Introduction to Federal PKI and PKI Audits (External Event)
October 22 @ 8:00 am - 12:00 pm EDTGovernment Auditor - $39, GWDC Member - $49, Non-ISACA Member: $65
Public Key Infrastructure (PKI) is one of the most secure ways to protect information, but only if it is implemented properly. There are multiple parties involved and Federal policies and standards to follow otherwise it becomes a secure way to lose information or for malicious actors to encrypt and exfiltrate it. In addition, the Federal PKI is a federated PKI ecosystem of federal agencies and business partners. Not all PKI is Federal PKI and, depending on the use case, shouldn’t be. Come learn about the difference between the Federal PKI and Enterprise PKI in policy, use case, and implementation. We will also cover a general framework for auditing a PKI, the general classes of attacks on PKI operations and how to protect against them, and PKI in the cloud.
Date - October 22, 2019 | 8am - 12 PM
CPE - 4 credits
Location - Robert Half, 1401 I St. NW, Suite 400, Washington, DC, 20005
Cost - Government Auditor - $39, GWDC Member - $49, Non-ISACA Member: $65 (ISACA Members register as an IIA member to receive the member rate.
Logistics - Bring your photo ID for check-in at the front-desk. Less than 3 blocks from McPherson Square Metro. Closest parking garage on I street (1444 I St NW)
- Federated and enterprise PKI use cases
- Federal PKI, Federal Bridge, and Federal Common Policy
- Components of a PKI Audit per Federal PKI guidance
- General classes of attacks on PKI operations per NIST guidance
- How to protect against attacks against PKI system
- PKI in the cloud
Kenneth Myers, A Senior Manager in Protiviti's Federal Security and Privacy Consulting practice with a focus in Identity Management. He has more than 15 years of business experience specializing in federated identity systems, Public Key Infrastructure, security management, and governance solutions. Kenneth holds many certifications and degrees including an MBA, ISACA CISM and CISA, PMI PMP and ACP, ITIL, CompTIA Cloud Security Professional, and CIPP/G.
Jimmy Jung, President and Lead Auditor at Slandala Company. He has performed audits of PKI systems since 2002 and has more than 30 years’ experience in the design, implementation and certification of information assurance systems. He is certified by the International Information Systems Security Certification Consortium (ISC)² as a Certified Information Systems Security Professional (CISSP) and is certified by the Information Systems Audit and Control Association (ISACA) as a Certified Information Systems Auditor (CISA). He has designed, installed or operated PKI systems for the Department of State, the Department of Energy, the Department of Treasury, the Federal Bureau of Investigation, the Department of Homeland Security, the United States Patent and Trademark Office (USPTO) and other agencies and commercial companies. He has provided PKI audit and compliance support for the Department of State, the Department of Labor, the Department of Commerce (DoC) and has been the lead auditor for the Department of Defense Certification Authorities and auditor of several of the DoD agency Registration Authorities, Local Registration Authorities and External Certificate Authorities.
Who should attend?
8:00 - 8:30 - Registration and Breakfest
8:30 - 9:30 - Introduction to Federal PKI and PKI Use Cases
9:30 - 10:30 - PKI Audit Guidance
10:30 - 11:30 - General Classes of PKI Attacks
11:30 - 12:00 - PKI in the Cloud / PKI Future Trends
Kenneth joined ISACA in 2013 and presently serves as the GWDC Communications Director. Kenneth also volunteers with ISACA International and some of his volunteering consists of the Learning Visions Working Group, Identity Management Topic Leader, and Emerging Technology Topic Leader. Kenneth is a Senior Manager for Protiviti Government Services within the Security and Privacy Practice. He holds the CISM, CISA, PMP, CIPP/G, AWS CCP and is a trained CyberArk Delivery Engineer.