Opening Keynote: Harmonizing Cybersecurity and Resilience: Shifting the Balance Toward Enduring Security

Dec 1, 2023 8:30am ‐ Dec 1, 2023 9:30am

Identification: SSDC2301

Across our nation an array of intuitions, from global giants to small and medium sized businesses, face a wide range of potential risks including an increasing number of sophisticated cyber-attacks. In this session, the Cybersecurity and Infrastructure Security Agency’s (CISA) Executive Assistant Director for Cybersecurity, Eric Goldstein will discuss how CISA, America’s cyber defense agency, is working with the tech community, and in collaboration with industry, developers, and the international community to ensure national security considerations are prioritized throughout a product or software’s entire life cycle. By helping set standards to raise the cybersecurity baseline, ensuring that the supply chains for digital products are secure, and that manufacturers and software developers fix vulnerabilities in their products quickly, collectively we will ensure a more resilient future.

Building Supply Chain Resilience Together – A Look Inside the ICT Supply Chain Risk Management Task Force

Dec 1, 2023 10:00am ‐ Dec 1, 2023 10:50am

Identification: SSDC2302

Since its inception in December 2018, the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force has brought together public and private entities to collaborate on identifying challenges and developing actionable solutions to enhance global ICT supply chain resilience. Join members of the Task Force to get an overview of what has been achieved over the past 5 years and what the future holds. Hear about the current efforts to assist small and medium businesses address topics such as SBOM, HBOM and software assurance. Bring your questions for the panel!

CMMC: Where We Are Now and Where We Are Headed

Dec 1, 2023 10:00am ‐ Dec 1, 2023 10:50am

Identification: SSDC2303

During this session, we will explore the current state of CMMC (Cybersecurity Maturity Model Certification) and investigate the path forward. CMMC has been a topic of discussion for many years now, but where does the program actually stand today? With the updates, we will provide insights and predictions about the evolving landscape of rulemaking and provide steps you can take to ensure your organization is ready as soon as the rules become active. Join this session to learn what organizations will need to do to meet the CMMC requirements, what is involved in the process, and when to expect the final requirements to be in place!

Growing the National Cybersecurity Pipeline Through a Collaborative Approach

Dec 1, 2023 11:00am ‐ Dec 1, 2023 11:50am

Identification: SSDC2304

In July 2023, the Biden-Harris administration unveiled the National Cyber Workforce and Education Strategy (NCWES), a comprehensive approach to addressing the critical shortage in the cybersecurity workforce. ISC2 is one of the many partners involved in this strategy, and recently provided witness testimony in a hearing before the House Homeland Security subcommittee on cybersecurity and infrastructure, to examine ways to grow the national cybersecurity pipeline. Join ISC2’s Tara Wisniewski, EVP for Advocacy, Global Markets and Member Engagement and other strategic partners as they delve into the imperative actions that need to be taken in both the public and private industry sphere, to address the cybersecurity workforce gap, and discuss the importance of a collaborative approach.

The Intersection of AI and Cybersecurity

Dec 1, 2023 12:50pm ‐ Dec 1, 2023 1:40pm

Identification: SSDC2306

Gain insight into how the rise of innovative technologies, the introduction of big data, and the expansion of diverse teams have escalated the intricacies of cybersecurity. Learn how the power of AI can equip CIOs and CISOs to achieve more with less, by fostering synergies among people, processes, and technologies. AI can serve as a bridge connecting various facets of a cybersecurity program. These facets include governance, compliance, risk management, change management, incident management, along with SOC, dashboarding and reporting. This session aims to illuminate how AI bolsters cybersecurity programs, empowering them to address risks in real-time and prioritize security-related activities accordingly.

From Zero to Hero: Practical Insights into Implementing Zero Trust

Dec 1, 2023 1:50pm ‐ Dec 1, 2023 2:40pm

Identification: SSDC2309

Implementing Zero Trust can seem daunting for most organizations but breaking down the initiative into smaller manageable portions can result in a smoother implementation. We will discuss how to start and continue your Zero Trust journey by applying practical use cases in your environment. Insights on where to start, potential dependencies to consider, identifying quick wins, and steps needed to convince the business will also be addressed. Zero Trust is not a rip and replace of our security programs today, but it is a modernization of how we do security to protect against existing and future security threats. The implementation of Zero Trust principles is not an option anymore but a requirement to address business model disruptions and future technological advances.

Reduce Risk by Automating Compliance With OSCAL (sponsored)

Dec 1, 2023 1:50pm ‐ Dec 1, 2023 2:40pm

Identification: SSDC2305

Compliance is an arduous manual process. The traditional approach to producing compliance artifacts and meeting regulatory requirements is time-consuming. Automating large parts of compliance can give your organization a continuous view of its risk profile and free up resources for higher-value work. A new standard, OSCAL, was created by NIST to automate compliance artifacts. In this session, security teams will learn how an innovative and technological breakthrough OSCAL standard transforms the ATO process towards a continuous compliance posture.

• Understand the importance of OSCAL

ISC2 Insights Panel

Dec 1, 2023 3:10pm ‐ Dec 1, 2023 4:10pm

Identification: SSDC2310

Closing Keynote: Cybersecurity Risk Management in the Era of Disruptive Technologies and Regulation

Dec 1, 2023 4:10pm ‐ Dec 1, 2023 5:00pm

Identification: SSDC2311

Today’s rapidly changing technology and regulatory landscapes are leaving organizations struggling with the challenges associated with embracing emerging technology while identifying and managing the risks they pose. The proliferation of cloud computing is just one example in our recent past. Artificial intelligence is now challenging the way we think about cybersecurity risk amid challenging new regulatory requirements. How do you manage an evolving cybersecurity landscape while taking advantage of new technologies? Learn to keep the focus on risk management for the business as you weigh the opportunities with the risks to keep your organization compliant with new and emerging regulations while managing the risk that matters.

• Understand the challenges organizations face in embracing emerging technologies while managing associated risks.
• Understand how artificial intelligence is changing the way we think about cybersecurity risk.
• Gain knowledge on how to navigate new and challenging regulatory requirements related to AI and cybersecurity.