4, ba Are your ITGC audits really helping to reduce your cybersecurity risks? This CPE internal auditor training event is designed for the financial auditor and IT auditor who need to improve their practical knowledge covering information technology general controls (ITGC). The attendees are walked through the concepts and frameworks that are important to the ITGC internal audit activities in order to create an added value for their organizati...

4, ba Cybersecurity is one of the biggest internal control areas that need executive attention. You just received an urgent call from the CEO. An e-mail was received demanding $10M Bitcoin to be paid as ransom to unencrypt the company's data. ​"Oh no! Maybe if we audited the organization's Cybersecurity program and controls before this happened, we might not be in this mess!" ​Sound familiar? Hundreds of Security, Compliance and Au...

4, ba Cybersecurity is one of the biggest internal control areas that need executive attention. You just received an urgent call from the CEO. An e-mail was received demanding $10M Bitcoin to be paid as ransom to unencrypt the company's data. ​"Oh no! Maybe if we audited the organization's Cybersecurity program and controls before this happened, we might not be in this mess!" ​Sound familiar? Hundreds of Security, Compliance and Au...

4, ba Are your ITGC audits really helping to reduce your cybersecurity risks? This CPE internal auditor training event is designed for the financial auditor and IT auditor who need to improve their practical knowledge covering information technology general controls (ITGC). The attendees are walked through the concepts and frameworks that are important to the ITGC internal audit activities in order to create an added value for their organizati...

Critical Infrastructure Protection and Resilience North America will bring together leading stakeholders from industry, operators, agencies and governments to collaborate on securing North America. The conference will look at developing on the theme of previous events in helping to create better understanding of the issues and the threats, to help facilitate the work to develop frameworks, good risk management, strategic planning and implementation.

To protect the health and safety of attendees, this event has been rescheduled due to COVID-19 concerns. New Dates: 10/19-10/21/2021 Presidential Policy Directive 21 (PPD-21): Critical Infrastructure Security and Resilience advances a national policy to strengthen and maintain secure, functioning, and resilient critical infrastructure. The Nation’s critical infrastructure provides the essential services that underpin American society. Pr...

OVERVIEW By the beginning of 2021, NIST will have released the finals of many Risk Management Framework (RMF) standards: SP800-53 Rev 5 – Security Controls SP800-53B – Security Control Baselines, Privacy Framework SP800-160 Vol 2 – Systems Security Engineering SP800-161 Rev 1 – Supply Chain Risk Management SP800-171 Rev 2 – Controlled Unclassified Information (CUI) and High Valued Assets (HVA) Revisions to the NIS...

OVERVIEW By the beginning of 2021, NIST will have released the finals of many Risk Management Framework (RMF) standards: SP800-53 Rev 5 – Security Controls SP800-53B – Security Control Baselines, Privacy Framework SP800-160 Vol 2 – Systems Security Engineering SP800-161 Rev 1 – Supply Chain Risk Management SP800-171 Rev 2 – Controlled Unclassified Information (CUI) and High Valued Assets (HVA) Revisions to the NIS...

As the global pandemic continues and countries wait for a vaccine, estimates about when federal employees will return to their offices in force range from Summer 2021 to Never. Many organizations have discovered the advantages of telework and now plan on expanding its use, even when there is not a snowstorm or health crisis. Although some jobs require on-site personnel, the Office of Personnel Management said that 42% of federal employees are...

High-value penetration testing doesn't involve just throwing a bunch of hacks at a target environment and declaring victory when a shell prompt magically pops up. Instead, the best penetration testers focus on understanding their craft in-depth, providing significant value to organizations by improving their security stance through technical excellence and implementation of a well-understood and repeatable methodologies, which will deliver rea...