David Cass

By: Hon. Saliann Scarpulla, Bradford K. Newman, David A. Cass
Blockchain technology has become a buzzword in the business world, and its applications are rapidly expanding. With the rise of cryptocurrencies, smart contracts, and other decentralized applications, blockchain has opened up new possibilities for businesses to operate more securely, transparently, and efficiently. This article will explore the basics of blockchain, smart contracts, crypto, and Web 3.0 and how they are relevant… Show more

By: Hon. Saliann Scarpulla, Bradford K. Newman, David A. Cass
Blockchain technology has become a buzzword in the business world, and its applications are rapidly expanding. With the rise of cryptocurrencies, smart contracts, and other decentralized applications, blockchain has opened up new possibilities for businesses to operate more securely, transparently, and efficiently. This article will explore the basics of blockchain, smart contracts, crypto, and Web 3.0 and how they are relevant for business lawyers. We will also examine some of this technology’s current business, litigation, and regulatory risks. Show less

Today’s legal landscape requires one to have a clear understanding of the relationship between blockchain, smart contracts, and cryptocurrencies and how these three topics are connected to money laundering and other legal concerns. This article attempts to provide the reader with that basic understanding.

Multiple cybersecurity issues arise that are unique to mass tort cases, especially those involving massive amounts of HIPAA data in medical records, and data protection requirements that the Plaintiff and Defense bars must exercise. This panel will examine these issues from the perspective of lawyers, solution providers, neutrals, and CISOs. In addition insights and best practices for the plaintiff and defense bar, the panel will discuss the rapidly evolving ethical obligations of lawyers and… Show more

Multiple cybersecurity issues arise that are unique to mass tort cases, especially those involving massive amounts of HIPAA data in medical records, and data protection requirements that the Plaintiff and Defense bars must exercise. This panel will examine these issues from the perspective of lawyers, solution providers, neutrals, and CISOs. In addition insights and best practices for the plaintiff and defense bar, the panel will discuss the rapidly evolving ethical obligations of lawyers and the impact on future litigations of cyber-attacks similar to those experienced by firms and providers. Show less

I discuss how cloud, cognitive and blockchain are changing the competitive landscape of financial services and what organizations are doing to transform essential customer experiences, rethink business, technology and data to build a platform for the future of financial services.

This panel will provide a practical overview of the Health Insurance Portability and Accountability Act (HIPAA), as well as HITECH, as it relates to the cyber security and privacy of covered entities and business associates. Panelists will discuss how to comply with the HIPAA Privacy Rule, Security Rule, Breach Notification Rule, and Enforcement Rule, as well as state HIPAA laws. HIPAA compliance in relation to ransomware will also be discussed. Finally, the panel will discuss regulatory… Show more

This panel will provide a practical overview of the Health Insurance Portability and Accountability Act (HIPAA), as well as HITECH, as it relates to the cyber security and privacy of covered entities and business associates. Panelists will discuss how to comply with the HIPAA Privacy Rule, Security Rule, Breach Notification Rule, and Enforcement Rule, as well as state HIPAA laws. HIPAA compliance in relation to ransomware will also be discussed. Finally, the panel will discuss regulatory guidance for mobile health-related (“mHealth”) apps. Show less

The topic of Cyber Security is top of mind for many Board of Directors (BOD) and is a common agenda item at BOD meetings. What do BOD want to hear from their Cyber Security executives? What are the salient points a BOD needs to know about the Chief Information Security Officer role and the business of Cyber so they can better manage their overall company risk posture. Does having Cyber professionals on boards of publicly traded companies help communicate a complex challenge to non technical… Show more

The topic of Cyber Security is top of mind for many Board of Directors (BOD) and is a common agenda item at BOD meetings. What do BOD want to hear from their Cyber Security executives? What are the salient points a BOD needs to know about the Chief Information Security Officer role and the business of Cyber so they can better manage their overall company risk posture. Does having Cyber professionals on boards of publicly traded companies help communicate a complex challenge to non technical Boards and h ow does the BOD perceive enterprise risk relative to their company’s goals and objectives. These executives will share how they manage, prioritize and communicate enterprise and organizational risks within a Cyber dominate environment. Show less

Roundtable exercise on responding to a Hypothetical Scenario for a Publicly Traded Healthcare Company

Discussion of an overview of cyber weapons, threats and countermeasures, and predictions for upcoming years.

This webinar will provide an overview of cloud computing and review the cloud landscape. The panel will then provide an overview of legal and other risks that should be considered when working with the cloud, regardless of the cloud infrastructure being planned for or already in use.

As the threat landscape continues to evolve, Investment Advisors have also become a target of opportunity. Join our webcast as we discuss the importance of understanding the SEC and IA Cyber guidelines.

This program discusses what the board of directors of a company, whether large or small, needs to know about the cyber security preparedness of their company in order to both protect from a wide-scale incident and mitigate the damage should a breach occur. Panelists will discuss breach reporting cycles; the importance of clear notification and governance in cyber security recommendations for proactive measures to protect your equities. This program will include a hypothetical cyber incident… Show more

This program discusses what the board of directors of a company, whether large or small, needs to know about the cyber security preparedness of their company in order to both protect from a wide-scale incident and mitigate the damage should a breach occur. Panelists will discuss breach reporting cycles; the importance of clear notification and governance in cyber security recommendations for proactive measures to protect your equities. This program will include a hypothetical cyber incident that allows attendees to understand the different types of response to a breach and the pitfalls with each. Show less

The program offers a legal perspective in the wake of continued escalations in phishing and denial of service attacks against banks and other financial institutions, financial services firms and the quickly evolving regulatory frameworks.

This dynamic panel of experts will cover the importance of your contractual agreements that include disaster recovery and decisions for public or private configurations. Also to be discussed are successful DevOp structures with the integration of continuous vulnerability management followed by Data Classification schemes and Identity and Access Management Regimens. Closing out the session will be a discussion regarding Compliance as it relates to PCI and HIPAA when utilizing cloud based… Show more

This dynamic panel of experts will cover the importance of your contractual agreements that include disaster recovery and decisions for public or private configurations. Also to be discussed are successful DevOp structures with the integration of continuous vulnerability management followed by Data Classification schemes and Identity and Access Management Regimens. Closing out the session will be a discussion regarding Compliance as it relates to PCI and HIPAA when utilizing cloud based constructs. Show less

The Dark Net has emerged as the preferred trading venue for organized criminal networks and individuals to carry out illicit activities, and has also bolstered a new breed of crimes such as HaaS “hacking as a service.” Darknet markets have multiplied since the first major takedowns and continue to use enhanced privacy and decentralized technologies in order to evade law enforcement detection. Crimes committed with the Dark Net pose interesting challenges such as how to coordinate technically… Show more

The Dark Net has emerged as the preferred trading venue for organized criminal networks and individuals to carry out illicit activities, and has also bolstered a new breed of crimes such as HaaS “hacking as a service.” Darknet markets have multiplied since the first major takedowns and continue to use enhanced privacy and decentralized technologies in order to evade law enforcement detection. Crimes committed with the Dark Net pose interesting challenges such as how to coordinate technically intensive operations where data runs across national jurisdictions and where targets are fast-moving and hard to pinpoint, often using encryption. But technologies can also help law enforcement address the challenge of the Dark Web:

-Sifting software that sorts through mass amounts of online data to extract meaningful information from targeted searches.
-Indexing programs that give government new ways to analyze, organize and interact with data pulled from a larger pool of sources.
-Computer vision search imaging.
-Outside experts who monitor the web on behalf of law enforcement agencies, trawling to find specific illegal activities and using various tools to automate the gathering.

This panel will address the limitations of these technologies, as well as discuss what additional technologies are needed to combat this challenge. Show less

Why are the Public and Private Sector and Venture Capital Communities Investing in Security as a Service?
Security-as-a-service (SaaS) is an outsourcing model for security management. Typically, Security as a Service involves applications such as anti-virus software delivered over the Internet but the term can also refer to security management provided in-house by an external organization.

From the front office to the back office, analytics is critical to every role in an organization, and more applications are cloud based. You want to adopt software as a service (SaaS) for analytics, but you're concerned about the security and privacy concerns associated with putting your data in the cloud. Join this session to hear what IBM is doing to keep your data secure so you can focus on business innovation.

The way people and companies work has fundamentally changed. What were once buzz words, cloud, mobile, social and big data are here to stay. This paradigm shift requires rethinking information security. I will discuss how we transform information security to become a source of innovation and a business enabler.

Companies in sectors that are significantly regulated by the state – such as pharmaceuticals, financial services and utilities – tend to take a different approach to security from those in less regulated or unregulated sectors – such as retail, consumer products and publishing.

During this lively session the four finalists from the national competition launched through the Cyber Growth Partnership, with the support of BIS and techUK and sponsors Atkins and HP will pitch their technology/service to the Keynote Stage audience and a judging panel of leading CISOs, venture capitalists and analysts. The judging panel will select the winner and award the title of ‘Most Innovative Small Cyber Security Company of the Year’.

Buy-in from senior management is repeatedly cited as a key driver of effective information risk management. Cyber security is certainly high-up on most board agendas following high-profile breaches and pressure from governments and regulatory bodies, however increasing board awareness doesn’t always translate into effective information security decision-making or support. Information security practitioners continue to state that articulating risk to senior management remains a big challenge.… Show more

Buy-in from senior management is repeatedly cited as a key driver of effective information risk management. Cyber security is certainly high-up on most board agendas following high-profile breaches and pressure from governments and regulatory bodies, however increasing board awareness doesn’t always translate into effective information security decision-making or support. Information security practitioners continue to state that articulating risk to senior management remains a big challenge. This is often aggravated by the fact that when investment is secured, it is often difficult to demonstrate the return on that investment.
As enterprises become more connected, attackers become more sophisticated, and the likelihood of a breach increases, it has never been more important for information security practitioners to be able to translate risk into the language of the business. During this panel, the speakers will share best practice advice on how to articulate risk and depict the business value of information security, so that senior management understand the decisions they are being asked to make. Show less

Whether you are responsible for physical security, information security or both, we are seeing more convergence among these disciplines and the technology they utilize. In 2014, there was a lot of convergence between information security and privacy. In 2015, I expect to see more synergy among physical security and information security. Whether this convergence results in reporting changes or physical security and information security teams working more closely together that remains to be seen.… Show more

Whether you are responsible for physical security, information security or both, we are seeing more convergence among these disciplines and the technology they utilize. In 2014, there was a lot of convergence between information security and privacy. In 2015, I expect to see more synergy among physical security and information security. Whether this convergence results in reporting changes or physical security and information security teams working more closely together that remains to be seen. 2014 raised the bar for complex cyber-attacks, some of these attacks had elements of insider threat and others were able to shut down corporations for a period of time.

Cyber criminals and hackers have a common language and approach that is well understood by their community. As we see convergence among physical and information security there is a need for a common language, which includes risk management and resiliency.

Key Takeaways Include:

Creating a culture of risk management
Developing a common risk structure and framework that can be applied across disciplines
Dealing with known unknowns and unknown unknowns
Building the case for resiliency as part of your strategy
How to execute on your risk management strategy Show less

As organisations accept that they are more than likely to be breached, strengthening business resilience and response capabilities is becoming just as important as developing defensive strategies. As a result, organisations are crafting risk-based approaches to balance their priorities in order to protect, detect, respond and recover.

2014 saw an increase in the number of cyber incidents that had devastating effects on the operations of global companies. Nation states allegedly carried out attacks across the globe, but employees are also a weak link. This panel will discuss the cyber risks to corporate operations from outside and within its own walls. It will also touch on the ever-present threat to national critical infrastructure from a cyber attack.

Security and Privacy are essential in today’s digital economy. 2014 was a year of large-scale security and privacy breaches, leaving everyone asking themselves how much should we trust companies with our sensitive information. Currently, there are more than 80 countries with privacy laws. Violating these laws may result in fines, brand damage, and/or loss of revenue.

Cyber intrusions and attacks have increased dramatically over the last decade, exposing personal and business information, disrupting operations and imposing high costs on affected businesses. Despite its expertise in security, the gaming industry is no stranger to this threat. During this session, learn about potential vulnerabilities for all businesses as well as those unique to the gaming industry and how best to safeguard against them. Attendees also will gain insights on developing a… Show more

Cyber intrusions and attacks have increased dramatically over the last decade, exposing personal and business information, disrupting operations and imposing high costs on affected businesses. Despite its expertise in security, the gaming industry is no stranger to this threat. During this session, learn about potential vulnerabilities for all businesses as well as those unique to the gaming industry and how best to safeguard against them. Attendees also will gain insights on developing a response plan for use in the unfortunate event of an attack.
• Learn how, and why, hackers do what they do.
• Hear about the technology available to protect your data.
• Assess your organization’s vulnerability to cybercrime. Show less

With the increasing utilization of cloud, mobile, social and big data, the traditional model of Information Security has changed. As organizations grapple with these key changes how do you know if your information security program is protecting the right things and how do you gauge security maturity in this new paradigm? How can you answer the question: “How mature is my Information Security program?”

Abstract: Greater London has one of the largest concentrations of CCTV cameras in the world and its police service is among the first to experiment with body-worn cameras for its officers and other government agencies and corporations are managing and securing records and data of tens of millions of people. All of these entities stand to benefit from the cloud, but the sensitivity of their data makes its' security paramount. Can we trust the cloud with our most sensitive data types? What should… Show more

Abstract: Greater London has one of the largest concentrations of CCTV cameras in the world and its police service is among the first to experiment with body-worn cameras for its officers and other government agencies and corporations are managing and securing records and data of tens of millions of people. All of these entities stand to benefit from the cloud, but the sensitivity of their data makes its' security paramount. Can we trust the cloud with our most sensitive data types? What should a cloud model include to ensure the integrity, reliability, security and availability of sensitive information for those who need to see it? What solutions make sense and what should we be asking of our cloud providers? This panel will explore these issues and identify areas where industry and government can work together to fully achieve the benefits that the cloud can deliver - including a secure environment that can also protect our privacy. Show less

David Cass is the most softly spoken and unassuming security executive that I've had the pleasure of meeting. Surprisingly young in comparison with many of his peers, his experience and insight...

The way organizations and people work today has dramatically changed. Social, Mobile, and Cloud require us to change the way that we practice information security. We must move from a short term focus to having a long term vision and strategy.
We will discuss:
- What is adaptive security?
- Achieving business alignment
- Moving from an operational view of security to an outcome based view
- Focus on principles
- Positioning your security team for success
-… Show more

The way organizations and people work today has dramatically changed. Social, Mobile, and Cloud require us to change the way that we practice information security. We must move from a short term focus to having a long term vision and strategy.
We will discuss:
- What is adaptive security?
- Achieving business alignment
- Moving from an operational view of security to an outcome based view
- Focus on principles
- Positioning your security team for success
- Putting it all together Show less

The public cloud has not only settled on the IT landscape, it has infiltrated every facet of the business. It presents complex issues around identity management, compliance and data intelligence, and CISOs wonder if the risk is worth the ROI. For David Cass of Elsevier, successful cloud adoption is about establishing governance that takes advantage of the cloud’s versatility. This means engineering the appropriate intelligence for your organization, building a data security framework and… Show more

The public cloud has not only settled on the IT landscape, it has infiltrated every facet of the business. It presents complex issues around identity management, compliance and data intelligence, and CISOs wonder if the risk is worth the ROI. For David Cass of Elsevier, successful cloud adoption is about establishing governance that takes advantage of the cloud’s versatility. This means engineering the appropriate intelligence for your organization, building a data security framework and assessing providers on cloud security standards. In this session, learn how his risk-based approach to cloud translates into competitive advantage. Show less

As information security teams grapple with the challenges of securing an increasingly complex and ever changing threat landscape they have an opportunity to transform information security into an enabling function, supporting and adding value to the business as it transforms and innovates.

So how can an information security function evolve to become business-led? How do you bring business knowledge into the security team and educate security practitioners about the implications of… Show more

As information security teams grapple with the challenges of securing an increasingly complex and ever changing threat landscape they have an opportunity to transform information security into an enabling function, supporting and adding value to the business as it transforms and innovates.

So how can an information security function evolve to become business-led? How do you bring business knowledge into the security team and educate security practitioners about the implications of threats for the business? How can you challenge negative perceptions of risk within information security? How can security functions start thinking like the business and become a business partner? How does information security become fundamental to the business rather than just a compliance issue? How should information security practitioners engage the business and get management and stakeholder buy-in? How can information security and business work together to create a common language to ensure the effective communication of risk intelligence without instilling FUD?

During this session the panel will discuss how information security practitioners can position security as an enabling function and truly support the business including:

How to integrate security into agile business practices and transformation
New strategies to educate the security team to understand business objectives and speak the language of the business
How security can help the business collaborate internally, with suppliers and with customers
How the security function can inform and contribute to business decision-making
What skills are required for an effective security professional and what does this all mean for the role of the CISO? Show less

Information security professionals must have a good understanding of the business they support, says David Cass, chief information security officer (CISO) for publishing firm Elsevier.

“They must know what is important to the business and what the key business drivers are so that information security can be aligned with those,” he told Computer Weekly.

Industry and academic experts from around the world will share their knowledge and research on systems engineering topics in the area of Emerging Technologies for Evolving Systems: Socio-technical, Cyber and Big Data

During this session David Cass - Senior Vice President & CISO, Elsevier, will provide his assessment of the current threat landscape, the emerging risks as business, technology and working practices evolve and how to plan a road map for the future...

David Cass, chief information security officer at Elsevier, talks about Elsevier’s approach to privacy and cyber security in a video interview with the Financial Times.

Technology continues to change at a rapid pace. Emerging technologies are becoming more and more complex and cyber-attacks ever more sophisticated. Privacy and regulations are adding the challenging business environment. Information security must be a business enabler and help the business innovate. We will discuss strategies to navigate this environment, leverage new technology, and help the business innovate.

The information security game isn’t what it used to be. Emerging technologies are becoming more and more complex and cyber-attacks ever more sophisticated. As today’s IT department is now being looked to as a driver of business and raiser of the bottom line, department leaders must adopt a more advanced strategy. This session will enable attendees to assess the current state of information security and its key components within their respective organizations, highlighting specific experiences… Show more

The information security game isn’t what it used to be. Emerging technologies are becoming more and more complex and cyber-attacks ever more sophisticated. As today’s IT department is now being looked to as a driver of business and raiser of the bottom line, department leaders must adopt a more advanced strategy. This session will enable attendees to assess the current state of information security and its key components within their respective organizations, highlighting specific experiences and lessons learned. Discussion topics will include:
Methods for Determining Maturity
Communication at the Executive Level
Achieving the Future State
Budget & Strategy: Working Smart Show less

Regulations are complicating the cloud environment and the increasing complexity is making it harder to leverage secure cloud capabilities. Security leaders in today’s organization must take a serious look at how to navigate the cloud in order to meet business demands. With no one-size-fits-all solution, this executive boardroom’s goal is to bring together CISOs in the New York community to discuss lessons learned, personal case studies and the business cases built to support a move to the… Show more

Regulations are complicating the cloud environment and the increasing complexity is making it harder to leverage secure cloud capabilities. Security leaders in today’s organization must take a serious look at how to navigate the cloud in order to meet business demands. With no one-size-fits-all solution, this executive boardroom’s goal is to bring together CISOs in the New York community to discuss lessons learned, personal case studies and the business cases built to support a move to the cloud. Join David Cass, Shukri Khader and Dave Anderson to discuss how, despite growing regulatory requirements, you can discover your own personal fit in the cloud environment. Show less

Review the present state of risk, resiliency and security metrics. Perform basic quantitative analysis.
Develop diagnostic metrics.
Leverage risk and resiliency management to improve the risk posture, provide a sustainable and resilient technology environment, deliver business value and contribute to innovation.
Evaluate frameworks such as COBIT and ITIL to develop risk and resiliency metrics that are actionable and deliver business value, and are presentable to executive management.

ISACA Management Forum Key Note, Scottsdale AZ

CPM West, Las Vegas NV

DRJ Spring World, Orlando FL.

ISACA – IT Governance & Compliance Conference, Boston MA.

ISACA NA Computer Audit, Control and Security Conference, Houston TX, 2007

Key Note Speaker: IT Economics, CIO Magazine Seminar Series, New York City, Boston, Philadelphia.

International Symposium on Affordability Management, Prague 2006.

Philadelphia Federal Reserve Bank