IT Investments, Acquisitions, and Supply Chain Conference

When:  Dec 17, 2020 from 08:30 to 12:00 (ET)

IT supply chain is vital yet highly volatile. The highly anticipated revision 5 of NIST SP 800-53 has a control family dedicated to supply chain risk management. While most anticipated COVID-19 to significantly disrupt the IT supply chains, CompTIA found that they remained resilient. Join us in our IT Supply Chain Virtual Conference to hear about risks and leading practices in this critical space. Attendees of this event will receive four (4) CPEs.

Event Agenda:
0815-0830:  Conference Opening
0830-0930:  Importance of Infrastructure Investment to the IT Supply Chain by Mr. Sean Perryman (Internet Association)
0930-1030:  How Can Enterprise Business Continuity Planning Minimize the Effects of the Pandemic by Mr. Ralph Petti (Readiness Associates)
1030-1130:  CMMC - Securing the DoD Supply Chain by Ms. Stacy Bostjanick (Department of Defense)
1130-1230:  The Risk of Ransomware to the Supply Chain by Mr. Allan Liska (Recorded Future)

Host:  Mr. Marvin Muhumuza (Cotton & Company)

TOPICS

Importance of Infrastructure Investment to the IT Supply Chain
Presenter:  Mr. Sean Perryman
Importance of Infrastructure Investment to the IT supply chain Sean Perryman, Internet Association A discussion of how lack of investment in local and state IT infrastructure threatens the IT supply chain. This presentation will look at specific instances where the supply chain was or could have been disrupted by underinvestment. It will also cover how this incidents revealed vulnerabilities and exacerbated existing problems.

CMMC - Securing the DoD Supply Chain
Presenter:  Ms. Stacy Bostjanick
The Department of Defense migrated to its new Cybersecurity Maturity Model Certification (CMMC) framework to assess and enhance the cybersecurity posture of the Defense Industrial Base. The CMMC will encompass multiple maturity levels that ranges from “Basic Cybersecurity Hygiene” to Advanced/Progressive”. The intent is to incorporate CMMC into Defense Federal Acquisition Regulation Supplement (DFARS) and use it as a requirement for contract award. Ms. Stacy Bostjanick of Under Secretary of Defense (OUSD) for Acquisition and Sustainment (A&S) will provide greater insights on CMMC and how it furthers secure the DoD Supply Chain.

How Can Enterprise Business Continuity Planning Minimize the Effects of the Pandemic
Presenter:  Mr. Ralph Petti
The pandemic. It has changed our lives forever – and is still a threat that is lingering and will have to be completely extinguished. As 9/11 and Hurricane Sandy were major incidents that severely impacted our region, they both had end-dates that could be reached as we worked together to settle things. As we approach the one year mark of the pandemic in just a few months, it is not slowing down. With new ideas in the area of Business Continuity and Supply Chain Management emerging, the pandemic is forcing everyone globally to do things differently. Due to the pandemic, Business Technology Professionals and their enterprises are affected by their reach into the areas of manufacturing, transportation, communication, staffing and in all other areas. This session will dive deeply into the issues that ISACA members are facing today and provide ideas that can be used immediately to influence the decisions that you make and the organizations with whom you partner. It’s not as simple as wearing a mask and washing your hands. This pandemic has completely changed our lives.

The Risks of Ransomware to the Supply Chain
Presenter:  Mr. Allan Liska

Ransomware attacks against shipping and manufacturing companies have increased dramatically over the last few years. These attacks can, and have, caused serious disruption to the supply chain. This presentation will walk the viewer through why the supply chain is being targeted and what your organization can do to understand, and mitigate, the threat of ransomware attacks on your supply chain partners.

MEET THE PRESENTERS

Sean Perryman
Director, Social Impact Policy and Counsel; Internet Association
Sean Perryman is the Director of Social Impact Policy and Counsel at Internet Association. He is responsible for leading IA’s policy efforts around artificial intelligence (AI), diversity, inclusion, and immigration-related policies at the local, state, and federal level. Prior to joining IA, Sean served as Counsel on the House Oversight Committee, Democratic staff where he conducted investigations and advised on technology policy including AI, cybersecurity, and privacy issues. Before working on the Oversight Committee, Sean practiced civil litigation both in Texas and D.C. Sean is passionate about issues of equity and inclusion. He serves on the FCC’s Advisory Committee on Diversity and Digital Empowerment. Outside of work, he is the President of the Fairfax County NAACP–the youngest President in the branch’s 101 year history. He also regularly writes about issues related to race, policy, and equity.

Ms. Stacy Bostjanick
Director of Cybersecurity Maturity Model Certification Policy; OUSD A&S
Ms. Bostjanick is currently serving as the OUSD A&S, Director of Cybersecurity Maturity Model Certification (CMMC) Policy. In this role, she is responsible for managing the initiation of the CMMC program and is responsible for establishing all Policy and Procedures with regard to the CMMC. Previously, she served as the DIA, Head of Contracting Activity in which she was responsible for planning, managing, directing and accomplishing the total DIA procurement program. Ms. Bostjanick has also worked as a Senior Contracting Officer for the Missile Defense Agency on the Standard Missile 3 Block IA and IB development and production program. She was responsible for cradle-to-grave execution of over $5 billion of highly-complex, cutting-edge contracts for our nation's missile defense systems.

Ralph Petti
Chief Risk Officer; Readiness Associates
A former and now current ISACA member, Mr. Petti has been involved in the planning and recovery of over 500 disaster events globally. Having been selected by the International Medical Corps to provide pandemic planning in The Philippines, Indonesia and other locations, he is a Washington DC resident who understands the critical role of ISACA professionals as the heartbeat of every organization. With a Letter of Commendation from US Senator Mary Landrieu for his Gulf Region efforts, Mr. Petti has been a Vice President at SunGard, Lucent and Veritas in helping IT organizations migrate their traditional disaster recovery planning into Enterprise Risk Management. He is a national speaker and a member of SHRM, MADRA, DRJ, IAA, ALA, The BCI and collaborates with FEMA, DHS and other agencies.
Allan Liska
Security Researcher, Recorded Future
Allan Liska is a security researcher for Recorded Future and has seen first-hand the damage ransomware attacks can cause and how these ransomware actors operate and communicate with each other. He has regularly appeared on PBS NewsHour, CNN, ABC, NBC and CBS, and has been quoted in the Financial Times, Bloomberg, The Wall Street Journal, The Washington Post, and The New York Times. He has written many articles about ransomware and co-wrote the book, Ransomware: Defending Against Digital Extortion. He is the author of “The Practice of Network Security, Building an Intelligence-Led Security Program,” and “Securing NTP: A Quickstart Guide” and the co-author of “DNS Security: Defending the Domain Name System"

MEET THE HOST

Marvin Muhumuza
Cotton & Company
Marvin Muhumuza is a Senior Information Technology Auditor with Cotton & Company LLP supporting our customers in assessing risk and advising on security posture of their information systems and data. He has more than 13 years of diversified information system audit, enterprise mobility solutions, compliance, and risk management consulting experience.
Marvin holds a Master of Business Administration (MBA) from Johns Hopkins University. He is Certified Information Systems Auditor (CISA) and volunteers with ISACA-GWDC Chapter.

ADDITIONAL DETAILS

Special Instructions

This is a virtual event and a Zoom link will be provided in the registration confirmation email.

Presentations

Conference presentations are posted to the Presentations Library if permission is received from the presenter and their organization. In some cases, permission is not received.

Sponsor this Event

If your organization is interested in being an event sponsor, please take a look at the five (5) various event sponsorship packages and click this sponsorship link to become a sponsor.

CPE

Earn up to 4 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge of information technology. The ISACA® NCAC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: http://www.learningmarket.org.

CPE Distribution and Evaluation Survey

CPE's will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day to receive full CPE credit.

CPE-Related Details

  • Specialized Knowledge: Information Technology
  • NASBA Sponsor ID: 103445
  • Prerequisites and Advance Preparation: N/A
  • Program Knowledge Level: Basic
  • Delivery Method: Virtual

Location