April 12, 2019 | Security Architecture and GRC Integration

Attention – The monthly membership meeting is May9th at Chevron. https://isc2-eastbay-chapter.org/uncategorized/may-9th-chapter-meeting/  Please view the Monthly Membership post for more details about Why CISO’s Fail, speaker and author, Barak Engel.

OUR LATEST EVENT – April 12th, 2019, 8:00 AM – 5:00 PM
Download and share the flyer ISC2 East Bay April 12 2019 Conference
Venue: Oracle, 5805 Owens Drive, Pleasanton, CA 94568
Security Integration and GRC conference theme includes 10+ speakers and guided product demonstrations offering 8 CPE for full attendance. Learn more at https://isc2-eastbay-chapter.orgLinkedInFacebook
Speaker Bar
Session 1:1 9:05 – 10:00 AM Meet Kevin Naglich Meet Joe Garcia

Starting with access and RBAC – Securing the Human and the Non-Human

Kevin Naglich, GSEC, GCCC – Director, Strategic Solutions Engineering, PAS Program Office, and Strategic Solutions Engineer

Joe Garcia, CISSP
DevOps | Security | Automation for CyberArk

Kevin Naglich is based in Chicago and currently leads CyberArk’s Privileged Access Security (PAS) Program Office, a team dedicated to helping CyberArk’s prospects and customers design secure, sustainable strategies to mitigate the risk posed by privileged accounts.

As a 6+ year CyberArk veteran, Kevin has served in various capacities from pre-sales engineering, customer success, and most recently prior to the PPO managing solutions engineering for CyberArk’s large strategic enterprise accounts. Throughout this journey Kevin has worked on hundreds of PAS programs and through this experience is able to help clients follow best practices, avoid pitfalls, and build out their own PAS roadmaps in a way that maximizes adoption, time to value, and ROI. Prior to CyberArk Kevin worked as a SOX IT Auditor at Orbitz Worldwide and as a Business Analyst at Abbott Labs.

As a Strategic Solutions Engineer, Joe Garcia has a strong background in DevOps, Cloud and Security and is currently focused on helping customers implement and scale effective secrets management solutions. As CyberArk’s subject-matter expert in DevOps Security, Joe Garcia shares CyberArk’s vision of building a security community that is as agile as the automation they are securing in today’s fast paced environments. You can typically find him spreading that shared vision at DevOps events, conferences, webinars, podcasts, and anywhere automation is a hot topic. Prior to that, as a CyberArk customer, Joe worked at Raymond James Financial, most recently serving in their Security Operations Center (SOC) focused on Vulnerability and Monitoring – dealing with everything from data automation from the Qualys Cloud all the way down to producing comprehensive compliance metrics for the division. Joe is a CISSP, Six Sigma Yellow Belt, and is a Certified AWS Technical Professional.

1-1: How we ascend from from PAS Competencies to DevOps/Automation content

    • The IT department is become more about non-humans
    • You need to be able to identify, authorize, and audit all of these dynamic non-humans
    • CyberArk gives you that full spectrum non-human coverage from mainframe to cloud.

CyberArk Platinum sponsor, CyberArk contributes lab leaders and speakers in addition to actively sponsoring this GRC event. CyberArk is the only security company laser-focused on striking down targeted cyber threats, those that make their way inside to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk is trusted by the worldís leading companies ó including more than 45% of the Fortune 100 companies ó to protect their highest value information assets, infrastructure, and applications. For over a decade CyberArk has led the market in securing enterprises against cyber attacks that take cover behind insider privileges and attack critical enterprise assets. Today, only CyberArk is delivering a new category of targeted security solutions that help leaders stop reacting to cyber threats and get ahead of them, preventing attack escalation before irreparable business harm is done. At a time when auditors and regulators are recognizing that privileged accounts are the fast track for cyber attacks and demanding stronger protection, CyberArkís security solutions master requirements while arming businesses to protect what matters most. With offices and authorized partners worldwide, CyberArk is a vital security partner to more than 3,200 global businesses, including more than 45% of the Fortune, 100 more than 25% of the Global 2000, CyberArk has offices in the U.S., Israel, Australia, France, Germany, Italy, Japan, Netherlands, Singapore, Spain, Turkey, and the U.K.

Session 1:2 10:00 AM to 11:10 AM Meet Robin Basham Meet Tim Carson

Why we start with the platform – hosted by RSA Archer and Cisco

Tim Carson,

Mapping Answers to Questions: Why Computers Don’t have To Be Stupid

Robin Basham

FCM Generic-30 Minutes April 12

Robin Basham, CISSP, CISA, CGEIT, CRISC, Conference Director and GRC Contributor.Robin has implemented more than 70 GRC related programs, leveraging just about everything that can be leveraged in the world of regulatory compliance, business process, cybersecurity, and data architecture.
As today’s facilitator, and as the founder of multiple GRC companies, Robin Basham, CISSP, CISA, CGEIT, CRISC, M.IT and M.Ed will anchor all the speakers to the data that makes all GRC real.
Tim Carson representing major Accounts with Archer GRC, is an enterprise risk professional passionate about creating innovative programs that elevate the reputation of the organization, provide positive employee experiences, and result in lasting change and sustainable savings. Expertise in: IT Development and Security (PCI); Claims Operations; Governance, Compliance and Ethics; Governance, Risk and Compliance Tools (Archer); Business Intelligence/Analytics; Resiliency Programs (BCP, EM, DR); Captive Management.
1-2: Session Description – What we expect from our platform: Success starts with a common technology foundation for risk and compliance. Using the example of The RSA Archer GRC Platform, members from Cisco discuss their real life use case in selecting a platform based on a common set of capabilities, methodologies and taxonomy – and designed to meet both specific and continuously evolving security and risk based requirements. As the regulatory and threat landscape expands faster than the eye can see, how are the largest enterprises integrating from the platform to the specific and the constantly changing unknowns.

1-2a: Computers can only give you answers: An approach to mapping the evidence, challenges and rewards at 30 day, 60 days, 180 days and one year in.

About RSA More than 30,000 customers worldwide—including nearly half the global Fortune 500—rely on RSA’s business-driven security™ strategy for cyber threat detection and response, identity and access management, online fraud prevention, and governance, risk and compliance solutions. Armed with the industry’s most powerful tools, enterprises can better focus on growth, innovation and transformation in today’s volatile business environment. RSA is a part of the Dell Technologies family of brands. Dell Technologies is a unique family of businesses that provides the essential infrastructure for organizations to build their digital future, transform IT and protect their most important asset: information. The company services customers of all sizes across 180 countries – ranging from 98 percent of the Fortune 500 to individual consumers – with the industry’s most comprehensive and innovative portfolio from the edge to the core to the cloud.

Session 1.3: 11:15 AM-Noon Meet Bob Gilbert Netskope presentation, Clarity in the Cloud Age

Netskope presentation, Clarity in the Cloud Age

Bob Gilbert, Chief Evangelist, Netskope

ob Gilbert
Chief Evangelist and VP Product Marketing, Netskope
Bob heads up the product marketing efforts at Netskope, a market-leading cloud security company. Bob is a prolific speaker and product demonstrator, reaching live audiences in more than 45 countries over the past decade. His career spans more than 25 years in Silicon Valley where he has held leadership roles in product management and marketing at various technology companies.
Most recently he was the Chief Evangelist at Riverbed where he was a member of the pioneering product team that launched Riverbed from a small start-up of less than 10 employees to a market leader with more than 3,000 employees and $1B in annual revenue.
Bob was first introduced to the world of cyber security as a teenager in the 80s when he hosted a BBS and had to develop his own terminal software to prevent Russian hackers from infiltrating his site being hosted from his parent’s home.
1-3: Session Description: How digital transformation is forcing us to also transform our cyber security programDigital transformation is a loaded term and there are differing opinions about what it means to the average enterprise. One thing that is clear is how the rapid adoption of cloud and mobile are driving digital transformation and forcing organizations to transform their business and IT models to better take advantage of these new technologies. The challenge is that cybersecurity is often not considered a part of digital transformation and you are left with a legacy security stack that is ineffective when it comes to addressing risk associated with today’s cloudy and mobile world.

netskope

About Netskope: Netskope is the leader in cloud security. We help the world’s largest organizations take full advantage of the cloud and web without sacrificing security. Our patented Cloud XD technology eliminates blind spots by going deeper than any other security provider to quickly target and control activities across thousands of cloud services and millions of websites. With full control through one cloud-native interface, our customers benefit from 360-degree data protection that guards data everywhere and advanced threat protection that stops elusive attacks. Netskope — smart cloud security.

Session 1.4: 1:00 PM-1:45 PM Meet Yossi Appleboum

Sepio Systems presents – Rogue Device Mitigation

Speaker Yossi Appleboum CEO, Sepio Systems Inc.

As CEO of Sepio Systems, Inc., Yossi is responsible for North American operations at Sepio. He brings 25 years’ experience in security, networking, and

computer science and control systems, along with a wide-angle perspective to cyber security threats and unique security solutions.In the early 1990s, Yossi joined the technology unit of the Israeli Army Intelligence Corps (Unit 8200). As team leader and chief architect, he focused on design and development of critical infrastructure network monitoring and security systems. In 1998, Yossi co-founded WebSilicon, a company dedicated to delivering advanced networking and security systems. In 2007, Yossi became the company’s CTO, responsible for North American business activities.

PRESENTATION MATERIALS

1-4 Session Description: We will examine how Sepio Systems addresses a real problem that few companies are aware of or are protected against in 2019. While the industry is focused almost entirely on software protection against cyber-attacks, one of the greatest threats resides in rogue or corrupt hardware devices that are present in almost every computing network and infrastructure. From the doctored motherboard chips on our servers that have been corrupted along the supply chain to compromised peripheral devices, mobile phones and USB drops, hardware vulnerabilities represent a target rich environment for cyber criminals leveraging a variety of threat exploits. Citing examples occurring recently in the International server manufacturing supply chain, IP theft by disgruntled employees, and data leaks at a Fortune 20 bank, the founder and CEO of Sepio will explain how their system works to detect, prevent, and protect information systems from hardware-based attacks.(Meet Yosi, continued) In this role, he worked with key customers to develop next-generation network monitoring and security systems. In 2013, WebSilicon was acquired by Magal (NASDAQ: MAGS), one of the world’s largest physical security integration companies. After the acquisition, Yossi led the integration of the company into Magal and was instrumental in rebranding WebSilicon as CyberSeal. Yossi served as CTO for cyber security of Senstar, the North American division of Magal, and relocated to the United States to work closely with key customers and partners. In 2012, Yossi invested in and contributed to the development of TowerSec, the first cyber security company for cars. TowerSec was acquired by HARMAN International Industries in January 2016.

https://www.linkedin.com/company/sepio-systems/

Session 1:5 2:00 PM-2:45 PM Meet Eric Butler

Securonix – Integrating SIEM Results with the GRC

Presented by Eric Butler

“The Sales Engineering space has been my calling since an instructor turned me onto the field in
Network 101. The blend of business & tech has given growth opportunities that purist jobs can’t.
My record illustrates a consistent & gapless track record pursuing & achieving this goal.
This success is also seen in several of the companies with I’ve had the privilege to work, leading to
acquisition or IPO. My path to this point has been tailored to gain the broadest exposure to
diverse security controls to drive customer & company success.

Skilled in Azure & AWS security, Windows & Linux Server cybersecurity, and organizational risk assessment. Strong sales professional with a Network and Communications Management focus in Security Systems Networking and Telecommunications.” Learn more http://www.securonix.com

1-5 Session Description: What are the data elements we take from the SIEM and post to the GRC? How do we integrate threat, risk and findings?Securonix

About Securonix: Securonix is working to radically transform all areas of data security with actionable security intelligence. Our purpose-built advanced security analytics technology mines, enriches, analyzes, scores and visualizes customer data into actionable intelligence on the highest risk threats from within and outside their environment. Using signature-less anomaly detection techniques that track users, account, and system behavior, Securonix is able to automatically and accurately detect the most advanced cyber threats, insider threats, and fraud attacks. Globally customers are using Securonix to address the most basic and complex needs around insider threat detection and monitoring, high privileged activity monitoring, data exfiltration, enterprise and web fraud detection, application risk monitoring, cloud security monitoring, cyber threat monitoring and access risk management. Securonix uses a Hadoop platform to provide unlimited scalability and open data model. http://www.securonix.com

1:6 3:00 PM-3:45 PM Meet Dorian Cougias
What is regulatory mapping

Dorian Cougia, Lead Analyst and Compliance Scientist, The Unified Compliance Framework® (UCF)

As the lead analyst for the Unified Compliance Framework Dorian is responsible for the classification, taxonomy, and interpretation of all facts of unifying the regulatory landscape.Read More: Wow – 12 years mapping regulations! What is regulatory mapping
1-6: Whether you begin from the point of SOC 2 Type II attestation or you have already completed an ISO/IEC 27001 certification, there are right ways and wrong ways to map existing compliance to other frameworks like HITRUST for HIPAA, NIST CSF, and NIST 800 53 r4 for FedRamp.
This session looks at how FedRamp is same and different from five other critical frameworks for security in Government Sector. Using The Unified Compliance methodology, Lynn examines how areas that sound the same, vary at implementation and audit. ( Examples include: Assets, Classification, Session Timeout, Password, and Authentication)About UCF: The Unified Compliance Framework® (UCF) was created by Dorian Cougias and his research partner, Marcelo Halpern of the international law firm Perkins Coie, which oversees all legal aspects of the UCF. This patented GRC framework is used as a core component of advanced GRC solutions by leading software publishers, certified auditors and consultants worldwide. Unified Compliance’s dynamic SaaS portal, the Common Controls Hub, provides a new interface to the UCF that aids in extracting needed data from the framework easily and helps compliance professionals keep pace with the ever-evolving regulatory demands, confidently manage risk, and ease resource and budget barriers. The Common Controls Hub gives users rapid access to its massive data repository of more than 90,000 individual mandates from 800-plus laws and standards from around the globe. Sorting through the most up-to-date demands, figuring out which controls they need to implement and how they overlap is now a quick process with just a few simple mouse clicks. The Common Controls Hub simplifies the need to locate, research, interpret, and reconcile new and evolving mandates by giving compliance professionals the ability to centrally scope, define and maintain regulatory demands online. Companies can now automatically compile custom, harmonized control lists in minutes by vertical industries, market segments, and geographies.
3:45-4:00 PM
Sponsored by KFORCE

We Break 4 Cake

If we are running late, you may be asked to hurry up and eat your cake Special thanks to Maura Jones and Asha Kumar for coordinating meals. Call out to Angel Mazzucco who organizes real interviews for real jobs, and brings us CAKE!!
Session 1:7 4:00-4:45 PM Meet Chris Niggel

Identity is a cornerstone of all Governance

Presented by, Chris Niggel, Director, Security and Compliance at Okta, Inc.

Chris is currently the Director of Security and Compliance at Okta, where he is responsible for corporate compliance, application assessment, and responding to customer security inquiries.

Prior to Okta, Chris spent 6 years leading the adoption of Cloud Technologies at LinkedIn, helping them grow from 350 to over 6,800 employees. He started his career designing, developing, and delivering content management, system administration, and messaging solutions for customers such as Nestle, Cisco, AMD, Telus, and the US Department of Defense. He is also an active member of the Northern California ski community, where he volunteers with the Tahoe Backcountry Ski Patrol performing search & rescue, and teaching ski mountaineering & outdoor survival.Specialties: Cloud Identity Management, Cloud and Enterprise Security & Forensics, Compliance and Regulatory (ISO27001, SOC2, PCI, FedRAMP, HIPAA and SOX), GDPR, eDiscovery, Enterprise solution design & development, Multiple OS and development platforms

Certifications: CISSP (Certified Information Systems Security Professional), CCSK (Certificate of Cloud Security Knowledge)

1- 5: Identity is a cornerstone of all Governance, Risk, and Compliance frameworks. From SOC to SOX, some of the most significant challenges in deploying and demonstrating compliance involve ensuring the right people have the right access to data. Further complicating this issue, the explosion of mobile and cloud technologies have dissolved the traditional perimeter. In this new world, people – and their identities – have become the new perimeter. In this session, learn how making identity the core of your compliance program not only makes your organization more secure, but also drives technology adoption and enables your business.About Okta: Okta is the leading independent provider of identity for the enterprise. The Okta Identity Cloud enables organizations to both secure and manage their extended enterprise, and transform their customers’ experiences. With over 5,500 pre-built integrations to applications and infrastructure providers, Okta customers can easily and securely adopt the technologies they need to fulfill their missions. Over 5,600 organizations, including 20th Century Fox, JetBlue, Nordstrom, Slack, Teach for America and Twilio, trust Okta to securely connect their people and technology.
Session 1.8: 4:45-5:30 PM Meet Donna Johnson Meet Atul Kumar
ServiceNowWorkflow meet Assets, Assets meet World.

The marriage of what is known and understood.

Donna Johnson CISSP, GRC Advisory Solution Architect | ServiceNow, GRC Consultant – I have over 15 years of experience working with cross-functional teams.

Extensive experience in large enterprise environments developing and implementing information security programs inclusive of Risk Management Frameworks, Incident Response, Access Control, Compliance (NIST 800-53, ISO27001, SOC2), Governance, Data Loss Prevention, Business Continuity Management (BCM) and Security Program Management.

On the personal side, I live in the beautiful city of San Diego and sail on a racing team in my free time. I love to travel, socialize with friends, workout, do yoga and go salsa dancing when possible. I have two grown sons who live in Seattle.


Donna is joined by Atul Kumar (CISM, PMP, ITIL): Atul has over 20 years of experience delivering creative and value-driven technology solutions.
Currently he is working for Varian Medical Systems and Responsible for Cloud solutions (ServiceNow, Workday, SAP and others) including Business Process Management, Project/Program, SecOps, GRC, IRM, Service Management, and complex integrations.
1-6 Session Description: Call to Action – Integrating all that is known with all that is GRC
Donna is joined by Atul Kumar (CISM, PMP, ITIL): Atul has over 20 years of experience delivering creative and value-driven technology solutions.
Currently he is working for Varian Medical Systems and Responsible for Cloud solutions (ServiceNow, Workday, SAP and others) including Business Process Management, Project/Program, SecOps, GRC, IRM, Service Management, and complex integrations.
Session 1-8: 5:30-6:30PM Meet Current and Past Sponsors Get to know our sponsors

Networking Event

Debrief the day Make time to learn who is hiring and what they need.

Securonix

Platinum Sponsor, live demonstration visualizing the threat, actionable intelligence

Securonix
Securonix is working to radically transform all areas of data security with actionable security intelligence. Our purpose-built advanced security analytics technology mines, enriches, analyzes, scores and visualizes customer data into actionable intelligence on the highest risk threats from within and outside their environment. Using signature-less anomaly detection techniques that track users, account, and system behavior, Securonix is able to automatically and accurately detect the most advanced cyber threats, insider threats, and fraud attacks. Globally customers are using Securonix to address the most basic and complex needs around insider threat detection and monitoring, high privileged activity monitoring, data exfiltration, enterprise and web fraud detection, application risk monitoring, cloud security monitoring, cyber threat monitoring, and access risk management. Securonix uses a Hadoop platform to provide unlimited scalability and open data model. http://www.securonix.com

Skybox Security

Gold sponsor, live demonstration assigning the policy that proves our governance is in place

The software uses analytics to prioritize an organization’s risk exposures and recommends informed action to best address those exposures. These capabilities extend across highly complex networks, including those in physical, virtual, cloud and
operational technology (OT) environments. By integrating with more than 120 networking and security technologies, the company’s broad platform, the Skybox™ Security Suite, enables organizations to reduce security risks that attackers can find and exploit, such as device misconfigurations and policy violations, as well as exposed and unpatched vulnerabilities.

Netskope

Platinum Sponsor, live demonstration, mapping the path of business, the evolution of cloud security Netskope is the leader in cloud security. Using patented technology, Netskopeís cloud-scale security platform provides context-aware governance of all cloud usage in the enterprise in real time,

whether accessed from the corporate network, remote, or from a mobile device. This means that security professionals can understand risky activities, protect sensitive data, stop online threats, and respond to incidents in a way that fits how people work today. With granular security policies, the most advanced cloud DLP, and unmatched breadth of workflows, Netskope is trusted by the largest companies in the world. Netskope ó security evolved.netskope

Zscaler

Gold Sponsor, live demonstration enables secure mobile enterprise in real time, architecting the secure enterprise network Zscaler enables the worldís leading organizations to securely transform their networks and applications for a mobile and cloud-first world. Its flagship services, Zscaler Internet Access, and

Zscaler Private Access creates fast, secure connections between users and applications, regardless of device, location, or network. Zscaler services are 100% cloud-delivered and offer the simplicity, enhanced security, and improved user experience that traditional appliances or hybrid solutions are unable to match. Used in more than 185 countries, Zscaler operates the worldís largest cloud security platform, protecting thousands of enterprises and government agencies from cyber attacks and data loss.Zscaler

HexaBuild,

in addition to making their CEO, Co-Founders and COO available to all of us for the entire day, contributes the morning breakfast and afternoon cake. Sweet!

HexaBuild is an IT professional services consultancy comprised of industry-recognized IT subject matter experts

and thought leaders. Our core team has a combined 60+ years of experience, multiple expert-level vendor certifications, and several publications by recognized technology presses. HexaBuild specializes in managing IPv6 adoption initiatives and large-scale cloud deployments for both enterprises and service providers. Services include address planning, hardware and software assessments, network/IT environment audits, on-prem to cloud migration and integration, and personnel training.

CyberArk

Platinum sponsor, CyberArk contributes lab leaders and speakers in addition to actively sponsoring our last summer event.

CyberArk is the only security company laser-focused on striking down targeted cyber threats, those that make their way inside to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk is trusted by the worldís leading companies ó including more than 45% of the Fortune 100 companies ó to protect their highest value information assets, infrastructure, and applications.

For over a decade CyberArk has led the market in securing enterprises against cyber attacks that take cover behind insider privileges and attack critical enterprise assets. Today, only CyberArk is delivering a new category of targeted security solutions that help leaders stop reacting to cyber threats and get ahead of them, preventing attack escalation before irreparable business harm is done. At a time when auditors and regulators are recognizing that privileged accounts are the fast track for cyber attacks and demanding stronger protection, CyberArkís security solutions master high-stakes compliance and audit requirements while arming businesses to protect what matters most. With offices and authorized partners worldwide, CyberArk is a vital security partner to more than 3,200 global businesses, including more than 45% of the Fortune, 100 more than 25% of the Global 2000, CyberArk has offices in the U.S., Israel, Australia, France, Germany, Italy, Japan, Netherlands, Singapore, Spain, Turkey, and the U.K.
CyberArkMd

Saba Software

Our Venue Sponsor has contributed their offices and resources to make this day possible. As a result, we will be able to offer a thousand dollars to a local scholarship for students wanting more opportunities in the field of cybersecurity.
Saba makes software that transforms the working lives of millions of people

and increases growth and success for thousands of businesses around the world. We help organizations create the catalyst for exceptional employee engagement, with a powerful cloud platform that delivers a continuous development experience – from personalized training and collaboration to real-time coaching, goal setting, and feedback. Today thousands of customers worldwide, in virtually every industry, count on Saba to engage their people, connect their teams, and get the critical insight they need to prove the impact of talent on business success.

Attivo Networks sponsors and provides lab leaders and speakers.

Attivo Networks® is the leader in deception for cybersecurity defense. Founded in 2011, Attivo Networks provides a comprehensive deception platform that in real-time detects inside-the-network intrusions in networks, public and private data centers, and specialized environments such as Industrial Control System (ICS) SCADA, Internet of Things (IoT), and Point of Sale (POS) environments. Founded on the premise that even the best security systems cannot prevent all attacks, Attivo provides the

required visibility and actionable, substantiated alerts to detect, isolate, and defend against cyber attacks. Unlike prevention systems, Attivo assumes the attacker is inside the network and uses high-interaction decoys and endpoint, server, and application deception lures placed ubiquitously across the network to deceive threat actors into revealing themselves. With no dependencies on signatures or attack pattern matching, the BOTsink deception server is designed to accurately and efficiently detect the reconnaissance and lateral The Attivo Multi-Correlation Detection Engine (MCDE) captures and analyzes attacker IPs, methods, and actions that can then be viewed in the Attivo Threat Intelligence Dashboard, exported for forensic reporting in IOC, PCAP, STIX, CSV formats or can be used to automatically update SIEM and prevention systems for blocking, isolation, and threat hunting. The ThreatOps offering simplifies incident response through information sharing, incident response automation, and the creation of repeatable playbooks.

Unified Compliance Framework sponsors, provide past and future speakers.

We welcome The Unified Compliance Framework® (UCF) as a new Silver Sponsor, a speaker and recent ISC2 partner in providing certifications for controls and compliance mapping.
The Unified Compliance Framework® (UCF) was created by Dorian Cougias and his research partner, Marcelo Halpern of the international law firm Perkins Coie, which oversees all legal aspects of the UCF.

This patented GRC framework is used as a core component of advanced GRC solutions by leading software publishers, certified auditors and consultants worldwide. Unified Compliance’s dynamic SaaS portal, the Common Controls Hub, provides a new interface to the UCF that aids in extracting needed data from the framework easily and helps compliance professionals keep pace with the ever-evolving regulatory demands, confidently manage risk, and ease resource and budget barriers. The Common Controls Hub gives users rapid access to its massive data repository of more than 90,000 individual mandates from 800-plus laws and standards from around the globe. Sorting through the most up-to-date demands, figuring out which controls they need to implement and how they overlap is now a quick process with just a few simple mouse clicks.The Common Controls Hub simplifies the need to locate, research, interpret, and reconcile new and evolving mandates by giving compliance professionals the ability to centrally scope, define and maintain regulatory demands online. Companies can now automatically compile custom, harmonized control lists in minutes by vertical industries, market segments, and geographies.

Allgress

Allgress enables enterprise risk, security, and compliance professionals the ability to efficiently manage their risk posture.

By utilizing advanced visualization, automation, streamlined workflows, and the integration of existing data feeds, Allgress reduces the complexity and cost of risk management. Unlike other risk management solutions, Allgress customers derive value in days rather than months. For more information, visit www.allgress.com info@allgress.com or 925.579.0002
ThankYouEveryone
How to become a member: Please directly contact our Chapter President Tom Rogers and fill out the membership form https://isc2-eastbay-chapter.org/membership/
EnterpriseGRC Thank you Chevron, for providing us with space and food for the last two years.
Thank you, Blackhawk –Thank You, Oracle
(This 1-day event counts towards 8 hours of Continuing Professional Education CPE)
Your friends and colleagues at (ISC)2 East Bay Chapter chapter can’t wait to see you. We hope you join us in giving special thanks to the conference committee volunteers, without whom, such events would not be possible. Providing weekly meetings, binding flyers, drafting letters, being a liaison to our gracious speakers, updating and proofing our brochures, and assisting in the overall quality management of each Conference, we acknowledge Dan Green, Atul Kumar, Maura Jones, Peter Chen, as well as all members of the Board of Directors for their added responsibilities in coordinating our conference business, and for all the wisdom provided by the full membership of our chapter. Your support is greatly appreciated. Sincerely, Robin Basham, Conference Director

The (ISC)2 East Bay Chapter Board of Directors

Recent Past Presidents are Lokesh Sisodiya and Lee Neely

We push you in

Related Posts