For more information on our events policy, see https://isaca-gwdc.org/event-policies/
- This event has passed.
Cybersecurity Conference 2020
October 21, 2020 @ 8:20 am - 12:30 pm EDTComplimentary ISACA Members, $60 Non-Members
Join us for the virtual ISACA GWDC Cybersecurity Conference 2020. Cybersecurity continues to be a dominant concern for IT professionals, business leaders, governments, and the public. Our constantly increasing reliance on digital technology and the growing complexity of information systems exposes our daily life, economy, health, safety and privacy to technical failures and malicious attacks. The constant evolution of technology and the adaptability of threat agents calls for more comprehensive management frameworks and the ingenuity to develop tools and strategies to cope with their increasing complexity. This Cybersecurity Conference 2020 will update participants on evolving civilian and military controls management frameworks, security governance approaches for cloud environments, and cybersecurity program success stories.
Learning Objectives of the Cybersecurity Conference 2020
- Understand how to approach the new Federal Civilian guidance on security and privacy controls structure
- Learn about the US DoD – Cybersecurity Maturity Model Certification and its relationship to other certifications and frameworks
- Obtain insights into strategies used successfully by large Federal agencies to implement their security and privacy controls management programs
- Learn about tools used by leading Cloud Service Providers to govern their systems that may also be used by customers to exert proper oversight
AGENDA for the Cybersecurity Conference 2020
- 8:20 to 8:30 AM: Welcome Message and Conference Overview
- 8:30 to 9:20 AM: Updated NIST Guidance on Security and Privacy Controls and Control Baselines – Victoria Yan-Pillitteri (National Institute of Standards and Technology)
- 9:30 to 10:20 AM: Leveraging Innovation to Meet Compliance in the Cloud – Alexis Robinson (Amazon Web Services)
- 10:30 to 11:20 AM: Tips for Preparing for Cybersecurity Maturity Model Certification (CMMC) – Chris Ballister, Joshua McGee (Grant Thornton)
- 11:30 to 12:20 AM: Reducing Supply Chain Risk Management (SCRM) Risk in a Decentralized Environment – Kurt Merkling (DOE), Robert Brougham (EY)
TOPICS of the Cybersecurity Conference 2020
What’s New in NIST SP 800-53, Revision 5: Security and Privacy Controls for Systems and Organizations and Draft NIST SP 800-53B: Control Baselines for Information Systems and Organizations
Recently released NIST Special Publication (SP) 800-53, Revision 5 provides a comprehensive catalog of next-generation security and privacy controls to safeguard systems and organizations, and the personal privacy of individuals. This long-anticipated update includes changes to improve usability, promote alignment with the Cybersecurity Framework and Privacy Framework, and new and updated controls to address privacy and supply chain risk management, and security engineering. This presentation will highlight the significant changes in SP 800-53, Revision 5, highlight available supplemental materials for SP 800-53, discuss the draft security and privacy control baselines, and feature a preview of publications in the NIST pipeline for FY2021.
PRESENTER: Victoria Yan-Pillitteri, NIST
Leveraging Innovation to Meet Compliance in the Cloud
Oftentimes, compliance can become the enemy of innovation and a “start-up” culture. AWS has developed mechanisms that champion security while fostering innovation and produce repeatable benefits to our customers. This presentation shares insights into methods CISOs and IT Consultants can use to advance large scale security initiatives, build an innovation culture, and incentivize personnel to meet compliance objectives. Additionally, we illustrate these concepts by talking through how AWS addresses and influences FedRAMP compliance for ourselves and our customers.
PRESENTER: Alexis Robinson, AWS
Tips for Preparing for Cybersecurity Maturity Model Certification (CMMC)
In responding the DoD's Cybersecurity Maturity Model Certification (CMMC) requirements, many organizations are facing common and significant challenges. These challenges range from identifying the right CMMC Maturity Level for their organization, to establishing foundational infrastructure such as a dedicated enclave for Controlled Unclassified Information (CUI) and Federal Contract Information (FCI).
Join Grant Thornton's Joshua McGee and Chris Ballister where they will share their experience and insight into CMMC readiness and compliance. This webinar moves past an overview of CMMC to provide a real-world discussion of the significant and often unexpected CMMC challenges companies are facing. This discussion will also discuss impacts of the late September DoD release of an interim rule introducing DFARS 252.204-7019, 7020, and 7021, which provide more details regarding the 5-year CMMC rollout, and the immediate enforcement of NIST SP 800-171 requirements.
PRESENTER: Joshua McGee and Chris Ballister, Grant Thornton
Reducing Supply Chain Risk Management (SCRM) Risk in a Decentralized Environment
The U.S. Department of Energy (DOE) is a diverse and hyper-federated environment (over 50 federated entities), which makes cyber supply chain risk management particularly challenging. DOE’s environment presented a unique opportunity to partner with EY to establish an enterprise level SCRM Program that is customizable, scalable, standardized, and applicable across the enterprise. Hear from a DOE visionary about their journey to establish and operate an enterprise SCRM program that enables executives to make risk informed supplier decisions, increase efficiency, and reduce risk in the Department’s hyper-federated environment.
PRESENTERS: Kurt Merkling, DOE; Robert Brougham, EY
MEET THE PRESENTERS of the Cybersecurity Conference 2020
Victoria Yan Pillitteri
Computer Scientist, National Institute of Standards and Technology
Victoria Yan Pillitteri is a senior computer scientist in the Computer Security Division at the National Institute of Standards and Technology (NIST). Ms. Pillitteri is the team lead of the Federal Information Security Modernization Act (FISMA) Implementation Project. She supervises a team of technical research and administrative staff that are responsible for conducting the research and development of the suite of risk management guidance used for managing information security risk in the federal government, and associated stakeholder outreach and public-private coordination/collaboration efforts. In addition to her role as supervisor, she leads a research portfolio focused on security and privacy risk management and frequently hosts and speaks at conferences and workshops on these topics.
Ms. Pillitteri previously worked on the Cybersecurity Framework, led the NIST Smart Grid and Cyber Physical Systems Cybersecurity Research Programs, served on the board of directors of the Smart Grid Interoperability Panel, served as Chair of the Federal Computer Security Managers’ Forum, and completed a detail in the office of the NIST Director as an IT policy advisor. She has co-authored a number of NIST Special Publications (SPs) and Interagency Reports (IRs) on information security, including SP 800-12, 800-37, 800-53, 800-82, 800-171, 800-171A, 800-171B, 800-137A, 1108 and IR 7628.
Victoria holds a B.S. in Electrical Engineering from the University of Maryland, a M.S in Computer Science, with a concentration in Information Assurance, from the George Washington University, and is a Certified Information Systems Security Professional (CISSP).
Government Assessments Program Manager, AWS
Alexis Robinson is the Government Assessments Program Manager for Amazon Web Services (AWS) Security Assurance in the Washington, DC area. Alexis coordinates the assessments of services seeking authorization for various U.S. government certifications (i.e. FedRAMP, DoD, CMMC) within the East/West and AWS GovCloud (US) regions. She advises on internal AWS government compliance matters, and interfaces with government regulators, customers and authorizing officials for federal compliance. Alexis is a liaison to the FedRAMP Joint Authorization Board (JAB) for her GAAP team and other AWS Security teams.
Prior to AWS, Alexis worked for EY serving Federal Government clients through financial statement, performance, and compliance audits or advising them on audit readiness. She started her IT career as a software development at CGI Federal.
Manager, Grant Thornton
Joshua McGee is a Manager in Grant Thornton Public Sector’s Risk Advisory Services, supporting Cybersecurity and Information Assurance. His work focuses on providing cybersecurity controls and Risk Management Framework services to federal agencies, and providing government IT security compliance services to commercial firms. Part of this focus includes providing insight to clients on emerging CMMC requirements. His federal experience includes with the Department of Defense, Department of Justice, US House of Representatives, and the Department of the Treasury. In addition, Joshua has experience providing cybersecurity and internal audit services to commercial clients as a member of Grant Thornton UK in London, where he advised FTSE 100, non-profit, and higher education clients. He has a Bachelor’s in Political Science from Elon University, and holds a CISA ISACA certification.
Director, Grant Thornton
CISM, CGEIT, CRISC
Chris Ballister is a Director for Grant Thornton Risk Advisory Services supporting the Information Assurance / Cybersecurity practice area. His work focuses on the relationship of information security, IT governance, privacy, and risk management supporting the C-Suite throughout the public sector. Chris has served in government at the senior executive level as both a deputy and Chief Information Officer at the US House, White House, and Office of Inspector General at Health and Human Services. He has also been a CEO and President in industry building a small company supporting intelligence and cyber threat protection missions for the government. Chris is also a United States Naval Academy graduate with 24 years of service and a retired Navy Captain. He has a master’s degree from the George Washington University Department of Engineering in Information Management and holds the CISM, CGEIT, and CRISC ISACA certifications.
Senior IT Program Manager, U.S. Department of Energy
Kurt is a Senior IT Program Manager at the US Department of Energy (DOE), Office of the Chief Information Officer with more than 25 years of leadership and management experience. Kurt served a full career in the US Navy and worked for IBM prior to joining DOE. While in the Navy he served with aviation squadrons and operational units as a naval aviator and assigned to several government entities such at the Missile Defense Agency (MDA), National Reconnaissance Office (NRO), and National Geospatial-Intelligence Agency (NGA) as a program manager.
Senior Manager, IT Risk Management, EY
Rob is a Senior Manager at EY with nearly 15 years of experience concentrated in IT Risk Management, Identity and Access Management, Third Party / Supply Chain Risk Management and IT Project/Program management. Rob has supported both commercial and federal clients manage global programs to enhance an organizations Cybersecurity posture through leveraging technology, process improvement, simplification, and establishing measurable metrics to drive business behavior and executive decisions.
This is a virtual event and a Zoom link will be provided in the registration confirmation email.
Conference presentations are posted to the Presentations Library if permission is received from the presenter and their organization. In some cases, permission is not received.
Sponsor this Event
Earn up to 4 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge of information technology. The ISACA® NCAC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: http://www.learningmarket.org.
CPE Distribution and Evaluation Survey
CPE's will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day to receive full CPE credit.
- Specialized Knowledge: Information Technology
- NASBA Sponsor ID: 103445
- Prerequisites and Advance Preparation: N/A
- Program Knowledge Level: Basic
- Delivery Method: Virtual