Occasionally I call out events in the corporate compliance and audit world that seem particularly useful, and we have another one coming up that’s worthy of your time: a day-long conference in Connecticut of internal auditors and Justice Department cybersecurity experts, to talk about cooperation between government and corporate worlds.
The formal hosts are the local Connecticut chapters of the Institute of Internal Auditors and ISACA, who asked the U.S. attorney’s office for Connecticut to speak about cybersecurity generally. Somehow things took off from there, and now we have a flock of officials from the FBI, Homeland Security Department, and Justice Department, including the assistant attorney general of the National Security Division, John Carlin, who will give the keynote address.
The conference will happen on Monday, May 9, at the University of Connecticut’s campus in Stamford. Cost is $125 for IIA or ISACA members, $175 for non-members. Seating is limited so I suggest registering as soon as you can.
Disclosure: Neil Frieser, chief audit executive for Frontier Communications and chair of this event, asked me to moderate a panel discussion at it. For an event as cool as this one you don’t need to ask me twice, so I’ll be there.
The concept is to present both legal and technical challenges to dealing with cybersecurity—which is just what corporate audit and compliance executives need to hear, since this particular threat cuts across all the usual silos of a large organization. For its part, the U.S. attorney’s office is courting any opportunity it can find to talk to businesses about how to cooperate with law enforcement.
Cooperation is lovely in concept but tricky in practice: Which agency do you call? Should you not disclose a breach if working with authorities? How can they help make your organization whole? What’s more, the executives most able to answer those questions within a corporation are the legal department, and they are not the ones most able to answer how a cyber-attack happens or what your risks to an attack might be. Those people would be the IT security and internal audit departments, so any effort to bring all sides together is worthwhile.
That’s why I’ll be there in Stamford on May 9. If you have the time and the interest, I recommend you attend too.