By: Yehuda Schmidt, ISACA GWDC AGM Associate Director
If it’s June, it is time for the ISACA GWDC Annual General Meeting (AGM) on June 10th! Leading Government and Industry practitioners will address, The Future of NIST (SP) 800-53, Artificial Intelligence/ Machine Learning Challenges, Cyber-Supply Chain Risk Management, Enterprise Risk Management for Evolving Threats, and Privacy Risk Management.
The 2021 AGM is designed to educate IT practitioners who want to expand their knowledge about cybersecurity and privacy and to help business technology professionals and their enterprises realize the positive potential of technology in supporting the Public or Private sector communities. As in previous years, we have a full agenda. This year we will cover the following topics:
- The Future of NIST Special Publication (SP) 800-53 Security and Privacy Controls for Information Systems and Organizations – the session will cover the comprehensive set of countermeasures to protect systems and organizations and manage cybersecurity, privacy, and cyber supply-chain risk management (C-SCRM).
- Challenges for Artificial intelligence/ Machine learning (AI/ML) Security – the session will introduce the broad classes of novel threats to ML systems: adversarial attack, data poisoning, and model extraction, and some key research findings. It will highlight some of the missing priorities in the current AI security R&D including formal security models and implications of AI security on enterprise frameworks.
- Building Blocks and Key Practices to Implement, Integrate, and Evolve an Effective Capability to Manage Cyber-Supply Chain Risks – the session will cover building and maturing an organization’s C-SCRM practices and capabilities and C-SCRM activities in the risk management process. In addition, the session will provide an overview of the contents of and highlight significant changes and updates to NIST SP 800-161, Revision 1.
- Evolving threats including Quantum and current harvesting attacks and how organizations need to manage cyber risks in the context of their Enterprise Risk Management program – the session will cover cybersecurity mitigation strategies including established governance and prioritization by larger and more complex organizations, using various risk management frameworks and risk quantification methods. In addition, the session will cover the alignment of IT Risk with the Enterprise Risk Management program, using stories from some client engagement experience.
- Information Privacy – Managing Risks in an Increasingly Challenging Environment – the session will cover the risks and challenges that are further complicated by increasing legal requirements such as the California Consumer Privacy Act (CCPA) and the Virginia Consumer Data Privacy Act (CDPA). This session will provide a current perspective on privacy operations and legal risks; challenges in managing these risks, and suggested solutions.
As in 2020, the AGM this year is offered virtually and will provide attendees with up to five (5) continuing professional education credits.