Upcoming Chapter Events

Below are upcoming chapter conferences, seminars, review courses, and other events.  Prior chapter events can also be viewed.

For information on our event policies, see https://isaca-gwdc.org/event-policies/.

« All Events

NIST Privacy Framework Workshop

March 27 @ 8:30 am - 5:00 pm EDT

GWDC Member $125, Non-GWDC Member $200

This intensive one-day virtual workshop, “NIST Privacy Framework,” scheduled for Thursday, March 27th, 2025, will provide participants with a thorough understanding of how to manage privacy risks and protect individual privacy while achieving organizational objectives. The workshop will cover strategies for implementing privacy practices that align with regulatory requirements. Participants will gain valuable insights and practical knowledge to enhance their organization’s privacy management capabilities. The workshop offers 7 Continuing Professional Education (CPE) credits.

Registration closes on March 26 @ 3pm. 

Register Today!

 

Course Overview

March 27

The workshop will be held on March 27 from 8:30 am to 5:00 pm.

Add this event to your calendar using the Add to Calendar link at the bottom of the page.

 

Virtual Event

The course will be held using Teams.

Prior to the event, participants must install the Teams app on their respective devices. Participants using the web-based Teams or calling via the phone may not be entitled to CPE credits.

GWDC Member Fee – $125

The fee for GWDC Members is $125 for the course.
The fee for all other registrants is $200 for the course.

To become a member and take advantage of the member rate for our events, among other benefits, join ISACA and select the Greater Washington D.C. Chapter as your local chapter.

 

Earn up to 7 CPEs

Attendees can earn up to 7 CPEs for this event.

Participants must respond to all the poll questions via the Teams polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls.

Share this Event in Your Network

 

Agenda

Module 0: Course Overview and Introduction

  • Introduction and Course Overview
  • Participant Introductions
  • What is the NIST Privacy Framework?
  • Course Schedule
  • Course Format
  • Learning Objectives
  • Expected Outcomes
  • Student Prerequisites
  • Course Logistics
  • Recap

Module 1: Introduction to Privacy and Risk Management

  • Defining Privacy in the Modern Digital Landscape
  • Challenges in Managing Privacy Risks
  • Enterprise Risk Management Overview
  • The Role of Privacy in Organizational Goals
  • Evolution of Privacy Frameworks
  • Data Processing Ecosystem Overview
  • Ethical Decision-Making and Privacy
  • Key Stakeholders in Privacy Risk Management
  • Privacy Risk vs. Compliance Risk
  • Building a Privacy-Driven Culture
  • Case Study
  • Quiz

Module 2: Core Components of the Privacy Framework

  • Overview of the Privacy Framework Core
  • Identify-P Function
  • Govern-P Function
  • Control-P Function
  • Communicate-P Function
  • Protect-P Function
  • Categories and Subcategories: Structuring Privacy Activities
  • Linking Privacy to the Cybersecurity Framework
  • Granularity in Privacy Risk Management
  • The Importance of Subcategory Customization
  • Case Study
  • Quiz

Module 3: Building and Using Profiles

  • What Are Privacy Profiles?
  • Current vs. Target Profiles
  • Role of Profiles in Organizational Privacy
  • Steps to Develop a Privacy Profile
  • Prioritizing Outcomes and Activities
  • Using Profiles for Self-Assessment
  • Aligning Profiles with Business Needs
  • Comparing Multiple Profiles Across Roles
  • Integrating Profiles in Organizational Strategy
  • Profiles as a Communication Tool
  • Case Study
  • Quiz

Module 4: Implementation Tiers and Organizational Maturity

  • Overview of Implementation Tiers
  • Partial Tier: Foundational Privacy Management
  • Risk-Informed Tier: Evolving Awareness
  • Repeatable Tier: Formalized Practices
  • Adaptive Tier: Continuous Improvement
  • Criteria for Assessing Maturity Levels
  • Progression Through Tiers
  • Linking Tiers to Organizational Goals
  • Collaboration and Communication for Tiers
  • Realizing Privacy Maturity Benefits
  • Case Study
  • Quiz

Module 5: Privacy Risk Assessment and Mitigation

  • Defining Privacy Risk Factors
  • Problematic Data Actions and Their Impacts
  • Steps in Privacy Risk Assessment
  • Risk Models for Privacy Management
  • Likelihood and Impact Analysis
  • Responding to Privacy Risks
  • Risk Mitigation Strategies
  • Using Privacy Risk Assessment Methodology (PRAM)
  • Balancing Risk Tolerance and Resources
  • Implementing Risk Assessment Outcomes
  • Case Study
  • Quiz

Module 6: Governance and Accountability

  • Importance of Governance in Privacy
  • Developing Organizational Privacy Values
  • Establishing Roles and Responsibilities
  • Policies for Privacy Risk Management
  • Training and Awareness Initiatives
  • Monitoring and Reviewing Privacy Policies
  • Strengthening Cross-Functional Collaboration
  • Accountability Across Ecosystem Stakeholders
  • Embedding Privacy in Decision-Making
  • Reporting on Privacy Metrics and Progress
  • Case Study
  • Quiz

Module 7: Integrating Privacy into the System Development Lifecycle (SDLC)

  • Aligning Privacy with SDLC Phases
  • Planning for Privacy from the Start
  • Privacy in Design and Build Phases
  • Deploying Privacy-Centric Solutions
  • Operating with Privacy Safeguards
  • Decommissioning with Privacy in Mind
  • Privacy Engineering Objectives Explained
  • Predictability, Manageability, and Disassociability
  • Leveraging SDLC Artifacts for Privacy
  • Practical Integration Techniques
  • Case Study
  • Quiz

Module 8: Engaging in the Data Processing Ecosystem

  • Understanding Ecosystem Roles
  • Privacy in the Data Processing Ecosystem
  • Identifying Stakeholders and Relationships
  • Privacy Requirements Communication
  • Contracts and Governance in the Ecosystem
  • Managing Interdependencies
  • Using Interoperability Frameworks
  • Assessing Ecosystem Risk
  • Aligning Ecosystem Roles with Privacy Goals
  • Ecosystem-Wide Collaboration and Innovation
  • Case Study
  • Quiz

 

Instructor

Jim Wiggins

Jim Wiggins
CISSP, ISSEP, CISM, CISA, CRISC, CDPSE, CGRC, CySA+, SCNA, SCNP, IAM, IEM, SSCP, CEH, ECSA, CHFI, LPT, TICSA, CIWSA, Security+, and MCSE: Security and FITSP-M

Jim has over 28 years of direct experience in the design, operation, management, and auditing of information technology systems, with the past 23 years focused on information systems security. He has an extensive background in technical education and specializes in security certification courses aimed at federal and government contracting clients.

Today, Jim is the Founder and Principal of Securible, LLC. Securible is an information security service provider offering cyber training programs to organizations of all sizes. At Securible, Jim has taught IT security certification courses such as CISSP, CISM, CISA, Ethical Hacking, RMF, Security+, and other courses requested by Securible’s clients. Currently, he provides education and training support for the National Risk Management Center (NRMC) at the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS). More information on Securible can be found at: http://www.securible.com.

Jim is also the Founder and Chief Executive Officer (CEO) of the Federal IT Security Institute (FITSI). FITSI is a 501(c)(6) non-profit certification body accredited by the ANSI National Accreditation Board (ANAB) under ISO 17024:2012. FITSI offers a role-based IT security certification program targeted at the federal workforce. More information on FITSI can be found at: http://www.fitsi.org.

Additionally, Jim is the Founder and Executive Director of the FITSI Foundation. The FITSI Foundation is a 501(c)(3) public charity that focuses on cyber education and serves as the philanthropic sister organization of the Federal IT Security Institute. The FITSI Foundation operates the Wounded Warrior Cyber Combat Academy (W2CCA). More information on the FITSI Foundation can be found at: https://www.fitsifoundation.org.

In 2020, Jim launched a TV show on cybersecurity called “Cybersecurity Today,” which can be viewed in the Washington, DC area. Episodes can also be streamed online at the following website: http://www.cybersecuritytoday.org.

In 2019, FCW named Jim to the “Federal 100” for his tireless efforts to promote cybersecurity education across all branches of the federal government.

In 2011, the Federal Information Systems Security Educators’ Association (FISSEA) named him “Educator of the Year” for the impact he continues to make on the federal workforce.

Jim holds the following IA/IT security certifications: CISSP, ISSEP, CISM, CISA, CRISC, CDPSE, CGRC, CySA+, SCNA, SCNP, IAM, IEM, SSCP, CEH, ECSA, CHFI, LPT, TICSA, CIWSA, Security+, and MCSE: Security and FITSP-M.

 

Event Questions and Policies

Registration Questions

If you have any registration questions about this event, please contact us by completing the Registration Contact Form linked below.

Registration Questions

 

CPE Questions

If you have CPE questions after the event has concluded, please contact us by completing the CPE contact form linked below.

CPE Questions

 

Cancellation and Refunds

Cancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details.

Complaints

The GWDC welcomes your comments, complaints, suggestions, questions, and other feedback concerning our website information and services.
All complaints should be submitted through the Registration Contact Form.

 

CPE Information

Earn up to 7 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org

 

CPE Distribution and Evaluation Survey

CPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit.

 

Learning Objectives

  • Understand the foundational components and structure of the NIST Privacy Framework.
  • Gain knowledge of privacy risk management and its importance in protecting individual privacy.
  • Learn strategies for aligning privacy practices with organizational objectives and regulatory requirements.
  • Develop skills to implement the framework in real-world scenarios effectively.
  • Apply the framework through practical exercises to address privacy challenges and enhance management capabilities.

CPE-Related Details

  • Prerequisites and Advance Preparation: None
  • Program Knowledge Level: Basic
  • Delivery Method:  Group Internet Based
  • Field of Study:  Information Technology – Technical

Details

Date:
March 27
Time:
8:30 am - 5:00 pm EDT
Cost:
GWDC Member $125, Non-GWDC Member $200
Event Category:
Event Tags:
, , ,
Website:
CLICK TO REGISTER »

Venue

Virtual Event

Organizer

Clifton Persaud (Certifications Program and Special Assistance Requests)
Email
certifications@isaca-gwdc.org

ISACA GWDC