The ISACA Central Maryland Chapter invites you to our 19th Annual Day of Training with G. Mark Hardy on January 11, 2023. ISACA Members, risk management, governance, and internal control professionals and practitioners new to the field and those with years of experience will benefit from this event. The training event offers an opportunity to build on your knowledge and skills. The training session is a full-day webinar via Zoom. After registration, you will receive the Zoom registration email. See Zoom Instructions below for further information.
Note: This training earns up to 7 CPEs if attended for duration.
Speaker: G. Mark Hardy is founder and President of National Security Corporation. (Bios are located under the "Speakers" tab)
Topics and timeline::
The Nine C's of Cyber
There are a number of elements that a security professional must monitor and master to be effective. Security Operations Centers (SOCs), software developer shops, and executive leaders all have differing requirements. This presentation will provide a model for understanding what is important at different stages of a career and look at a number of security models to see how well they map into this construct.
Updating the Executive Leadership Team on Cyber
What is the opposite of satisfaction? It is NOT dissatisfaction. Rather, it is no satisfaction. That sounds like a nit, but these types of insights are key to understanding what management wants from their security briefings, and how to deliver when asked to present. The range of regulations requiring reporting is only going to increase, and the importance of effectively briefing management will be a key determinant in careers going forward.
The Cyber Defense Matrix
One of the best books of 2022 on cybersecurity is Sounil Yu's "Cyber Defense Matrix: The Essential Guide to Navigating the Cybersecurity Landscape." It's dense reading and sometimes requires multiple re-reads to understand, but there is a great deal of wisdom between the covers. We'll look at mapping the NIST Cybersecurity Framework (identify, protect, detect, respond, recover) against a set of assets (devices, applications, networks, data, and users) to develop a comprehensive security model that can be a basis for an entire security operation.
Countering Corporate Espionage
Chances are your organization has information that someone else wants. If it's another nation state, their methods may not be friendly or even legal. In this presentation we address assessing risk, known "bad" actors, information targets, exfiltration, cyber security models, what the federal government is doing for contractors, and response strategies. Learn now so you don't become a statistic later.
Aligning Security Initiatives with Business Objectives
InfoTech identified four business key objectives that can be supported by the security function: profit generation, cost reduction, service enablement, and customer/market reach. By focusing on proper execution, a security professional can influence operations to better support the overall organization and move away from the concept of a cost center to a protector of revenue.
Working on the Supply Chain Gang
Incidents such as OpenSSL, SolarWinds, and probably a soon-to-be-announced major breach all have one thing in common -- they are a result of a supply-chain compromise. Some component that was trusted ended up being a "poisoned" ingredient in an enterprise software stack. The White House has announced a proposal for all federal agencies to require a software bill of materials (SBOM) for future procurements at a future date. There's even a proposal of a "nutrition label" type of disclosure requirement for software. We'll explore these concepts to try to anticipate which way the market is going.
8:00 - 8:30 Zoom started for networking
8:30 - 12:00 G. Mark presents 3 topics
12:00 - 1:00 Lunch Hour
1:00 - 4:00 G. Mark presents 3 topics
We promise you a high knowledge value session.
Earn 7 CPEs toward your CISM, CISA, or other certification (CPE credits are based on 50 minute increments)
Cancellation Notice: Please refer to the “Fees” page for our refund policy for this event. Full refunds will be given if registration is cancelled prior to noon on Friday (January 6, 2023) before the meeting is held. Use either the link in your confirmation email or select “Already Registered” at the bottom of the meeting summary event page to access your registration (i.e., the email address used to register for the event and your confirmation number will be needed to access/modify/cancel your registration). If you need to cancel after that date, please contact Pat Hamilton via email at firstname.lastname@example.org as refunds will not be given, although attendance is transferable. Reservations made after this time will be accepted on a first come, first served basis, but cannot be guaranteed due to space limitations and may include a late fee. ISACA Central Maryland Chapter reserves the right to cancel this event if there is not sufficient participation. Participants will be notified in the event that the monthly meeting has been cancelled and paid registrations will be refunded.