Annual General Meeting 2019
June 13 @ 8:00 am - 5:00 pm EDTGWDC Member - $100, Other ISACA Member - $130, Non-ISACA Member: $145
IT audit, assurance, governance, security, and privacy are constantly transforming. To keep up with the ever changing environment and learn what’s next, join your colleagues at ISACA-GWDC 2019 Annual Meeting. Gain fresh ideas and approaches while earning 8 CPE hours. You will gain new knowledge and viewpoints to advance your career.
The 2019 Annual Conference is designed to educate IT practitioners who want to learn about key NIST cybersecurity publications and the development of new publications addressing systems security engineering and cyber resiliency; threat to operational technology (OT) - the Intersection of IT and OT; SOC/SSAE-18 controls assessment; practical tips for how security practitioners should engage with lawyers; and, critical attributes leaders must demonstrate to ensure their people follow them; different styles of leadership and when to use them, just to mention a few.
There are a number of expensive training courses out there - online and classroom - that cover cybersecurity, cloud computing, and privacy, to mention a few. Don't overpay! ISACA GWDC is excited to continue to offer our great lineup of speakers and topics related to the public and private sector communities at always reasonable prices.
Come join the ISACA-GWDC for our one-day Annual Conference and training event covering a variety of hot topics relevant to current trends, and associated challenges in cyber-security, cloud computing, Privacy, etc.
1. Next Generation NIST Security and Privacy Standards and Guidelines: 2019 and Beyond | Dr. Ron Ross
FISMA Vision 2020 includes a complete renovation of key NIST cybersecurity publications and the development of new publications addressing systems security engineering and cyber resiliency. This presentation will provide a deep dive into planned or completed NIST publication updates including FIPS 199, FIPS 200, NIST SP 800-37, SP 800-53, SP 800-53A, SP 800-53B, SP 800-60, SP 800-171, and SP 800-160 (Volume 2). It will also cover planned privacy and supply chain integration into the suite of FISMA publications.
2. Threat to Operational Technology (OT) - the Intersection of IT and OT Panel Discussion
A panel discussion about the intersection of IT and OT, how OT is a bigger risk to most orgs than they realize, what the threats are, and how to defend themselves.
3. Practical Tips for How Security Practitioners Should Engage with Lawyers | Kirk Nahra
Information security is becoming increasingly regulated. This means that virtually all companies in virtually all industries – large and small and around the world – need to ensure that they are developing appropriate information security programs and meeting the increasing array of data security compliance obligations. For better or worse, this means that data security professionals need to learn how to work with lawyers. Lawyers and information security professionals often speak different languages, and approach these issues from different perspectives. This session will focus on teaching information security professionals how best how to work with company lawyers - to understand their approach to legal and compliance obligations, and to develop an understanding of how the developing law of information security impacts how an information security professional should approach his or her job, for the benefit of protecting the company.
4 & 5. Fair to Greatness | Shawn Fair
The Five Critical Attributes Leaders Must Demonstrate To Ensure Their People Follow Them
The three different styles of leadership and when to use them (autocratic leadership, democratic leadership, and free reign leadership)
The importance of having a vision for your team:
- what is vision
- what a vision is not
- what a vision does
- the benefits of visions
Dynamic stories and videos are associated with this topic
6. Hybrid Multi-Cloud | Thomas McCreary and Fred Maymir-Ducharme, PhD
Industry and government enterprises are going through a major IT infrastructure transformations. Major financial, technical and operational drivers clearly point to a hybrid, multi-cloud future. But there are challenges worth noting and managing in order to avoid the struggles we've seen industry and the government endure as they migrate to and attempt to manage multiple hybrid cloud platforms - often from multiple vendors and with limited interoperability. This briefing will provide an overview of a variety of migration strategies into hybrid multi-cloud environments, risks to manage, and key technologies to consider for the next phase of your cloud journey.
7. SOC/SSAE18 Controls Assessment | Tom Patterson, CPA, CISA, CGEIT, and CRISC
This session will explore and present underlying information about Service Organization Control (SOC) attestations and standards and principles relevant to IT and financial auditors who might be engaged to perform either an integrated audits of a public company under SOX404 and PCAOB regulations, or engaged with service organizations that provide other IT services and when a Trust Services engagement (under TSP100) might be most applicable.
8. You Have Security - We Need Your Help! | Mary Ellen Seale, CISSP
Small businesses account for a large proportion of the U.S. economy, yet they are particularly vulnerable to the risks posed by cybersecurity threats. With 30.2 million firms employing over 58.9 million people, small businesses account for 99% of businesses in the United States. (SBA Office of Advocacy, 2018)
The National Cybersecurity Society (NCSS), a national nonprofit organization, was established to educate small businesses on IT security best practices and advise them on the type of products and services they need to protect themselves.
As a community based organization, the NCSS represents the best of the cybersecurity community - we are a community of technologists, security professionals, companies, and educators who are passionate about ensuring each American has the ability to conduct business online safely and securely.
Many small businesses currently do not understand their cyber risk; know how to protect themselves; have access to security or IT professionals; nor know how to implement cyber safe practices. The NCSS provides educational events; tools and resources; provides technical expertise, reports cyber incidents as an ISAO; and has an assessment tool that assesses cyber risk. The NCSS helps small businesses - at all stages on their cybersecurity journey.
What we hope to do with this talk is to spread the word about the work we are doing; solicit volunteers to join; and find quality vendors that service the small business community.
Who should attend?
AGENDA - TBD
MEET THE PRESENTERS
Dr. Ron Ross
Fellow, National Institute of Standards and Technology (NIST)
Ron Ross is a Fellow at the National Institute of Standards and Technology. His focus areas include information security, systems security engineering, and risk management. Dr. Ross leads the Federal Information Security Modernization Act
(FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical infrastructure. His current publications include Federal Information
Processing Standards (FIPS) 199 (security categorization), FIPS 200 (security requirements), and NIST Special Publication (SP) 800-39 (enterprise risk management), SP 800-53 (security and privacy controls), SP 800-53A (security assessment), SP 800- 37 (Risk Management Framework), SP 800-30 (risk assessment), SP 800-160 (systems security engineering), and SP 800-171 (security requirements for nonfederal systems and organizations). Dr. Ross also leads the Joint Task Force, an interagency partnership with the Department of Defense, Office of the Director National Intelligence, U.S. Intelligence Community, and the Committee on National Security Systems, with responsibility for the development of the Unified Information Security Framework for the federal government and its contractors.
Dr. Ross previously served as the Director of the National Information Assurance Partnership, a joint activity of NIST and the National Security Agency. In addition to his responsibilities at NIST, Dr. Ross supports the U.S. State Department in the international outreach program for information security and critical infrastructure protection. He has also lectured at many universities and colleges across the country including the Massachusetts Institute of Technology, Dartmouth College, Stanford University, the George Washington University, and the Naval Postgraduate School. A graduate of the United States Military Academy at West Point, Dr. Ross served in many leadership and technical positions during his twenty-year career in the United States Army. While assigned to the National Security Agency, Dr. Ross received the Scientific Achievement Award for his work on an inter-agency national security project and was awarded the Defense Superior Service Medal upon his departure from the agency. Dr. Ross is a four-time recipient of the Federal 100 award for his leadership and technical contributions to critical information security projects affecting the federal government and is a recipient of the Presidential Rank Award. He has also received the Department of Commerce Gold and Silver Medal Awards and has been inducted into the Information Systems Security Association Hall of Fame and given its highest honor of Distinguished Fellow. In addition, Dr. Ross has been inducted into the National Cyber Security Hall of Fame.
Dr. Ross has received numerous private sector cybersecurity awards including the Partnership for Public Service Samuel J. Heyman Service to America Medal for Homeland Security and Law Enforcement, Applied Computer Security Associates Distinguished Practitioner Award, Government Computer News Government Executive of the Year Award, Vanguard Chairman’s Award, Government Technology Research Alliance Award, InformationWeek’s Government CIO 50 Award, Billington Cybersecurity Leadership Award, ISACA National Capital Area Conyers Award, ISACA Joseph J. Wasserman Award, Symantec Cyber 7 Award, SC Magazine’s Cyber Security Luminaries, (ISC) 2 Inaugural Lynn F. McNulty Tribute Award, 1105 Media Gov30 Award, and three-time Top 10 Influencers in Government IT Security. During his military career, Dr. Ross served as a White House aide and a senior technical advisor to the Department of the Army. He is a graduate of the Defense Systems Management College and holds Masters and Ph.D. degrees in Computer Science from the U.S. Naval Postgraduate School specializing in artificial intelligence and robotics.
Speaker #2 - TBD
Title - TBD
Threat to OT TBD
Kirk Nahra is a partner with WilmerHale in Washington, D.C., where he co-chairs the firm’s Cybersecurity and Privacy Practice. Mr. Nahra counsels clients across industries, from Fortune 500 companies to startups, on implementing the requirements of privacy and data security laws across the country and internationally. He also advocates for clients experiencing privacy and security breaches, and represents clients in contract and deal matters, enforcement actions, regulatory investigations and related litigation.
Mr. Nahra is best known for his work with health insurers, hospitals, service providers, pharmaceutical manufacturers and other health care industry participants. He has a deep understanding of the privacy and security issues healthcare companies face relating to HIPAA rules, state and federal legislation, enforcement activities, internal investigations, international principles, due diligence in transactions, data breach risk assessments, and the key lines between regulated and unregulated data. During his decades of experience, Mr. Nahra has developed compliance programs, drafted privacy and information security policies, negotiated agreements involving health data, responded to health incidents and defended clients against government investigations.
Mr. Nahra also has substantial experience working with clients in the financial services and insurance industries on privacy and data security matters relating to the Gramm-Leach-Bliley Act, Fair Credit Reporting Act, Fair and Accurate Credit Transactions Act, data aggregation and sharing practices, and privacy and data security compliance under a wide range of state and federal laws. He also has a breadth of experience drafting and evaluating data security practices and policies across varying industry standards; has investigated and litigated potential fraud against insurers, and has assisted with the development and oversight of corporate compliance programs.
A leader in the privacy bar, Mr. Nahra has been involved in developing the privacy legal field for 20 years. As a founding member and longtime board member of the International Association of Privacy Professionals, he helped establish the organization’s Privacy Bar Section and their first and most popular certification for Certified Information Privacy Professionals. He has taught privacy issues at several law schools, including serving as an adjunct professor at the Washington College of Law at American University and at Case Western Reserve University. In addition, he currently serves as a fellow with the Cordell Institute for Policy in Medicine & Law at Washington University in St. Louis and as a fellow with the Institute for Critical Infrastructure Technology. He actively shares his privacy insights through numerous speeches and articles, and on social media.
CEO, Fair Consulting Group
Shawn Fair is the CEO of Fair Consulting Group. He is a training expert and prominent motivational speaker in the areas of leadership, consultative sales, vision, time mastery, coaching and business development. With over 22 years of experience in business positions ranging from sales, to vice president of sales and marketing, he has mastered the art of speaking with power and passion. His teachings are a result of the insight he has acquired over the years. Shawn has a strong passion for helping people accomplish their goals and objectives. As a result, he has been able to impact countless lives across the United States and Canada, both in the areas of business and personal growth. He has a unique ability to engage, motivate, and inspire leaders at every stage of their careers. Shawn is the founder and developer of one of the largest non-profit sports and fitness programs, for young athletes between the ages of 8-18, in the State of Michigan. Shawn has been able to impact over 1 million people through his programs, keynotes and presentations. He has helped countless people reach their highest potential within their family, work and social lives. His presentations encourage the understanding that change is essential. Shawn is on the business advisory board for the University of Phoenix and has been an inspiration for employees working for companies such as IMAAC, USAA, and Farmers Insurance. He has delivered a number of award winning presentations, some of the most noted are at the Rio Grand Hotel Casino in Las Vegas and the Sound Board Room in the Motor City Casino, Detroit, MI.
You can find some of Shawn’s keynote discussions on platforms such as Fox 2 News (Detroit, Dallas, Philadelphia, and Memphis), National Clothes Line, Franchising.com, WFTC TV, MY 29 and the Oakland Township Patch.
Technical Director, IBM Federal
Thomas McCreary (Primary Author) has worked in the Defense Industry for over 30 years. Tom is a Technical Director in IBM's Federal CTO Office, and has a rich professional history across the Defense Industry.
Fred Maymir-Ducharme, PhD
Executive Architect, IBM Federal
Dr. Maymir-Ducharme (co-author) is an Executive Architect at IBM Federal CTO Office, with a focus on applying commercial and state of the art technology to modernize government systems. Fred is also a liaison to IBM Research (8 Labs World-wide: Almaden, Austin, China, Haifa, India, Tokyo, Watson & Zurich), leading efforts in Advanced Analytics, Smarter Planet, Mobile Computing, Cloud Computing, Cyber Security, and Biometrics. Prior to IBM, Fred spent several years as a Lead Systems Engineer at AT&T Bell Labs (5ESS) during the early 1980’s. As Chief Engineer and Program Manager on several large DoD programs (i.e., with Grumman, Unisys, Loral and Lockheed Martin), he led and managed a variety of complex military systems (e.g., C4ISR, Logistics, Transportation, SATCOM and INFOSEC). Fred also led several applied research and development (R&D) teams and Corporate strategic planning initiatives for LM, Grumman & Unisys. As program manager and chief architect of the USAF CARDS Partnerships Program and Chief Technologist on STI, he developed, applied and extended various product line engineering and software architectures technologies. Dr. Maymir-Ducharme is a Lockheed Martin Certified Systems Architect an IBM Senior Consultant IT Architect, and an Open Group Distinguished Certified Architect.
Fred Maymir-Ducharme completed his BS in Computer Science (CS) at the University of Southern California (USC) and his PhD in CS at the Illinois Institute of Technology (IIT). Fred has over 80 publications in the engineering field, and has chaired numerous conference / workshop program committees and technical. Fred served on the Federal Advisory Board on Ada in the early 90’s and was a subject matter expert for the OSD Software Reuse Initiative (SRI) Program Management Office (PMO). Fred was an adjunct professor at IIT, teaching graduate CS courses in the 80’s and is currently an adjunct professor at UMUC, where he periodically teaches graduate computer science classes.
Tom Patterson, CPA, CISA, CGEIT, and CRISC
Senior Manager, Cotton & Company, LLP
Tom Patterson is a Senior Manager in the Information Assurance practice of Cotton & Company LLP. Prior to joining Cotton & Company, Tom was a senior director with NTT DATA Services, where he orchestrated efforts to capture new IT managed services contracts with Federal civilian agencies. Tom holds CPA, CISA, CGEIT, and CRISC and an inactive CGFM designation. Prior to NTT, Tom worked for 8 years with IBM, where he was an Associate Partner focused on delivering IT security engagements to large IBM managed IT services accounts, before taking on a Complex Solutions Executive role with IBM Security. Tom is a Past President of ISACA-GWDC, a Past Vice-President, and former Treasurer and Board Member. Tom currently provides volunteer support to the Information Management Technical Assurance (IMTA) committee of the American Institute of CPAs (AIPCA), and was a member engaged in developing the Trust Services Principles, the Service Organization Control (SOC) 2 and SOC 3 Attestation Standard (TSP100 and AT101), and lately has been engaged with a team in re-writing the 2009 Generally Accepted Privacy Principles (GAPP) framework to re-align the core privacy principles with recently enacted data privacy legislation in the US (California) and European Union (GDPR). Tom has also assisted large Federal agencies and regulators in enhancing their audit and examination guidelines, and spent 13 years in Big 4 accounting firms where he led IT risk advisory, enterprise risk services, and internal controls advisory services practices, helped re-design audit and control testing methodologies to comply with SOX 404, and provided CISA preparation training to firm staff and ISACA chapters in the US and Europe before moving to Europe for 3 years to lead the IT audit function of a global public company and the annual SOX 404 management self-assessment program.
Mary Ellen Seale, CISSP
CEO, The National Cybersecurity Society (NCSS)
Mary Ellen Seale is a leader in national cybersecurity strategy and cyber operations – and has held several executive level positions with the federal government. She retired with nearly 31 years of federal service, and continues her public service by contributing to the cybersecurity needs of the small business community. As Founder and CEO of the National Cybersecurity Society, a national nonprofit organization, she is leading efforts to assist small businesses obtain needed cybersecurity protection capabilities and services.
Previously she was Deputy Director, Cybersecurity Coordination, Department Homeland Security, (DHS), Executive Director of Modernization, Federal Communications Commission, Deputy Director, National Cybersecurity Center/DHS, and Chief of Administrative Operations, DHS Headquarters.
Ms. Seale received an undergraduate degree for the University of Georgia and master of business administration (finance) from the American University and is a Certified Information Systems Security Professional.
ISACA Members from Other Chapters: You will need to bring your ISACA Membership Card to the event to verify your ISACA Membership.
Presentations: Conference presentations will be included in the registrants' final event-related email message containing the CPE certificate and evaluation survey when permission is received from the presenter and their organization. In some cases, permission is not received.
Requests for Assistance: If you require assistance for an audio, visual, or other disability, please contact the Programs Director to discuss your needs, as soon as possible. We need as much advance notice as possible to determine whether requests can be accommodated. Thank You.
Earn up to 8 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge. The ISACA® GWDC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: http://www.learningmarket.org.
CPE Distribution and Evaluation Survey
CPE's will be distributed via e-mail along with the event evaluation survey up to seven (7) business days after the completion of the event. Attendees must be present the full day to receive full CPE credit.
- Prerequisites and Advance Preparation: N/A
- Program Knowledge Level: N/A
- Delivery Method: Live in person event