Healthcare organizations, businesses, and local governments are all common targets of online crime. Our programs bring business leaders from across industries together to collaborate with our students and faculty on timely solutions to cyber and national security concerns.听
and video podcast host Matthew Rosenquist, and Kevin Powers, founding director of the M.S. in Cybersecurity Policy and Governance program, dissect the recent conviction of the Uber CISO.听
听
听
October 11, 2023
Co-Hosted with Boston College ITS
Every day the headlines announce how Artificial Intelligence (AI) will impact and change all aspects of business in the coming years, especially as it relates to the cybersecurity regulatory, governance, risk management, and compliance landscape. On top of that, as noted by Forbes, cyber-criminals are using AI to conduct sophisticated attacks on organizations, as 鈥淎I and Cybercrime Unleash a New Era of Menacing Threats鈥 (e.g., deepfakes, ransomware, business email compromise, supply chain attacks, fraudulent transactions, etc.). According to IBM Security, the average cost of a data breach in the United States is $9.48 million, which is more than double the average global figure. For most organizations, the stakes can be even higher, as they will have to defend their data privacy and security AI policies and practices in enforcement actions brought by the varying federal, state, and international regulators, as well as in class action and shareholder derivative lawsuits.
What to do?
In our webinar, we will cover the latest updates on AI security and privacy regulations and frameworks, as well as the compliance and mitigation strategies that can help U.S. companies navigate the tangled legal web and develop an effective GRC program by using a risk-based approach to cybersecurity to not only successfully protect their business operations, non-public sensitive data, and bottom lines, but also respond to, mitigate, and recover from a data breach.
Welcoming:
Mike Bourque
Vice President & CIO, ITS
Boston College
Moderator:
Professor听Kevin听R. Powers, J.D.
Founder and Director
M.S. in Cybersecurity Policy & Governance Program
Boston College
Panelists:
Phil Aldrich
Chief Operating Officer, Verterim
Adjunct Faculty, CPG Program听
Etay Maor
Senior Director, Security Strategy,听Cato Networks
Adjunct Faculty, CPG Program听
Thom Shola听听
Chief Risk Officer, Northern Bank
Adjunct Faculty, CPG Program听
听
October 2023
Moderator:
Darren Mott
FBI Special Agent (ret.) - the 鈥淭he CyBUr Guy"
Panelists:
Professor Kevin R. Powers, J.D., Boston College
Professor Randall Trzeciak, Carnegie Mellon
Evan Rice, GuideStar
Heath Spencer, TraitWare
听
Tuesday, March 29, 2022
It is estimated that there will be 3.5 million cybersecurity job openings in 2025 and, by some estimates, the global cybersecurity workforce needs to grow at 145 percent each year simply to keep pace with the demand for skilled talent.听 All of this while each day there is a headline grabbing news piece involving another cyber-attack resulting in the theft of digital information (e.g., sensitive and private personal data, intellectual property, trade secrets, financial information, classified and confidential materials) or the disruption of government and business functions).
To address this urgent issue, many private and government entities are looking to cybersecurity 鈥渕anaged services鈥 to bridge the skills gap and to assist them with their cybersecurity postures.听听However, with all of the services and products currently offered in the market, what is best for you and your organization will vary depending on your unique circumstances and cyber-risks.听听What to do?
In our webinar, we will identify, differentiate, and discuss the varying managed services offered (e.g., MSSP, MDP, SIEM, vCISO, incident response, cloud security, etc.) and provide practical insights, guidance, and best practices for organizations as they look to managed service providers to assist them in designing and developing a robust cybersecurity and data privacy program to protect their business operations and their customers鈥 data.
Moderator:
Professor听Kevin听R. Powers, J.D.
Founder and Director
M.S. in Cybersecurity Policy & Governance Program
Boston College
Guest Speakers:
Jay Pasteris
CIO & CISO
GreenPages Technology Solutions
Jennifer McLarnon
Security Consulting Senior Manager
Accenture听(former CIO, Boston College High School)
听
Tuesday, January 25, 2022
We have seen a significant increase in cybercrime and headlines filled with attacks that have stolen digital information or caused the disruption of government, business, and supply-chain functions. It has been devastating in many regards, but we have also seen a new, unprecedented age of innovation. Venture capital funding has poured into cybersecurity companies at a record pace, helping drive the next generation of cybersecurity technologies to combat today鈥檚 threats and narrow the talent shortage gap.In our webinar, our guest expert, who invests in and advises late-stage and growth companies, will discuss the role of the VC (from 鈥渟oup to nuts鈥) in cybersecurity and data privacy as well as various trends for 2022 and beyond.听听
Guest Speaker:
John Cordo
Principal
NightDragon
Moderator:
Professor听Kevin听R. Powers, J.D.
Founder and Director
M.S. in Cybersecurity Policy & Governance Program
Boston College
听
Tuesday, November 16, 2021
The vast majority of cybercrimes contain an element of social engineering (e.g., business email compromise, phishing, spear phishing, whaling, vishing, SMiShing, pretexting,听听etc.). In fact, it is estimated that 98% of cyberattacks are launched through social engineering.听Every day the headlines broadcast another cyber-attack on an organization resulting in the theft of digital information (e.g., sensitive personal or healthcare information; intellectual property; trade secrets; and confidential business, financial and legal information) or the disruption of government and business functions. According to IBM Security, the average cost of a data breach in the United States is $8.64 million, which is more than double the average global figure. For most organizations, the stakes can be even higher, as they will have to defend their data privacy and protection policies and practices in enforcement actions brought by the varying federal, state, and international regulators as well as in class action and shareholder derivative lawsuits. What to do?
In our webinar, we will cover social engineering, focusing first on the cyber-threat actors, the threat vectors, and the varying methodologies used to conduct a social engineering attack.听While using practical examples, our panel of experts will then discuss:听how a social engineering attack can unfold; the key research and data on such attacks; security community preparedness; and how organizations can protect their business operations and sensitive data from social engineering attacks through recognized, industry best practices.听听
Moderator:
Professor听Kevin听R. Powers, J.D.
Founder and Director
M.S. in Cybersecurity Policy & Governance Program
Boston College
Panelists:
Karen Kukoda
Vice President, Strategic Partnerships
SafeGuard Cyber
Jennifer McLarnon
Security Consulting Senior Manager
Accenture
Amanda Tucker, CRCM, CAMS, CICA 听
Chief Risk and Compliance Officer
Atlantic Bay Mortgage
听
Tuesday, October 19, 2021
Every day the headlines broadcast another cyber-attack on an organization resulting in the theft of digital information (e.g., sensitive personal or healthcare information; intellectual property; trade secrets; and confidential business, financial and legal information) or the disruption of government and business functions. According to IBM Security, the average cost of a data breach in the United States is $8.64 million, which is more than double the average global figure. For most organizations, the stakes can be even higher, as they will have to defend their data privacy and protection policies and practices in enforcement actions brought by the varying federal, state, and international regulators as well as in class action and shareholder derivative lawsuits. What to do?
In our webinar, we will cover the latest updates on security and privacy regulations, as well as the compliance and mitigation strategies that can help U.S. companies navigate the tangled legal web and develop an effective GRC program by using a risk-based approach to cybersecurity to not only successfully respond to, mitigate and recover from a data breach, but also to protect their bottom lines.
Moderator:
Professor听Kevin听R. Powers, J.D.
Founder and Director
M.S. in Cybersecurity Policy & Governance Program
Boston College
Panelists:
Phil Aldrich
Director
Enterprise Risk Management & Governance, Risk, and Compliance
Dell EMC
Padraic O'Reilly
Co-Founder and Chief Product Officer
CyberSaint
September 16, 2021
Each day there is a headline grabbing news piece involving another ransomware attack resulting in the theft of digital information (e.g.,听sensitive and private personal data,听intellectual property, trade secrets, financial information, classified and confidential materials) or the disruption of government and business functions. Nation-states, terrorists, hacktivists, and cyber-criminals are relentless. Companies are told "it's not a matter of if, but when" they will be attacked by ransomware and held hostage until they pay millions to 鈥渕aybe鈥 get their network systems running again and data back. Compounding that, federal and state regulators are stepping in with new requirements and hefty fines and penalties, mandating companies in all sectors to address cybersecurity with little, if any, real guidance on how to do so.听What to do?听
In our webinar,听we will discuss how organizations can develop an effective cyber-risk management strategy, based on 鈥渓essons learned鈥 and industry best practices, to not only plan for, but measure their readiness, to successfully respond to, mitigate, and recover from a ransomware attack to protect their business operations, customer and employee sensitive personal data, and other confidential and proprietary information.
Moderator:
Professor听Kevin听R. Powers, J.D.
Founder and Director
M.S. in Cybersecurity Policy & Governance Program
Boston College
Panelists:
Doug Domin
Supervisory Special Agent
Criminal Cyber Squad (CY-2)
Federal Bureau of Investigation (FBI), Boston Division
Simon Taylor
CEO & Founder
HYCU, Inc.
(Backed by Bain Capital Ventures)
May 12, 2021
Over the last 40 years,听traditional computer security has not properly examined cyberspace as an economic model, the security of which is driven by forces of supply and demand.听To date, cyber defenders听have focused only on听limiting supply (or听decreasing the availability) of intellectual property, financial data, and other cyber resources听by improving cyber protections.听Our adversaries know that collecting data via cyber methods (versus collection听via HUMINT or SIGINT) is a cheap, risk adverse, and听resilient听approach.
What to do? In our webinar, we discussed the need to instead听focus听on听our adversaries鈥櫶齞emand听signal, with the goal of听decreasing听demand. Cyber deception听is one of the few approaches that can听effectively听drive down the ROI of cyber collection programs.听As such, we discussed, among other things: the current issues preventing CTI programs from expanding their focus; shifting traditional INFOSEC thinking and paradigms; establishing cyber deception operations; and sharing among a coalition of the willing, so that organizations can not only protect their data, but also their business from today鈥檚 cyber-threats.
Host:
Professor听Kevin听R. Powers, J.D.
Founder and Director
MS in Cybersecurity Policy & Governance Program, Boston College
Moderator:
Doug Domin
Supervisory Special Agent听
Federal Bureau of Investigation Boston Division - Cyber Crime Program
Panelists:
Dr. Stanley Barr, Ph.D.
Senior Principal Cyber Researcher
MITRE Corporation
听
J.R. Manes
Global Head of Cyber Intel & Threat Analysis Cybersecurity
HS精东影业 Holdings PLC
April 22, 2021
Organizations are faced with unrelenting threats from Nation-states, terrorists, hacktivists, and cyber-criminals seeking to steal their digital information (e.g., sensitive PII, intellectual property, trade secrets, financial information, classified and confidential materials) or disrupt government and business functions.
What to do? In our webinar, we will discuss the current cyber-threats to organizations and our critical infrastructure, the role of the U.S. Attorney鈥檚 Office, pertinent cyber and national security laws (e.g., CFAA, CFIUS, FCPA, OFAC advisories, etc.), and how organizations can protect their sensitive data and networks from cyber-attacks, as well as successfully navigate the complex legal and regulatory landscape to avoid civil and criminal liability.
Moderator:
Professor听Kevin听R. Powers, J.D.
Founder and Director
MS in Cybersecurity Policy & Governance Program, Boston College
Guest Speakers:听
Mackenzie Queenin
Assistant U.S. Attorney
Securities, Financial, and Cyber Fraud Unit
U.S. Attorney鈥檚 Office, District of Massachusetts
Professor Joanna Baltes, J.D., L.L.M
Curriculum Coordinator
MS in Cybersecurity Policy & Governance Program,听Boston College
(former Chief of Staff to FBI Deputy Director, former Federal Prosecutor, and former听Counsel to the Assistant U.S. Attorney General for the National Security Division)
听
听
Boston College Healthcare Administration and Cybersecurity Programs Joint Webinar
March 25, 2021
Each day nation-states, terrorists, hacktivists, and cyber-criminals are targeting healthcare organizations to steal sensitive patient data, intellectual property, and research and/or to disrupt their business operations. COVID-19 has only amplified these threats and caused more challenges for healthcare organizations due to changes in HIPAA and other healthcare compliance requirements.听
In our webinar, we will: discuss the varying updates and proposed changes to HIPAA and other laws affecting healthcare security and privacy; provide practical guidance for healthcare organizations to efficiently and cost effectively comply with such regulatory requirements; and outline best practices to not only protect your data and systems, but also successfully respond to, mitigate, and recover from a cyber-attack.
Welcoming:
Joni R. Beshansky, MPH, LP.D.
Director
Master of Healthcare Administration Program
Boston College
Moderator:
Professor听Kevin听R. Powers, J.D.
Founder and Director
MS in Cybersecurity Policy & Governance Program
Boston College
Guest Speakers:
Scott Lashway
Managing Partner, Boston Office
Co-Chair, Data Privacy & Security Practice Group
Manatt, Phelps, & Phillips, LLP
听
Tim Stettheimer, Ph.D.
Vice President, Education
College of Healthcare Information Management Executives (CHIME)
Adjunct Professor, Boston College
February 3, 2021
Business organizations are faced听with not only cyber-threats from Nation-states, terrorists, hacktivists, and cyber-criminals but also a multitude of burdensome cybersecurity requirements from Federal and State regulators to protect their digital information.听With every new technology and business trend (e.g., cloud, IoT, AI, work from home, tele-health) comes the question of "how are we going to secure our data and networks?"听
In our webinar, we will get "back to basics," focusing on risk management, cyber hygiene, mitigation, and resiliency by discussing how to effectively make the business case for investment in cybersecurity, including technologies, processes, and people (e.g., from the Board and senior executives to the business units to administrative and support staff), and develop and implement data security and privacy programs to protect your data and business from today鈥檚 cyber-threats.
Moderator:
Professor听Kevin听R. Powers, J.D.
Founder and Director
MS in Cybersecurity Policy & Governance Program, Boston College
Guest Speakers:
Thom Shola
Senior Vice President & IT Cyber Security Officer
Global Wealth & Asset Management
John Hancock Retirement Plan Services
Professor Joanna Baltes, J.D., L.L.M
Curriculum Coordinator
MS in Cybersecurity Policy & Governance Program
Boston College
(Former Chief of Staff to FBI Deputy Director)
View the slides of this presentation in PDF.
*If you need to download the free Adobe Acrobat Reader software, you can find it听
December 2, 2020
Cities are becoming 鈥渟mart鈥 through digital transformation efforts in order to increase economic growth, enhance citizen and government engagement, improve the quality of life for citizens (e.g., transportation, public utilities, safety, equality, employment), and reduce negative environmental impact, among many other benefits.听听In our听webinar, we discussed how cities and communities can, by using IoT-enabled frameworks and other best practices, develop programs to effectively听address the cybersecurity issues faced by cities and communities looking to become 鈥渟mart.鈥
Moderator:
Professor听Kevin听R. Powers, J.D.
Founder and Director
MS in Cybersecurity Policy & Governance Program, Boston College
Guest Speaker:
Bill Corrigan
Expert Associate Partner
McKinsey & Company
View the slides of this presentation in PDF.
*If you need to download the free Adobe Acrobat Reader software, you can find it听
October 20, 2020
In our听webinar, we discussed how to develop an effective incident response plan, based on 鈥渓essons learned鈥 and industry best practices, and how to successfully respond to, mitigate, and recover from a data breach.
Moderator:
Professor听Kevin听R. Powers, J.D.
Founder and Director, MS in Cybersecurity Policy & Governance Program, Boston College
Guest Speakers:
Diana Kelley, Board of Governors Member, Women in CyberSecurity (WiCyS)(Former Microsoft Cybersecurity Field CTO and IBM Global Executive Security Advisor)
Etay Maor, Chief Security Officer,听IntSights
August 24, 2020听
Cyber-criminals are always looking for ways to take advantage of any situation and COVID-19 is no exception.
Speakers:
Professor Kevin R. Powers, J.D.
Founder and Director, MS in Cybersecurity Policy & Governance Program, Boston College
Doug Domin
Special Agent, Criminal Cyber Squad (CY-2), Federal Bureau of Investigation, Boston Division
听
Each Fall and Spring Semester
Table-top Exercises at IBM鈥檚 Cyber Range, Cambridge, Massachusetts
Annually
For six years Boston College and the Federal Bureau of Investigation have hosted the听Boston Conference on Cyber Security, a one-day event featuring compelling lectures and panel discussions from international leaders in the disciplines of emerging technologies, operations and enforcement, and real-life cyber and national security concerns.听At a time of growing concern about the vulnerability of our nation鈥檚 information systems, this conference provides an opportunity for leaders in cybersecurity from the academic, analytic, operations, research, corporate, and law enforcement arenas to come together and coordinate their efforts, creating a more secure cyber-space.
Learn more and watch the video recordings of the most recent 精东影业CS
In collaboration with the Center for Security and Emerging Technology (CSET) at Georgetown University, our students provide a community of forecasters to predict trends in AI and emerging technology that will inform their policy recommendations. This is a unique opportunity to learn more about crowd forecasting and to shape the future of emerging tech policy. The most active and accurate participants will be eligible to win rewards and prizes!听
All participants will have access to forecasting data that can be used for their own research purposes. This project has the potential to shape emerging tech policy for years to come and we (the CPG Program) are part of the project/team in kicking this off. If you are interested in participating, please use your "bc.edu" email address and not your affiliation with the 精东影业 Cyber Program.
You can learn more and register to become a forecaster.
A professional group for Boston College students, faculty, alumni (undergraduate, graduate, and law) and friends and supporters of our Cybersecurity and National Security Programs at 精东影业 and 精东影业 Law who are interested in networking (e.g., posting of jobs and internships, industry and government events, etc.) with each other and collaborating on the varying cybersecurity issues faced by industry and governments.听听
With over 140,000 members worldwide, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems.
Our ISACA CPG Student Group is 精东影业鈥檚 local chapter of ISACA New England, focusing on connecting students with opportunities in cybersecurity, information systems and technology, computer science, and business management, among others.听 Also, as a member of the Group you will have access to varying trainings and certifications offered by ISACA at discounted rates.听 For more information, please contact our Student Group President, Alison Hiatt at hiatta@bc.edu.听听
Fulbright TechImpact Scholar Awards are听research听grants for Irish citizens, or E.U. citizens resident in the ROI for 3+ years, to complete short-term, non-commercial projects and research in the U.S.听These Awards are open to Professionals (no PhD required) and early career researchers with PhD conferred since 2015.听They are designed to respond to the potential and pace of Information and Communications Technologies (ICT).
听
Kevin R. Powers, J.D.
Founder and听Director, M.S. Cybersecurity Policy and Governance, Boston College
Assistant Professor of the Practice, Boston College Law School & Carroll School of Management
听
Kevin is the founder and Director of the M.S. in Cybersecurity Policy and Governance Program at Boston College, and an Assistant Professor of the Practice at Boston College Law School and in Boston College鈥檚 Carroll School of Management鈥檚 Business Law and Society Department. With over 20 years of combined law enforcement, military, national security, business, higher education, and teaching experience, he has worked as an analyst and an attorney for the U.S. Department of Justice, U.S. Navy, U.S. Department of Defense, law firms in Boston and Washington, D.C., and as the General Counsel for an international software company based in Seattle, Washington. Along with his teaching at Boston College, Kevin is a Research Affiliate at the MIT Sloan School of Management and he has taught courses at the U.S. Naval Academy, where he was also the Deputy General Counsel to the Superintendent. Kevin also is a Senior Cybersecurity Advisor for Manatt, serves as a Trustee for the Board of Boston College High School, and as a Member of the Boston College Law School Business Advisory Council. From 2016-2017, he was the Panel Lead for the Collegiate Working Group for the U.S. Department of Homeland Security's National Initiative for Cybersecurity Education (NICE). Kevin regularly provides expert commentary regarding cybersecurity and national security concerns for varying local, national, and international media outlets.
听