Loading Events

« All Events

Governance and Risk Management 2021

May 26 @ 8:30 am - 12:30 pm EDT

Free for ISACA GWDC Members, $60 other ISACA Members and Non-Members
Governance and Risk Management

The 2021 IT Governance and Risk Management Virtual Conference is a joint ISACA Greater Washington DC and Association for Federal Enterprise Risk Management (AFERM) event.

Successful information technology (IT) governance and risk management is vital for organizations to achieve its goals and objectives. Encompassing participation across the organization, from executives and board of directors to information security professionals and process owners, are necessary to plan and implement a robust IT governance and risk management program. Listen to leading professionals in the IT governance and risk management space share concepts you and your organizations should consider.

Wednesday May 26th, 2021 @ 0830 - 1230 EDT
Four (4) NASBA CPE credits

Who Should Attend?

Risk Management professionals, IT advisory or audit professionals, Business executives, Cybersecurity professionals, students or professionals interested in learning more about risk management and governance in the public, private or not-for-profit sector communities.


Key Practices in Cyber Supply Chain Risk Management: Observations from Industry (NISTIR 8276)
Presented by Mr. Jon Boyens, National Institute of Standards and Technology (NIST)
In today’s highly connected, interdependent world, all organizations rely on others for critical products and services. However, the reality of globalization, while providing many benefits, has resulted in a world where organizations no longer fully control—and often do not have full visibility into—the supply ecosystems of the products that they make or the services that they deliver. With more and more businesses becoming digital, producing digital products and services, and moving their workloads to the cloud, the impact of a cybersecurity event today is greater than ever before and could include personal data loss, significant financial losses, compromise of product integrity or safety, and even loss of life. Organizations can no longer protect themselves by simply securing their own infrastructures since their electronic perimeter is no longer meaningful; threat actors intentionally target the suppliers of more cyber-mature organizations to take advantage of the weakest link. That is why identifying, assessing, and mitigating cyber supply chain risks is a critical capability to ensure business resilience. The multidisciplinary approach to managing these types of risks is called Cyber Supply Chain Risk Management (C-SCRM).   In this sessions, Mr. Jon Boyens will discuss the key practices in Cyber Supply Chain Risk Management as identified in NIST Internal/Interagency Report (IR) 8276.

NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management
Presented by Ms. Nakita Grayson, National Institute of Standards and Technology (NIST)
For more than two decades, the Internet and associated information technologies have driven unprecedented innovation, economic value, and improvement in social services. Many of these benefits are fueled by data about individuals that flow through a complex ecosystem. As a result, individuals may not be able to understand the potential consequences for their privacy as they interact with systems, products, and services. At the same time, organizations may not realize the full extent of these consequences for individuals, for society, or for their enterprises, which can affect their brands, their bottom lines, and their future prospects for growth.
Following a transparent, consensus-based process including both private and public stakeholders to produce this voluntary tool, the National Institute of Standards and Technology (NIST) is publishing this Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (Privacy Framework), to enable better privacy engineering practices that support privacy by design concepts and help organizations protect individuals’ privacy. In this session, Ms. Nakita Grayson will expound on the Privacy Framework.



Jon Boyens
Manager, Security Engineering & Risk Management Group
National Institute of Standards and Technology

Jon Boyens manages the Security Engineering & Risk Management Group in the Computer Security Division, within the Department of Commerce’s National Institute of Standards and Technology (NIST).  He leads NIST’s Cyber Supply Chain Risk Management (C-SCRM) Program and co-leads the federal interagency working group for C-SCRM.  Jon helps develop and coordinate the Department's cybersecurity policy among the Department’s bureaus and represents the Department in the Administration’s interagency cybersecurity policy process.  Jon has worked on various White House-led initiatives, including those on trusted identities, botnets, federal supply chain, telecommunications supply chain, and the Cybersecurity Framework and companion Roadmap.

Nakia Grayson-circle

Nakia Grayson
IT Security Specialist, Privacy Engineering Program
National Institute of Standards and Technology

Nakia Grayson is part of the Privacy Engineering Program at the National Institute of Standards and Technology (NIST). She supports the Privacy Engineering Program with development of privacy risk management best practices, guidance and communications efforts. She also leads Supply Chain Assurance project efforts at the National Cybersecurity Center of Excellence (NCCoE). Nakia serves as the Contracting Officer Representative for NIST cybersecurity contracts. She holds a Bachelor’s in Criminal Justice from University of Maryland-Eastern Shore and a Master’s in Information Technology, Information Assurance and Business Administration from the University of Maryland University College.


Special Instructions

  • Group Live (Due to COVID-19, this training will be delivered via Zoom). Zoom link delivered with registration.
  • Prior to the event, participants must install the Zoom app in their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.
  • Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.
  • ISACA Greater Washington DC will not be responsible for the participant’s inability to respond to the polls.


Conference presentations are posted to the Presentations Library if permission is received from the presenter and their organization. In some cases, permission is not received.

Sponsor this Event

If your organization is interested in being an event sponsor, please take a look at the five (5) various event sponsorship packages and click this sponsorship link to become a sponsor.


Earn up to 4 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge. The ISACA® GWDC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: http://www.learningmarket.org.

CPE Distribution and Evaluation Survey

CPE's will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day to receive full CPE credit.

CPE-Related Details

  • Prerequisites and Advance Preparation: N/A
  • Program Knowledge Level: Beginner to Intermediate
  • Delivery Method: Virtual


May 26
8:30 am - 12:30 pm EDT
Free for ISACA GWDC Members, $60 other ISACA Members and Non-Members
Event Categories:
Event Tags:


Jose Torres