Professor Michael J.
Shaw
Department of Business Administration
College of Business, University of Illinois at Urbana-Champaign
This course is partly sponsored by a grant from Microsoft. As Information Technology (IT) has become the foundation that supports the infrastructure, transactions, processes, and customer service of any business large or small, so has managing the trustworthiness of enterprise IT effectively emerged as a high priority for business administration. This focus on trustworthy computing is analogous to total quality management widely used in manufacturing and distribution a decade ago, except that the impact is potentially more pronounced because of the greater reliance on IT not only by businesses but also by the broader society. The course will provide students with a core body of knowledge-- for IT applications, management, and research-- concerning:
- The state of research and business practice of trustworthy computing
- Managerial issues for the prevention of business frauds and threats
- The multiple perspectives of trustworthy computing and how to integrate them
- The key technology for trustworthy computing for users and for businesses
- Issues concerning integrity, privacy, ethics, risk management, and reliability
- Best practices concerning regulatory compliance requirements
- Enterprise information management issues, policies and practices
-
Business Risk Management
-
Vulnerability Management and Assessment
-
Information Trust and Compliance Issues (Sarbanes-Oxley Act)
-
Dependable & Trustworthy Enterprises Systems
-
Enterprise Information Security Policy
-
Trustworthy Systems Development
-
Technology & Auditing Systems: Hardware and Software Defenses
-
Privacy Issues
-
Trustworthy supply chains in multinationals
-
Health Insurance Portability and Accountability Act (HIPAA)
| 1. Business Risk Management |
|
- Vendor Security Risk Assessment, by Kashif
Manzoor (report, slides, audit
checklist) Most of the IT security standards are too general and can be overwhelming. Even if a company picks up one of these standards and decides to follow it and roll it out - it can still find the standard overwhelming as most of the standards have hundreds of controls and practices that the company must instill in its culture. Despite the importance of security, the fact remains that companies usually do not treat this as high priority unless there is either a big incentive for doing it (e.g. high profit) or a liability for not doing it (e.g. mandatory government compliance). For USA companies various regulations (SOX, HIPAA etc.) have proven to be the motivating factor to implement IT security standards - unfortunately this motivation factor does not apply to offshore companies - since these regulations are not present in those countries. In my project I present a lightweight, easy to follow, concrete IT security risk assessment model (implemented as EXCEL sheet) which USA companies can use to assess the IT security risk of their vendors. Also related to: vulnerability management and assessment, information security policy |
| - Risk
Management of Information Technology Outsourcing under ITIL ITSM framework, by Szu
Chia Cheng (report)
This report covered the Business Risk Management and Information Trust and Compliance issues which discussed management process of identifying, measuring, monitoring, and controlling the risks associated in outsourcing information technology scenario. The major focus of this paper is to describe the monitoring process which setup up by ITIL ITSM framework. The content of this project includes the introduction about IT outsourcing risks, concept of ITIL (IT Infrastructure Library) and ITSM (IT Service Mangement), and ITSM framework. For case study part is discussed the HP ITSM, which dicussed the how ITIL influence ITSM, ITSM components, and discessed P&G ITSM experience in IT outsourcing control tool, which told us that the ability of ITIL ITSM could manage IT process effectively, and get more control power after outsourcing the IT operation. |
|
- Sarbanes-Oxley Act (SOX),
CoBIT, COSO
Project, By Subra
Krishnan (report)
The grand framework of SoX, COSO (Committee of Sponsoring Organizations of the Treadway Committee), CoBIT (Control Objectives for Information and related Technologies) and their future trends with some managerial caveats are introduced. Trustworthy computing usage model from Microsoft is summarized to indicate the direction where modern software development is heading. This would become a de facto standards for all software corporations. In COSO framework, ideas on Enterprise Risk management is touched upon. ERM not an end in itself, but rather an important means and helps an entity achieve its performance and profitability targets, and prevent loss of resources. It helps an entity get to where it wants to go and avoid pitfalls and surprises along the way. Under CoBIT, CRM and the Key Performance Indicators using Dashboard techniques to help top management evaluate the projects is discussed and IT is a major component of it. Some managerial intuition and how corporation are turning this new compliance into financial opportunity. In that regard the concept of Single Compliance platform will be the wave of the future. Keywords: Business Risk Management, Information Trust and Compliance Issues, Trustworthy Systems Development. Cross Link keywords: Dependable & Trustworthy Enterprises Systems, Enterprise Information Security Policy. |
| 2. Vulnerability Management and Assessment |
| - Vulnerability Management and Assessment, by Syed Haider (Riz) (report) Vulnerability management is a measurable and proactive process which enables organizations to understand the risk of certain vulnerabilities in its IT environment and ensure its network is not compromised. Assessing and managing risk relating to vulnerabilities requires that an organization understand the impact and cost of a successful attack on their environment. Automating the vulnerability management process with software provides a cost effective way for organizations to do that. This paper addresses the methodology required for successfully conducting, reviewing, and maintaining an effective Enterprise Vulnerability Management program. Related cases: eBay, AT&T |
| 3. Information Trust and Compliance Issues (Sarbanes-Oxley Act) |
| - Exploring the Potential for an Unified Compliance Policy Approach for Publicly-Listed
Companies in Healthcare Industry Complying with Both Sarbanes Oxley & Health Insurance
Portability & Accountability Act, by Sidhartha
Bhandari (report)
We look at common parts of these compliances in order to demonstrate that Corporations can approach regulatory compliances through a uniform policy matrix in order to reduce cost without missing out on any regulations. We conclude by sharing industry trends and the growing corporate realization for regulatory compliance unification which present day CEOs can not ignore. |
| - Information Trust and Compliance Issues under
Sarbanes-Oxley Act: Case
Study from Financial Service Industry, by Shu-shu Chou
(report)
This project is to explore the relationship with information trust and the Sarbanes-Oxley Act (SOX) issue. The SOX compliance requirement require IT department to play a more proactive role in overall company management infrastructure. Therefore, a close look about the IT trust issues and governance topics are extremely important in post-SOX era. There are many research projects and papers address to this topic and the purpose of this project will focus on the application side in a financial industry. The content of the project includes the introduction about major SOX and IT compliance concepts and tools, the analysis of the application in financial industry. Included on the case study are two financial service companies, Allstate and Moodys KMV. Conclusion and findings re-emphasize the importance on the close relationship with ITs role in building a trust and compliance enterprise in the future. |
| - Issues in Information Security and Verifiability for Biomedical Technology
Companies, by Ryan Morlok (report) Pharmaceutical, biomedical, and medical device companies face special IT requirements related to their use and storing of digital records. Regulated by the FDA, 21 CFR Part 11 allows such companies to use digital records and digital signatures in lieu of paper versions, provided they meet specific requirements in their implementation. In this paper, we look at the details of these requirements, and evaluate a risk-centric approach to compliance. Key words: FDA, 21 CFR Part 11, digital records, digital signature, compliance |
| - Information Protection Management, by Kshitij Shah (report, appendices)
The topic selected by me is Information Trust and Compliance Issues (SOX) and I have chosen to cover more depth about a single application of Confidentiality of Data that is Information Protection Management. This is as per the SOX section 404 Audit that describes the importance of the IT component of internal control guidelines. Financial data must remain confidential in transit via email outside the corporate network and this involves risks of confidential information, PCI/HIPAA/SOX/SEC violation and also a huge reputation risk. The approach that I have used is a real world application where consultants can actually use the questionnaires, risk assessment model and information protection worksheet provided by me to conduct assignments at client locations to address the problems of information protection. Also related to: Business Risk Management, Strategic Vulnerability Management, Technical Issues in Incident Handling An Information Protection Management Working Sheet can be provided by request |
| - Trustworthy and IT Security - COBIT Framework, by Ellan Imad
Shtiwi, (report)
Information technology is an important factor in achieving success in the information economy and central to an entity's operational and financial management. As a result, enterprise governance and IT governance can no longer be considered separate and distinct disciplines. Effective enterprise governance focuses individual and group expertise and experience where it can be most productive, monitors and measures performance, and provides assurance to critical issues. IT, long considered solely an enable of an enterprise's strategy, must now be regarded as an integral part of that strategy. In my paper, I focused on COBIT which is a framework that aligns IT with business strategy for any company. In addition, I analyze a case study on how Sun Microsystems implemented COBIT? What were the barriers that they faced? |
| 4. Dependable & Trustworthy Enterprise Systems |
| - Dependable and Trustworthy Enterprise Systems, by YoungHo Han (report) As the business environment becomes more open, companies and their enterprise systems need to handle a greater number of customers and thus plenty of uncertainties and potential risks. Plus, enterprise systems increasingly deal with mission critical applications with no stop. In this sense, the importance of reliability and uptime as well as performance is an essential part of enterprise systems. Since a short period of system down can cause a tremendous negative impact on a company image as well as on its financial structure, business enterprises strive to make their system more reliable, flexible, and protective. At the same time, companies also search for technology that can present them not only more dependable and trustworthy systems but also cost-effective systems. |
| 5. Enterprise Information Security Policy |
| - Security Maturity Assessment of B2B Company - GlobalUBid.com Case Study
and Application, by Tai Lan Chu (report)
This project will focus on introducing the risks which a B2B company might face and trying to develop general concepts to solve these possible crises by accessing the security maturity of the B2B companies which is from a case study. Furthermore, it will also discuss how a B2B company control and manage IT security to prevent the risks from happening. |
|
-
Building an e-Healthcare,
by Yen-Yi
Ho (report)
As the internet rising and developing, every industry wants to make money by setting the website through the internet. But e-business in Health Care Industry is not easy to set up because this industry is too complicated, specific and professional. All is about the life not a product. Now, something is changing. E-business will redefine the delivery, administration and management of health care during the next five years. Building an e-health care is not a dream. It can be put into practice in the future. Nowadays, the patient can look online with his symptoms and figure out what he has. He still needs to go to his doctor to get the prescription or orders the prescription online and then goes pick it up in hospital. This process is still inconvenient. Can we see the doctor online and get the prescription by printing it out? All the diagnosis process is online. This idea has been practiced by General Motor (GM) and Medscape. It launched in 2001 only for the employees in two isolated cities of GM. The project will concentrate on the three parts. One is policy issue- HIPAA; another is the infrastructures; the other is administration. In the first part, e-healthcare work in hospitals and clinics must be related by HIPAA- the privacy of personal health information and electronic information transmission. What are the infrastructures and the applications used for e-business will mention detail. |
| - Security
of Information Technology Assets and the Diffusion of Cyber Insurance, by
Prasanna
Karhade (report)
Modern information technology (IT) environments are growing in complexity. In spite of these growing complexities and the challenges associated with successfully implementing Information Systems, firms in different industries are investing in IT assets to conduct their business online (Jonathan 2000). The recent trade press indicates that the number of security threats and successful attacks is increasing at an alarming rate (Russ 2000; Hartwig 2002; Anat and John 2003; Joanne 2003; Anat and John 2004). In spite of widespread adoption of electronic commerce internet applications, cyber risks are not yet well understood (Dave 2004). Thus one key challenge in successfully using IT assets lies in ensuring that these IT assets are secure and not vulnerable to security violations (Orlowski 1996; Smith 2004). As a result of the growing potential and threat of security violations, IT mangers are making non-trivial investments to secure their IT assets (Mears 2004). In terms of investments, to reduce the risk and damage from successful security violations, IT manages can pursue several choices, including (1) investments in IT security technology products and infrastructure (Abrams and Joyce 1995) (2) investments in developing and enforcing IT controls, including security training of employees, developing and enforcing acceptable use policies, raising awareness regarding IT security issues or (3) outsource the IT security tasks to reputable vendors (Desouza, Awazu et al. 2004; Endorf 2004; Goodwin 2004; Blum 2005). A more recent investment opportunity IT managers are pursuing is (3) to invest in cyber insurance (Gordon, Loeb et al. 2003; Lynn 2004). |
| - A Framework for Security Investment and E-commerce
Law: An Economic Approach, by Sehak Chun and Wooje Cho (report)
In this study, we examine how different legal systems regarding e-commerce security affect the behavior of e-commerce firms and online customers. When a fraud online transaction occurs and the online customer disputes the transaction, in many European countries, the online customer takes responsibility for the proof of her/his argument, but, in the U.S., the burden of proof lays on the e-commerce firm (Anderson, 2002). Using math models, we intend to find the optimal level of e-commerce firms investment on security and see how online customers demand change under the different regulation. A main finding is that under some conditions, the law that imposes the onus of proof on the e-commerce firms drives them more profitable, which is consistent with the prior finding that US banks spend on security more effectively than their European counter parts (Anderson, 2002). |
| 6. Trustworthy Systems Development |
| - Trustworthy System Development: Grid Computing, by Sunghee Cho (report) Grid computing environment results in substantial performance that can be comparable to that of a super computer enabling high-level research or mass data analysis of cutting-edge sciences. Although grid computing has developed due to such a high performance, many security and license issues have been noted due to the fact that locally distributed computer resources. I will discuss grid computing in terms of the demand relevant to the issues and I will address the future direction with suggestion. |
| 7. Technology & Auditing Systems: Hardware and Software Defenses |
| - WORM is not enough!, by Soumyadeb Mitra (report)
Important documents like financial reports, customer communications etc are increasingly being maintained by businesses in electronic format. These represent much of the data on which key decisions in business operations are based and hence must be maintained in a trustworthy fashion - safe from destruction or clandestine modification. Secure retention of such data is also increasingly being regulated by govt regulations like Sarbanes-Oxley Act or SEC Rule 17a 4. Thus there has been a recent rush to introduce Write-Once-Read-Many (WORM) storage devices. In this paper, we argue that simply storing records in WORM storage, as is the current focus, is far from adequate to ensure that the records are trustworthy. The key issue is that for data to be truly trustworthy its entire lifecycle has to be secured: starting from the process of creating it, to storing & maintaining it and finally retrieving. In this paper we show that it is possible to compromise both the maintenance and retrieval of records even if it is maintained on WORM. |
| 8. Privacy Issues |
| - RFID Application & Issue, by Po-Chou Chen (report)
Nowadays, people hear more about RFID (Radio Frequency Identification) technology than ever before since RFID is one of critical technologies that will be likely to change their life in the near future. Most of people who thought that the RFID is the brand-new technology would be surprised that RFID concept has been used for a device for aircraft identification since World War II. Recent breakthrough in RFID technology enabled element microminiaturization and cost deduction, which ultimately made it possible to commercialize this technology in different applications in the market. RFID technology has been the spot light people focus on and has been expected to initiate the next revolution in delivery and supply chain system. However, like many other new technologies, RFID technology also brings some concerns for people as well as benefits. The most concern is a privacy issue because using the RFID technology might have a risk of disclosing some personal information to others. So far, there are some debates about a privacy issue of RFID technology application either in legal or in morale perception. Despite the privacy concern RFID technology has been implemented in various areas such as goods delivery and supply chain management system. As the privacy issue is solved and technology becomes more mature, RFID technology is expected to gain its momentum in the future. |
| - Trustworthy Report-Privacy Issue, by Chi-Wen
Huang (report)
Along with need for information circulation, internet became necessary technology. Human being through internet to communication, business, entertainment and consume. Mass circulation of information has become irresistible trend. It became very easy to gather electronic documents of government, enterprise, and personal information through internet, in which they often relate to private information. Because of commercialized attempt, many people advanced process multi-information in order to enhance its value added and be benefited from selling information accordingly. This phenomenon became much easier because of overflow of information. For example, Marketing Company or advertising agent can gather personal data through credit card bill, medical case, phone registrations etc., and then resell them to relevant companies. Consequently, we should sincerely consider this negative development, and adopt appropriate methods to managing information collection and utilization in order to avoid harm of information overflow. Otherwise, we can expect that information overflow will trigger serious crisis of infringing privacy because tremendous demand of information exchange. |
| - RFID, by Thidarat Rattanalert (report)
In recent years, Radio Frequency Identification (RFID) has caught attention in retail industry for better productivity. RFID is a generic term for the technologies that use radio waves to automatically identify individual items wirelessly [1], so as to track the entire circulation process of items from suppliers to end users. The actual adoption of RFID in retail industry is quite slow. In addition to the security issue, data privacy is a big concern due to the possible unwanted revelation of confidential or personal data stored within the RFID devices. In this paper, I aim to propose on a RFID Security and Privacy. Moreover, I will mention the RFID concept, RFID System accuracy and Scalability, RFID transmission system, RFID standards, the benefit of RFID supply chain, and examples and cases ( From the Summary of a 21stCentury Information Security: A Practitioners Perspective; Dan Swartwood, Motorola Privacy Protection Officer) |
| - Consumer Privacy vs. Government Surveillance,
by Michael Turnley (report)
This project investigates known public standards of consumer privacy and the surveillance practices of the American government. At the root of these issues is the evaluation of current civil liberties and laws in place and their applicability tin the face of technological advancement. The privacy issue in this analysis is concerned with both an individuals communications and the tracking of their location and movement. This is accomplished by performing a state-of-the-art survey of current trends and practices. The technical aspects of this project are addressed by examining the following topics: technological means by which the US government tracks individuals, and practices the government uses to determine whom to investigate. The business aspects are addressed by looking into: proposed legislation for privacy, current laws, roles played by communications providers, and roles played by data resellers. The privacy issue evokes additional factors such as trust and safety, which will be addressed as well. The emergence of terrorist-related issues has changed the lives of all Americans, and has renewed government interest into the daily lives of inhabitants in the US. Although most of these changes have been perceivable, such as the developments of the terrorist security threat level system and the Department of Homeland Security, others have been overlooked; namely those regarding our data personalities in the digital realm. Moreover, with the era of ubiquitous computing the issues of privacy and surveillance are slowly re-emerging and long accepted policies are being reevaluated. Measures to protect our alternate representations needs to be pushed to the fore so that we may make informed decisions regarding such information. This project is to serve as an informative, concise source that sheds light on a topic that affects all inhabitants of the United States. |
|
- RFID Privacy concerns and Compliance Issues,
by Elahe Javadi (report)
Radio Frequency Identification, though not a new technology, has attracted attention in some parts of industry for a few years. The main advantages of RFID over optical barcodes are their uniquely identifiable authenticity and ability to be authenticated automatically. RFID tags and readers are still far from to be a commodity for companies; therefore RFID hardware manufacturer are struggling to find an efficient way to achieve the so-called 5-cent-tag goal set by market analysts. On the other hand, customer privacy advocates, have already established their campaign against what they call "spychip" or "the big brother barcode". CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) have proposed a model legislations for protecting individual privacy titled "RFID right to know act of 2003". The basic concern is that companies should notice consumers about RFID tag existence and provide them with the option to destroy it. In this paper, first I'll review the technology and the way it helps companies achieve their functional enhancement or reinvention goals. Then I discuss several of challenges exist in RFID deployment including privacy as one of the biggest obstacles; and then I explain the proposed solution by some organizations active in this area; Finally, I'll introduce some guidelines concentrating on the privacy concern of consumers. Keywords: RFID, Privacy, EPC, Security, Threat |
| - An Investigation of Privacy Tradeoff on the Internet,
by Fei Lee (report)
Privacy on the Internet may be considered as an economic tradeoff. Online consumers are willing to tradeoff private personal information with benefits or rewards such as a personalization user interface and product discounts. Organizations are willing to risk their reputations in order to collect as much customer information as possible. However, little is known regarding how to strike a balance between the tradeoffs that could satisfy both consumers and online firms. This paper aims to examine the relationship between online privacy, trust, and firms reputation. We propose that consumers trust towards online firms is associated with firms self-regulated privacy policies. In addition, online firms reputation can be enhanced if firms offer privacy awareness information or technical support regarding privacy concerns on their websites. |
| 9. Trustworthy Supply Chains in Multinationals |
| - Trustworthy Supply Chains, by Frances Qian (report)
My project is about the security of supply chains. One important key concept of my project includes the descriptions of supply chain risks such as financial risk, hazard risk, operation risk and strategic risk. Effective frameworks and models for managing risks in supply chains are introduced and explained as well from a business perspective. In addition, this project also points out the relationship between supply chain security and Sabanes-Oxley Act. In the term of technology, this project lists available techniques and tools, such as Bluetooth, RFID, Wi-Fi network, and so on. Examples from companies such as P&G, Sun, Dell, Amazon, Wal-Mart, and Motorola demonstrate how important it is for companies to make use of good risk management frameworks and models, and advanced technologies and tools to configure the right technologies combination, which can enhance the security of their supply chains and gain advantages. Moreover, security is achieved by the combination of people, policy, process and technology. Therefore, software security, partner cooperation and coordination, corporation policy and employee training are fairly vital to secure supply chains. keywords: Trustworthy Enterprises Systems, Enterprise Information Security Policy, Trustworthy Systems Development, RFID |
| 10. Health Insurance Portability and Accountability Act (HIPAA) |
| - HIPAA - Security and Privacy in the Healthcare Industry: A Survey of Industry
Practices and Trends Relating to HIPAA, by Kathrine Meus (report)
As information in today's world moves closer to being completely electronic, issues in privacy and security become more and more prevalent. These issues are particularly of interest in the realm of the healthcare industry. HIPAA legislation was a great motivation for a revamping of the industry's technology infrastructures. HIPAA was just the first step on the way to completely electronic health records and integrated healthcare information technology. The spirit of HIPAA lives on through recent legislative movements and industry initiatives." |
|
- Information
Trustworthy under HIPAA in Healthcare Industry, by Eddy Tan (report)
April 13, 2003 was a landmark date for healthcare organizations through the United States. This is the day that the Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule went into effect, carrying with it security implications in the form of privacy safeguards. HIPAA seeks changes or reforms in the following areas: portability of health insurance, prevent healthcare fraud and abuse, administrative simplification, tax related provisions, group health plan requirement and revenue offset. The federal government introduced HIPAA with expectations to lower the health care administrative cost, improve the efficiency and effectiveness of health care delivery system and to protect and safeguard patient health information. HIPAA regulation applies to every health plan, health care clearinghouse, health care provider and their business associates that transmit any administrative health information in electronic form. Every transaction within the corporate entity is subject to HIPAA requirements just as they are between such entities. Any record transmitted electronically, even in paper format, is subject to the privacy rules. |
|
Name |
Program |
|
| Bhandari Sidhartha | MS in Technology Managenent | |
| Burke John | PHD in Business Administration | |
| Chen Po-Chou | MS in Technology Managenent | |
| Cheng Szu Chia | MS in Technology Managenent | |
| Cho Woo je | PHD in Business Administration | |
| Cho Sunghee | MS in Technology Managenent | |
| Chou Shu-Shu | MS in Technology Managenent | |
| Chu Tai-Lan | MS in Technology Managenent | |
| Haider Syed | MS in Business Administration | |
| Han Young Ho | MBA | |
| Ho Yen-Yi | MS in Technology Managenent | |
| Huang Chi-Wen | MS in Technology Managenent | |
| Javadi Elahe | PHD in Business Administration | |
| Karhade Prasanna | PHD in Business Administration | |
| Krishnan Subramaniam | MS in Technology Managenent | |
| Lee Fei | PHD in Business Administration | |
| Manzoor Kashif | MS in Computer Science | |
| Meus Kathrine | BS in Computer Science | |
| Mitra Soumyadeb | PHD in Computer Science | |
| Morlok Ryan | MS in Computer Science | |
| Qian Frances | MBA | |
| Rattanalert Thidarat | MS in Technology Managenent | |
| Shah Kshitij | MS in Technology Managenent | |
| Shen Ying | PHD in Business Administration | |
| Shtiwi Imad Ellan | MS in Technology Managenent | |
| Tan Eddy | MS in Technology Managenent | |
| Turnley Michael | PHD in Computer Science |
| Name | Institution | Topic | |
| Jason Weile | Manager, Systems and Process Assurance, PWC | Risk Management | |
| Andrew Petrum | Protiviti | Vulnerability Management | |
| Roy H. Campbell |
Sohaib and Sara Abbasi Professor Siebel Center for Computer Science, UIUC |
Critical Infrastructure for the Power Grid | |
| Deron Grzetich | Protiviti | IT and Sarbines-Oxley Compliance Issues | |
| Peter Siegel | CIO, UIUC | Enterprise Information Security Issues: The Case of Higher Education Institutions | |
| Mike Corn | Director, Security and Privacy Services, UIUC | Security and Privacy | |
| James Murray | Grant Thornton | Computer Forensics | |
| Thomas Kleyle | Senior Manager, Systems and Process Assurance, PWC | Privacy Issues and Regulation | |
| Bill Boni | Chief Security Officer, Motorola | Enterprise and Supply-Chain Security Management | |
| Dan Swartwood | Motorola | Privacy Issues and Regulation | |
| Richard Jaehne | Director, the Illinois Fire Service Institute | Emergency Response and Unified Command Systems | |
| Greg Hedges | Managing Director, Protiviti | Risk Management and the Identity Theft | |
| Anthony Cutilletta | MD, Managing Director, Protiviti | HIPAA and the Healthcare Industry |