For more information on our events policy, see https://isaca-gwdc.org/event-policies/

Loading Events

« All Events

2021 Cybersecurity Conference

October 7 @ 8:30 am - 12:30 pm EDT

$10 GWDC Members, $80 Non-GWDC Members
ISACA_logo_GreaterWashingtonDC_RGB

October is Cybersecurity Awareness Month!

Come to our 2021 Cybersecurity Conference on October 7th! Information and data security threats continue to headline every day on organizational and personal breaches. Information security has been designated as a government-wide high-risk area since 1997.  In 2021 alone, at least 45 states have introduced or considered 250 bills or resolutions pertaining to cybersecurity and the President issued Executive Order 14028 charging multiple agencies with enhancing cybersecurity.  ISACA-GWDC Chapter invites you to our 2021 Cybersecurity Conference to engage with our speakers to increase awareness and efforts to minimize and prevent cyber security threats; so we can guide and help focus our organization on securing cyber infrastructure. Our 2021 Cybersecurity Conference is virtual this year.

Who Should Attend?
Cybersecurity professionals, IT advisory or audit professionals, Business executives, students or professionals interested in learning more about cybersecurity.

Thursday; October 7, 2021 @ 0830 to 1230 EDT

Four (4) NASBA CPE credits

Get a Discount!

Enjoy discounted or free event pricing and other benefits all year round! Join ISACA GWDC Today!

Check out our calendar of upcoming events for more ISACA GWDC and partner activities. Don't forget to follow ISACA GWDC on LinkedIn,  Twitter, and Facebook for the latest news and information from ISACA GWDC, ISACA, and the audit, governance, and security profession.

TOPICS OF THE 2021 CYBERSECURITY CONFERENCE

Cybersecurity Framework Profile for Ransomware Risk Management
Presented by William (Bill) Fischer, National Institute of Standards and Technology (NIST)

Ransomware is a type of malware that encrypts an organization’s data and demands payment as a condition of restoring access to that data. In some instances, ransomware may also steal an organization’s information and demand additional payment in return for not disclosing the information to authorities, competitors, or the public. Ransomware attacks target organizations’ data or critical infrastructure, disrupting or halting operations. 

This report defines a Ransomware Profile, which identifies security objectives from the NIST Cybersecurity Framework that support preventing, responding to, and recovering from ransomware events. The profile can be used as a guide to managing the risk of ransomware events. That includes helping gauge an organization’s level of readiness to mitigate ransomware threats and to react to the potential impact of events.

This presentation will discuss the draft NISTIR 8374 (Cybersecurity Framework Profile for Ransomware Risk Management), which was revised In September 2021 incorporating the public comments from the preliminary draft released in June 2021.  The draft NISTIR 874 can be found here.

NIST SP 800-210:  General Access Control Guidance for Cloud Systems
Presented by Dr. Antonios Gouglidis, Lancaster University 

Dr. Antonios Gouglidis, co-author of NIST Special Publication (SP) 800-210 (General Access Control Guidance for Cloud Systems), will discuss the guidance.  NIST SP 800-210 presents cloud access control characteristics and a set of general access control guidance for cloud service models: IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service). Different service delivery models require managing different types of access on offered service components. Such service models can be considered hierarchical, thus the access control guidance of functional components in a lower-level service model are also applicable to the same functional components in a higher-level service model. In general, access control guidance for IaaS is also applicable to PaaS and SaaS, and access control guidance for IaaS and PaaS is also applicable to SaaS. However, each service model has its own focus with regard to access control requirements for its service.

NIST SP 800-210 can be found here.

Critical Infrastructure Protection:  TSA Is Taking Steps to Address Some Pipeline Security Program Weaknesses
Presented by Leslie Gordon, Kaelin Kuhn and Orin (Ben) Atwater, United States Government Accountability Office (GAO)

In May, Colonial Pipeline Company announced that it was the victim of a ransomware attack that led to temporary disruption in the delivery of gasoline and other petroleum products across much of the southeast U.S. The attack on Colonial Pipeline highlights the urgent need to address long-standing cybersecurity challenges facing the nation. The federal government must take immediate steps to prevent, more quickly detect, and mitigate the damage of future cyberattacks. In particular, GAO’s testimony on July 27th highlighted the need for the government to develop and execute a more comprehensive federal strategy for national cybersecurity and global cyberspace. We also testified that TSA is making new requirements for pipeline owners to improve their cybersecurity and prevent attacks, and had addressed some previous GAO recommendations from our pipeline security work in 2018 and 2019.

This session will discuss GAO-21-105263 reporting on the progress of TSA, which is primarily responsible for pipeline security, to improve cybersecurity and prevent attacks of pipeline owners.  GAO-21-105263 can be found here.

MEET THE PRESENTERS

Fisher, William-3
William (Bill) Fisher
Security Engineer, National Institute of Standards and Technology (NIST)
Bill Fisher is a security engineer at the National Cybersecurity Center of Excellence (NCCoE). In this role, he is responsible for leading a team of engineers that work collaboratively with industry partners to address cybersecurity business challenges facing the nation. He leads the center’s Attribute Based Access Control (ABAC) project, Mobile Application Single Sign On (SSO) for the Public Safety and First Responder Sector, and is part of the ITL Cybersecurity for IoT program. The NCCoE is a collaborative hub where businesses, government agencies, and academia work together to address broad cybersecurity problems of national importance. As part of the National Institute of Standards and Technology, the NCCoE uses standards, best practices, and commercially available secure technologies to demonstrate how cybersecurity can be applied in the real world. Ultimately, the NCCoE helps promote widespread adoption of cybersecurity technologies by developing example solutions to cybersecurity problems that affect whole sectors of industry, or even multiple sectors.  Prior to his work at the NCCoE, Mr. Fisher was a program security advisor for the System High Corporation in support of the Network Security Deployment division at the Department of Homeland Security. He holds a bachelor’s degree in business administration from American University and a master’s degree in cybersecurity from Johns Hopkins University.
Antonios Gouglidis RS
Dr. Antonios Gouglidis
Lancaster University
Dr. Antonios Gouglidis is a Lecturer (Assistant Professor) at the School of Computing and Communications (SCC) at Lancaster University in the UK. He is a member of the Systems Security Group at SCC and the Research Lead for the Security Lancaster institute stream on "Distributed Systems". His research is related to the design of secure models and systems. Currently, the application domain of his research is on access control (models and policies) and Cloud systems. His research extends to formal methods used to specify complex system properties and their verification using automated techniques. He has been the Principal Investigator of projects funded by the European Commission and the UK Government. Over the past few years, he collaborated with NIST’s Secure Systems and Applications Group contributing to security-related topics. These include the investigation of model checking to verify role-based and attribute-based policies and access control for Cloud systems.
leslie-gordon

Leslie Gordon
Acting Director, United States Government Accountability Office (GAO)
Leslie V. Gordon is an Acting Director in GAO’s Health Care team. She oversees GAO’s work on the Medicare program.  Leslie joined GAO in January 2000 as a member of the Health Care team, where she led work on the Medicaid and Medicare programs and other health policy topics. Prior to joining GAO, Leslie worked as a project director at the National Center for Education in Maternal and Child Health. Leslie earned a master’s degree in public policy from Georgetown University. Leslie earned a bachelor’s degree in American studies and computer applications from the University of Notre Dame.

Resized_Atwater_Professional_Pic_42119292220702 (002)
Ben Atwater
Assistant Director, GAO
Ben Atwater is an Assistant Director in GAO’s Homeland Security and Justice team. For the past 5 years, he has focused on critical infrastructure protection issues, including pipeline and chemical facility security.
2015 Kaelin Kuhn adjusted
Kaelin Kuhn
Assistant Director, GAO 
Kaelin Kuhn is an Assistant Director in GAO’s Information Technology and Cybersecurity team. During his career at GAO, he has managed major cybersecurity reviews of systems supporting federal agencies and critical infrastructure.

ADDITIONAL DETAILS

ADDITIONAL DETAILS

Special Instructions:

  • Group Internet-Based. Zoom link delivered with registration.
  • Prior to the event, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.
  • Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.
  • ISACA Greater Washington, D.C. will not be responsible for the participant’s inability to respond to the polls.

Presentations:

Conference presentations are posted to the Presentations Library if permission is received from the presenter and their organization. In some cases, permission is not received.

Sponsor this Event:

If your organization is interested in being an event sponsor, please take a look at the five (5) various event sponsorship packages and click this sponsorship link to become a sponsor.

Cancellation and Refund Policy: 

Cancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details.

If ISACA GWDC cancels the event, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided.

CPE

CPE

Earn up to 4 Continuing Professional Education (CPE) credits in the area of Information Technology. The ISACA® Greater Washington, D.C. is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website:  www.NASBARegistry.org.

CPE Distribution and Evaluation Survey:

CPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day and respond to polling questions to receive full CPE credit.

CPE-Related Details:

  • Prerequisites and Advance Preparation: None
  • Program Knowledge Level: Basic
  • Delivery Method:  Group Internet based
  • Field of Study:  Information Technology - Technical

Complaint Policy:

The GWDC welcomes your comments, complaints, suggestions, questions, and other feedback concerning our website information and services. All complaints should be directed to the Associate Director of Registrations at registrations@isaca-gwdc.org.

Details

Date:
October 7
Time:
8:30 am - 12:30 pm EDT
Cost:
$10 GWDC Members, $80 Non-GWDC Members
Event Category:
Event Tags:
, ,
Website:
CLICK TO REGISTER »

Organizer

Jose Torres
Email:
programs@isaca-gwdc.org

ISACA GWDC