ISACA Greater Washington, D.C. Chapter

Serving ISACA GWDC Members since 1974

CPE Questions   Join ISACA   Subscribe

Public Cloud: The Good, The Risks, The Audit

by

DETAILS | AGENDA | PRESENTERS | ADDITIONAL DETAILSCPE INFORMATION | SPONSORSHIP

DETAILS

Come to our Work Securely Webinar 2020 on April 8th 2020 at 12:00pm   

The global public cloud computing market is set to exceed $330 billion in 2020. Federal Agencies are rapidly accelerating the adoption of cloud-based services. Our speakers will highlight the latest trends and audit techniques. 

This conference will enable participants to learn about the latest trends in cloud computing.  Learn from leaders in the public and private sector as they share to you their insights from cloud implementation to its security.

Cloud Security Alliance (CSA) is co-hosting the event and will provide an expert panel to discuss cybersecurity concerns.

 

TOPICS

Why You're Losing the Cyber Battle and How Embracing the Cloud Will Help You Fight Back

Presented by: Matt Soseman

Join us as Matt Soseman a Cyber Security Architect from Microsoft discusses the issues that we are facing today with cloud with a visit at where we have been, what the blockers are, and where we are going. He'll dive into how cloud migration isn't the issue, but how to use public cloud to protect/detect/respond to cyber threats while maintaining (even increasing) compliance. Learn how public cloud fights cyber attacks on your behalf, and helps you comply with the law of the land but most importantly how it can transform your business. Adoption of cloud  is important, but how you get there is through aligning to business outcomes to reach the vision.

Cloud Cyber Security Panel

A panel of cyber security experts will discuss the Cloud Security Alliance (CSA) publication: “Top Threats to Cloud Computing The Egregious 11.” The panel will include two CSA representatives, Bob Gourley and Dr. Mari Spina. The third member is Sushila Nair, Vice President, Security Portfolio, NTT DATA. Misconfiguration, access control, account hijacking, and other threats will be discussed in depth given the current environment. There will be a Q&A period for attendees to ask questions.

Panelists:
- Dr. Mari Spina; Research Committee Chair, Cloud Security Alliance
- Bob Gourley; Co-founder and Chief Technology Officer, OODA LLC
- Sushila, Nair, Vice President, Security Portfolio, NTT DATA

Moderator:
- Scott Vachal; Client Executive, Soter Cloud Solutions

Auditing the Cloud

Presenter: Loren Schwartz

The Federal Government agencies are rapidly moving to the Cloud. This presents the auditor with new challenges to accurately audit their systems. Also, working with federal agencies requires what most consider a second language. During this presentation Mr. Schwartz will sort through the jargon and alphabet soup of Cloud environments including CSP, IaaS, SaaS, AWS, PaaS, FedRamp, DaaS, JAB, DBaaS, and help guide you through an approach to auditing your agencies adoption of a cloud service provider. As we discuss potential audit approaches, we will consider the nature of the cloud service and the roles and responsibilities of the cloud provider and the procuring agency.

Click Here to Register

Who should attend?

  • Any professional in the Information Security / Assurance industry, including IT auditors, IT consultants, and general IT professionals with exposure to or looking to get exposure to cloud computing initiatives.

MEET THE PRESENTERS

Soseman_Headshot (002)

Matt Soseman

Senior Security Architect, Microsoft

Matt Soseman is a Senior Security Architect based in San Diego, CA working with Microsoft partners and their customers to help them realize the business opportunity in Cyber Security and how to lower risk and increase posture that leads to new business outcomes. Matt has held multiple roles within Microsoft over the last 10 years in areas of Partner Marketing and Microsoft Consulting Services focused on delivering Cyber Security, Compliance, and Enterprise Mobility solutions to enterprises across both public and private sector. Prior to Microsoft, Matt delivered world class mobility consulting and training to Fortune 50 customers and government agencies at BlackBerry and built business transforming Unified Communications solutions at Sprint.

gourley_400x400 (002)

Bob Gourley

Co-founder and Chief Technology Officer, OODA LLC

Bob Gourley is the co-founder and Chief Technology Officer (CTO) of the Cybersecurity and Artificial Intelligence consultancy OODA LLC. OODA is the publisher of CTOvision.com and OODALoop.com.
Bob previously founded Crucial Point LLC, a technology research and advisory firm.
Bob’s first career was as a naval intelligence officer, which included operational tours in Europe and Asia. Bob was the first Director of Intelligence (J2) at DoD’s cyber defense organization JTF-CND.
Following retirement from the Navy Bob was an executive with TRW and Northrop Grumman, and then returned to government service as the Chief Technology Officer (CTO) of the Defense Intelligence Agency (DIA).
Bob was named one of the top 25 most influential CTOs in the globe by Infoworld. He was selected for AFCEAs award for meritorious service to the intelligence community, and was named by Washingtonian as one of DC’s “Tech Titans.” Bob was named one of the “Top 25 Most Fascinating Communicators in Government IT” by the Gov2.0 community GovFresh.

Mari Photo (002)

Dr. Mari Spina

Research Committee Chair, Cloud Security Alliance DC

Dr. Mari Spina is a Member of the Board of Directors for the Cloud Security Alliance DC Chapter and Chair of the Chapter's Research Committee. She joined The MITRE Corporation in 2014 and has been supporting a multitude of MITRE Federal sponsors including DoD and the IC in the area of Cloud Security. At MITRE, she is a Principle Cybersecurity Engineer, leads the Cloud Security Capability Area, and teaches Cloud Security for the MITRE Institute. She has also taught Information and Cloud Technology courses for the George Washington University. Before joining MITRE, she worked for an array of government engineering firms including Hughes Aircraft, SAIC, ManTech, NJVC, and DMI since 1988 where she provided IT systems engineering to a variety of Federal agency missions including those of the Intelligence Community and the DoD. Mari holds a D.Sc. in Engineering Management from the George Washington University, a MSEE from the University of Southern California, and a BSME from California State University Northridge. She is also PMI PMP and ISC2 CISSP, ISSEP, and CCSP certified.

Sushila Nair speaking at VCW 2021 Securing Remote Work

Sushila Nair

Vice President, Security Portfolio, NTT DATA

Sushila Nair is on the board of the GWDC, the Greater Washington, D.C. Chapter of ISACA and plays an active role in supporting best practices and skills development within the cybersecurity community. Sushila has worked as a Chief Information Security Officer for ten years and has twenty years’ experience in computing infrastructure, business and security. Sushila has consulted in many diverse areas including telecommunications, risk analysis, credit card fraud, and has served as a legal expert witness. She has worked with the insurance industry in Europe and America on methods of underwriting e-risk insurance based on ISO27001. She has published numerous articles in the computing press on risk and security, and has spoken at Segurinfo, CACS, TechMentor, FinSec and many other global technical events on diverse subjects ranging from managing risk to designing security baselines.

ScottVachal

Scott Vachal

Client Executive, Soter Cloud Solutions

Scott Vachal applies his more than 30 years of financial, managerial, and cyber security experience to assist mid-sized companies transition to the cloud environment.  Financial analysis has been a primary thread through his career.  Mr. Vachal consulted for such companies as AT&T, Dun & Bradstreet, after obtaining his MBA in Quantitative Studies and Masters in Management of Secure Information Systems.  Mr. Vachal created, built, and sold Meridian Cyber Defense, which provided IT and cyber security support to the SMB market.  He currently is a Client Executive for Soter Cloud Solutions. 

Loren-Schwartz photo

Loren Schwartz

Cotton & Company, LLP - Information Assurance Partner, CPA, CISSP, CISA

Loren Schwartz joined Cotton & Company in May 2002 and was elected a partner in April 2003. Loren has more than 20 years of diversified information system audit, financial and operational audit, privacy, and risk management consulting experience. He directs many of the firm’s major information technology reviews and audits.

Loren’s experience includes directing and participating in a wide range of system reviews, Federal Information Security Management Act (FISMA) audits, financial statement audits, process re-engineering improvement projects, and audits of internal management controls of automated information systems. He has directed projects with clients ranging in size from start-up entrepreneurial organizations to Fortune 500 organizations. His industry experience includes both commercial and governmental clients. He also has conducted speaking engagements for well-known industry organizations on a variety of Information Technology (IT) -related topics.

Loren holds a Bachelor of Science degree in Accounting from Virginia Polytechnic Institute and State University. He is a Certified Public Accountant (CPA), a Certified Information Systems Security Professional (CISSP), and a Certified Information Systems Auditor (CISA). He is an active member of the following professional organizations, including:
- American Institute of Certified Public Accountants (AICPA)
- Information System Audit and Control Association (ISACA) (Washington, DC Chapter)

He also is a Board Member at Ronald McDonald House Charities® of Greater Washington, DC. Mr. Schwartz resides in Northern Virginia with his wife and three children. He enjoys spending time with his family and traveling.

ADDITIONAL DETAILS

Special Instructions

Presentations: Conference presentations will be included in the registrants' final event-related email message containing the CPE certificate and evaluation survey when permission is received from the presenter and their organization. In some cases, permission is not received.

Cancellation

If you are unable to attend this event, you can cancel your registration. To receive a refund, all cancellations must be received by September 15, 2020.  A $15 cancellation fee is charged.

To cancel, access your payment confirmation e-mail message and click the UNREGISTER link.

If your organization is interested in being an event sponsor, please take a look at the five (5) various event sponsorship packages and click this sponsorship link to become a sponsor.

CPE Information

Earn up to 2 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge. In order to receive CPE credits, participants must respond to all questions in Zoom. Failure to respond to questions in may result in the attendee not being granted CPE credits. Zoom display names must reconcile with the Cvent registration. Participants are responsible to configuring their Zoom application prior to the event. Phone participants will not be entitled to CPE credits. The ISACA® GWDC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: http://www.learningmarket.org.

CPE Distribution and Evaluation Survey

CPE's will be distributed via e-mail along with the event evaluation survey by September 30, 2020. Attendees must be present the full day to receive full CPE credit.

CPE-Related Details

  • Prerequisites and Advance Preparation: Install and configure Zoom to ensure that the Zoom handle exactly reconciles with the Cvent registration name, and that responses to the poll questions can be performed.
  • Program Knowledge Level: N/A
  • Delivery Method: Group-based online
 

2020 IT Audit in Civilian & DoD Environments Conference

by

TOPICS | AGENDA | PRESENTERS | REGISTRATIONADDITIONAL DETAILSCPE INFORMATION | SPONSORSHIP 

2020 IT Audit in Civilian & DoD Environments Conference | Overview

The ISACA GWDC is proud to host its 2020 IT Audit in Civilian & DoD Environments Conference on February 12th in Rosslyn, VA. IT audit and assurance continue to transform with the ever-changing environment. In the Federal Government, auditors are especially challenged with the ever-increasing use of technology such as artificial intelligence, robotic process automation, machine learning, and evolving business practices yet sometimes slow to adopt compliance rules. How does the profession maintain assurance in this evolving and ever-changing environment? Come to the Conference and find out tips and tricks from local experts.

The Conference features seasoned IT audit professionals from around the Washington DC area, sharing their knowledge on the latest leading practices, trends, and principles in IT audit and assurance. The Conference also features seven impactful topics relating to IT audit that may have an immediate impact on your everyday roles. Speakers will specifically cover IT audit areas relating to information security, risk management, and tools to optimize the value of IT audits.

Check out our calendar of upcoming events for more ISACA GWDC and partner activities. Don't forget to follow ISACA GWDC on LinkedIn and Twitter for the latest news and information from ISACA GWDC, ISACA, and the audit, governance, and security profession.

2020 IT Audit in Civilian & DoD Environments Conference | Topics

1) Oversight of DoD Cybersecurity and Cyberspace Operations:  A look at What That Means and Its Impact in Today’s Changing Threat Landscape

The DoD spends billions of dollars annually on information technology, cybersecurity, and cyberspace operations.  Cybersecurity is essential to the DoD and all facets of today's society in terms of our ability to do almost anything—get money out of an ATM, drive a car, fly a plane, or command and control our military forces.  The DoD Office of Inspector General (DoD OIG) plays a critical role in providing oversight to the DoD's increasing reliance on cyberspace to meet mission requirements. This body of work supports the Department, and those responsible for securing systems, networks, data, and weapon systems to decrease the risk of missions and operations being compromised by malicious actors.  The DoD OIG is responsible for providing independent oversight of Government programs and operations to detect and deter fraud, waste, and abuse in agency programs and operations, and promote the economy, efficiency, and effectiveness of the agency. This presentation provides insight about the DoD OIG’s oversight of the DoD's cybersecurity posture, use of cyberspace operations, and the impact our oversight has on national security. 

 

2) Government Accountability Office’s (GAO) Assessing Data Reliability Framework

GAO’s recent guidance, Assessing Data Reliability (GAO-20-283G), outlines a process for determining whether data are sufficiently accurate and complete for the purposes of a specific audit.  The guidance emphasizes making use of existing information, maximizing professional judgment, and involving the appropriate people, including management and stakeholders in key decisions. The GAO - Applied Research and Methods Team (Michele Fejfar and Kirsten Lauber) will give an overview of the process covered by the recently revised guidance to include consideration of whether and when to conduct an assessment, the extent of the assessment, possible steps to take, and the possible outcomes.  The GAO - Applied Research and Methods Team will also cover additional considerations such as the kinds and levels of data covered, how data reliability is defined in an audit environment, how information system controls may be incorporated, and the timing and documentation of the assessment.

 

3) Securities and Exchange Commission’s (SEC) Information Technology Audit Program

The presentation will discuss the U.S. Securities and Exchange Commission’s Office of Inspector General’s efforts over the last five years establishing (as a smaller OIG) its  Information Technology audit program. Specifically, Kelli Brown-Barnes plan to discuss some of the challenges SEC faced with staffing, contracting, interactions with the agency, etc.  Further, Ms. Brown-Barnes will discuss lessons learned while working through the challenges the SEC faced while developing the program. Also, Ms. Brown-Barnes will highlight some key accomplishments made by the office, including how SEC planned and performed a multi-year portfolio of audits and evaluations related to IT programs and operations and IT security.  Additionally, Ms. Brown-Barnes will discuss how our efforts with respect to our work has recognized that Information Security is an agency management and performance challenge area. Lastly, Ms. Brown-Barnes will close with a description of our vision for 2020 and beyond.  

 

4) Cooperative Compliance, Enhancing Cybersecurity Foundational Minimums 

Cybersecurity policies meant to protect sensitive information are often misunderstood, avoided, or circumvented by employees. Employees don’t like to be inconvenienced by the extra steps necessary for protection that to them seem unnecessary. This can be compounded by a complex cybersecurity environment with multiple competing standards that seem similar but have unique approaches, naming conventions, and acronyms.  Nat Bongiovanni will discuss how to solve these challenges by creating cooperative compliance. Cooperative compliance starts by understanding the entire risk environment based on the NIST SP 800-171 Framework, a foundational minimum for confidentiality and integrity.

 

5) The Role of IT Auditors in an Integrated Financial Statement Audit

IT auditors are an integral part of a financial statement audit and risk inefficiency and ineffectiveness when they are siloed from financial auditors. IT auditors should be involved in all phases of the audit including planning, internal control, testing, and reporting.  The session will cover a financial statement audit using an integrated approach in which IT auditors are in lockstep with the financial auditors, addressing practical ways to cut-down barriers, set expectations with auditees, and the related benefits.

 

6) Taxonomy for IT Risk Management 

We often hear IT auditors talk about ‘connecting the dots’ and ‘having a holistic picture’ of risk, but do not have a good idea of how to do so in a practical manner.  Having a common risk language or taxonomy in place may not only help IT auditors to consistently define and identify risks, but also aggregate them across the organization.  The presentation provides an insight into what a taxonomy is, its purpose, and value add for an IT audit. The presentation will also highlight leading practices for optimizing the development and use of a taxonomy, as well as some common pitfalls.

 

7) How FINRA Internal Audit is using Tableau to Audit

This presentation illustrates how the Audit Team is using Data Analytics in Planning, Fieldwork, and Consulting projects.  The visualization brings the auditors closer to the data and give them control over the analytics that they use in their projects.  Also part of this presentation, we will discuss the approach and development of the visualizations; using live demos, we will show you how the audit team uses the complex Visualizations to understand the business, pick samples, and draw conclusions on the business processes.

Who Should Attend?

  • Any professional in the Information Security / Assurance industry, including IT auditors, IT consultants, and general IT professionals with exposure to or looking to get exposure to IT audits in civilian and DoD environments.
  • Anyone that is already or anyone interested in getting involved with IT Audits.

Conference Agenda

Agenda - PDF

2020 IT Audit in Civilian & DoD Environments Conference | Meet the Presenters

Sean J. Keaney Deputy Assistant Inspector General for Audit in Cyberspace Operations Directorate, Department of Defense 2020 IT Audit in Civilian & DoD Environments Conference

Sean J. Keaney

Deputy Assistant Inspector General for Audit in Cyberspace Operations Directorate, Department of Defense

As the Deputy Assistant Inspector General for Audit in the Cyberspace Operations Directorate at the Department of Defense, Office of Inspector General, Mr. Sean Keaney oversees the Directorate’s daily operations for the Assistant Inspector General and its portfolio of cybersecurity and security-related audits.  Prior to becoming the Deputy Assistant Inspector General, Mr. Keaney was a Program Director for Audit in the Cyberspace Operations Directorate where he led a Division in planning, executing, and reporting information technology and cybersecurity audits primarily focused on the protection of electronic health records and controlled unclassified information maintained by contractors, DoD Intelligence Community systems and networks, and U.S. Cyber Command operations. Mr. Keaney is a certified ethical hacker and certified information systems auditor.

Mr. Keaney is the recipient of several awards, including the Meritorious Civilian Service Award, awarded in 2016, for his significant contributions to the Department of Defense, Office of Inspector. He also received the Council of Inspectors General for Integrity and Efficiency Award for Excellence in 1999 and 2005 for his major contributions and exceptional performance on two complex audits.

Fejfar Photo

Michele Fejfar

Assistant Director, GAO - Applied Research and Methods Team

Michele Fejfar joined GAO in 2000.  She is an Assistant Director in the Social Science area in GAO’s Applied Research and Methods Team.  She has helped lead several data reliability efforts within GAO, including the revision of the Assessing Data Reliability guidance issued in 2019.  Michele serves as a data reliability contact both within and outside of GAO.  In addition, she advises GAO teams on their research methods across numerous issue areas, particularly homeland security and justice.

Lauber photo

Kirsten Lauber

Research Methodologist, GAO - Applied Research and Methods Team

Kirsten Lauber joined GAO in 2009, and serves as a Research Methodologist in GAO’s Applied Research and Methods team.  She advises GAO research teams on a variety of quantitative and qualitative methods, particularly in the areas of education, workforce, retirement and tax research.  Kirsten helped lead the revision of GAO’s recent guidance on Assessing Data Reliability guidance that was issued in 2019

Nat Bongiovanni Chief Technology Officer, NTT DATA Federal Services speaking on Cooperative Compliance at the ISACA GWDC IT Audit Conference 2020

Nat Bongiovanni

Chief Technology Officer, NTT DATA Federal Services

Nat Bongiovanni is a US Navy veteran with over 35 years’ experience. Mr. Bongiovanni’s broad IT background allows him to view IT challenges through multiple lenses-- analyst, architect, manager, software developer and cybersecurity expert.  He has spoken extensively on cybersecurity, software and policy development..  He recently spearheaded a team of cyber experts to develop a cybersecurity solution to protect network assets and data from internal vulnerabilities.

Koons

Steve Koons

Managing Partner, Cotton & Company

Prior to joining Cotton & Company, Steve served at the U.S. Government Accountability Office and the Office of Inspector General at the Board of Governors of the Federal Reserve System.  He has worked on numerous complex audit and evaluation engagements, including those related to the Emergency Economic Stabilization Act of 2008 and the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010.  He held key leadership positions on complex financial statement audits including the first-ever audits of the: Troubled Asset Relief Program (FY 2009), U.S. Navy’s Schedule of Budgetary Activity (FY 2015), U.S. Marine Corp’s full-scope financial statements (FY 2017), and Defense Health Program (DHP) focusing on the Air Force Medical Service/Air Force Surgeon General (FY 2018).  In 2019, Steve assumed responsibility for Cotton & Company’s Department of Defense audit activities, including serving as engagement partner for the audit of the U.S. Transportation Command’s Transportation Working Capital Fund and continues to support the Marine Corps and DHP audits.

Loren Schwartz Partner, Cotton & Company speaking about IT Audit role at the ISACA GWDC IT Audit Conference 2020

Loren Schwartz

Assurance Practice Leader, Cotton & Company

Loren has more than 25 years of diversified information system audit, financial and operational audit, privacy, and risk management consulting experience.  Loren’s experience includes directing and participating in a wide range of system reviews, Federal Information Security Management Act (FISMA) audits, financial statement audits, process re-engineering improvement projects, and audits of internal management controls of automated information systems.  He has directed projects with clients ranging in size from start-up entrepreneurial organizations to Fortune 500 organizations and his industry experience includes both commercial and governmental clients.  He is a Certified Public Accountant (CPA), a Certified Information Systems Security Professional (CISSP), and a Certified Information Systems Auditor (CISA).

Soumya

Soumya Chakraverty

Managing Consultant, RiskPro Solutions

Soumya is a senior risk and compliance professional and specializes in enterprise, operational and technology risk and controls.  He has extensive experience in banking and financial services and specializes in the areas of SOX, regulatory compliance, technology controls, and risk automation. He provides strategic consulting to organizational leaders to help enhance risk maturity and improve compliance.  A regular public speaker, he has also published articles on GRC implementation and operational risk.

SAT Photo

Parmanand (Sat) Jagerdeo

Audit Technology Director, Financial Industry Regulatory Authority (FINRA)

Sat Jagerdeo joined FINRA in June 2000 to perform CAATS and develop their internal audit management system.   Prior to FINRA, Sat was the SAS Programmer at Apache Medical Systems, Inc., in McLean, Virginia. Sat received his MS in Management Information Systems from George Washington University and my BS in Software Engineering from George Mason University in Fairfax, Virginia and holds a Certified Information System Auditor (CISA) certification.

Rutter

Stephanie Rutter

Associate Director, Financial Industry Regulatory Authority (FINRA)

Stephanie joined FINRA in 2008 as a contractor with Experis, and made the transition to become a FINRA employee in February 2012. Prior to Experis, she was part of BB&T’s Regional Management Team in Annapolis and at First Virginia Banks, Inc. as an Audit Manager/AVP. Stephanie has a Bachelor of Business Administration in Accounting from Loyola University and is a Certified Public Accountant. She is also a Certified Financial Services Auditor, is certified in Risk Management Assurance and is a Certified Investments and Derivatives Auditor.

Kelli Brown-Barnes

Audit Manager, SEC - Office of Inspector General

Kelli Brown-Barnes is an Audit Manager in the U.S. Securities and Exchange Commission’s (SEC) Office of Inspector General’s (OIG)Office of Audits.  Ms. Brown-Barnes primarily oversees the information technology related audits and evaluations conducted by the SEC OIG. Prior to joining the SEC OIG, Ms. Brown-Barnes served as an Automated Review Policy Specialist in the SEC’s Division of Trading and Markets for nine years conducting inspections of Self-Regulatory and Clearing Organizations. Ms. Brown-Barnes is a graduate of Bowie State University, where she received both her Bachelor’s degree in Business Administration and a Master's degree in Administrative Management.

ADDITIONAL DETAILS

Special Instructions

Presentations: Conference presentations will be included in the registrants' final event-related email message containing the CPE certificate and evaluation survey when permission is received from the presenter and their organization. In some cases, permission is not received.

Requests for Assistance: If you require assistance for an audio, visual, or other disability, please contact the Programs Director to discuss your needs, as soon as possible.  We need as much advance notice as possible to determine whether requests can be accommodated. Thank You.

Cancellation: If you are unable to attend this event, you can cancel your registration. To receive a refund, all cancellations must be received by February 10, 2020.  A $15 cancellation fee is charged.

To cancel, access your payment confirmation e-mail message and click the UNREGISTER link.

 

If your organization is interested in being an event sponsor, please take a look at the five (5) various event sponsorship packages and click this sponsorship link to become a sponsor.

CPE INFORMATION

Earn up to 7 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge. The ISACA® GWDC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: http://www.learningmarket.org.

CPE Distribution and Evaluation Survey

CPE's will be distributed via e-mail along with the event evaluation survey up to seven (7) business days after the completion of the event. Attendees must be present the full day to receive full CPE credit.

CPE-Related Details

  • Prerequisites and Advance Preparation: N/A
  • Program Knowledge Level: N/A
  • Delivery Method: Live in-person event
 

Cloud Security Alliance DC September Cyber Boat Cruise (External Event)

by

ISACA® Greater Washington, D.C. Chapter is excited to announce its partnership with the Cloud Security Alliance Washington DC Chapter for the CSA-DC September Cyber Boat Cruise to be held 0n September 26, 2019.

This is a fantastic opportunity to network with DC Metro Area thought leaders and learn more about our mission. Our region includes a diverse range of businesses, government organizations and academic institutions as well as many heavily regulated industries such as the U.S. Government, Healthcare and Financial sector. Our mission is to help the local IT community (you) succeed. This includes having appropriate influence on policy around IT Security Regulations and Privacy via position papers. We will also help our community network and share lessons learned by developing collaborative guidance for IT Modernization incorporating security-by design. Come to this event to learn about CSA-DC and how you can join our mission to modernize IT to securely move at the speed of business.

The Boundary of Security & Privacy
Privacy is becoming an ever increasing concern in our world today. Social Networks today are now focusing on users' privacy given the inherent security risks posed by organizations' access to personally identifiable information. The European Union has enacted GDPR valuing privacy whereas on the opposite end of the spectrum, China has implemented a Social Credit System. What role do reputational systems play in our society? How do we design security controls for information systems balancing user's rights to their personal information? Where's the boundary of security and privacy? Come to our session to hear a distinguished panel of speakers discuss this topic in detail.

Moderated by: Robert Brese, VP & Executive Partner, Gartner
Panelists:
*Dr. Ron Ross, Fellow, National Institute of Standards and Technology
*Terence Jackson, CISO, Thycotic
*Anthony Johnson, former Managing VP & Deputy CISO, Cyber Security Capital One
*Shaun Khalfan, Vice President Information Security, Freddie Mac

The "Next Generation Thought Leader" Award is established by the Cloud Security Alliance’s DC Metro area chapter (CSA-DC) to provide recognition to individuals or teams who are shining the light and leading our way into the future with timely high value research expected to have a powerful and positive impact on the practice of cloud security. Based on an annual, peer elected selection of research topics provided by members of the CSA DC Chapter, this award is presented to researchers who have established a clear research direction and taken steps to advance the cloud security body of knowledge.

Agenda:

3:45 PM – 4:30 PM
Boarding at the Wharf

5:15 PM – 5:30 PM
Welcome | CSA-DC Mission
Anil Karmel | President, CSA-DC
Former Deputy CTO, National Nuclear Security Administration

5:30 PM – 5:45 PM
OneTrust Lightning Talk

5:45 PM – 6:45 PM
The Boundary of Security & Privacy Panel
Moderator:
*Dr. Ron Ross, Fellow, National Institute of Standards and Technology
*Terence Jackson, CISO, Thycotic
*Anthony Johnson, former Managing VP & Deputy CISO, Cyber Security Capital One
*Shaun Khalfan, Vice President Information Security, Freddie Mac

6:45 PM – 7:00 PM
CSA-DC Research Topics for 2019 & Next-Gen Thought Leadership Award, Dr. Mari Spina

7:00 PM – 8:00 PM
Dinner Buffet

8:15 PM - 8:30 PM
Networking & Disembark

Annual Cybersecurity Conference 2019

by

TOPICS | PRESENTERS | AGENDAADDITIONAL DETAILSCPE INFORMATION | SPONSORSHIP | REGISTRATION 

DETAILS

Information and data security threats continue to headline everyday on organizational and personal breaches. ISACA-GWDC Chapter invites you to engage with our speakers to increase awareness and efforts to minimize and prevent cyber security threats; so we can guide and help focus our organization on securing cyber infrastructure.

Register to hear from 7 cybersecurity experts working on security policies and governance; collaborative technologies from mobile devices and social media to virtualization and cloud computing.

Save the Date!

 

WHAT ATTENDS HAD TO SAY, 2018 CYBERSECURITY CONFERENCE

“This was one of the best ISACA meetings I have ever attended.”

“Excellent meeting. Well done. Excellent speakers. Mr. Wilson was exceptional.”

“Keep up the good work!”

TOPICS

1.  Cloud Security - Presented by Eric Simmon, National Institute of Standards and Technology

Eric Simmon, Cyber Infrastructure Group subject matter expert at the National Institute of Standards and Technology (NIST), will be discussing the Cybersecurity considerations on the following publications he co-authored: NIST Special Publication (SP) 500-307 (Cloud Computing Service Metrics Descriptions), ISO/IEC 19086-1 (Cloud Computing - Service Level Agreement Framework – Overview and Concepts), ISO/IEC 19086-2 (Cloud Computing - Service Level Agreement Framework – Metric Model) and NIST SP 500-322 (Evaluation of Cloud Computing Services Based on NIST SP 800-145).

2. Tackling security in the world of containers and hybrid cloud - Presented by Lucy Kerner, Red Hat

Security teams are increasingly finding it challenging to keep up with the changing risks, compliance requirements, tools, and architectural changes introduced by new technologies - such as containers, kubernetes, software-defined infrastructure, and cloud technologies. As traditional infrastructure evolves to a mix of bare metal, virtual, cloud, and container environments, how can you maintain security, governance, compliance and reduce risk amid this growing complexity? Traditional perimeter-based network security does not work in this new world of containers and hybrid cloud. Security teams must rethink their approach to security in this new world with automation and DevSecOps, where security is built-in, continuously addressed, and continuously monitored  across the entire application lifecycle, infrastructure lifecycle, and supply chain.

In this session, we'll discuss some prescriptive steps you can take to tackle security successfully in the world of containers and hybrid cloud. Specifically, we’ll:

•  Discuss how developers, operators, and security teams can improve security and compliance and achieve DevSecOps across a hybrid environment through automation, standardization, everything-as-code, and automated security compliance.

•  Share DevSecOps lessons learned, including best practices, techniques, and tools that can be used to improve security while reducing the workload of security professionals, developers, operators, and managers.

3. Cybersecurity and Prosilience - Presented by Sallie Sweeney, KPMG

Our adversaries hold the “upper hand.” There aren’t enough qualified cyber individuals and resources to successfully protect the enterprise. Organizations are constantly playing “catch-up,” and reactive responses do not adequately address the threat. The playing field needs to change by evolving defense from reactive to proactive resilience: Prosilience.  Prosilience is “cyber resilience with consciousness of environment self-awareness and the capacity to evolve automatically”.  Prosilience Reference Architecture incorporates new disruptive techniques in concert with preemptive threat intelligence to build the foundation for intelligent automation and cyber convergence. Prosilience delivers a powerful, cyber resilient enterprise that facilitates optimal mission outcomes.

4. Artificial Intelligence and Social Engineering – Presented by Deric Palmer, United States Army

The advancement in Artificial Intelligence, Machine Learning and Deep Learning presents new challenges to law enforcement and cybersecurity professionals.  Social engineers can use AI to create convincing catphishing accounts, news articles, videos, and synthetic voice to enhance their social engineering tactics.  Nefarious actors can use AI to create permutations of malware to bypass anti-virus software.  This new development will be challenging for cybersecurity professionals as this has become a new emerging threat to users and network defenses. 

5. Lessons Learned from the Cyber Audit Trail – Presented by Nick Marinos, Government Accountability Office, and Phil Moore, Kearney & Company

Since 1997, GAO has designated cybersecurity as a government-wide high-risk area. This discussion will highlight recent trends in cybersecurity and offer observations from federal government auditors on lessons learned when undergoing a cyber security based audit. The discussion will focus on each phase of the audit, to include the pre-audit, planning, testing, and reporting phases.

6. Understanding Vulnerability Scanning for Auditors – Presented by Eric Palmer, Mathematica

Vulnerability scanning is an important function for securing your organization but is your process effective? How do you know if you don’t understand how it works?  How can you make any recommendations to improve the process if you don’t understand the constraints?  This session will walk through the vulnerability scanning process using a common scanning tool as an example - Nessus. In addition to showing how the tool works, we will cover risks associated with the process in plain-language that auditors can relay to stakeholders.

7. Verizon Data Breach Investigations Report – Presented by Samuel Junkin, Verizon

The newest edition Verizon’s Data Breach Investigations Report (DBIR) is built from analysis of 41,686 security incidents, including 2,013 confirmed data breaches. Data sets for the report were collected from 73 different sources, spanning 86 countries,  and  including publicly-disclosed security incidents, cases provided by the Verizon Threat Research Advisory Center (VTRAC) investigators. We’ll walk through some of the major findings and provide an insightful perspective of today’s security threat actors and their methods of compromise.

Register Here

 

Who should attend?

  • Any professional in the Information Security / Assurance industry, including IT auditors, IT consultants, and general IT professionals with exposure to or looking to get exposure to cybersecurity initiatives.
  • Anyone that is already or anyone interested in getting involved with the ISACA CSX program.

AGENDA

Coming Soon

MEET THE PRESENTERS

eric_simmon_bio_photo_light

Eric Simmon

Cyber Infrastructure Group Subject Matter Expert, National Institute of Standards and Technology (NIST)

Eric Simmon is a senior scientist in the Cyber Infrastructure Group at the National Institute of Standards of Technology.  He graduated magna cum laude from Worcester, Polytechnic Institute (Worcester, MA) with an electrical engineering degree in 1989. He currently leads the NIST cloud computing SLA and metrics efforts, is chair of the NIST Cloud Computing Services Public Working Group and is project editor for the ISO/IEC 19086-2 “Service Level Agreement (SLA) framework and terminology - Metrics” standard. In addition to cloud computing Mr. Simmon also leads NIST efforts on IoT standards and architecture with a focus on complex systems, composition, and interoperability.

HeadshotLucyKerner

Lucy Kerner

Senior Principal Security Global Technical Evangelist & Strategist, Red Hat

Lucy Kerner leads the technical and go-to-market strategy & thought leadership for security across the entire Red Hat portfolio globally. In addition, she helps create and presents security related technical content to the field, customers, partners, analysts, and press and has spoken at numerous internal and external events, including security conferences, and is a Red Hat Summit Top Presenter. Prior to this role, she was a Senior Cloud Solutions Architect for the North America Public Sector team at Red Hat. Lucy has over 15 years of professional experience as both a software and hardware development engineer and a pre-sales solutions architect, where she worked on various aspects of cybersecurity. Prior to joining Red Hat, she worked at IBM as both a Mainframe microprocessor design engineer and a pre-sales solutions architect for IBM x86 servers. She has also interned at Apple, Cadence, Lockheed Martin, and MITRE, where she worked on both software and hardware development. Lucy graduated from Carnegie Mellon University with a Master of Science (M.S.) and Bachelor of Science (B.S.) in Electrical and Computer Engineering and a Minor in Spanish. 

pic

Sallie Sweeney

KPMG Cybersecurity Director

With 23 years of experience in the technology industry, Ms. Sweeney is a published author, and a regular keynote, industry speaker, panelist and moderator for events such as the 2019 Association of Government Accountants Financial Systems Summit (AGA FSS), the 2019 Academy Health DataPalooza, and the 2018 CMS CISO Cybersecurity Forum.  She received her Bachelor of Arts from Randolph-Macon Woman’s College and is a CISM, CISSP-ISSMP, and PMP. She is a regular invited panelist as such events as Howard County’s Tech Council Cyber Executive Leadership forums, and for the University of Maryland Baltimore County (UMBC) Cyber Incubator.  She regularly mentors high school girls about the opportunities in cyber to promote diversity in the cyber industry, as well as cross connect the girls to cyber partnership opportunities with other local high school programs. Ms. Sweeney was an award Nominee for the 2018 Women’s Society of Cyberjutsu, for three categories: Cyber Educator, Cyber Mentor, and Cyber Advocate.

DericPalmer

Deric Palmer

Special Agent, United States Army Criminal Investigation Command – Major Cybercrime Unit

Deric Palmer is a Special Agent (SA) with the Major Cybercrime Unit, U.S. Army Criminal Investigation Command (USACIDC), who oversees the Digital Identity/Protection Management and Cyber Threat Investigations for some of the most senior personnel in the DoD and U.S. Army.  SA Palmer has over 16 years of law enforcement experience, beginning with his military career in the United States Marine Corps as a Criminal Investigator, a Marine Special Agent with the Naval Criminal Investigative Service (NCIS), and now with USACIDC.  SA Palmer holds a BS in Criminal Justice Administration from Park University, a graduate degree in Digital Forensics and Cyber Investigations from the University of Maryland University College (UMUC), and is currently pursuing a MBA from UMUC. SA Palmer holds Information Technology industry certifications from CompTIA, is a certified computer forensics examiner, and is a certified Social Engineer

NickMarino

Nick Marinos

Director, Information Technology and Cybersecurity, Government Accountability Office

Nick Marinos is a Director in GAO’s Information Technology and Cybersecurity team. He leads audit teams that perform government-wide and agency-specific reviews in the areas of cybersecurity, critical infrastructure, privacy, and data protection across all major federal agencies.  Mr. Marinos also leads GAO’s ongoing evaluation of the systems readiness and cybersecurity issues in preparation for the 2020 Census. During his career at GAO, Nick has led major reviews of the cybersecurity of air traffic controls systems at the Federal Aviation Administration; information technology management challenges at the Library of Congress and Copyright Office; data protection practices at the Centers for Medicare and Medicaid Services (CMS) and Federal Student Aid (FSA) office; the response by Equifax and federal agencies’ to the 2017 data breach; as well as a variety of reviews focused on the cybersecurity of critical infrastructure, including within the oil and gas pipeline and financial services sectors; among many others.  Recently, Mr. Marinos’ team published a GAO Report to Congressional Requesters entitled “Cybersecurity:  Agencies Need to Fully Establish Risk Management Programs and Address Challenges.”

Picture1

Phil Moore

Partner, Kearney & Company

Mr. Moore has over 18 years of experience in helping federal agencies understand risks associated with their IT security and controls environment. As the Kearney IT Audit Practice Leader, Mr. Moore is highly involved in go to market strategies, business development efforts, and proposal management. Some of his specific experience includes:

- Helping federal agencies mature their IT security posture as it relates to NIST, FISMA, and FISCAM standards and guidance.

- Leading projects over the following areas:

- Federal Information Security Management Act (FISMA) Audits and assessment

- Office of Management and Budget (OMB) A-123 Appendix A assessment

- System and Organization Controls (SOC) Statement on Standards for Attestation Engagements (SSAE) No. 18 audits over federal hosting centers and applications.

- FISCAM based IT audits in support of CFO Act financial statement audits.

Picture2

Eric Palmer

Mathematica

Eric Palmer, CISA, CRISC, CISSP, CIA, has been managing and conducting IT audits for over 13 years. Despite that, he can still be a pretty nice guy.  At Mathematica, where he works, Eric helps manage IT security risk for new technologies and mature internal IT security practices.  With experience in government, financial services, healthcare, and consulting, Eric helps with initiatives such as the Cloud Security Alliance’s IoT working group and volunteers with local professional association chapters such as GWDC.  Eric has also contributed to the CISA, CRISC, and CIA certification exams as an exam writer and as part of the group selecting questions for the CISA exam.

pic

Sam Junkin

Professional Services Associate Director, Verizon

Sam is the Professional Services Associate Director, for Governance, Risk, and Compliance (GRC) at Verizon. He manages a global team focused on measuring both performance and maturity of client security programs. His responsibilities include leading teams that span the federal government, operational technology environments, regulatory compliance, and data loss prevention.

ADDITIONAL DETAILS

Special Instructions

ISACA Members from Other Chapters: You will need to bring your ISACA Membership Card to the event to verify your ISACA Membership.

Presentations: Conference presentations will be included in the registrants' final event-related email message containing the CPE certificate and evaluation survey when permission is received from the presenter and their organization. In some cases, permission is not received.

Requests for Assistance: If you require assistance for an audio, visual, or other disability, please contact Marvin Muhumuza,  Programs Director, to discuss your needs, as soon as possible.  We need as much advance notice as possible to determine whether requests can be accommodated. Thank You.

 

If your organization is interested in being an event sponsor, please take a look at the five (5) various event sponsorship packages and click this sponsorship link to become a sponsor.

CPE INFORMATION

Earn up to 7 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge. The ISACA® GWDC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: http://www.learningmarket.org.

CPE Distribution and Evaluation Survey

CPE's will be distributed via e-mail along with the event evaluation survey up to seven (7) business days after the completion of the event. Attendees must be present the full day to receive full CPE credit.

CPE-Related Details

  • Prerequisites and Advance Preparation: N/A
  • Program Knowledge Level: N/A
  • Delivery Method: Live in person event
 

REGISTRATION DETAILS

 

Costs

GWDC Members: $105

Other ISACA Members: $135

Non-Members: $150

» Become an ISACA Member

 

Register by October 23!

We encourage early registration, as some events sell out.  

To register, click the green "Click to Register" button in the "Details" section below.

 

Cancellation

If you are unable to attend an event, you can cancel your registration. All cancellations must be received by October 23. A $15 cancellation fee is charged.

To cancel, log into the My Registration page linked in your confirmation e-mail and click the UNREGISTER link.

President’s Message – August 2019

by

Dear Fellow Members,

We are ramping up for our schedule of events starting in September. I’m excited to continue our successful events and mix in some new education opportunities for our members. Our Cloud Computing Conference on September 18 is our next full day conference. That is followed by a special seminar for Security in PeopleSoft Applications: Setup, Administration and Auditing Seminar

We are launching a new ‘Network & Learn’ evening education series beginning in October. This will consist of short evening education events offering up to two (2) CPEs.  Our first one, Modernizing Risk Management Panel, will be held on October 2nd.

In addition to our upcoming events, we are working on forging additional partnerships with new organizations to enable GWDC members to receive discounts for other training events or have opportunities to attend networking and hiring events to advance their career. More details about these partnerships will be announced in the near future once the details are finalized.

Be sure to check the website often in August as we open up registration for our upcoming events and post more information about the latest chapter news.

We encourage everyone to follow GWDC on social media.  We increasingly share updates and news on platforms like Twitter or LinkedIn on a regular basis. 

Respectfully,
Jason Yakencheck
GWDC President
CISSP-ISSAP, CISM, CISA, PMP

@JasonYakencheck

 

 

Cloud Computing Conference 2019

by

DETAILS | AGENDA | PRESENTERS | ADDITIONAL DETAILSCPE INFORMATION | SPONSORSHIP

DETAILS

Cloud computing is changing at a rapid pace.  According to Gartner, cloud services revenue will increase from $214 billion in 2019 to $331 billion in 2022.  In June 2019, federal agencies have been required to accelerate its adoption of cloud-based solutions.  

This conference will enable participants to learn about the latest trends in cloud computing.  Learn from leaders in the public and private sector as they share to you their insights from cloud implementation to its security.

TOPICS

  1. Multi-cloud environment is becoming a requirement for organizations - Presented by Chezian Sivagnanam, Chief Enterprise Architect at National Science Foundation (NSF)

Cloud has become an essential tool for organizations. Today one cloud solution doesn’t meet all the organizational needs, forcing multi-cloud a requirement. In this session, Chezian will provide an overview of National Science Foundation's (NSF) multi-cloud landscape, architecture and the implementation that meets agency's demands.

 

2. Protect Cloud Data from Prying Eyes! - Presented by Dr. Sarbari Gupta, CEO and Founder at Electrosoft Services

With the explosion of data being created, gathered and shared on a daily basis, the cloud has become the preferred storage location for much of this data. Cryptography can be used to protect the confidentiality of user/business data from other users, other businesses as well as privileged cloud administrators. However, the keys themselves need protection throughout their lifecycle since they represent the collective value of all of the data they protect. We describe key management design choices for protecting cloud data and relate them to the reasons why users and businesses store data in the cloud; we discuss the challenges of managing keys to protect cloud data and effective strategies for using cryptographic keys within the cloud.

 

3. Financial Considerations for Moving to the Cloud Environment - Presented by Scott Vachal, Chief Executive at Soter Cloud Solutions

Any business decision of moving to the cloud will involve financial analysis to determine the best solution.  Consideration must be given to operational costs of staying on-premise verse moving to the cloud or a hyperconverged environment.  Each alternative off-premise solution should be weighed to identify the best fit for the needs and budget of the entity.  This discussion will focus on the features of each option and the associated costs.

 

4. Cloud Computing and Governance, Risk and Compliance (GRC) - Presented by Sanjiev Chattopadhya, Chief of Product Security at Blackboard, Inc.

Cloud computing presents new opportunities and challenges across all domains of cybersecurity.  This session presents best practices and trends for Governance, Risk, and Compliance (GRC) in cloud computing, and the limitations of classical frameworks like NIST 800, FedRAMP, SOC2 and ISO 27k in the cloud computing realm. We will discuss topics like automated compliance and DevSecOps practices.

 

5. Northern Virginia Community College Partners with Industry and the Armed Forces to Build the Technology Workforce of the Future - Presented by Dr. Chad Knights, Provost of Information and Engineering Technologies (IET) at Northern Virginia Community College (NOVA)

Northern Virginia Community College (NOVA) has recently partnered with several industry leaders and branches of the armed forces to build industry-aligned programs that target the most in-demand skills needed within Northern Virginia’s technology workforce. Recent examples of this include NOVA’s collaboration with Amazon Web Services that in Fall 2018 lead to the launch of arguably the first Cloud Computing degree in the nation. Following up on this in Fall of 2019, NOVA partnered with the United States Marine Corps to launch the first data intelligence/data analytics course of study in the Virginia Community College System. This session will cover NOVA’s innovative technology program offerings, some non-tradition training methods and NOVA’s development of a tech talent pipeline for Northern Virginia. In addition to seeing how NOVA can support your workforce needs, we welcome opportunities to identify new partnerships to build upon.

 

6. The Future of FedRAMP - Presented by Brian Conrad, Program Manager for Cybersecurity, GSA FedRAMP

Federal security policy requires all systems to be authorized based on risk. FedRAMP standardizes the process for cloud, providing a do once, use many framework for security package reuse. The FedRAMP PMO promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment. For the future of the program, FedRAMP is currently focusing on four key future areas: tailored security, OSCAL for security documentation, integrating robotics process automation, and reciprocity across markets.

 

7. The State of Cloud Security: A Panel Discussion - Moderated by Sushila Nair, Senior Director at NTT Data Services

  • Zeal Somani, Security & Compliance Specialist at Google Cloud
  • Juanita Koipillai, CEO at Waverly Labs
  • Jody Scott, Director of Sales Engineering at Aporeto
Register Here

Who should attend?

  • Any professional in the Information Security / Assurance industry, including IT auditors, IT consultants, and general IT professionals with exposure to or looking to get exposure to cloud computing initiatives.

MEET THE PRESENTERS

Chezian Sivagnanam

Chezian Sivagnanam

Chief Enterprise Architect of the National Science Foundation

The technology steward at the National Science Foundation (NSF), Chezian Sivagnanam is its Chief Enterprise Architect where he advises the Chief Information Officer in planning and coordination of information technology vision, strategy, architecture and innovation management.  Chezian has more than 23 years of experience in information technology including enterprise architecture, solution architecture, information technology transformation, enterprise modernization, cloud computing and emerging technologies.  Chezian is a PMP, CSPO and ITIL V3, and holds certifications in COBT 5, Oracle, and Sun.

Sarbari Gupta

Dr. Sarbari Gupta

Founder and President of Electrosoft Services

Dr. Sarbari Gupta has been active in the information security industry for over twenty years. She has broad base of knowledge and experience in the areas of cybersecurity, identity management and security solutions. She holds a PhD degree in Electrical Engineering and the CISSP and CISA certifications. Dr. Gupta has authored over twenty technical papers/presentations in refereed conferences and journals, and holds four patents in areas of cryptography. She has co-authored several NIST Special Publications in the areas of Electronic Authentication, Security Configuration Management, and Mobile Credentials.

ScottVachal

Scott Vachal

Client Executive of Soter Cloud Solutions

Scott Vachal applies his more than 30 years of financial, managerial, and cyber security experience to assist mid-sized companies transition to the cloud environment.  Financial analysis has been a primary thread through his career.  Mr. Vachal consulted for such companies as AT&T, Dun & Bradstreet, after obtaining his MBA in Quantitative Studies and Masters in Management of Secure Information Systems.  Mr. Vachal created, built, and sold Meridian Cyber Defense, which provided IT and cyber security support to the SMB market.  He currently is a Client Executive for Soter Cloud Solutions. 

pic

Sanjiev Chattopadhya

Chief of Product Security at Blackboard, Inc.

Mr. Sanjiev Chattopadhya has been in the IT Security industry for almost 25 years. His past clients include Fortune 100 companies (Coca Cola, American Express, and Anthem BCBS) and US federal agencies (DHS, TSA and VA). He has served in a variety of roles, including CISO, Security Architect, Agile Evangelist, and GRC consultant.  He is currently serving as the Chief of Product Security at Blackboard Inc., where he is leading FedRAMP and ISO compliance for its flagship product. He certified as a CISSP, CGEIT, and CRISC.

pic

Dr. Chad Knights

Provost of Information and Engineering Technologies (IET) at Northern Virginia Community College (NOVA)

Dr. Chad Knights is the Provost of Information and Engineering Technologies (IET) at Northern Virginia Community College (NOVA), the largest public educational institution in Virginia. He is a strategic problem-solver who is passionate about serving the needs of both students and the business community through the creation of innovative industry-aligned degree programs. In the last year, Dr. Knights has spearheaded the creation of three new emerging technology degree programs at NOVA, which include one of the first Cloud Computing degrees in the nation. Knowing that not all students will look to immediately enter the workforce, Chad has worked with university partners to develop applied transfer degree opportunities that break away from the traditional academic model.

pic

Brian Conrad

FedRAMP Program Manager for Cybersecurity

Brian Conrad joined the FedRAMP team in December 2018, bringing with him a wealth of technical knowledge and leadership experience. Prior to joining GSA, Brian served for 21 years in the United States Marine Corps, gaining experience in leadership, telecommunications/IT, government acquisition, and project management.   At GSA, Brian leads efforts associated with formulating and facilitating FedRAMP’s overall strategic initiatives and future goals. Additionally, Brian works hand-in-hand with government and industry, developing an understanding of emerging technology and innovation. Finally, in the short term, Brian will be supporting Joint Authorization Board efforts by leading on-going assessment and authorization activities.  Brian holds an M.S. in Information Technology Management from the U.S. Naval Postgraduate School, a B.A. in History with a minor in Economics from the University of Memphis, and various industry certifications.

pic

Sushila Nair

Senior Director at NTT DATA Services

Sushila has worked as a Chief Information Security Officer for ten years and has twenty years’ experience in computing infrastructure, business and security. Sushila has consulted in many diverse areas including telecommunications, risk analysis, credit card fraud, and has served as a legal expert witness. She has worked with the insurance industry in Europe and America on methods of underwriting e-risk insurance based on ISO27001.  She has published numerous articles in the computing press on risk and security, and has spoken at Segurinfo, Microsoft TechED, TechMentor, The Windows Show, FinSec and many other global technical events on diverse subjects ranging from managing risk to designing security baselines.

pic

Zeal Somani

Security and Compliance Specialist at Google Cloud

Zeal Somani is a Security and Compliance Specialist within the Customer Engineering team at Google Cloud. At Google, Zeal helps customers migrate to the Google Cloud Platform by addressing their security and compliance requirements. Her focus is to make regulatory compliance cloud-native and resolve any blockers or friction when adopting GCP for running regulated workloads.  Pre-Google, she was a PCI QSA where she assessed medium - large sized Retail and Banking firms. In her free time, she loves yoga, chai, and hikes!

pic

Juanita Koilpillai

Found and CEO of Waverly Labs

Juanita Koilpillai is Founder and CEO of Waverley Labs, a pioneer in software defined perimeters (SDP), Zero Trust and and digital risk reduction solutions. She has 30 years’ experience researching and developing systems in computer security, network management and real-time distributed software. She leads the open source software-defined perimeter (SDP) effort for ‘black’ apps in the cloud with the Cloud Security Alliance and is an active contributor to NIST leading the creation of a security risk index system for moving apps to the cloud (NIST 500-299). She was a key member of FEMA’s Enterprise Security Management Team and served as Principal Investigator for several DoD initiatives. She co-founded CyberWolf - an advanced automated attack warning system (now known as SEIMs) deployed by government and later acquired by Symantec.

pic

Jody Scott

Director of Sales and Engineering at Aporeto

Jody Scott has over 20 years of experience in Linux/UNIX Administration, Software Development, Network Engineering and Security. Currently Jody runs the Solutions Engineering team for Aporeto a Cloud/Container Security startup. Jody currently focuses on emerging (and securing) technologies such as Kubernetes, server-less functions and cloud native computing.

ADDITIONAL DETAILS

Special Instructions

ISACA Members from Other Chapters: You will need to bring your ISACA Membership Card to the event to verify your ISACA Membership.

Presentations: Conference presentations will be included in the registrants' final event-related email message containing the CPE certificate and evaluation survey when permission is received from the presenter and their organization. In some cases, permission is not received.

Requests for Assistance: If you require assistance for an audio, visual, or other disability, please contact the Programs Director to discuss your needs, as soon as possible.  We need as much advance notice as possible to determine whether requests can be accommodated. Thank You.

Cancellation

If you are unable to attend this event, you can cancel your registration. To receive a refund, all cancellations must be received by September 16, 2019.  A $15 cancellation fee is charged.

To cancel, access your payment confirmation e-mail message and click the UNREGISTER link.

If your organization is interested in being an event sponsor, please take a look at the five (5) various event sponsorship packages and click this sponsorship link to become a sponsor.

CPE Information

Earn up to 7 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge. The ISACA® GWDC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: http://www.learningmarket.org.

CPE Distribution and Evaluation Survey

CPE's will be distributed via e-mail along with the event evaluation survey by September 30, 2019. Attendees must be present the full day to receive full CPE credit.

CPE-Related Details

  • Prerequisites and Advance Preparation: N/A
  • Program Knowledge Level: N/A
  • Delivery Method: Live in person event
 

Annual General Meeting 2019

by

DETAILS | AGENDA | PRESENTERS | ADDITIONAL DETAILSCPE INFORMATION | SPONSORSHIP

DETAILS

IT audit, assurance, governance, security, and privacy are constantly transforming. To keep up with the ever changing environment and learn what’s next, join your colleagues at ISACA-GWDC 2019 Annual Meeting. Gain fresh ideas and approaches while earning 8 CPE hours. You will gain new knowledge and viewpoints to advance your career.

The 2019 Annual Conference is designed to educate IT practitioners who want to learn about key NIST cybersecurity publications and the development of new publications addressing systems security engineering and cyber resiliency; threat to operational technology (OT) - the Intersection of IT and OT; SOC/SSAE-18 controls assessment; practical tips for how security practitioners should engage with lawyers; and, critical attributes leaders must demonstrate to ensure their people follow them; different styles of leadership and when to use them, just to mention a few.

There are a number of expensive training courses out there - online and classroom - that cover cybersecurity, cloud computing, and privacy, to mention a few. Don't overpay! ISACA GWDC is excited to continue to offer our great lineup of speakers and topics related to the public and private sector communities at always reasonable prices.

Come join the ISACA-GWDC for our one-day Annual Conference and training event covering a variety of hot topics relevant to current trends, and associated challenges in cyber-security, cloud computing, Privacy, etc.

TOPICS

1. Next Generation NIST Security and Privacy Standards and Guidelines: 2019 and Beyond | Dr. Ron Ross, Fellow at National Institute of Standards and Technology

FISMA Vision 2020 includes a complete renovation of key NIST cybersecurity publications and the development of new publications addressing systems security engineering and cyber resiliency.  This presentation will provide a deep dive into planned or completed NIST publication updates including FIPS 199, FIPS 200, NIST SP 800-37, SP 800-53, SP 800-53A, SP 800-53B, SP 800-60, SP 800-171, and SP 800-160 (Volume 2).  It will also cover planned privacy and supply chain integration into the suite of FISMA publications.

 

2. Operational Technology (OT):  A Lurking Threat to your IT Networks |  Parham Eftekhari, Executive Director, Institute for Critical Infrastructure Technology (ICIT)

The digitization of operational technology (OT) and procurement of network-connected OT by various business units creates ‘shadow networks’ within an organization’s ecosystem, meaning IT and security professionals have an increasing obligation to understand how vulnerabilities to OT can be exploited by adversaries, how OT/IT convergence can increase the risk posture of an organization, and what steps must be taken to mitigate the risk.  During this panel, leading OT and cybersecurity experts will explore these topics and leave audience members with actionable insights on how to understand and mitigate the IT/OT convergence risk within their organizations.

Panelists include:

- Melody L. Balcet, CISSP, CISM, Director of the Global Cybersecurity Program, The AES Corporation

- Don Maclean, ICIT Fellow & Chief Security Strategist, DLT

- Wayne Dixon, ICIT Contributor & Director, OT and Industrial Solutions, Forescout

 

3. Practical Tips for How Security Practitioners Should Engage with Lawyers | Kirk Nahra, ICIT Fellow & Partner, WilmerHale

Information security is becoming increasingly regulated.  This means that virtually all companies in virtually all industries – large and small and around the world – need to ensure that they are developing appropriate information security programs and meeting the increasing array of data security compliance obligations.  For better or worse, this means that data security professionals need to learn how to work with lawyers.  Lawyers and information security professionals often speak different languages, and approach these issues from different perspectives.  This session will focus on teaching information security professionals how best how to work with company lawyers -  to understand their approach to legal and compliance obligations, and to develop an understanding of how the developing law of information security impacts how an information security professional should approach his or her job, for the benefit of protecting the company.

 

4 & 5. Fair to Greatness | Shawn Fair, CEO Fair Consulting Group

The Five Critical Attributes Leaders Must Demonstrate To Ensure Their People Follow Them

The three different styles of leadership and when to use them (autocratic leadership, democratic leadership, and free reign leadership)

The importance of having a vision for your team:

1. what is vision

2. what a vision is not

3. what a vision does

4. the benefits of visions

Dynamic stories and videos are associated with this topic.

 

6. Hybrid Multi-Cloud | Thomas McCreary and Fred Maymir-Ducharme, PhD, IBM

Industry and government enterprises are going through a major IT infrastructure transformations.  Major financial, technical and operational drivers clearly point to a hybrid, multi-cloud future.  But there are challenges worth noting and managing in order to avoid the struggles we've seen industry and the government endure as they migrate to and attempt to manage multiple hybrid cloud platforms - often from multiple vendors and with limited interoperability.  This briefing will provide an overview of a variety of migration strategies into hybrid multi-cloud environments, risks to manage, and key technologies to consider for the next phase of your cloud journey.

 

7. SOC/SSAE18 Controls Assessment | Tom Patterson, CPA, CISA, CGEIT, and CRISC, Cotton & Company, LLP

This session will explore and present underlying information about Service Organization Control (SOC) attestations and standards and principles relevant to IT and financial auditors who might be engaged to perform either an integrated audits of a public company under SOX404 and PCAOB regulations, or engaged with service organizations that provide other IT services and when a Trust Services engagement (under TSP100) might be most applicable.

 

8. You Have Security - We Need Your Help! | Mary Ellen Seale, CISSP, CEO The National Cybersecurity Society (NCSS)

Small businesses account for a large proportion of the U.S. economy, yet they are particularly vulnerable to the risks posed by cybersecurity threats. With 30.2 million firms employing over 58.9 million people, small businesses account for 99% of businesses in the United States. (SBA Office of Advocacy, 2018)

The National Cybersecurity Society (NCSS), a national nonprofit organization, was established to educate small businesses on IT security best practices and advise them on the type of products and services they need to protect themselves.

As a community based organization, the NCSS represents the best of the cybersecurity community - we are a community of technologists, security professionals, companies, and educators who are passionate about ensuring each American has the ability to conduct business online safely and securely.

Many small businesses currently do not understand their cyber risk; know how to protect themselves; have access to security or IT professionals; nor know how to implement cyber safe practices. The NCSS provides educational events; tools and resources; provides technical expertise, reports cyber incidents as an ISAO; and has an assessment tool that assesses cyber risk. The NCSS helps small businesses - at all stages on their cybersecurity journey.

What we hope to do with this talk is to spread the word about the work we are doing; solicit volunteers to join; and find quality vendors that service the small business community.

EVENT SPONSORS

Click Here to Register

Who should attend?

  • Any professional in the Information Security / Assurance industry, including IT auditors, IT consultants, and general IT professionals with exposure to or looking to get exposure to cybersecurity initiatives.
  • Anyone that is already or anyone interested in getting involved with the ISACA CSX program.

The ISACA GWDC Board of Directors and Officers would like to give a big “Thank You” to the Institute for Critical Infrastructure Technology (ICIT) for being an Event Partner and the FAIR Consulting Group for being an Event Sponsor for the 2019 Annual General Meeting conference!

       

 

 

MEET THE PRESENTERS

Ron Ross speaker at the ISACA GWDC Annual General Meeting 2020

Dr. Ron Ross

Fellow, National Institute of Standards and Technology (NIST)

Ron Ross is a Fellow at the National Institute of Standards and Technology. His focus areas include information security, systems security engineering, and risk management. Dr. Ross leads the Federal Information Security Modernization Act (FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical infrastructure. His current publications include Federal Information Processing Standards (FIPS) 199 (security categorization), FIPS 200 (security requirements), and NIST Special Publication (SP) 800-39 (enterprise risk management), SP 800-53 (security and privacy controls), SP 800-53A (security assessment), SP 800- 37 (Risk Management Framework), SP 800-30 (risk assessment), SP 800-160 (systems security engineering), and SP 800-171 (security requirements for nonfederal systems and organizations). Dr. Ross also leads the Joint Task Force, an interagency partnership with the Department of Defense, Office of the Director National Intelligence, U.S. Intelligence Community, and the Committee on National Security Systems, with responsibility for the development of the Unified Information Security Framework for the federal government and its contractors.

Dr. Ross previously served as the Director of the National Information Assurance Partnership, a joint activity of NIST and the National Security Agency. In addition to his responsibilities at NIST, Dr. Ross supports the U.S. State Department in the international outreach program for information security and critical infrastructure protection. He has also lectured at many universities and colleges across the country including the Massachusetts Institute of Technology, Dartmouth College, Stanford University, the George Washington University, and the Naval Postgraduate School. A graduate of the United States Military Academy at West Point, Dr. Ross served in many leadership and technical positions during his twenty-year career in the United States Army. While assigned to the National Security Agency, Dr. Ross received the Scientific Achievement Award for his work on an inter-agency national security project and was awarded the Defense Superior Service Medal upon his departure from the agency. Dr. Ross is a four-time recipient of the Federal 100 award for his leadership and technical contributions to critical information security projects affecting the federal government and is a recipient of the Presidential Rank Award. He has also received the Department of Commerce Gold and Silver Medal Awards and has been inducted into the Information Systems Security Association Hall of Fame and given its highest honor of Distinguished Fellow. In addition, Dr. Ross has been inducted into the National Cyber Security Hall of Fame.

Dr. Ross has received numerous private sector cybersecurity awards including the Partnership for Public Service Samuel J. Heyman Service to America Medal for Homeland Security and Law Enforcement, Applied Computer Security Associates Distinguished Practitioner Award, Government Computer News Government Executive of the Year Award, Vanguard Chairman’s Award, Government Technology Research Alliance Award, InformationWeek’s Government CIO 50 Award, Billington Cybersecurity Leadership Award, ISACA National Capital Area Conyers Award, ISACA Joseph J. Wasserman Award, Symantec Cyber 7 Award, SC Magazine’s Cyber Security Luminaries, (ISC) 2 Inaugural Lynn F. McNulty Tribute Award, 1105 Media Gov30 Award, and three-time Top 10 Influencers in Government IT Security. During his military career, Dr. Ross served as a White House aide and a senior technical advisor to the Department of the Army. He is a graduate of the Defense Systems Management College and holds Masters and Ph.D. degrees in Computer Science from the U.S. Naval Postgraduate School specializing in artificial intelligence and robotics.

Parham Headshot

Parham Eftekhari

Executive Director, Institute for Critical Infrastructure Technology (ICIT)

Parham Eftekhari is the Executive Director of ICIT, the nation's leading cybersecurity Think Tank.  Combining 16 years of technology experience with a lifelong passion for leadership and community engagement, Parham is privileged to advise executives at some of the world's top public and private sector organizations, build strategic alliances, and create thought leadership programs focused on national security, cybersecurity, and digital transformation.  He leads the development and execution of ICIT's content strategy, which includes its Fellows Program, research publications, and executive briefings, and regularly engages with the media on ICIT's behalf.  During his career, Parham has contributed to over a dozen publications, developed curriculum for events that have educated thousands of professionals, and has delivered or organized dozens of briefings at institutions including TEDx, Congress, the World Bank, RSA, C-SPAN, and ICIT.  Parham is a recipient of the 2017 (ISC)2 Government Information Security Leadership Award - Most Valuable Industry Partner, a graduate from the University of Wisconsin Madison's School of Business, and is fluent in French and Farsi.

MelodyBalcetHeadshot

Melody L. Balcet, CISSP, CISM

Director of the Global Cybersecurity Program, The AES Corporation

Melody L. Balcet, is the Director of the Global Cybersecurity Program at The AES Corporation, a US-based Fortune 200 Energy company operating in 15 countries. In this role, she reports to the Global Chief Information Security Officer providing programmatic oversight of AES’ global cybersecurity implementation. Previously, she spent over eleven years with IBM's Public Sector Cybersecurity and Biometrics service area leading its Defense and Intelligence Cybersecurity business and served government clients at Defense and Civilian agencies, most recently as an advisor on DoD-wide FISMA and cybersecurity performance measurement under the DoD Deputy Chief Information Officer for Cybersecurity. In 2018, she finished her term as President of the ISACA Greater Washington, D.C. Chapter with over 10 years on its Board of Directors and volunteers with a number of non-profit organizations. Ms. Balcet holds an M.A. with Merit from the University of Manchester, Institute of Development Policy and Management (IDPM) and a B.A. from The College of William and Mary. She actively holds the Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) certifications. Ms. Balcet co-authored a chapter in “Protecting Our Future: Educating a Cybersecurity Workforce” and regularly speaks on GRC, FISMA, cybersecurity measurement, workforce, and leadership topics.

donmclean

Don Maclean

ICIT Fellow & Chief Security Strategist, DLT

Don Maclean, is serving as the Chief Cyber Security Technologist at DLT.  Don is responsible for formulating and executing DLT’s cyber security portfolio strategy.  Within the cyber security community, Don is a leader and mentor, frequently participating in programs such as the DoS Cyber Online Learning sessions and serving as an active member of the Cloud Security Alliance.

wayne

Wayne Dixon

ICIT Contributor & Director, Global Director, OT and Industrial Solutions Forescout Technologies, OT Business Unit

As Global Director for OT and Industrial Solutions at Forescout Technologies, Wayne leads an engineering team responsible for developing technology solutions to address the business needs of Forescout’s OT and Industrial customer base.

Common solution areas include cyber-resiliency, regulatory compliance, audit compliance, plus general cyber-risk reduction, and are offered as Forescout delivered, OEM delivered, Technology Partner delivered, or System Integrator delivered packages.

With 10 years of operational experience and 10 years of consulting experience, Wayne specializes in providing solutions that are effective, adoptable, measurable, and most importantly, demonstrate positive return on investment for the business.

Nahra_Kirk_linkedin-profile

Kirk Nahra

ICIT Fellow & Partner, WilmerHale

Kirk Nahra is a partner with WilmerHale in Washington, D.C., where he co-chairs the firm’s Cybersecurity and Privacy Practice.  Mr. Nahra counsels clients across industries, from Fortune 500 companies to startups, on implementing the requirements of privacy and data security laws across the country and internationally. He also advocates for clients experiencing privacy and security breaches, and represents clients in contract and deal matters, enforcement actions, regulatory investigations and related litigation.

Mr. Nahra is best known for his work with health insurers, hospitals, service providers, pharmaceutical manufacturers and other health care industry participants. He has a deep understanding of the privacy and security issues healthcare companies face relating to HIPAA rules, state and federal legislation, enforcement activities, internal investigations, international principles, due diligence in transactions, data breach risk assessments, and the key lines between regulated and unregulated data. During his decades of experience, Mr. Nahra has developed compliance programs, drafted privacy and information security policies, negotiated agreements involving health data, responded to health incidents and defended clients against government investigations.

Mr. Nahra also has substantial experience working with clients in the financial services and insurance industries on privacy and data security matters relating to the Gramm-Leach-Bliley Act, Fair Credit Reporting Act, Fair and Accurate Credit Transactions Act, data aggregation and sharing practices, and privacy and data security compliance under a wide range of state and federal laws. He also has a breadth of experience drafting and evaluating data security practices and policies across varying industry standards; has investigated and litigated potential fraud against insurers, and has assisted with the development and oversight of corporate compliance programs.

A leader in the privacy bar, Mr. Nahra has been involved in developing the privacy legal field for 20 years. As a founding member and longtime board member of the International Association of Privacy Professionals, he helped establish the organization’s Privacy Bar Section and their first and most popular certification for Certified Information Privacy Professionals. He has taught privacy issues at several law schools, including serving as an adjunct professor at the Washington College of Law at American University and at Case Western Reserve University. In addition, he currently serves as a fellow with the Cordell Institute for Policy in Medicine & Law at Washington University in St. Louis and as a fellow with the Institute for Critical Infrastructure Technology. He actively shares his privacy insights through numerous speeches and articles, and on social media.

shawn

Shawn Fair

CEO, Fair Consulting Group

Shawn Fair is the CEO of Fair Consulting Group. He is a training expert and prominent motivational speaker in the areas of leadership, consultative sales, vision, time mastery, coaching and business development. With over 22 years of experience in business positions ranging from sales, to vice president of sales and marketing, he has mastered the art of speaking with power and passion. His teachings are a result of the insight he has acquired over the years. Shawn has a strong passion for helping people accomplish their goals and objectives. As a result, he has been able to impact countless lives across the United States and Canada, both in the areas of business and personal growth. He has a unique ability to engage, motivate, and inspire leaders at every stage of their careers. Shawn is the founder and developer of one of the largest non-profit sports and fitness programs, for young athletes between the ages of 8-18, in the State of Michigan. Shawn has been able to impact over 1 million people through his programs, keynotes and presentations. He has helped countless people reach their highest potential within their family, work and social lives. His presentations encourage the understanding that change is essential. Shawn is on the business advisory board for the University of Phoenix and has been an inspiration for employees working for companies such as IMAAC, USAA, and Farmers Insurance. He has delivered a number of award winning presentations, some of the most noted are at the Rio Grand Hotel Casino in Las Vegas and the Sound Board Room in the Motor City Casino, Detroit, MI.

You can find some of Shawn’s keynote discussions on platforms such as Fox 2 News (Detroit, Dallas, Philadelphia, and Memphis), National Clothes Line, Franchising.com, WFTC TV, MY 29 and the Oakland Township Patch.

pic

Thomas McCreary

Technical Director, IBM Federal

Thomas McCreary (Primary Author) has worked in the Defense Industry for over 30 years.  Tom is a Technical Director in IBM's Federal CTO Office, and has a rich professional history across the Defense Industry.

phd

Fred Maymir-Ducharme, PhD

Executive Architect, IBM Federal

Dr. Maymir-Ducharme (co-author) is an Executive Architect at IBM Federal CTO Office, with a focus on applying commercial and state of the art technology to modernize government systems.   Fred is also a liaison to IBM Research (8 Labs World-wide: Almaden, Austin, China, Haifa, India, Tokyo, Watson & Zurich), leading efforts in Advanced Analytics, Smarter Planet, Mobile Computing, Cloud Computing, Cyber Security, and Biometrics.  Prior to IBM, Fred spent several years as a Lead Systems Engineer at AT&T Bell Labs (5ESS) during the early 1980’s.  As Chief Engineer and Program Manager on several large DoD programs (i.e., with Grumman, Unisys, Loral and Lockheed Martin), he led and managed a variety of complex military systems (e.g., C4ISR, Logistics, Transportation, SATCOM and INFOSEC).  Fred also led several applied research and development (R&D) teams and Corporate strategic planning initiatives for LM, Grumman & Unisys.  As program manager and chief architect of the USAF CARDS Partnerships Program and Chief Technologist on STI, he developed, applied and extended various product line engineering and software architectures technologies.  Dr. Maymir-Ducharme is a Lockheed Martin Certified Systems Architect an IBM Senior Consultant IT Architect, and an Open Group Distinguished Certified Architect.

Fred Maymir-Ducharme completed his BS in Computer Science (CS) at the University of Southern California (USC) and his PhD in CS at the Illinois Institute of Technology (IIT).  Fred has over 80 publications in the engineering field, and has chaired numerous conference / workshop program committees and technical.  Fred served on the Federal Advisory Board on Ada in the early 90’s and was a subject matter expert for the OSD Software Reuse Initiative (SRI) Program Management Office (PMO).  Fred was an adjunct professor at IIT, teaching graduate CS courses in the 80’s and is currently an adjunct professor at UMUC, where he periodically teaches graduate computer science classes.

tompatterson

Tom Patterson, CPA, CISA, CGEIT, and CRISC

Senior Manager, Cotton & Company, LLP

Tom Patterson is a Senior Manager in the Information Assurance practice of Cotton & Company LLP.  Prior to joining Cotton & Company, Tom was a senior director with NTT DATA Services, where he orchestrated efforts to capture new IT managed services contracts with Federal civilian agencies.  Tom holds CPA, CISA, CGEIT, and CRISC and an inactive CGFM designation.  Prior to NTT, Tom worked for 8 years with IBM, where he was an Associate Partner focused on delivering IT security engagements to large IBM managed IT services accounts, before taking on a Complex Solutions Executive role with IBM Security.  Tom is a Past President of ISACA-GWDC, a Past Vice-President, and former Treasurer and Board Member.  Tom currently provides volunteer support to the Information Management Technical Assurance (IMTA) committee of the American Institute of CPAs (AIPCA), and was a member engaged in developing the Trust Services Principles, the Service Organization Control (SOC) 2 and SOC 3 Attestation Standard (TSP100 and AT101), and lately has been engaged with a team in re-writing the 2009 Generally Accepted Privacy Principles (GAPP) framework to re-align the core privacy principles with recently enacted data privacy legislation in the US (California) and European Union (GDPR).  Tom has also assisted large Federal agencies and regulators in enhancing their audit and examination guidelines, and spent 13 years in Big 4 accounting firms where he led IT risk advisory, enterprise risk services, and internal controls advisory services practices, helped re-design audit and control testing methodologies to comply with SOX 404, and provided CISA preparation training to firm staff and ISACA chapters in the US and Europe before moving to Europe for 3 years to lead the IT audit function of a global public company and the annual SOX 404 management self-assessment program.

maryellen

Mary Ellen Seale, CISSP

CEO, The National Cybersecurity Society (NCSS)

Mary Ellen Seale is a leader in national cybersecurity strategy and cyber operations – and has held several executive level positions with the federal government. She retired with nearly 31 years of federal service, and continues her public service by contributing to the cybersecurity needs of the small business community. As Founder and CEO of the National Cybersecurity Society, a national nonprofit organization, she is leading efforts to assist small businesses obtain needed cybersecurity protection capabilities and services.

Previously she was Deputy Director, Cybersecurity Coordination, Department Homeland Security, (DHS), Executive Director of Modernization, Federal Communications Commission, Deputy Director, National Cybersecurity Center/DHS, and Chief of Administrative Operations, DHS Headquarters.

Ms. Seale received an undergraduate degree for the University of Georgia and master of business administration (finance) from the American University and is a Certified Information Systems Security Professional.

ADDITIONAL DETAILS

Special Instructions

ISACA Members from Other Chapters: You will need to bring your ISACA Membership Card to the event to verify your ISACA Membership.

Presentations: Conference presentations will be included in the registrants' final event-related email message containing the CPE certificate and evaluation survey when permission is received from the presenter and their organization. In some cases, permission is not received.

Requests for Assistance: If you require assistance for an audio, visual, or other disability, please contact the Programs Director to discuss your needs, as soon as possible.  We need as much advance notice as possible to determine whether requests can be accommodated. Thank You.

Cancellation

If you are unable to attend this event, you can cancel your registration. To receive a refund, all cancellations must be received by June 10, 2019.  A $15 cancellation fee is charged.

To cancel, access your payment confirmation e-mail message and click the UNREGISTER link.

If your organization is interested in being an event sponsor, please take a look at the five (5) various event sponsorship packages and click this sponsorship link to become a sponsor.

CPE Information

Earn up to 8 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge. The ISACA® GWDC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: http://www.learningmarket.org.

CPE Distribution and Evaluation Survey

CPE's will be distributed via e-mail along with the event evaluation survey by June 24, 2019. Attendees must be present the full day to receive full CPE credit.

CPE-Related Details

  • Prerequisites and Advance Preparation: N/A
  • Program Knowledge Level: N/A
  • Delivery Method: Live in person event
 

Seminar on Managing and Auditing Cybersecurity – Data, Infrastructure and Applications

by Leave a Comment

DETAILS | AGENDA | PRESENTERS | ADDITIONAL DETAILS & CPE INFORMATION 

DETAILS

After being on the audit side for the first half of his 30-year career, the instructor has spent most of the last 15 years consulting full-time with systems development groups, infrastructure groups, and data center staff, uncovering many cybersecurity control issues which were in many instances overlooked by the most experienced auditors. As a result of these experiences, the instructor has devised unique methods for performing compliance testing that disclose major gaps in an organization’s cybersecurity program. This two-day seminar will focus on auditing cybersecurity at the three layers where the most threats occur: (1) data level (2) infrastructure level, and (3) applications level. In addition, this seminar will include discussions about the latest technologies used, such as containers, and discussions about cloud-based platforms, such as AWS.

 

Case Studies

Two case studies (i.e., one each day) will be presented during the seminar which will provide the attendees the understanding of how to identify flaws within an organizations cybersecurity program and how to establish effective compliance testing. 

 

Audit Program

An audit program which covers all topics discussed will be distributed as part of the session materials.

Who Should Attend

IT Auditors, Cybersecurity and GRC professionals, IT professionals or anyone interested in growing their skills and knowledge with respect to data protection, privacy, and new technologies.  The cybersecurity skills gap is very pronounced in the areas this course covers and it would be of value to anyone in the field.

Learning Objectives

  • Will be able to identify the production resources which need to be included in-scope for a security access audit
  • Understand the controls that need to be established to prevent traditional access controls from being bypassed
  • Identify key network security, host-level, database and application design initiatives required to prevent cyber security attacks
  • Understand the key components to performing an effective data privacy audit
  • Effective methods for implementing a Cybersecurity program
  • Understanding how new regulations are raising the bar of the expected requirements of a cybersecurity program
Click Here to Register

AGENDA

  • Cybersecurity overview
  • Understanding the recent cybersecurity regulations and how they are raising the bar of the required security controls
  • Implementing and reviewing audit guidance for DFS Part 500 Cybersecurity Requirements
  • Implementing a cybersecurity program using the NIST and other frameworks
  • Establishing models to drive decision making processes for security technology to be deployed
  • Cybersecurity approaches when using third party service providers
  • Conducting cybersecurity and data privacy audits
  • Alternatives to approaching the Cybersecurity Audits
  • In-depth auditing techniques for Cybersecurity focus areas
  • Implementing and Auditing Incident Management and Data Breach Handling processes which includes enhances requirements mandated by GDPR and other regulations
  • Understanding how controls over production access are being bypassed
    Ineffective security design & management approaches

MEET THE PRESENTER

Mitch Levine

Mitchell H. Levine, CISA

Founder, Audit Serve

Mitchell Levine is the founder of Audit Serve, Inc. which is an IT Audit & Systems consulting company.   For the last 28 years at Audit Serve, Mr. Levine has split his time between traditional IT & Integrated Audit consulting projects, restructuring IT Departments, Implementing DFS Part 500 Cybersecurity initiatives, PCI Implementations, and performing pre & post-implementation reviews of system migrations.  Mr. Levine spends 220+ days per year consulting which is the basis for the material which is included in the seminars.

Over the past fourteen years Mr. Levine has presented over 110 seminars to twenty-seven different ISACA & IIA chapters.  Mr. Levine also was the primary writer and editor of Audit Vision which is published monthly and has a subscription base of over 3,000 audit & security professionals.

Prior to establishing Audit Serve, Inc. Mr. Levine was an IT Audit Manager at Citicorp where his duties included managing a team of IT Auditors who were responsible for auditing 25+ service bureaus and the corporate financial systems

ADDITIONAL DETAILS

Special Instructions

All Students: Please arrive at 7:30am the first day for registration

ISACA Members from Other Chapters:You will need to bring your ISACA Membership Card to the event to verify your ISACA Membership.

Presentations

Presentations are made available for download after the course completion.  If permission is granted from the instructor, a link to the presentation(s) will be made available along with the CPE certificate.

Requests for Assistance

If you require assistance for an audio, visual, or other disability, please contact the Programs Director, Marvin Muhumuza, to discuss your needs, as soon as possible.  We need as much advance notice as possible to determine whether requests can be accommodated. Thank You.

Cancellation

If you are unable to attend an event, you can cancel your registration. To receive a refund, all cancellations must be received by April 28, 2019. A $15 cancellation fee is charged.

To cancel, access your payment confirmation e-mail message and click the UNREGISTER link.

 

CPE

Earn up to 14 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge. The ISACA® GWDC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: http://www.learningmarket.org.

CPE Distribution and Evaluation Survey

CPE's will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day to receive full CPE credit.

CPE-Related Details

  • Prerequisites and Advance Preparation: None
  • Program Knowledge Level: None
  • Delivery Method: Classroom Live / In person

Survey About Cloud Computing Risk Assessments

by

My name is Matthew Meersman, and I am conducting a research study for my dissertation on Cloud computing risk assessments. I regularly volunteer for the conference events in Arlington, and I am very impressed with the expert knowledge chapter members have.
How do small and medium enterprises (SMEs) accurately assess their risk when they adopt Cloud computing? What should they do? Is there a right way to do this? Is there a process you think works well? I do not know the answers, and I hope that the expertise of ISACA GWDC members can help me with the answers.

I would like to ask IT risk experts, like you, questions about Cloud risk and how you assess Cloud risk. I plan to do this with three short surveys using SurveyMonkey. The third survey is here. This third survey builds upon your expert answers in the prior surveys.

Aside from finishing my dissertation, I plan to use your answers to make a risk assessment guide which will be freely available to all. Your time and help with these surveys could help many SMEs as they try to secure their Cloud deployments.

I know that most of you have to keep specific information confidential. I will not ask your name or your employer’s name. I will not record the IP address you use to respond to my surveys. I will safeguard your answers, and no personally identifiable information will be collected or published. You are free to not answer any question that may divulge sensitive or confidential information. Each survey will start with an informed consent page that details your rights and how I will respect those rights.

 
These surveys are not sponsored by ISACA so no CPEs will be provided. 

Please contact Matthew Meersman at M.Meersman5121@o365.ncu.edu or 202.798.3647 for more information about this research project.

Thank you.

 

IT Audit in Civilian and DoD Environments

by

TOPICS | EVENT SPONSORSPRESENTERS | AGENDAADDITIONAL DETAILSCPE INFORMATION | REGISTRATION | SPONSORSHIP

DETAILS

The ISACA Greater Washington, D.C. chapter IT audit events attract the best and brightest with its content-rich and thought-provoking sessions that delve into some of the biggest challenges facing IT audit and security professionals. The conference will include dynamic, timely topics that help you address challenges and learn innovative solutions within the IT audit arena. Speakers will cover information security, risk management utilizing frameworks like NIST Cybersecurity, RMF and FISMA to protect information, operations and assets against natural or man-made threats. IT audit both in civilian and DOD environments will be discussed, as well as upcoming changes to the way Federal agencies, implement IT systems, communicate cyber threats, manage resources, lower operational costs, expand and protect access, and manage evolving cyber threats.

TOPICS

1. Guard Rails for the Digital Revolution - Theresa "Terry" Grafenstine

In an increasingly interconnected world, organizations that don’t innovate and broaden their technology footprint are at risk of losing market share. Internal audit has a critical role to play in acting as the “guard rails” for their organizations, but to truly add value, they must find a balance between providing assurance while supporting the new operational innovations. In this session, Ms. Grafenstine will discuss how emerging technologies, like robotic process automation and artificial intelligence, will drive the future of internal auditing, provide an overview of cyber trends and classic breach tactics, and offer strategies of how to communicate these and other cyber risks to the board and c-suite.

2. RMF 2.0 is Coming; Are You Ready? - William Wright, CPA, CISA, CEH, FITSP-A

NIST is in the process of revising the core publications that constitute the Risk Management Framework (RMF) in an effort Dr. Ron Ross calls “RMF 2.0.” On December 20, 2018 NIST published the first revised RMF publication, NIST Special Publication (SP) 800-37, Revision 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. In this session Mr. Wright will summarize the major changes in SP 800-37 and discuss the impact on both auditees and auditors and what both groups should be doing now to prepare for the changes that are coming.

3. Data Analytics for IT Audit - Debra Gilkey and Bill Rickett

With an eye to the future, automation and analytical tools provide tremendous potential for evaluating incident trends and informing stakeholders. This presentation will cover how the OIG is keeping pace with current trends and future visions of data analytics within IT audit by using ServiceNow data to investigate and find potential vulnerabilities. Using this data allows for real time auditing and quick turnaround time to alert management to any important vulnerabilities detected. Bill and Debra will explain how they use performance analytics to identify operational events and then export reports for evidence as a visual, interactive, drill-down display within Microsoft Power BI. They will also discuss how they use these reports to serve a variety of stakeholders such as the Board of Governors, Postal Service executives, and OIG management.

4. IT Controls are Not Auditors - Laura Smith

Laura Smith will walk through some of her experiences working with control owners both in government and corporate organizations. She will discuss how, as an IT Auditor, she has evaporated the myth that CobIT, NIST, PCI, A-123 or insert framework flavor, is not only for the audit, but for Auditors too! That’s why it’s called a management control.

5. Supply Chain Security: The Risk X-Factor We Can No Longer Ignore - Panel hosted by Parham Eftekhari

Supply chain security is not a new concept, but like many risk variables it has only recently emerged as a hot button issue for organizations seeking to curb the rising tide of digital threats to their organizations. Civilian and DoD agencies in particular must understand how the growing diversity of their partner ecosystem impacts their risk posture, and how they can build requirements into their acquisition and audit programs to mitigate risk by requiring better security from the products coming into their environment, be it equipment, hardware, or software. In this session, Fellows from the Institute for Critical Infrastructure Technology, the nation’s leading cybersecurity Think Tank, will discuss emerging trends in supply chain security, and the important role agencies can play in spreading these principals throughout their partner ecosystem. Panel participants include:

  • Wallace Sann, ICIT Fellow and VP WW Systems Engineering & Government CTO, Forescout
  • Rob Roy, ICIT Fellow and Public Sector  CTO, Micro Focus Government Solutions
  • Don Maclean, ICIT Fellow and Chief Cyber Security Technologist, DLT
  • Joseph Brendler, ICIT Fellow and Major General, US Army (Retired) / Principal Brendler Consulting, LLC

6. "Attack" Auditing: What You Can Learn from Cybercriminals to Protect Your Data - Nick Cavalancia

In our rush to put up a layered defense strategy that includes identifying when external and insider threats occur, many organizations tend to lean on best practices, forgetting that the enemy is constantly changing their tactics. This makes spotting threatening actions – whether proactively or reactively – a challenge. So, what lessons can we apply by looking at how cybercriminals act? In this interactive session, join security expert and technical evangelist, Nick Cavalancia, as he discusses what are we protecting and what’s at stake, understanding the enemy mentality through the cyber attack chain, and turning attack activity into actionable auditing.

7. Protecting Files from the Inside - David Balch

Data Security is a term that covers a broad spectrum of approaches.  Perimeter solutions are vital to keeping external threats out, but what if those threats get in?  What if those threats have been inside all along?  This presentation will discuss the notion of a trusted insider threat and a solution to help protect your critical file assets utilizing real-time activity monitoring.

Event Sponsors

The ISACA GWDC Board of Directors and Officers would like to give a big “Thank You” to Netwrix and DefendX Software for being Event Sponsors for the IT Audit in Civilian and DoD conference!

Gold Event Sponsor

  
   

Bronze Event Sponsor

  
Click Here to Register

 

Who should attend?

  • Any professional in the Information Security / Assurance industry, including IT auditors, IT consultants, and general IT professionals with exposure to or looking to get exposure to cybersecurity initiatives.
  • Anyone that is already or anyone interested in getting involved with the ISACA CSX program.

AGENDA

IT Audit in Civilian and DoD Environments (PDF)

MEET THE PRESENTERS

grafenstine2

Theresa Grafenstine, CPA, CIA, CISSP, CISA, CGEIT, CRISC, CGAP, CGMA

Managing Director, Risk and Financial Advisory at Deloitte

Terry is a leader in the international cybersecurity audit profession.  She has over twenty-five years in executive leadership; leading change; developing high performing teams; managing innovation; and bringing strategic foresight to leaders at highest levels of public trust.  Terry is currently a Managing Director in Deloitte’s Risk and Financial Advisory practice where she delivers IT audit, risk, and governance advisory services to senior leaders in both the government and commercial sectors. Prior to joining Deloitte, Terry served for eight years as the Inspector General of the U.S. House of Representatives, where she designed, managed, and delivered audit and investigative services, including a comprehensive cyber assurance program.  Through her leadership roles as ISACA’s Global Chair, as a member of the AICPA board of directors, and as a founding member of the IIA’s American Center for Government Auditing, Terry has helped to advance the information technology, governance, internal auditing, and accounting professions and speaks globally on cyber security, internal auditing, leadership, and risk.  She has received numerous awards and accolades, including FedScoop’s “Golden Gov Federal Executive of the Year,” the Greater Washington DC Society of CPAs “Government CPA Leader of the Year”, the NY Metropolitan ISACA Chapter’s “Joseph J Wasserman Cyber and Governance Leader of the Year,” and ISACAs “Common Body of Knowledge” and “Best International Conference Speaker of the Year” awards. 

William Wright, CPA, CISA, CEH, FITSP-A

Manager, IT Audit at Kearney & Co, PC

William is an IT Audit Manager with 40 years of IT experience in DoD prior to entering the field of IT audit four years ago. He has experience in conducting both FISMA evaluations and financial statement audits (using FISCAM to audit information systems) for federal government clients. He also has an extensive education and training background, currently teaching economics as an adjunct associate professor for UMUC. He maintains the training material for CISA and FITSP-A review courses and assists in conducting the courses at Kearney & Co. He holds master’s degrees in Accounting and Financial Management, National Resource Strategy, and Operations Research.

pic2

Bill Rickett

Manager, Data Analytics at USPS OIG Office of Audit

Bill joined the OIG in 2000 as an audit manager in the Atlanta, GA, field office. Presently, Bill is responsible for providing data analytics to support Information Technology audits and other projects as needed. Bill has over 25 years combined experience with the OIG and U.S. Army Audit Agency. One of his most significant projects was working in the Republic of Panama as the U.S. withdrew its Department of Defense components before the Panama Canal Treaty expired in December 1999. Bill also served 10 years in the Army with duty assignments in Texas, Indiana, Italy, and Germany. He is a graduate of the University of Georgia with a Bachelors in Business Administration and a Masters in Accountancy. Bill holds a CPA certificate in Georgia and is a member of ISACA and the IIA.

pic

Debra Gilkey

Data Analyst at USPS OIG Office of Audit

Debra joined the OIG as a Program Analyst Information Technology (IT) Audit Evaluator in September 2017 and she is based out of the Eagan, MN, field office. Debra serves as the Data Analyst and is the ServiceNow SME for the USPS OIG Technology directorate. Prior to working at the OIG, Debra was a Service Level Manager in the Postal Service’s Service Management Organization where she evaluated and audited industry advances in technology for developing and maintaining the Postal Service’s business information systems. She uses her ServiceNow and ITILv3 certifications to monitor and manage the Quality of Service by comparing actual performance with pre-defined expectations. She oversaw the policy and standard developments and modifications that helped define IT Service Level Requirements by auditing reports and implementing Service Improvement Plans. Debra is a member of ISACA.

pic

Laura Smith

Cybersecurity SME at The Ambit Group, LLC

Ms Smith is a Cybersecurity Subject Matter Expert for The Ambit Group, LLC. She has been in system development since punch-cards and green-bar paper. Having been involved in the creation of corporate and government systems through technical documentation, user and integration testing, configuration and change management, and business process and requirements, when she says she understands management controls her experience backs her up. Ms Smith is a GOLD Certified Information Systems Auditor (CISA), was in the inaugural accreditation class to be Certified in the Governance of Enterprise IT (CGEIT), and also is a Certified Internal Auditor (CIA). Additionally, she is in the process of obtaining the Certified Information Privacy Profession (CIPP) accreditation. Ms. Smith is a graduate of Oklahoma City University and is a native Texan.

LinkedIn - https://www.linkedin.com/in/laura-smith-8733695/

Parham Headshot

Parham Eftekhari

Executive Director at the Institute for Critical Infrastructure Technology

Parham Eftekhari is the Executive Director of the Institute for Critical Infrastructure Technology (ICIT), the nation’s leading cybersecurity Think Tank. Combining 15 years of technology experience with a lifelong passion for leadership and community engagement, Parham is privileged to advise executives at some of the world’s top public and private sector organizations, build strategic alliances, and create thought leadership programs focused on national security and cybersecurity issues. Parham has developed or contributed to over 100 educational briefings and events at institutions including Congress, the World Bank, and C-SPAN and regularly contributes to technology focused publications and media engagements.

Twitter - @ICITorg / @ParhamTech

Instagram - @parhamtech_

Nick

Nick Cavalancia

Founder / Chief Techvangelist at Techvangelism

Nick Cavalancia is a Microsoft Cloud and Datacenter MVP, has over 25 years of enterprise IT experience, is an accomplished consultant, speaker, trainer, writer, and columnist, and has achieved industry certifications including MCSE, MCT, Master CNE, Master CNI. He has authored, co-authored and contributed to nearly two dozen books on various technologies. Nick regularly speaks, writes and blogs for some of the most recognized tech companies today on topics including cybersecurity, cloud adoption, business continuity, and compliance.

David Balch

Vice President, Technology & Strategic Alliances at DefendX Software

David Balch is an accomplished communicator, with more than 30 years of experience in information technology infrastructure design, sales, marketing and technical leadership.  David began his career as a relational database application programmer for companies with clients in government, healthcare, and retail markets.  His effective communication skills, combined with a deep technical background led to customer-facing sales-engineering roles, where he spent more than 17 years architecting, implementing and presenting complex IT infrastructure solutions and leading technical teams for companies such as EMC and IBM.  David now focuses most of his energies helping companies develop effective strategic plans and related messaging for their various products, solutions and markets.

ADDITIONAL DETAILS

Special Instructions

ISACA Members from Other Chapters: You will need to bring your ISACA Membership Card to the event to verify your ISACA Membership.

Presentations: Conference presentations will be included in the registrants' final event-related email message containing the CPE certificate and evaluation survey when permission is received from the presenter and their organization. In some cases, permission is not received.

Requests for Assistance: If you require assistance for an audio, visual, or other disability, please contact the Programs Director to discuss your needs, as soon as possible.  We need as much advance notice as possible to determine whether requests can be accommodated. Thank You.

If your organization is interested in being an event sponsor, please take a look at the five (5) various event sponsorship packages and click this sponsorship link to become a sponsor.

CPE INFORMATION

Earn up to 7 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge. The ISACA® GWDC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: http://www.learningmarket.org.

CPE Distribution and Evaluation Survey

CPE's will be distributed via e-mail along with the event evaluation survey up to seven (7) business days after the completion of the event. Attendees must be present the full day to receive full CPE credit.

CPE-Related Details

  • Prerequisites and Advance Preparation: N/A
  • Program Knowledge Level: N/A
  • Delivery Method: Live in person event
 

REGISTRATION DETAILS

ISACA GWDC