October 12, 2021 virtual chapter meeting

Agenda

6:00PM – 6:15PM: Chapter Updates

6:15PM – 7:30PM: speaker - Gideon Rasmussen on "Adaptive Cybersecurity Risk Assessments"

7:30PM - 8:00PM: Member Round Table - Start with introductions. What is everyone up to? How is everyone doing?

Speaker: Gideon Rasmussen on "Adaptive Cybersecurity Risk Assessments"

Abstract:

This session provides practical cybersecurity assessment advice. It details the end-to-end process including: scoping, 9 steps to develop work papers, scheduling, on-site assessment, report preparation and presentation.

The first assessment example leverages the NIST Cybersecurity Framework to ensure coverage across security domains. Sample scoping questions will be provided, along with tips and examples to add controls based on business processes, insider threat, privacy and fraud.

This session also addresses follow-on assessments. Attendees are encouraged to evaluate lines of business and to take deep dives into critical functions. Tips and examples are provided to leverage best practices, creating specific testing procedures.

Rather than repeating the same assessment year-over-year, the scoping methodology is risk opportunistic. There is focus on areas that have not been evaluated recently and areas that may require enhanced controls due to presence of valuable data. Albert Einstein’s quote applies here “the definition of insanity is doing something over and over again and expecting different results”.

The session will briefly walk through the assessment report framework, providing tips along the way.

The assessment presentation phase includes a slide deck framework covering: the threat landscape, assessment methodology, high and moderate-high findings, a Strengths, Weaknesses, Opportunities and Threats (SWOT) slide and next steps.

About the speaker:

Gideon Rasmussen is a Cybersecurity Management Consultant with 20 years of experience in corporate and military organizations. Gideon has designed and led programs including Information Security (as a CISO), PCI - Payment Card Security, Third Party Risk Management, Application Security and Information Risk Management. Has diverse industry experience within banking, insurance, pharmaceuticals, DoD/USAF, state government, advertising and talent management.

Gideon has authored over 30 information security articles. He is a veteran of the United States Air Force, a graduate of the FBI Citizens Academy and a recipient of the Microsoft Most Valuable Professional award. Gideon has also completed the Bataan Memorial Death March (4 occurrences).

Pre-registration required

Where: online Zoom webinar

When: Tuesday, October 12, 2021 06:00 PM Pacific Time

Pre-registration: https://us06web.zoom.us/webinar/register/WN_Uda70WbrQL6BdVN405zTmg

Calendar: iCal download, Google Calendar or scan QR code image

Pre-registration is required. Registration ends automatically at the scheduled start time.

After registering, you will receive a confirmation email containing information about joining the meeting.

In order to process CPEs (Continuing Professional Education points) for members, please double check your (ISC)² member number is entered correctly.

  • We will use Zoom's webinar attendance report to compute attendees' CPEs. To get the full 2 CPEs for the meeting requires attendance from the scheduled start time to the end of the meeting. Late arrivals and/or early departures will receive CPEs based on minutes attended, rounded down to 0.25 CPE increments.

  • If you need to self-submit your CPEs for any reason (such as not entering an (ISC)² member number), use 1 CPE per hour in 0.25 CPE increments for the portion of the 2 hours you attended. If the meeting ends before 2 hours, full attendance still counts for 2 CPEs.