SANS Cyber Compliance Countdown

Thu, Nov 2, 2023
10:00AM - 1:00PM UTC
English
Brian Correia, Steve Armstrong-Godwin, James Tarala + 3 more
Technical Presentation

As we head into the last quarter of 2023, three major mandate changes are occurring, each positioned to make a large impact on how businesses, governmental bodies, and critical sector organizations operate. The goal of the SANS Cyber Compliance Countdown is to focus on what you need to know in these complicated and broad requirements and to offer solutions on how to meet these directives.

Below is a quick overview of the changes and this forum dives into what exactly you need to do to maintain compliance.

SEC's Mandate

Unveiled in August and set to be enforced by December 18th, signifies a pivot in reporting cybersecurity incidents. The mandate makes it imperative:

To report any cyber incident.
For management and security teams to not only possess cyber expertise but also ensure board reporting. Does this also involve consulting with outside counsel? Let’s find out.
To produce a Cyber Report, sculpted along the lines of a Financial Report, presenting a transparent picture of an entity’s cyber health.

DoD 8140.3

Signed in February with certification/training/education options slated for release this December, the DoD8140.3 mandate will be enforced by February 25 for cyber and February 26 with IT personnel.

Any individual within the DoD, including contractors, allied nations, and a staggering number between 350-400K of military personnel alone, must validate their cyber skill set.
Compliance and validation of cybersecurity skills are non-negotiable.

NIS II Directive – Europe's Cyber Beacon

Heralded as potentially the next GDPR, the EU-based NIS II Directive, released in the 1st Quarter of 2023, calls for compliance by October 24.

Any Critical Sector Organization and country, emphasizing the broad spectrum of its applicability.
ICS and incident reporting, signaling a drive towards a more fortified, responsive cyber environment.
A focused effort on building and nurturing a cybersecurity workforce that's equipped for tomorrow's challenges.

Schedule

Showing 5 of 5

Filter by:

Select day:

Welcome and Opening Remarks

10:00AM - 10:05AM UTC

Presented by

Brian Correia

Director of Business Development, GIAC

Virtual

Compliance Countdown Kickoff Panel

Join us for a kickoff of the Compliance Countdown featuring the officials behind these initiatives with a lively discussion on what you need to know to be compliant. There is a much more global trend of capabilities and skills being validated as a part of adequate risk management. Learn the mission, better understand how each one of these mandates will affect your organization and have an opportunity to present questions to the moderator.

10:05AM - 11:00AM UTC

Panelists

Luna Bloom

Chief, Office of Rulemaking, Division of Corporation Finance

Mark Gorak

Principal Director for Resources and Analysis

Moderated by

Brian Correia

Director of Business Development, GIAC

Virtual

What Do Regulatory Changes Really Mean for Your Cyber Incident Management Plans and Reporting?

There is growing concern amongst some executives regarding the new regulations for reporting on how to handle a cyber incident and incident disclosure on both the SEC and NIS II mandates. In this session we will talk about what you should do during a cyber incident and how it looks like on the ground, how to get your IR plans tested, and what a solid Incident Management plan looks like for reporting purposes. We will explain and offer solutions about what triggers the clock and the levels of visibility or incident understanding needed to be able to comfortably meet the new requirements.

Finally, we will look at what you could be doing between now and the enforcement of the new regulations, including building training exercises, major incident skills, and team cohesion. We will also provide a checklist of best practices to include on such reporting whether it is a management plan or if you experience a cyber incident.

11:00AM - 12:00PM UTC

Presented by

Steve Armstrong-Godwin

Principal Instructor

Virtual

Understanding the Risk Management Mandates in 2023 Cybersecurity Regulations

Cybersecurity breaches and data disclosure rates continue to increase every year. In response, regulatory bodies, including the SEC, the State of New York (NYDFS), ENISE (NIS2), and others, have issued regulatory directives emphasizing the necessity for cybersecurity risk assessments to drive decision-making and reporting. In this session, we will explain what you need to know on these recent mandates, providing a detailed analysis of the guidelines with solutions to ensure rigorous organizational compliance. This session is crucial for those seeking to proficiently navigate contemporary regulatory requirements and enhance their organization's cyber resilience. Ensure your readiness by gaining insight into these imperative regulatory evolution's.

All attendees will also receive a risk mitigation report checklist.

12:00PM - 12:30PM UTC

Presented by

James Tarala

Senior Instructor

Virtual

Compliance Countdown Conclusion

Join us for a conclusion and a discussion on the highlights from the Compliance Countdown event. Much like other industries where professionalization requires a measurable mix and level of capability in a team, this is a developing trend that will be a factor in regulator decisions, customer response, and liabilities. Regulators across the world are considering whether you have the right baseline of skills in your team to use the tools to drive security more actively We will follow-up on questions from the audience and offer you some tools that can validate the skills validation of your security teams.

12:30PM - 01:00PM UTC

Presented by

Brian Correia

Director of Business Development, GIAC

Virtual

Meet Your Speakers

Brian Correia

Director of Business Development, GIAC

Brian Correia is the Director of Business Development, GIAC, working on the certification source for SANS, the cybersecurity leader in training, degrees, and community resources.

Learn more

Steve Armstrong-Godwin

Lead of Security Incident Response and Threat Management

Steve brings 25+ years of cybersecurity experience, including 14+ years in incident response and management. After serving in the UK Royal Air Force, where he led penetration testing teams, he gained expertise in managing cyber incidents globally.

Learn more

James Tarala

Managing Partner

James is a managing partner at Cyverity, specializing in cybersecurity risk and governance. A SANS instructor for 20+ years, he holds 14 GIAC certs including the GSE, and has helped author the CIS Controls, CRF resources, and courses like LDR419 and LDR519.

Learn more

Luna Bloom

Chief, Office of Rulemaking, Division of Corporation Finance

Luna Bloom is the Chief of the Office of Rulemaking in the U.S. Securities and Exchange Commission’s Division of Corporation Finance. Before joining the Office of Rulemaking in 2018, Ms. Bloom served in various roles at the Commission, including in the Office of the General Counsel and the Division of Corporation Finance’s Office of Chief Counsel. Prior to joining the SEC staff, she was an associate at Shearman & Sterling in New York. Ms. Bloom received her law degree from New York Law School and B.A. from the University of California, Irvine.

Learn more

Dr. Marnix Dekker

Head of Sector NIS

Marnix works at ENISA, the European Union Agency for Cybersecurity, where he is the Head of Sector for Network and Information Systems, leading a team which supports the European Commission and the EU’s national cybersecurity authorities with implementing the NIS Directive across the bloc.

Learn more

Mark Gorak

Principal Director for Resources and Analysis

Mr. Mark Gorak is the Principal Director for Resources and Analysis in the office of the Chief Information Officer (CIO).

Learn more

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SANS Cyber Compliance Countdown

Share

SEC's Mandate

DoD 8140.3

NIS II Directive – Europe's Cyber Beacon