For more information on our events policy, see https://isaca-gwdc.org/event-policies/
2021 Cybersecurity Conference
October 7 @ 8:30 am - 12:30 pm EDT$10 GWDC Members, $80 Non-GWDC Members
October is Cybersecurity Awareness Month!
Come to our 2021 Cybersecurity Conference on October 7th! Information and data security threats continue to headline every day on organizational and personal breaches. Information security has been designated as a government-wide high-risk area since 1997. In 2021 alone, at least 45 states have introduced or considered 250 bills or resolutions pertaining to cybersecurity and the President issued Executive Order 14028 charging multiple agencies with enhancing cybersecurity. ISACA-GWDC Chapter invites you to our 2021 Cybersecurity Conference to engage with our speakers to increase awareness and efforts to minimize and prevent cyber security threats; so we can guide and help focus our organization on securing cyber infrastructure. Our 2021 Cybersecurity Conference is virtual this year.
Who Should Attend?
Cybersecurity professionals, IT advisory or audit professionals, Business executives, students or professionals interested in learning more about cybersecurity.
Thursday; October 7, 2021 @ 0830 to 1230 EDT
Four (4) NASBA CPE credits
Get a Discount!
Enjoy discounted or free event pricing and other benefits all year round! Join ISACA GWDC Today!
Check out our calendar of upcoming events for more ISACA GWDC and partner activities. Don't forget to follow ISACA GWDC on LinkedIn, Twitter, and Facebook for the latest news and information from ISACA GWDC, ISACA, and the audit, governance, and security profession.
TOPICS OF THE 2021 CYBERSECURITY CONFERENCE
Cybersecurity Framework Profile for Ransomware Risk Management
Presented by William (Bill) Fischer, National Institute of Standards and Technology (NIST)
Ransomware is a type of malware that encrypts an organization’s data and demands payment as a condition of restoring access to that data. In some instances, ransomware may also steal an organization’s information and demand additional payment in return for not disclosing the information to authorities, competitors, or the public. Ransomware attacks target organizations’ data or critical infrastructure, disrupting or halting operations.
This report defines a Ransomware Profile, which identifies security objectives from the NIST Cybersecurity Framework that support preventing, responding to, and recovering from ransomware events. The profile can be used as a guide to managing the risk of ransomware events. That includes helping gauge an organization’s level of readiness to mitigate ransomware threats and to react to the potential impact of events.
This presentation will discuss the draft NISTIR 8374 (Cybersecurity Framework Profile for Ransomware Risk Management), which was revised In September 2021 incorporating the public comments from the preliminary draft released in June 2021. The draft NISTIR 874 can be found here.
NIST SP 800-210: General Access Control Guidance for Cloud Systems
Presented by Dr. Antonios Gouglidis, Lancaster University
Dr. Antonios Gouglidis, co-author of NIST Special Publication (SP) 800-210 (General Access Control Guidance for Cloud Systems), will discuss the guidance. NIST SP 800-210 presents cloud access control characteristics and a set of general access control guidance for cloud service models: IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service). Different service delivery models require managing different types of access on offered service components. Such service models can be considered hierarchical, thus the access control guidance of functional components in a lower-level service model are also applicable to the same functional components in a higher-level service model. In general, access control guidance for IaaS is also applicable to PaaS and SaaS, and access control guidance for IaaS and PaaS is also applicable to SaaS. However, each service model has its own focus with regard to access control requirements for its service.
NIST SP 800-210 can be found here.
Critical Infrastructure Protection: TSA Is Taking Steps to Address Some Pipeline Security Program Weaknesses
Presented by Leslie Gordon, Kaelin Kuhn and Orin (Ben) Atwater, United States Government Accountability Office (GAO)
In May, Colonial Pipeline Company announced that it was the victim of a ransomware attack that led to temporary disruption in the delivery of gasoline and other petroleum products across much of the southeast U.S. The attack on Colonial Pipeline highlights the urgent need to address long-standing cybersecurity challenges facing the nation. The federal government must take immediate steps to prevent, more quickly detect, and mitigate the damage of future cyberattacks. In particular, GAO’s testimony on July 27th highlighted the need for the government to develop and execute a more comprehensive federal strategy for national cybersecurity and global cyberspace. We also testified that TSA is making new requirements for pipeline owners to improve their cybersecurity and prevent attacks, and had addressed some previous GAO recommendations from our pipeline security work in 2018 and 2019.
This session will discuss GAO-21-105263 reporting on the progress of TSA, which is primarily responsible for pipeline security, to improve cybersecurity and prevent attacks of pipeline owners. GAO-21-105263 can be found here.
MEET THE PRESENTERS
Bill Fisher is a security engineer at the National Cybersecurity Center of Excellence (NCCoE). In this role, he is responsible for leading a team of engineers that work collaboratively with industry partners to address cybersecurity business challenges facing the nation. He leads the center’s Attribute Based Access Control (ABAC) project, Mobile Application Single Sign On (SSO) for the Public Safety and First Responder Sector, and is part of the ITL Cybersecurity for IoT program. The NCCoE is a collaborative hub where businesses, government agencies, and academia work together to address broad cybersecurity problems of national importance. As part of the National Institute of Standards and Technology, the NCCoE uses standards, best practices, and commercially available secure technologies to demonstrate how cybersecurity can be applied in the real world. Ultimately, the NCCoE helps promote widespread adoption of cybersecurity technologies by developing example solutions to cybersecurity problems that affect whole sectors of industry, or even multiple sectors. Prior to his work at the NCCoE, Mr. Fisher was a program security advisor for the System High Corporation in support of the Network Security Deployment division at the Department of Homeland Security. He holds a bachelor’s degree in business administration from American University and a master’s degree in cybersecurity from Johns Hopkins University.
Acting Director, United States Government Accountability Office (GAO)
Leslie V. Gordon is an Acting Director in GAO’s Health Care team. She oversees GAO’s work on the Medicare program. Leslie joined GAO in January 2000 as a member of the Health Care team, where she led work on the Medicaid and Medicare programs and other health policy topics. Prior to joining GAO, Leslie worked as a project director at the National Center for Education in Maternal and Child Health. Leslie earned a master’s degree in public policy from Georgetown University. Leslie earned a bachelor’s degree in American studies and computer applications from the University of Notre Dame.
Ben Atwater is an Assistant Director in GAO’s Homeland Security and Justice team. For the past 5 years, he has focused on critical infrastructure protection issues, including pipeline and chemical facility security.
- Group Internet-Based. Zoom link delivered with registration.
- Prior to the event, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.
- Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.
- ISACA Greater Washington, D.C. will not be responsible for the participant’s inability to respond to the polls.
Conference presentations are posted to the Presentations Library if permission is received from the presenter and their organization. In some cases, permission is not received.
Sponsor this Event:
Cancellation and Refund Policy:
Cancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details.
If ISACA GWDC cancels the event, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided.
Earn up to 4 Continuing Professional Education (CPE) credits in the area of Information Technology. The ISACA® Greater Washington, D.C. is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org.
CPE Distribution and Evaluation Survey:
CPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day and respond to polling questions to receive full CPE credit.
- Prerequisites and Advance Preparation: None
- Program Knowledge Level: Basic
- Delivery Method: Group Internet based
- Field of Study: Information Technology - Technical
The GWDC welcomes your comments, complaints, suggestions, questions, and other feedback concerning our website information and services. All complaints should be directed to the Associate Director of Registrations at firstname.lastname@example.org.
Kenneth joined ISACA in 2013 and presently serves as the GWDC Communications Director. He holds the CISM, CISA, PMP, CIPP/G, and AWS CCP.