PLEASE NOTE: THIS EVENT IS ONLINE ONLY

Data breaches are not as random as you might think. Building upon previous work forecasting fraud among business customers, we discovered something often overlooked by practitioners. Insufficient staffing is a strong predictor of data breach, and surprisingly, audit staff is just as effective at preventing a data breach as staff working in information technology.

This session will demonstrate how a cybersecurity data breach can be accurately forecast based upon the number of employees overall, and the number of employees with certain certifications that relate to cybersecurity, including the ISC2 CISSP and ISACA CISA certifications. You will learn how this approach of measuring cybersecurity could help your organization to set risk appetite goals in terms of expected frequency of a data breach, and how to right size the cybersecurity team and manage third-party data breach risk to meet these goals.

Divided into 2 sessions, the first hour will be a presentation from Michael Stoyanovich and Dr. Thomas Lee, introducing and walking us through their model. The second hour will feature a panel discussion, diving deeper into the model, and taking questions from attendees online. This session is online, open to the public, designed for varying ages/levels of technology experience, and available at no cost. Attendees will receive 2 CPEs for attending the full session. 

SPEAKERS

Dr. Thomas Lee is the CEO of VivoSecurity, a Silicon Valley based company focused on data collection, regression modeling and A.I. to bring predictability to the randomness of data breach. In cybersecurity, Thomas has developed models to forecast fraud in online banking, probability for PII data breach, probability for lawsuits and costs in the event of a PII data breach, and the likelihood of a shareholder lawsuit for public companies in the event of a stock drop. He has developed models to forecast PII data breaches by state and models to forecast the number of data breaches in the healthcare industry. In 2018, Thomas was an invited speaker at the Richmond Fed research conference, PRMIA NYC & BCG, O.R.X Toronto & Milan and OpRisk North America. In 2019, Thomas was invited to participate at Richmond Fed cyber security workshop and was a panelist at ACAMS. In 2022, Thomas was an invited speaker at ISACA Toronto, ISACA Silicon Valley and the Silicon Valley Affiliate of WiSyS. In 2023, Thomas was an invited speaker at the ISACA chapters in Silicon Valley, Orange County, Boise, Memphis, Sacramento, Arkansas, and Central Ohio and he was a panelist at ISACA Silicon Valley Digital Trust Summit. In 2024, Thomas was an invited speaker at ISACA San Francisco, the Pacific Hackers Association in Mountain View California, Society of Information Risk Analysts (SiRA), ISSA Silicon Valley and a joint session of ISACA & IIA Northwest Ohio. Thomas has multiple patents and publications in peer reviewed journals and holds BS degrees in Physics and Electrical Engineering from the University of Washington, and an MS and PhD in Biophysics from the University of Chicago. 

Visit Thomas on LinkedIn: https://www.linkedin.com/in/thomas-lee-phd-b7766b10/

Michael Stoyanovich is a vice president and senior consultant in Segal’s Administration & Technology Consulting practice. He is a leading expert at managing third-party data breach risk including 1) strategies and policies for managing risk-budgets, 2) methods for evaluating risk-budgets and 3) integration of the management of third-party data breach risk within current TPRM frameworks and practices. He is also an expert for assessing third-parties based upon information security (“InfoSec”) team size and training, IT-training, and evaluation of a third-parties outsourced cybersecurity.  Michael has over 30 years of experience in technology and has served as Chief Information Officer (CIO) and Chief Operating Officer (COO) at Associated Third Party Administrators (ATPA) and CIO of BeneSys. He speaks at industry events and conferences, including the International Foundation of Employee Benefit Plans annual conferences, the International Foundation’s Trustees and Administrators Institutes and various chapters of the Information Systems Audit and Control Association (ISACA). Michael has authored several articles that have been published in Benefits & Compensation Digest. He earned a Certified Data Privacy Solutions Engineer (CDPSE) credential, issued by ISACA. Stoyanovich received a bachelor of arts degree from the University of Michigan and a master of public administration degree from Michigan State University. 

Visit Michael on LinkedIn: https://www.linkedin.com/in/mstoyanovich/