In person and online.
Presenter:
Earnest Collins, CISSP, CISM, CISA, AES, CFE
At this stage of my life and career, I am in a position to do something I am passionate about. I am passionate about IT and cybersecurity and excited about participating in the digital transformation.
For the last 30 years, I have managed and supervised risk-focused financial examinations, information technology reviews, and cybersecurity assessments for Insurance Companies for the State Insurance Departments of Nebraska, Illinois, New York, Florida, and Washington, DC.
I have over 20 years of experience with Model Audit Rule 205 (MAR), Sarbanes Oxley Section 404 (SOX), ISO/IEC 27001, IT Infrastructure Library (ITIL), and National Institution of Standards Technologies (NIST) frameworks and guidelines. I have served on the National Association of Insurance Commissioners (NAIC) IT Working Group for the last fifteen years, which draft states NAIC guidelines for insurance's statutory IT examinations throughout the United States. I worked with the NAIC's Cyber Security Task Force to update the NAIC's national Cybersecurity Consideration Section in 2018 of the NAIC's Financial Condition Examiners Handbook. In addition, I assisted in drafting and implementing financial examination risk-focused frameworks for Illinois and Nebraska's Insurance Departments.
Graduate from Chicago State University in Business, Accounting, and Information Systems
Served three years in the United State Army
Title: SASE Security at the Edge from a Cybersecurity Auditors Prospective
Earnest Collins, CISP, CISM, CISA, AES, CFE
Abstract
Secure Access Service Edge (SASE) integrates enterprise computer networking and security services by including SD-WAN, FWaaS, SWG, CASB, and ZTNA. The enterprise network landscape is transitioning from the traditional limitations of perimeter-based protection, data centers, VPN access, MPLS networking technology, and identity and access management architecture to a hybrid workforce, i.e., work from anywhere and any device. I have reviewed Gartner’s SASE Frameworks, NIST SP 800-215 and attended numerous vendor presentations and cybersecurity conferences. Also, I have reflected on how SASE has impacted my current IT and cybersecurity audit engagements. Gartner states there has been an aggressive move to cloud services. In 2020 they surveyed business leaders worldwide from multiple industries (not technical) as where they will invest in the future 71% stated digital technologies. Gartner and other industry business leaders at the conference I reviewed believe SASE requires cloud edge for network and security services. I am following the SASE solution and updating my cybersecurity audit approach accordingly. My objective is to move my cybersecurity auditing approach forward to reflect the impact of the new SASE approach to networking and security.