rangarajan
    Head of Security, Robinhood

    Moderator:
    Robin Wetherill
    Attorney, Federal Trade Commission, Division of Privacy & Identity Protection

    3:15 pm

    Break

    3:30 pm

    Encryption and Multifactor Authentication

    Panelists:
    Matthew Green
    Associate Professor, John Hopkins University
    Randy Marchany
    CISO, Virginia Tech
    Wendy Nather
    Head of the Advisory CISO Team at Duo Security (now Cisco)

    Moderator:
    Katherine McCarron
    Attorney, Federal Trade Commission, Division of Privacy & Identity Protection

  • Transcript - Files

FTC Privacy Policy

Under the Freedom of Information Act (“FOIA”) or other laws, we may be required to disclose to outside organizations the information you provide when you pre-register. The Commission will consider all timely and responsive public comments, whether filed in paper or electronic form, and as a matter of discretion, we make every effort to remove home contact information for individuals from the public comments before posting them on the FTC website.

The FTC Act and other laws we administer permit the collection of your pre-registration contact information and the comments you file to consider and use in this proceeding as appropriate. For additional information, including routine uses permitted by the Privacy Act, see the Commission’s comprehensive Privacy Policy.

This event is open to the public and may be photographed, videotaped, webcast, or otherwise recorded. By participating in this event, you are agreeing that your image — and anything you say or submit — may be posted indefinitely at ftc.gov or on one of the Commission's publicly available social media sites.