For more information on our events policy, see https://isaca-gwdc.org/event-policies/
- This event has passed.
IT Governance and Risk Management 2021
May 26 @ 8:30 am - 12:30 pm EDTFree for ISACA GWDC Members, $60 other ISACA Members and Non-Members
The 2021 IT Governance and Risk Management Virtual Conference is a joint ISACA Greater Washington DC and Association for Federal Enterprise Risk Management (AFERM) event.
Successful information technology (IT) governance and risk management is vital for organizations to achieve its goals and objectives. Encompassing participation across the organization, from executives and board of directors to information security professionals and process owners, are necessary to plan and implement a robust IT governance and risk management program. Listen to leading professionals in the IT governance and risk management space share concepts you and your organizations should consider.
- 08:30 to 09:30: Key Practices in Cyber Supply Chain Risk Management: Observations from Industry (NISTIR 8276)
- Presented by Mr. Jon Boyens (NIST)
- 09:30 to 10:30: Department of Homeland Security (DHS) Office of Inspector General (OIG) IT Governance and Risk Management Panel
- DHG OIG Panelists: Dr. Temika Edwards, Mr. Scott Wrightson and Ms. Michelle Weaver
- Moderated by Mr. Craig Atkinson (Guidehouse)
- 10:30 to 11:30: NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management
- Presented by Ms. Nakia Grayson (NIST)
- 11:30 to 12:30: Cyber Risk and the U.S. Financial System: A Pre-Mortem Analysis
- Presented by Dr. Thomas Eisenbach (Federal Reserve Bank of New York)
Who Should Attend?
Risk Management professionals, IT advisory or audit professionals, Business executives, Cybersecurity professionals, students or professionals interested in learning more about risk management and governance in the public, private or not-for-profit sector communities.
Wednesday May 26th, 2021 @ 0830 - 1230 EDT
Four (4) NASBA CPE credits
- Identify risk management practices being applied by industry and identify concepts that you can leverage to enhance your organization’s information technology risk posture.
- Understand practical implications of effective and ineffective implementation of information technology risk management concepts.
- Learn about privacy framework basics and how to leverage the NIST privacy framework tool for your organization’s risk management objectives.
Key Practices in Cyber Supply Chain Risk Management: Observations from Industry (NISTIR 8276)
Presented by Mr. Jon Boyens, National Institute of Standards and Technology (NIST)
In today’s highly connected, interdependent world, all organizations rely on others for critical products and services. However, the reality of globalization, while providing many benefits, has resulted in a world where organizations no longer fully control—and often do not have full visibility into—the supply ecosystems of the products that they make or the services that they deliver. With more and more businesses becoming digital, producing digital products and services, and moving their workloads to the cloud, the impact of a cybersecurity event today is greater than ever before and could include personal data loss, significant financial losses, compromise of product integrity or safety, and even loss of life. Organizations can no longer protect themselves by simply securing their own infrastructures since their electronic perimeter is no longer meaningful; threat actors intentionally target the suppliers of more cyber-mature organizations to take advantage of the weakest link. That is why identifying, assessing, and mitigating cyber supply chain risks is a critical capability to ensure business resilience. The multidisciplinary approach to managing these types of risks is called Cyber Supply Chain Risk Management (C-SCRM). In this sessions, Mr. Jon Boyens will discuss the key practices in Cyber Supply Chain Risk Management as identified in NIST Internal/Interagency Report (IR) 8276.
Cyber Risk and the U.S. Financial System: A Pre-Mortem Analysis
Presented by Thomas M. Eisenbach, Federal Reserve Bank of New York
Cyber attacks are an increasing concern especially for financial service firms which may experience up to 300 times more cyber attacks per year than other firms. Almost every financial stability survey includes cyber attacks among the top risks. Yet, there is still no universal consensus on the taxonomy and definition of cyber events, let alone comprehensive data collection on the frequency and nature of cyber attacks. In this presentation, Dr. Eisenbach will share his report on how to understand the risk presented by cyber attacks to the U.S. financial system and to quantify how a cyber attack may be amplified through the system.
NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management
Presented by Ms. Nakia Grayson, National Institute of Standards and Technology (NIST)
For more than two decades, the Internet and associated information technologies have driven unprecedented innovation, economic value, and improvement in social services. Many of these benefits are fueled by data about individuals that flow through a complex ecosystem. As a result, individuals may not be able to understand the potential consequences for their privacy as they interact with systems, products, and services. At the same time, organizations may not realize the full extent of these consequences for individuals, for society, or for their enterprises, which can affect their brands, their bottom lines, and their future prospects for growth.
Following a transparent, consensus-based process including both private and public stakeholders to produce this voluntary tool, the National Institute of Standards and Technology (NIST) is publishing this Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (Privacy Framework), to enable better privacy engineering practices that support privacy by design concepts and help organizations protect individuals’ privacy. In this session, Ms. Nakita Grayson will expound on the Privacy Framework.
MEET THE PRESENTERS
Security Engineering & Risk Management Group
National Institute of Standards and Technology
Jon Boyens manages the Security Engineering & Risk Management Group in the Computer Security Division, within the Department of Commerce’s National Institute of Standards and Technology (NIST). He leads NIST’s Cyber Supply Chain Risk Management (C-SCRM) Program and co-leads the federal interagency working group for C-SCRM. Jon helps develop and coordinate the Department's cybersecurity policy among the Department’s bureaus and represents the Department in the Administration’s interagency cybersecurity policy process. Jon has worked on various White House-led initiatives, including those on trusted identities, botnets, federal supply chain, telecommunications supply chain, and the Cybersecurity Framework and companion Roadmap.
Dr. Temika Edwards
Director, Office of the Inspector General
Department of Homeland and Security
Dr. Temika Edwards is a recognized leader, program manager, and speaker with 16 years of private and public sector experience in enterprise risk management (ERM), policy development, capacity development, change management, and strategic planning. This includes an exceptional blend of creativity and analytical skill with the ability to provide a focused approach toward relationship management, which includes working across organizations to develop teams that surpass expectations. She is a recognized leader, program manager, and speaker with 16 years of private and public sector experience in enterprise risk management (ERM),policy development, capacity development, change management, and strategic planning. This includes an exceptional blend of creativity and analytical skill with the ability to provide a focused approach toward relationship management, which includes working across organizations to develop teams that surpass expectations.
Temika works within the DHS OIG’s Office of Innovation as the Director of Policy, Strategy, and Risk. As the subject matter expert, she supports the OIG in changing its culture by enhancing its policy, strategy, risk framework, and methodology for identifying and evaluating risks internal to the OIG and across DHS. Previously, Temika was the Acting Branch Manager for the Transportation Security Administration (TSA), leading the establishment and implementation of TSA’s ERM program and fostering the agency’s risk management culture. In 2016, GAO recognized the TSA ERM program as a standard of best practices for the federal government and acknowledged TSA for its leading efforts in “...sustaining ERM strategy through leadership engagement.”
Temika co-chairs the Council of the Inspector General on Integrity and Efficiency ERM working group, consults, and advises other federal government organizations in their ERM program development efforts and shares best practices. She also has expertise in staff modernization, domestic and international training, and regulation compliance. Temika received her Doctorate in Organizational Leadership, Northcentral University; M.B.A. Meredith College; B.A. North Carolina Central University.
Privacy Engineering Program
National Institute of Standards and Technology
Nakia Grayson is part of the Privacy Engineering Program at the National Institute of Standards and Technology (NIST). She supports the Privacy Engineering Program with development of privacy risk management best practices, guidance and communications efforts. She also leads Supply Chain Assurance project efforts at the National Cybersecurity Center of Excellence (NCCoE). Nakia serves as the Contracting Officer Representative for NIST cybersecurity contracts. She holds a Bachelor’s in Criminal Justice from University of Maryland-Eastern Shore and a Master’s in Information Technology, Information Assurance and Business Administration from the University of Maryland University College.
Thomas M. Eisenbach
Federal Reserve Bank of New York
Thomas Eisenbach is a Senior Economist in the Research and Statistics Group at the Federal Reserve Bank of New York. His main research interests are in financial economics with links to macroeconomics, in particular the role that frictions play for financial institutions, financial markets, and the economy more broadly. He has worked on issues of financial stability such as rollover risk and fire sales, as well as on bank supervision and monetary policy transmission. His articles have been published in leading academic journals, including the Journal of Finance and the Journal of Financial Economics. He received his Ph.D. in Economics from Princeton University in 2011.
Chief Data Officer, Office of the Inspector General
Department of Homeland Security
Scott Wrightson serves as the Chief Data Officer at the Department of Homeland Security’s Office of Inspector General. He leads teams of data analysts, data architects, data auditors, and Information Technology specialists who provide support for audits, inspections, and investigations dealing with complex, technological, and high-risk data problems. He is also responsible for using DHS OIG’s internal data to help make its operations more efficient and effective.
Craig is focused on information assurance and IT risk management. Craig supports multiple federal organizations at the forefront on cybersecurity to help them in their mission to protect national security interests. Prior to Guidehouse, Craig spent 19 years at PwC consulting with federal and commercial customers to identify cybersecurity risks and evaluate the effectiveness of IT process controls. Craig’s knowledge of federal standards enables him to clearly communicate the impact of IT control weaknesses and the requirements to implement strong cybersecurity solutions to federal executives.
Senior Program Analyst, Office of the Inspector General
Department of Homeland Security
Michelle Weaver is a Senior Program Analyst in the Office of Innovation at the
Department of Homeland Security Office of Inspector General (DHS OIG). She
currently manages the Project Tracking System which is the system of record
for all reports, recommendations, and correspondences. She has a wealth of
experience in policy development, IT governance, system administration, and
strategic planning. She holds a Bachelor’s in Information Systems and Analysis
from Howard University, a Master’s in Business Administration, Management
from the University of the District of Columbia, and is a certified Project
Management Professional (PMP).
- Group Internet Based. Zoom link delivered with registration.
- Prior to the event, participants must install the Zoom app in their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.
- Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.
- ISACA Greater Washington DC will not be responsible for the participant’s inability to respond to the polls.
Conference presentations are posted to the Presentations Library if permission is received from the presenter and their organization. In some cases, permission is not received.
Sponsor this Event:
Cancellation and Refund Policy:
Cancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details.
If ISACA GWDC cancels the event, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided.
Earn up to 4 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge. The ISACA® GWDC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org.
CPE Distribution and Evaluation Survey:
CPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day and respond to polling questions to receive full CPE credit.
- Prerequisites and Advance Preparation: None
- Program Knowledge Level: Beginner
- Delivery Method: Group Internet based
- Field of Study: Information Technology - Technical
The GWDC welcomes your comments, complaints, suggestions, questions, and other feedback concerning our website information and services. All complaints should be directed to the Associate Director of Registrations at email@example.com.
Kenneth joined ISACA in 2013 and presently serves as the GWDC Communications Director. He holds the CISM, CISA, PMP, CIPP/G, and AWS CCP.