Cybersecurity Audit and Assessment Considerations in the US and EU [Part 2]

Rachel V. Rose | Rachel V. Rose – Attorney at Law, PLLC

Rachel V. Rose, JD, MBA is a Principal with Rachel V. Rose – Attorney
at Law, P.L.L.C. (Houston, TX)

Ms. Rose has a unique background, having worked in many different facets of healthcare, securities, cybersecurity, as well as international law and business throughout her career. For over a decade, her practice has focused on transactional, compliance, and litigation matters related to cybersecurity, health care, securities, and Dodd-Frank/False Claims Act whistleblower claims. She has conducted HIPAA Risk Analyses for a variety of domestic and international organizations and represented persons related to government enforcement inquiries and responses on cybersecurity and healthcare related matters. Ms. Rose worked on Capitol Hill when HIPAA passed in 1996 and worked at HHS in 2009 when the HITECH Act was being implemented. 

In addition to being extensively published, a sought-after presenter, and quoted expert, Ms. Rose holds an MBA with minors in healthcare and entrepreneurship from Vanderbilt University, a law degree from Stetson University College of Law, and an Executive Certification in Leadership and Negotiation from Harvard Law School. She is also the co-editor of the American Health Lawyers Association’s Enterprise Risk Management Handbook for Healthcare Entities (2nd Edition), as well as a co-author of the ABA’s books The ABCs of ACOs and What Are International HIPAA Considerations?, as well as various chapters in legal and medical books alike.

She has been named consecutively to the Texas Bar College, the National Women Trial Lawyers Association’s Top 25,  Houstonia Magazine’s Top Lawyers (healthcare), the National Trial Lawyers Association’s Top 100,  SuperLawyers (healthcare), as well as 1st Healthcare Compliance’s 2019 and 2022 Top Presenter. Ms. Rose is also an Affiliated Member with the Baylor College of Medicine’s Center for Medical Ethics and Health Policy, where she teaches bioethics. 

Ryan Buckner | Schellman’s Learning, Education & Academic Development

Having directly performed and completed over 1,000 cybersecurity audits, Ryan is one of the most experienced IT and operational auditors in the world.

Ryan’s career focus has been on the performance improvement of IT audit professionals through educational and experimental audit programs and methodologies. With a heavy focus on the AICPA attest code, and various control and risk management frameworks, Ryan has served hundreds of project teams and organizations in the achievement of their IT audit certifications and compliance objectives.

Ryan is a Principal and the Chief Knowledge Officer at Schellman Compliance. Ryan currently serves on Schellman’s attestation leadership team to lead the firm-wide training services. Prior to this role, Ryan led the firm-wide research and development for attestation methodology for more than 15 years. Ryan maintains the following professional certifications, licenses, and designations, among others:

• Certified Public Accountant (over 20 years) licensed by nine (9) U.S. state boards of Accountancy
• Certified Information Systems Security Professional (CISSP over 20 years)
• Certified Information Systems Auditor (CISA)
• ISO 27001 Lead Auditor
• Certified Information Privacy Professional (CIPP)
• Certified Knowledge Manager (CKM)

Ryan is also an AICPA-approved and nationally listed Peer Review Specialist for SOC examinations.

For 20+ years Ryan has evaluated the design, implementation, and operational effectiveness of risk mitigation strategies through both IT and operational / process controls. This included the identification of compliance, regulatory, and financial business objectives, and the assessment of risk management practices designed to address the risks to those objectives. Ryan has performed and managed all phases of the IT and cybersecurity audit process from risk assessment and management through the development and execution of audit programs for various industries. Ryan continues to be a frequent speaker and contributor to cybersecurity conferences and training forums.

I. Understanding different types of standards and audits, as well as the three-step approach | 12:00pm – 12:15pm

II. How legal requirements intersect with audit requirements and content | 12:15pm – 12:30pm

III. What makes an audit effective, comprehensive, and legitimate? | 12:30pm – 12:45pm

IV. The role of third parties auditors and mitigating risk and how they may be named as a defendant | 12:45pm – 12:55pm

V. Conclusion | 12:55pm – 1:00pm