Annual General Meeting 2020
June 11 @ 8:15 am - 12:05 pm EDT
Come join the ISACA GWDC for our half-day virtual Annual General Meeting 2020 Conference and training event covering a variety of hot topics relevant to current trends, and associated challenges in cyber-security, cloud computing, Privacy, etc.
The Annual General Meeting 2020 is designed to educate IT practitioners who want to learn about cybersecurity as the mission focused and risk optimized management of systems and technology, which maximizes confidentiality, integrity, and availability; third-party risks mitigation; Privacy; NIST Update; and other hot topics.
There are a number of expensive training courses out there - online and classroom - that cover cybersecurity, cloud computing, and privacy, to mention a few. Don't overpay! ISACA GWDC is excited to continue to offer our great lineup of speakers and topics related to the Public and Private sector communities for free during COVID-19.
When: June 11, 2020 8:15am - 12:05pm
Where: Zoom Virtual Conference
Who should attend?
IT advisory or audit professional that serves or supports the Public or Private sector communities.
Annual General Meeting 2020 - Agenda
8:30 AM - 9:20 AM: Session 1
Next Generation NIST Security and Privacy Standards and Guidelines: 2020 and Beyond
Speaker: Dr. Ron Ross, Fellow at National Institute of Standards and Technology
Speaker: Victoria Yan Pillitteri, Computer Scientist, National Institute of Standards and Technology, CISSP
FISMA Vision 2020 includes a complete renovation of key NIST cybersecurity publications and the development of new publications addressing systems security engineering and cyber resiliency. This presentation will provide a deep dive into planned or completed NIST publication updates including FIPS 199, FIPS 200, NIST SP 800-37, SP 800-53, SP 800-53A, SP 800-53B, SP 800-60, SP 800-171, and SP 800-160 (Volume 2). It will also cover planned privacy and supply chain integration into the suite of FISMA publications.
9:25 AM- 10:15 AM: Session 2
GAO Innovation Lab, its objectives and how new advanced analytics and emerging technologies will revolutionize how auditors and other government employees work.
Speaker: Taka Ariga, Chief Data Scientist | Director, Innovation Lab, US Government Accountability Office (GAO)
The outcome of the use of emerging technologies such as artificial intelligence and distributed ledger technology on helping agencies’ program managers, the OIG community, and others on saving taxpayer money, do “more with less”, and improve the quality of the data. In addition, the session discussed briefly the roles of the STAA in providing technology assessments and technical services for the Congress; auditing federal science and technology programs; compiling and utilizing best practices in the engineering sciences, including cost, schedule, and technology readiness assessment; and establishing an audit innovation lab to explore, pilot, and deploy new advanced analytic capabilities, information assurance auditing, and emerging technologies that are expected to greatly impact auditing practices.
10:15-10:30 - Break
10:30 AM- 11:15 AM: Annual Membership Meeting
Speaker: Jason Yakencheck, GWDC President.
The Chapter President will recap the 2019-2020 chapter year, review financials, introduce new chapter officers (2020-2022), and present awards.
11:20 PM - 12:10 PM: Session 3
How to ensure vendor compliance and the mitigation of 3rd Party risks
Speaker: Jan Anisimowicz, PMP, CISM, CRISC, C&F, Director, Audit, Risk & Compliance
Vendor Management comprises all of the processes required to manage third-party vendors that deliver services and products to organizations. Significant effort is required from both the institution and the vendor to maximize the benefits received from the service or/and product while simultaneously mitigating associated risks. Having in mind that the scale, scope of services and the complexity of these services increase, the related risks and the importance of effective vendor management should proportionately increase. For example in GDPR, if our data processor will not follow some of the organization compliance requirements and there will be a data breach – the organization will face the risk of paying severe fines (up to 20M Euros).
From the other perspective, based on the different research, 3rd parties seems to be one of the weakest chain in the company security policy. Every day, cyber-related incidents, data breaches occur, involving serious to sometimes critical incidents that may have significant impact the organizations. As a result, organizations have devoted more and more resources to do vendor risk management but still this is mainly manual process. Despite the aforementioned facts, most of the companies knows almost nothing about their vendors but risks mitigation coming from vendors seems to be crucial for majority of organizations.
Annual General Meeting 2020 - Speakers
Dr. Ron Ross
Fellow at National Institute of Standards and Technology
Ron Ross is a Fellow at the National Institute of Standards and Technology. His focus areas include computer security, systems security engineering, and risk management. Dr. Ross leads the Federal Information Security Modernization Act (FISMA) Implementation Project and Systems Security Engineering Project, which includes the development of security and privacy standards and guidelines for the federal government, contractors, and United States critical infrastructure. He also leads the Joint Task Force, an interagency group that includes the Department of Defense, Office of the Director National Intelligence, U.S. Intelligence Community, and the Committee on National Security Systems, with responsibility for developing a Unified Information Security Framework for the federal government and its contractors. Dr. Ross previously served as the Director of the National Information Assurance Partnership, a joint activity of NIST and the National Security Agency. He also supports the U.S. State Department in the international outreach program for cybersecurity and critical infrastructure protection. During his military career, Dr. Ross served as a White House aide and senior technical advisor to the Department of the Army. Dr. Ross has lectured at many universities and colleges including Stanford University, Massachusetts Institute of Technology, Dartmouth College, Naval Postgraduate School, Ohio State University, Auburn University, and George Washington University.
Dr. Ross has authored or coauthored many publications on risk management, cybersecurity, systems security engineering, and cyber resiliency. His publications include Federal Information Processing Standards (FIPS) 199 (security categorization), FIPS 200 (security requirements), and NIST Special Publication (SP) 800-39 (risk management), SP 800-53 (security and privacy controls), SP 800-53A (security assessments), SP 800-37 (Risk Management Framework), SP 800-30 (risk assessments), SP 800-160, Volume 1 (systems security engineering), SP 800-160, Volume 2 (cyber resiliency), SP 800-171 (protection of Controlled Unclassified Information in nonfederal systems and organizations), and SP 800-171A (security assessments for nonfederal organizations).
Dr. Ross has received numerous public and private sector awards including the Presidential Rank Award, Samuel J. Heyman Service to America Medal for Homeland Security and Law Enforcement, Department of Defense Superior Service Medal, National Security Agency Scientific Achievement Award, Department of Commerce Gold and Silver Medal Awards, Applied Computer Security Associates Distinguished Practitioner Award, GCN Government Executive of the Year Award, Vanguard Chairman’s Award, ICIT Pioneer Award, Government Technology Research Alliance Award, InformationWeek’s Government CIO 50 Award, Billington Cybersecurity Leadership Award, ISACA National Capital Area Conyers Award, ISACA Joseph J. Wasserman Award, AFFIRM President’s Award, Symantec Cyber 7 Award, SC Magazine’s Cyber Security Luminaries Award, (ISC)2 Lynn F. McNulty Tribute Award, and 1105 Media Gov30 Award. He has also been recognized three-times as one of the Top 10 Influencers in Government IT Security and is a five-time recipient of the Federal 100 award for his leadership and technical contributions to cybersecurity projects affecting the federal government. Dr. Ross has been inducted into the National Cyber Security Hall of Fame, selected as an (ISC)2 Fellow, and inducted into the Information Systems Security Association Hall of Fame receiving its highest honor of Distinguished Fellow.
Dr. Ross holds a Bachelor of Science degree in Engineering from the United States Military Academy at West Point. He is a graduate of the Defense Systems Management College and holds both Masters and Ph.D. degrees in Computer Science from the United States Naval Postgraduate School specializing in artificial intelligence and robotics.
Victoria Yan Pillitteri, CISSP
Computer Scientist, National Institute of Standards and Technology
Victoria Yan Pillitteri is a senior computer scientist in the Computer Security Division at the National Institute of Standards and Technology (NIST). Ms. Pillitteri is the team lead of the Federal Information Security Modernization Act (FISMA) Implementation Project. She supervises a team of technical research and administrative staff that are responsible for conducting the research and development of the suite of risk management guidance used for managing information security risk in the federal government, and associated stakeholder outreach and public-private coordination/collaboration efforts. In addition to her role as supervisor, she leads a research portfolio focused on security and privacy risk management and frequently hosts and speaks at conferences and workshops on these topics.
Ms. Pillitteri previously worked on the Cybersecurity Framework, led the NIST Smart Grid and Cyber Physical Systems Cybersecurity Research Programs, served on the board of directors of the Smart Grid Interoperability Panel, served as Chair of the Federal Computer Security Managers’ Forum, and completed a detail in the office of the NIST Director as an IT policy advisor. She has co-authored a number of NIST Special Publications (SPs) and Interagency Reports (IRs) on information security, including SP 800-12, 800-37, 800-53, 800-82, 800-171, 800-171A, 800-171B, 800-137A, 1108 and IR 7628.
Victoria holds a B.S. in Electrical Engineering from the University of Maryland, a M.S in Computer Science, with a concentration in Information Assurance, from the George Washington University, and is a Certified Information Systems Security Professional (CISSP).
Chief Data Scientist | Director, Innovation Lab, US Government Accountability Office (GAO)
Taka Ariga is GAO’s first Chief Data Scientist and the Director of its newly established Innovation Lab. As an integral part of the Science, Technology Assessment, and Analytics team, he will help GAO develop and implement advanced analytical capabilities for its auditing practices. Prior to joining GAO, he held executive positions at Deloitte, Ernst & Young, and Booz Allen Hamilton, where he worked helped to scale analytics in ways to meaningfully address complex regulatory, risk, operational, and business intelligence challenges.
Jan Anisimowicz, PMP, CISM, CRISC, C&F
Director, Audit, Risk & Compliance
Experienced senior IT manager with over 20 years of experience in GRC (audit, risk and compliance management), Data warehousing, Business Intelligence, Big Data and data analysis. Broad business and technical perspective in telco, banking, pharma and insurance. A staunch supporter of a pragmatic, lean and cost effective approach to regulatory requirements implementation in the organizations. Active in the space of #FinTech, #InsurTech and #RegTech. Public speaker at international conferences (topics related to IT Security, Risk Management, Compliance, GRC and data privacy). Involved in the process of analysis and verification of how artificial intelligence could support auditors in the space of IoT, Big Data and dispersed IT environments. Strong supporter of blockchain technology, which in his opinion should be widely used based on Smart Contracts with respect to data privacy principles (Privacy By Design). Member of the blockchain working group under the supervision of the Polish Ministry of Digital Affairs. Active participant of international organizations: ISACA (CISM & CRISC certificates), PMI (PMP certificate) and IIA (Institute of Internal Auditors).
Kenneth joined ISACA in 2013 and presently serves as the GWDC Communications Director. Kenneth is a Principal Architect for Unisys Federal. He holds the CISM, CISA, PMP, CIPP/G, and AWS CCP.