Third Party Information Security Controls Due Diligence
Morgan Strobel, HCISPP - Crowe LLP
This presentation will take place on Thursday, April 18, 2019 at 1:00 pm Eastern time.
This is a FREE webinar for all AHIA members! Non-members can join AHIA today to take advantage of this benefit.
In this course, you will learn about the Third Party Risk Management Lifecycle, specific to Information Security assessments. We will discuss the importance of the "Trust but Verify" model and when it is appropriate to rely on questionnaires. We will also discuss when to rely on various attestation reports, as well as what to look for within a System and Organization Controls (SOC) report, penetration test, PCI AoC, and other key artifacts. The presentation will also walk the participants through how to assess software development (SDLC) procedures and how to review network diagrams and data flow specific to in scope services.
Following this discussion, participants will be able to:
- Discuss the importance of the "Trust but Verify" model and when it is appropriate to rely on questionnaires.
- Explain when to rely on various attestation reports, as well as what to look for within a System and Organization Controls (SOC) report, penetration test, PCI AoC, and other key artifacts.
- Describe how to assess software development (SDLC) procedures and how to review network diagrams and data flow specific to in scope services.
Program Level: All
Field of Study: Information Technology
Who should attend: Information Security Professionals interested in Third Party Risk
Delivery Method: Interactive discussion using telephone and Internet technology.
CPE Credits: 1 credit
Morgan Strobel, HCISPP - Crowe LLP
Ms. Strobel manages customer accounts and teams, governing team activities to ensure superior quality for our customers. She has over seven years’ experience in information security and third-party risk consulting. She has deep expertise in network architecture, cloud computing and vulnerability management. Her experience also includes assessing third-party business continuity plans, and determining if third parties can maintain proper resiliency in the face of crisis.
Morgan is part of the core third-party solutions delivery team.
Morgan’s experience includes:
Onsite and remote third-party control assessments
Performing infrastructure security assessments, which include all elements of an organization’s information technology infrastructure
Detailed technical analysis including firewalls, intrusion detection, data loss prevention, anti-virus and other security related tools
Supporting clients with compliance to various regulations and security standards, including the HIPAA security rule
Please Note: If you wish to receive continuing professional education credits for participating in the discussion, you are required to register and pay the registration fees. You will also be required to answer 3 of the 4 questions asked online during the discussion to qualify for CPE credit.
Cancellations received in writing prior to a week before the discussion will be issued a refund less a $30 processing fee. No refunds for cancellations within the week of the discussion. For more information regarding refund, complaint and program cancellation policies, please contact AHIA at 888-ASK-AHIA (275-2442).
Continuing Professional Education Credits:
AHIA is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.learningmarket.org.