The NACD Northwest Chapter and Tonkon Torp invite you to join us for a director roundtable discussion on cybersecurity and board governance.
Cyberattacks against U.S. businesses continue to be an increasing threat in both the public and private sectors. The hyper technical nature of this topic presents special challenges for boards, audit committees, and risk management committees. As most cybersecurity experts know, it is not a matter of if but when a business will be attacked by a hacker, and these hackers are becoming more and more sophisticated. Emerging technologies such as artificial intelligence present new risks that directors must understand. We will explore the key issues facing board members that go beyond the basics in this ever-changing field.
Using the director roundtable format, our presentation will be an interactive exchange of ideas and experiences among fellow directors guided by our thought discussion leader Dr. John Kenagy. He is senior vice president and chief information officer at Legacy Health, serving as a member of the executive leadership team responsible for the strategic direction and integration of information systems and services, including cybersecurity.
In addition, Dr. Kenagy will be joined by FBI Agent George Chamberlain. He is the assistant special agent in charge in the Portland Field Office and leads the National Security Branch for the FBI. The National Security Branch consists of the counterintelligence, counterterrorism, and cyber programs. Mr. Chamberlain has spent his 20-year career with the FBI dealing with a host of cybersecurity issues confronting the United States.
Also joining the discussion will be Eric Beach, of counsel at Tonkon Torp, who will provide a legal and technical perspective based on his experience handling cyber incidents and his prior career as a software developer and architect.
Topics to be discussed include the following, in addition to other cybersecurity-related topics participants would like to discuss:
What does successful cybersecurity risk monitoring look like at the board level? What do board members find meaningful? What metrics should board members use to measure the effectiveness of cybersecurity efforts?
How is cybersecurity managed: by the full board or a committee (e.g., audit and compliance)?
How should a board educate itself on cyber risk, and how does this risk compete with other areas warranting board education?
Should a board have a CIO or information security professional as a member? What are the possible benefits and downsides?
At what level should a board be engaged regarding cyber incidents?
Should a company pay ransomware, and should it have a ransomware policy or a decision tree on paying ransomware?
Senior Vice President and Chief Information and Administrative Officer, Legacy Health
Dr. John Kenagy is senior vice president and chief information and administrative officer at Legacy Health, where he has worked since March 2012. He is responsible for information services, informatics, facilities operations, clinical engineering, safety and security, and corporate compliance in support of the largest nonprofit, community-owned health system in the Portland, Vancouver, and North Willamette Valley region. Dr. Kenagy has served as a healthcare chief information officer for over 20 years, working in a variety of health systems including federal government (Department of Veterans Affairs), academic (Oregon Health & Science University), and faith-based (Providence Health & Services) organizations.
Dr. Kenagy is currently pursuing his Juris Doctor degree from Lewis & Clark Northwestern Law School, which he expects to complete in December 2020. He is a member of the Editorial Board of the high-ranking Lewis & Clark Law Review. He authored “The Evolution of EHR Regulation,” which was selected as runner up in the 2018–2019 ABA Health Law Section’s Student Writing Competition and published in the April 2019 edition of The Health Lawyer.
In 2007, he was awarded a Doctor of Philosophy from Capella University’s School of Business and Technology. His doctoral research focused on healthcare information technology implementation success, culminating in the publication of Computerized Provider Order Entry in Multispecialty Ambulatory Practices: A Quantitative Analysis of Information Systems Success.
As a member of Tonkon Torp's Intellectual Property and Entrepreneurial Services practice groups, Eric Beach focuses his practice on advising clients on the value and business impacts of intellectual property; creating and negotiating technology and software licenses; and protecting clients' trademark, patent, copyright, and trade secret rights through litigation in both federal and state court.Â Beach also leverages his background in software development and architecture to assist clients in analyzing their privacy and data security risks and solutions.