June Education Seminar

Regardless if your interests relate to the Government, Health Care, Retail or Financial industries, this
seminar cuts across all of the data privacy and fraud detection/prevention legal requirements in order
to establish implementation and audit validation requirements.

Outline:

• Introduction to Data Privacy and Fraud Prevention
  • What is PHI, PII and private employee & customer information?
  • Data Privacy & Fraud Prevention Legal Requirements
  • How these legal industries impact specific industries
  • Security and operation impacts of recent legislation (HITECH Act and others)
  • How companies are addressing these requirements
• Data Privacy Approaches for Government Agencies
  • Implementation and compliance approaches
    • H.R. 516 Federal Agency Data Privacy Protection Act
    • Privacy Provisions of the E-Government Act of 2002
    • FISMA Act of 2002
    • Privacy Act of 1974
    • Inter-Agency Sharing of Personal Data
  • How to conduct privacy impact assessments
• Risk Assessment processes
• Data Classification Standard
  • Alternative approaches used for developing a data classification standard
  • Implementation requirements
  • How to audit a data classification standard

• Detective Processes “red flags”
  • Alternative audit trails
  • Evaluating Detective Process “red flags” to reduce Fraud
  • Identifying inadequate data collection processes
  • Automating detective review processes

• Third Party Relationship handling
  • Business partner data exchange
  • Handling third-party vendor access
• Reassessment of Access Control Requirements
• Upgrade requirements to logon security
• Security design approaches which do not meet Data Privacy and Fraud Prevention requirements
• Realistic measures for maintaining confidentiality of data in transit
• Alternative approaches for securing data at rest
• Entity-level controls used to foster data privacy and fraud prevention
  • Spreading data privacy within security awareness programs
  • Corporate Policies, standards and methodologies
  • Alternative roles of compliance functions
• PCI Compliance
  • An insiders view of how to become and maintain PCI compliance
  • Unpublished methods to resolve “show stopper” non-compliance issues
• Case Studies
  • Performing a data privacy audit
  • Performing a fraud prevention audit

Presented by Mitchell H. Levine, CISA.
Mitchell H. Levine is the founder of Audit Serve, Inc. which is an IT Audit & Systems consulting company.   For the last 19 years at Audit Serve, Mr. Levine has split his time between traditional IT & Integrated Audit Consulting projects, PCI Implementations, SOX Implementation/Testing Projects and the implementation of defect tracking, compliance and software management systems. Over the past seven years Mr. Levine has presented over 25 seminars to nine different ISACA & IIA chapters.  Mr. Levine also was the primary writer and editor of the Audit Vision Magazine which was published from 1991 – 1998.  The magazine was transformed into the Audit Vision E-mail newsletter which is published monthly. Prior to establishing Audit Serve, Inc. in 1990, Mr. Levine was an IT Audit Manager at Citicorp where his duties included managing a team of IT Auditors who were responsible for auditing 25+ service bureaus and the corporate financial systems.