ISACA Greater Washington, D.C. Chapter
Serving ISACA GWDC Members since 1974
Upcoming Chapter Events
Below are upcoming chapter conferences, seminars, review courses, and other events. Prior chapter events can also be viewed.
For information on our event policies, see https://isaca-gwdc.org/event-policies/.
- This event has passed.
Annual General Meeting 2021
June 10, 2021 @ 8:15 am - 2:25 pm EDT
$0 ISACA Members, $60 Non-MembersAGENDA | TOPICS | PRESENTERS | ADDITIONAL DETAILS & CPE
The ISACA GWDC Annual General Meeting 2021 is designed to educate IT practitioners who want to learn about cybersecurity as the mission-focused and risk optimized management of systems and technology, which maximizes confidentiality, integrity, and availability; third-party risks mitigation; Privacy; NIST Update; IT Supply chain risk management; and other hot topics. The ISACA GWDC Annual General Meeting 2021 is our annual meeting to give a state of the chapter report and potentially vote on chapter updates.
There are a number of expensive training courses out there - online and classroom - that cover cybersecurity, cloud computing, and privacy, to mention a few. Do not overpay! The ISACA GWDC Annual General Meeting 2021 is excited to continue to offer our great lineup of speakers and topics related to the Public and Private sector communities at always-reasonable prices.
Who Should Attend
IT advisory or audit professional that serves or supports the Public or Private sector communities.
Come join the ISACA GWDC Annual General Meeting 2021 and training event covering a variety of hot topics relevant to current trends, and associated challenges in cyber-security, cloud computing, Privacy, etc.
Check out our calendar of upcoming events for more ISACA GWDC and partner activities. Don't forget to follow ISACA GWDC on LinkedIn, Twitter, and Facebook for the latest news and information from ISACA GWDC, ISACA, and the audit, governance, and security profession.
Agenda
Session 1 - Future of NIST SP 800-53
Session 2 - Challenges for AI/ML Security
Session 3 - Building Blocks to Manage Cyber Supply Chain Risks
Session 4 - Evolving Threats
Session 5 - Information Privacy
Get a Discount!
Enjoy discounted or free event pricing and other benefits all year round! Join ISACA GWDC Today!
TOPICS of the Annual General Meeting 2021
8:30 - 9:20 AM: Session 1 - The Future of NIST Special Publication (SP) 800-53
Speaker: Victoria Yan Pillitteri, Computer Scientist, CISSP, NIST
NIST SP 800-53, Security and Privacy Controls for Information Systems and Organizations, provides a comprehensive set of countermeasures to protect systems and organizations and manage cybersecurity, privacy, and cyber supply chain risk. Each revision of SP 800-53 is the most downloaded publication from the NIST Computer Security Resource Center; SP 800-53, Revision 4 had over 2 million downloads to date. SP 800-53 is a comprehensive data set used by organizations small and large, public and private, and across all sectors of the U.S and international economy. As we leverage more and more automation to make informed cybersecurity and privacy risk management and operational decisions, it is imperative that NIST not only offer the SP 800-53 controls in multiple formats, from PDFs /spreadsheets to various machine-readable formats, but also provide a mechanism to ensure that the controls can be kept up-to-date, encourage transparency and stakeholder engagement in the development process, and ultimately, help the user community of SP 800-53 better use the latest controls in their organizations. Join us to learn more about what NIST is doing to simply, automate and innovate, and the future of NIST SP 800-53.
9:25 AM- 10:15 AM: Session 2 - Challenges for Artificial intelligence/ Machine learning (AI/ML) Security
Speaker: Randy Soper
Among the recommended actions in its recently released final report, the National Security Commission on Artificial Intelligence included R&D in AI security to “[e]stablish justified confidence in AI systems.” Machine learning (ML) AI requires special investment in security R&D because ML systems are subject to new attack modalities that are not yet fully understood. This talk will introduce the broad classes of novel threats to ML systems: adversarial attack, data poisoning, and model extraction, and some key research finding. It will highlight some of the missing priorities in current AI security R&D including formal security models and implications of AI security on enterprise frameworks.
10:20 AM - 10:55 AM: Annual Membership Presentation - Alok Kakker, President ISACA GWDC
11:00 AM - 11:50 AM: Session 3 - Building Blocks and Key Practices to Implement, Integrate, and Evolve an Effective Capability to Manage Cyber-Supply Chain Risks
Speaker: Angela Smith, Information Security Specialist, CISSP, NIST
The recently released initial public draft of NIST Special Publication (SP) 800-161 Revision 1: Cyber Supply Chain Risk Management (C-SCRM) Practices for Systems and Organizations provides updated guidance about building and maturing organization’s C-SCRM practices and capabilities, C-SCRM activities in the risk management process, and includes an updated and comprehensive catalog of C-SCRM controls. Changes also include expanded alignment to NIST SP 800-37, Revision 2: Risk Management Framework for Information Systems and Organizations, guidance about the critical success factors for establishing and sustaining an effective C-SCRM program, and an expanded set of templates that organizations can leverage to develop a C-SCRM Strategy, Implementation Plan, Policy, and system-level C-SCRM plans. This update also continues to emphasize the importance of an integrated and coordinated approach to C-SCRM and promotes an interdisciplinary team approach, advocates for the incorporation of C-SCRM into existing enterprise risk management and governance structures and processes, and focuses attention on building C-SCRM into acquisition processes and contracts. There is also new guidance about cyber supply chain risk information sharing. This presentation will provide an overview of the contents of and highlight significant changes and updates to NIST SP 800-161, Revision 1.
11:55 AM - 12:35 PM - Break
12:40 PM - 1:30 PM: Session 4 - Evolving threats including Quantum and current harvesting attacks and how organizations need to manage cyber risks in the context of their Enterprise Risk Management program
Speaker: Shahryar Shaghaghi, Technology and Risk Management, Senior Executive, Chief Technology Officer, Quantum Xchange
The cybersecurity threat landscape will continue evolving, expanding, and impacting critical infrastructure organizations and governments. Some of our adversary nations states have been and are investing significantly higher than the U.S. in the development and advancement of Quantum Computing technologies. Although the benefits of Quantum Computers are unimaginable, the risk of breaking classical cryptography that has protected our sensitive and persistent data for 30+ years is huge. In this session, we will discuss cybersecurity mitigation strategies including established governance and prioritization by larger and more complex organizations, using various risk management frameworks and risk quantification methods. Alignment of IT Risk with Enterprise Risk Management program will also be discussed, using stories from some client engagement experience.
1:35 PM - 2:25 PM: Session 5 - Information Privacy - Managing Risks in an Increasingly Challenging Environment
Speaker: Chris Zoladz, Founder of Navigate LLC, CIPP, CIPM, CISSP, and CPA
The convergence of increasing consumer/citizen privacy expectations, and evolving/new technologies enabling more aggressive collection and uses of personal information has resulted in Information privacy becoming one of the hottest topics in the media and at corporations and government agencies. In addition, the risks and challenges are further complicated by increasing legal requirements such as the California Consumer Privacy Act (CCPA) and the Virginia Consumer Data Privacy Act (CDPA). This session will provide a current perspective on:
- privacy operations and legal risks;
- challenges in managing these risks; and
- suggested solutions
2:15 PM - 2:25 PM: Closing Remarks
MEET THE PRESENTERS of the Annual General Meeting 2021
Victoria Yan Pillitteri, CISSP
Senior Computer Scientist, National Institute of Standards and Technology
Victoria Yan Pillitteri is a senior computer scientist in the Computer Security Division at the National Institute of Standards and Technology (NIST). Ms. Pillitteri is the team lead of the Federal Information Security Modernization Act (FISMA) Implementation Project. She supervises a team of technical research and administrative staff that are responsible for conducting the research and development of the suite of risk management guidance used for managing information security risk in the federal government, and associated stakeholder outreach and public-private coordination/collaboration efforts. In addition to her role as supervisor, she leads a research portfolio focused on security and privacy risk management, and frequently hosts and speaks at conferences and workshops on these topics.
Ms. Pillitteri previously worked on the Cybersecurity Framework, led the NIST Smart Grid and Cyber Physical Systems Cybersecurity Research Programs, served on the board of directors of the Smart Grid Interoperability Panel, served as Chair of the Federal Computer Security Managers’ Forum, and completed a detail in the office of the NIST Director as an IT policy advisor. She has co-authored a number of NIST Special Publications (SPs) and Interagency Reports (IRs) on information security, including SP 800-12, 800-37, 800-53, 800-82, 800-171, 800-171A, 800-171B, 800-137A, 1108 and IR 7628.
Victoria holds a B.S. in Electrical Engineering from the University of Maryland, a M.S in Computer Science, with a concentration in Information Assurance, from the George Washington University, and is a Certified Information Systems Security Professional (CISSP).
Randy Soper
Senior Director and Lead Data Strategist, Illuminate
Randy Soper is a Senior Director and Lead Data Strategist for Illuminate. In this role, he architects and delivers data, analysis, and operations solutions for national security customers. He is a thought leader and implementation expert in human-machine teaming, AI assurance, digital transformation, and data science-mission integration. Randy volunteers for the IEEE and serves on the AI Standards Committee as well as working groups for AI governance and ethics. Prior to joining Illuminate, Randy supported the Department of Defense targeting and intelligence missions for 15 years including supporting the Intelligence Community migration to the cloud and developing cognitive-risk-based accreditation of AI for intelligence production use. Randy has a BS and MS in mechanical engineering from Virginia Tech.
Angela Smith
Information Security Specialist, National Institute of Standards and Technology
Angela Smith is an Information Security Specialist in the Computer Security Division, within the Department of Commerce’s National Institute of Standards and Technology. Angela serves as the technical lead for NIST’s Supply Chain Risk Management program and is the NIST representative to the Federal Acquisition Security Council’s Working Group and Task Force. She has worked on numerous White House-led initiatives and public-private sector efforts focused on strengthening cybersecurity and reducing risk. She co-chairs the Software and Supply Chain Assurance Forum, is helping to lead the newly established NIST C-SCRM Federal Forum, and recently served as the Government co-chair of two DHS ICT SCRM Task Force working groups. Prior to joining NIST, Ms. Smith was a Sr. Advisor with the General Services Administration, providing leadership in the development and implementation of GSA’s supply chain risk management program. She has over two decades of Federal service, with experience across a spectrum of areas including acquisition management, cybersecurity, cloud computing, identity and access management, and shared services. Ms. Smith is a Certified Information Systems Security Professional, holds a Masters in Public Administration with a concentration in Information Technology policy from George Mason University, and is a veteran of the US Air Force.
Shahryar Shaghaghi
Technology and Risk Management, Senior Executive
Shahryar, is the Chief Technology Officer (CTO) at Quantum Xchange, overseeing the development and execution of Quantum Xchange’s technologies and enhancing the company’s broader post-quantum crypto-agile infrastructure strategy. By leveraging his extensive technology, risk management, and cybersecurity leadership experience garnered from his tenure with major consulting and financial services companies and his solid track record with complex and global implementations, Shahryar has successfully helped chief technology, risk, compliance, audit, legal, finance, operations, security, and privacy officers achieve their goals and optimize their critical and strategic programs. Expert in Cybersecurity, Shahryar recently served as a consulting subject matter expert for the Federal Reserve Bank of New York’s (FRBNY) Cybersecurity Risk Management program. Shahryar has been a lecturer at Columbia University for more than 3 years focusing on IT Risk Management and Data Privacy for the Enterprise Risk Management graduate program.
Chris Zoladz, CIPP, CIPM, CISSP, and CPA
Founder of Navigate LLC
Chris Zoladz is the founder of Navigate LLC, a consultancy that specializes in helping organizations of all sizes meet information protection, privacy, compliance and governance requirements in a practical, cost effective way while maximizing the value of information assets. Prior to Navigate, Chris was the vice president of information protection & privacy at Marriott International and one of the first Chief Privacy Officers in the Fortune 250.
Chris was a founding board member and past chairman of the International Association of Privacy Professionals (IAPP). Chris holds numerous privacy and certifications (Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM), Certified Information Systems Security Professional (CISSP), and Certified Public Accountant (CPA)). He has been named one of the top privacy advisors by ComputerWorld, and is a past recipient of the IAPP Vanguard Award as Chief Privacy Officer of the Year. Chris is also a past board member and treasurer of the ISACA – Greater Washington Area.
ADDITIONAL DETAILS
Special Instructions
- Group Live (Due to COVID-19, this training will be delivered via Zoom). Zoom link delivered with registration.
- Prior to the event, participants must install the Zoom app in their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.
- Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.
- ISACA Greater Washington DC will not be responsible for the participant’s inability to respond to the polls.
Presentations
Conference presentations are posted to the Presentations Library if permission is received from the presenter and their organization. In some cases, permission is not received.
Sponsor this Event
If your organization is interested in being an event sponsor, please take a look at the five (5) various event sponsorship packages and click this sponsorship link to become a sponsor.
CPE
Earn up to 5 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge. The ISACA® NCAC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: http://www.learningmarket.org.
CPE Distribution and Evaluation Survey
CPE's will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day to receive full CPE credit.
CPE-Related Details
- Prerequisites and Advance Preparation: N/A
- Program Knowledge Level: Beginner to Intermediate
- Delivery Method: Virtual