2017 AITP Conference

Although Salesforce is generally considered to be exclusively a sales and marketing tool, it is actually a comprehensive PaaS application that can be augmented to support most business functions. The platform allows for integrated solutions that can be delivered without engaging internal IT resources or impacting critical deadlines. With every additional process built on salesforce, the business moves towards developing a 360 degree view of your customer across all interactions. 

In this session Shifra will provide methodologies, tools and techniques for preparing the IT environment and the user base for change as it moves to the Cloud.   She will share her experience in leading the transition for the Jewish Academy of San Diego. She will explore the following 3 aspects of the transformation

• Questions to ask in preparation for the change
• Human aspects of the changes
• The types of support required to facilitate the change

The introduction includes a look back at the early designs of Ransomware, how they behaved including diagrams and real world examples of user encounters. It will also include examples of how users coped with those early versions when infections were encountered.

Next follows an update on Ransomware as we know it today. We’ll look at the increased level of difficulty in coping with infections, new monetary demand approaches, counter risks associated with refusal to pay ransom.

Then, an outline of modern features offered by Anti-Ransomware software makers and a comparison of competing solutions.   

Many U.S.-based international companies will be hugely impacted by the extra-territorial reach of the EU’s General Data Protection Regulation (GDPR) that will be enforced effective May 2018. A two year transition was provided because organizations have a lot of work to do to prepare to comply with GDPR.

This is one of the reasons why the big cloud service providers are developing data centers in, for example, Ireland. If many of the companies attending this conference are focused or plan to focus on EU residents for sales/business development, I’d be happy to bring these organizations up to speed on both GDPR and the cross border data transfer rules, including Privacy Shield that replaced Safe Harbor.

Even if GDPR is not triggered, the cross border data transfer rules may apply. However many companies will need to comply with both GDPR and the cross border data transfer rules.  

GDPR applies to organizations established outside the EU if they (either as controller or processor):

q  Process the personal data of EU residents when offering them goods or services. As this is determined on a case-by-case basis, would review applicable factors.

q  Transfer HR data of EU residents from the EU to another country (considered sensitive data).

q  Monitor the behavior of EU residents. As this is determined on a case-by-case basis, would review applicable factors.

Just some of GDPR’s impacts: expanded definition of personal data; formal Privacy Impact Assessments (PIAs) required for high risk Privacy-by-Design projects; data controllers and processors must generally appoint DPOs (Data Protection Officer), local representatives – would review the applicable conditions; any DPAs (Data Protection Authorities) can request documentation of proof of compliance; DPAs are empowered to enforce GDPR, including ceasing an entity’s business efforts in the EU with fines up to 2-4% of annual global turnover/gross profit

A real-world case study of an advanced ransomware attack created and targeted at a San Diego company. Ford will walk through the time and events of the attack and analyze what the attackers did, what the defenders did (right and wrong) and how the company was eventually restored. This is the real truth of what happens on an IR team and how people react when a company is taken hostage. The audience will get takeaways including: how to respond quickly and some things to do; strategies for recovery once you’re hit, root cause analysis to talk about the subtle but powerful changes that a company can make to protect from the worst case.