Why Cyber Security Programs Fail

OL122-17  |  On Demand  |  Update  |  Self-Study


Despite increased focus and investment by many organizations in cybersecurity, the bad guys continue to find success.  In this insightful session, Mark will discuss the reasons that many cybersecurity programs are not successful, and provide action items so that attendees can ensure that their cybersecurity investments are producing the intended results.  

Learning objectives:
•Understand the importance of an information security/data protection program
•Identify and recognize the types of sensitive data that are typically targeted by attackers
•Identify and recognize common weaknesses that lead to security breaches
•Develop an action plan for preventing security breaches

This video was recorded at the 2017 Cyber Security Conference


Number of Credits Type of Credits
1 Management







We have updated the format of the vidoes in the TSCPA On Demand Video Library to optimize your viewing experience. Please take a quick moment to view the video below and test your system.

Can you play the video above? If not, your network's firewall is likely blocking our on-demand courses. Please have an IT professional whitelist vimeo.com and vimeocdn.com. If you have additional questions, please contact TSCPA at 615/377-3825.

Login and eMaterials: To access TSCPA's On Demand Video Library courses and related eMaterials, click on your My CPE page. All On Demand course purchases will be accessible from this personalized page.

Cancellations, substitutions and transfers are not available for On Demand courses or self-study products. By registering for this On Demand course, you agree to TSCPA's Policies and Procedures.


Member (Early Bird)
Non-Member (Early Bird)
Registration for this event has closed. If you have any question or concerns please give us a call at 615-377-3825 or send us an e-mail at registrar@tscpa.com



Mark Burnette is a Shareholder in LBMC’s Information Security practice. LBMC is the 45th largest accounting and professional services firm in the United States. Mark oversees LBMC’s information security consulting services and technical information security assessment capabilities, and serves as the service line leader for LBMC’s PCI (credit card security rules) security practice.

During his decorated career, Mark has served as the President and Global Practice Leader for a national information security consulting company and built and led information security functions for two major publicly-traded corporations. He worked for several years in key leadership roles with two of the Big 6 (now Big 4) accounting firms where he specialized in developing, implementing, assessing, and securing information technology solutions for companies in the healthcare, retail, manufacturing, banking, and insurance industries.

In 2005, while serving as the Global Information Security Officer for international insurance broker The Willis Group, Mark was named the Information Security Executive of the Year at the ISE Southeast Awards. In 2008, while serving as the Executive Director of IT Operations and Security for hotelier Gaylord Entertainment Company, he was named one of Information Security Magazine’s “Security 7” top seven security leaders, and was chosen by ComputerWorld Magazine as one of the Premier 100 IT Leaders for 2009.

In January 2011, the Information Systems Security Association (ISSA), the international trade association for information security professionals, named Mark a Fellow. This prestigious honor, which has only been granted to a handful of individuals worldwide, is bestowed by the ISSA Fellow Program for distinguished accomplishments in the field of information security, leadership, and future service to the association and profession. Mark’s unique background allows him to bring a “walk a mile in the shoes” perspective to all of LBMC’s security engagements. His experience building and running information security functions allows him to develop solutions that are relevant, practical, and actionable.

Recognized as an IT security expert by technology think-tank Gartner, Mark has repeatedly been featured as a subject matter expert on ABC and CBS television affiliates and in print media such as CSO, Secure Enterprise, Information Security, and ComputerWorld magazines. He is a regular collaborator with the Middle Tennessee office of the Federal Bureau of Investigation and has co-presented on cybersecurity with FBI agents several times. He is a noted author and a frequent speaker to International conferences and specialty groups such as the Tennessee Bar Association, the Pennsylvania Institute of Certified Public Accountants, the Tennessee Society of Certified Public Accountants, Information Systems Audit and Control Association, Institute of Management Accountants, Institute of Internal Auditors, & ISSA, and on College and University campuses across the United States. Mark also served as an Adjunct Professor of Accounting at Belmont University for four years, where he taught Accounting Information Systems.

Mark currently serves on the American Institute of CPAs’ national Cybersecurity Working Group. That group of cybersecurity experts has worked on behalf of the AICPA to update existing cybersecurity control descriptions for the CPA profession and to develop a new cybersecurity risk management attestation standard that will be publicly available in May, 2017.

During 2016, the AICPA also tapped Mark to develop a cybersecurity toolkit for its member firms that provides guidance on how CPA firms can develop and staff a cybersecurity consulting function that will allow them to offer cybersecurity services to their clients. The toolkit also provides a description of the nature of services that could be provided and insights on how to ensure they are effectively delivered to clients. In further recognition of Mark’s cybersecurity acumen, the AICPA asked him to lead the development of the AICPA’s official training curriculum on cybersecurity risk assessment and consulting services. This new training course, delivered for the first time in June 2017, will train the next generation of cybersecurity auditors and assessors in the proper scoping, evaluation, execution, review, and reporting of an entity’s cybersecurity posture.

Back to Facilitators