Information Technology Security

The Certificate in Cybersecurity program is a suite of online courses offering information security training in Asset Security, Communications and Network Security, Identity and Access Management, Security and Risk Management, Security Assessment and Testing, Security Engineering, Security Operations, and Software Development Security.

Cybersecurity is one of the biggest internal control areas that need to have executive attention. You just received an urgent call from the CEO. An e-mail was received demanding $10M Bitcoin to be paid as ransom to unencrypt the company's data. "Oh no! Maybe if we audited the organization's Cybersecurity program and controls before this happened, we might not be in this mess!" Sound familiar? Hundreds of Security, Compliance and Audit professionals have faced this dilemma. As we know, Cybersecurity breaches occur throughout the world on a daily basis, and many are unreported. ALL organizations are vulnerable...including our most "secure" government agencies, financial institutions and public utility companies. A Cybersecurity Program is an absolutely essential component of a system of internal control. How can you assess its effectiveness? Have you conducted an audit? What are the common and not-so-common deficiencies? How can we improve our "security resiliency"?

Cybersecurity is perhaps one of the most important topics for the insurance industry today. Insurers and insurance producers must protect the highly sensitive consumer financial and health information collected as part of the underwriting and claims processes. This personally identifiable information (PII) is entrusted to the insurance industry by the public. We will provide guidance on having a program that will address the NAIC cybersecurity activities including: - Principles for Effective Cybersecurity: Insurance Regulatory Guidance, - NAIC Roadmap for Cybersecurity Consumer Protections, - Updates to the Financial Condition Examiners Handbook concerning cybersecurity risks and protocols, - Insurance Data Security Model Law. The event will include a review of the The National Institute of Standards and Technology (NIST) framework for improving critical infrastructure cybersecurity.

New cybersecurity risk management regulations for insurance companies are here. The National Association of Insurance Commissioners (NAIC) approved Insurance Data Security Model Law and the State of New York in March 2017 placed into effect Section 500 of Title 23 of the Official Compilation of Codes. "Computers, software, programming and algorithms are all parts of a cybersecurity risk program, but it is the interaction with the 'humans' that makes all the difference in world." NAIC's model law requires insurance organizations to have everything from information security program policies to incident response plans to specific breach notification procedures. Insurance organizations will also have to certify compliance to state insurance commissioners annually. Now that NAIC's model law is heading for adoption, it is important to learn how it might apply to your organization and what you can do now to start preparing for compliance.

+Introduction to Information Security +Using your Desktop Computer and Mobile Devices Safely +Using E-mail, the Internet, and Social Media Safely in a Corporate Environment

Securing User Accounts: Fundamental Security Concepts Securing User Accounts: Authorization, Registration, and Passwords Securing User Accounts: Logon, Logoff, Account Changes, and Attack Mitigation

Cryptography Fundamentals: Defining Cryptography Cryptography Fundamentals: Applying Cryptography

iOS Security Architecture and Application Data Protection Securing Against Threats, Securing for Enterprise, and Jailbreaking Devices

Android Architecture, Protection, and Development Best Practices Android Security Vulnerabilities, Testing, and Enterprise Considerations

Introduction to OWASP and the Top 10 OWASP Mitigations for .NET

CSSLP: Secure Software Concepts CSSLP: Secure Software Requirements CSSLP: Secure Software Design CSSLP: Secure Software Implementation and Coding CSSLP: Secure Software Testing CSSLP: Software Acceptance, Deployment, Operations, Maintenance, and Disposal CSSLP: Supply Chain and Software Acquisition

This training will help make you aware of the importance of your clean enforcement record. We will explore what a compliance program is and how to protect against each kind of exposure. You will be trained about protecting your compliance reputation to make it a profit enhancer. How the world of finance deals with compliance and how you can use your favorable compliance record as magnet for investors will be explored. How protecting your compliance record against enforcement action will be focused upon and use of special insurance to protect your compliance record and bottom line will be explained. Expanding the depth and breadth of the markets to which you sell by creating a multiplier of revenue with clean compliance to further increase your market reach. You will be instructed about how and when to utilize this successful strategy for growing your enterprise

Cyber Security Incident Response Program is a must for any organization using the Internet. It must be robust yet flexible. Unfortunately in spite of all of the Cyber Events, many companies are taking a long time to respond. Teams must be trained and have written procedures. Time is critical in responding to an incident. Every incident costs the organization, money and reputation, In this session you will learn: Best practices and the standards that make up a great Cyber Incident Response Program Learn what teams should be part of your CSIRT Team Get insight into how to create CSIRT Playbooks and Management Plans Learn how to conduct inexpensive tests of the CSIRT Teams and Programs This program will help you determine your current Gaps and provide milestones for correcting the Gaps

A project is a temporary endeavor undertaken to create a unique product, service or result. Project management is the application of knowledge, skills, tools and techniques to project activities to meet the project requirements. Companies have come to recognize the importance of project management in helping them achieve their objectives and have added this to their organizational structure. Project management started with the construction industry and has evolved over time. It is now principally used for Information Technology projects. However, project management can be used and applies to any temporary endeavor, no matter how large or small.

The FDA has placed significant emphasis on the role of Human Factors in the approval of devices used for medical purposes. There are several current guidance documents and new proposed Draft Guidance documents. This seminar will compare these Guidance documents. Additionally, strategic recommendations will be presented on how to implement these requirements into the medical device design, development and approval processes. Finally, Human Factors methods and best practices will be covered that the FDA is requiring. Why should you attend: Are you familiar with the role of Human Factors with respect to combination products and the FDA requirements? Are you current on the FDA's current perspectives on Human Factors? Human Factors has become increasingly important to the FDAs approval of medical devices. It is a part of the design and development of the device and the collateral information, e.g., labeling, IFUs, and training. Incorporating Human Factors into the device development

Overview: It will cover the concepts associated with transferring the scientific technology needed to manufacture the product, processes to ensure the receiving manufacturing facility is ready for the product and tools and templates to help capture the knowledge. Why Should you attend: However execution of that transfer is complex involving the interactions of many disciplines across an organization.

I will be going into great detail regarding you practice or business and how it relates to the HIPAA Security/Privacy Rule, Areas covered will be history of HIPAA, privacy vs security, business associates, changes for 2016, audit process, paper based PHI, HIPAA and suing, texting, email, encryption, medical messaging, voice data and much, much, more I will uncover myths versus reality as it relates to this very enigmatic law based on over 600 risk assessments performed as well as years of experience in dealing directly with the Office of Civil Rights HIPAA auditors. I will also speak to real life audits conducted by the Federal government (I've been on both sides of these audits) what your highest risks are for being fined (some of the risk factors may surprise you). Read More : http://www.globalcompliancepanel.com/control/globalseminars/~product_id=900962SEMINAR?trainingregistry_SEO

This course covers a very broad range of topics from worker classification, to employee classification, to establishing methods and rates of pay, what must be included in the rate of pay, hours that must be compensated as worked time, required benefits, de minimus working fringes, withholdings and deductions from pay, voluntary deductions, child support and garnishment orders, payroll reporting, analysis of risks of noncompliance, proper documentation of your policies and procedures and record retention requirements. We will show where to find the laws, how to interpret them and how to apply them in the most effective ways.

Being in compliance with HIPAA involves not only ensuring that you provide the appropriate patient rights and controls on your uses and disclosures of Protected Health Information; but that you also have the proper policies and procedures in place. If audited or the subject of a compliance review, you will be required to show the government you have all the necessary documentation in place for safeguarding patient Protected Health Information and indicate how you addressed all required security safeguards. This starts with the fundamentals of a HIPAA compliance program. If your healthcare practice, business, or organization needs to understand how to put a HIPAA compliance program in place or make sure the current program is adequate and can withstand government scrutiny, please join us for this informative and interactive two-day training course.

Gaps and/or incorrect or incomplete implementation of safety functionality can delay or make the certification/approval of medical products impossible. Most activities cannot be retroactively performed since they are closely linked into the development lifecycle. Diligent, complete and correct implementation of risk management from the start of product development is therefore imperative. This course will introduce all the steps necessary to design, implement and test critical medical devices in a regulatory compliant environment. This course will additionally address the software risk management and the resulting interfaces to device level risk management. To comprehensively summarize all risk related activities and to demonstrate the safe properties of a device, the 'Safety Case' or 'Assurance Case' document is a well-established method to collect all safety related information together in one place. This documentation will most likely become mandatory for all devices (currently onl