May 2017 AGM Luncheon Event – Membership and CPE Meeting

Please join us, enjoy some very interesting sessions and earn CPE credits. We are excited to announce our Annual General Membership Meeting (AGM).

Date: May 23rd

Location:  Cottonwood Grille, 913 W River St, Boise, ID 83702

  • 11:30 – Arrival, sign-in, networking
  • 12:00Lunch Served
  • 12:15 – 12:45 – Welcome, Announcements, Board Position Intros, Elections, Scholarships, Updates, Member Recognition
  • 12:45 – 1:00 Break
  • 1:00 – 1:50 Cyber Security Insurance, Herman Doering
  • 1:50 – 2:00 – Break 
  • 2:00 – 2:50 – AICPA’s new Cybersecurity Risk Framework Attestation, Anders Erickson
  • 2:50 – 3:00 – Break 
  • 3:00 – 3:50 – WannaCry Ransomware Analysis, Capt Kyle “Reno” Erickson
  • 4:00 – Social Hour

Cyber Security Insurance, Herman Doering

Biography of Herman Doering, HIPAA SME:
In February, 2009, joined St. Luke’s Health System as the corpor
ate Information Systems Security Officer responsible for HIPAA and PCI Compliance and the HIPAA Security policies and procedures utilized throughout St. Luke’s. Is also responsible for HIPAA Security training. Is a member of the Idaho Health Data Exchange (IHDE) Privacy and Security subcommittee of the IHDE Board. 
Previously served as Sr. Consultant and HIPAA Subject Matter Expert (SME) with BEST Consulting; Venturi  Technology Partners; and COMSYS from 1999 – 2009. Provided consulting on Transactions and Code Sets, the Privacy Rule and the Security Rule. Conducted HIPAA educational seminars for healthcare  entities in Boise, Salt Lake City, Portland, Olympia, Sacramento, and Reno.  Was a charter member of the HIMSS HIPAA SIG. Established and hosted the monthly Boise HIPAA Council. Was a member of the Idaho Medical Association (IMA) HIPAA Coordinating Council and conducted numerous IMA HIPAA Privacy andSecurity seminars.  Spoke at the Idaho Hospital Association on how to conduct and implement a HIPAA Security program. Assisted HIPAA attorneys, such as Kevin West of Hall Farley Oberrecht &; Blanton, PA, and Kim Stanger of Holland & Hart, LLP. Have also provided HIPAA or security consulting to the State of California – Alcohol and Drug Programs, The SEGAL Company in New York, Saltzer Medical Group and Saint Alphonsus Regional Medical Center in Idaho.

AICPA’s new Cybersecurity Risk Framework Attestation, Anders Erickson

Anders Erickson is the Director of Cyber Security Services at Eide Bailly, LLP and has over 15 years of experience providing IT risk and security solutions within the private and public sectors. Anders assists clients in establishing a culture of security within their organization. He leads organizations through the process of identifying their cyber security risks and brings practical solutions to help manage and mitigate those risks. Anders is a Certified Information Systems Security Professional, Certified Information Systems Auditor as well as Certified in Risk and Information Systems Control. He graduated from Brigham Young University with a Masters of Information Systems Management.
The AIPCA has recently released a framework that provides companies with a method to describe and report on their cybersecurity risk management program.  This framework requires a CPA to attest to the controls that implement that program.  The purpose of this report is to boost stakeholder’ confidence in the organization’s management of cybersecurity risks.  
In this session, we will discuss the following:
* Applying the AICPA framework for cybersecurity reporting.
* Key elements of description criteria.
* Value and key aspects of the reports.
* Preparing for cybersecurity examinations.

WannaCry Ransomware Analysis, KYLE “Reno” ERICKSON, Capt, ID ANG

I am the Chief of Weapons and Tactics for the 224 Cyber Operations Squadron in the Idaho Air National Guard.  As the Chief of Weapons and Tactics, it is my responsibility to ensure the members of my unit are trained on the most current tactics, techniques, and procedures on the systems that we use and those of our adversaries. The 224 COS mobilizes using the United States Cyber Command’s Cyber Protection Team construct to protect mission partner networks using a methodology to identify mission requirements, identify security vulnerabilities, and provide proactive defense.
Prior to my current assignment, I was an instructor at the Cyber Warfare Operations, Weapons Instructor Course at Nellis AFB, Nevada teaching defensive and offensive cyber operations.  I have a Bachelor’s of Science in Computer Science from the University of Texas at Dallas and a Masters of Information Security from Western Governors University.
I will be presenting an analysis of the WannaCry malware.  This will include functionality of the malware and its exploitation mechanisms and the fallout it has created.