BEGIN:VCALENDAR VERSION:2.0 PRODID:-//ISACA Greater Washington, D.C. Chapter - ECPv6.15.20//NONSGML v1.0//EN CALSCALE:GREGORIAN METHOD:PUBLISH X-WR-CALNAME:ISACA Greater Washington, D.C. Chapter X-ORIGINAL-URL:https://61fa6d0a-79e8-4650-b4f1-a848cf17abef.express.conves.io X-WR-CALDESC:Events for ISACA Greater Washington, D.C. Chapter REFRESH-INTERVAL;VALUE=DURATION:PT1H X-Robots-Tag:noindex X-PUBLISHED-TTL:PT1H BEGIN:VTIMEZONE TZID:America/New_York BEGIN:DAYLIGHT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT DTSTART:20220313T070000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:-0400 TZOFFSETTO:-0500 TZNAME:EST DTSTART:20221106T060000 END:STANDARD BEGIN:DAYLIGHT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT DTSTART:20230312T070000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:-0400 TZOFFSETTO:-0500 TZNAME:EST DTSTART:20231105T060000 END:STANDARD BEGIN:DAYLIGHT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT DTSTART:20240310T070000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:-0400 TZOFFSETTO:-0500 TZNAME:EST DTSTART:20241103T060000 END:STANDARD BEGIN:DAYLIGHT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT DTSTART:20250309T070000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:-0400 TZOFFSETTO:-0500 TZNAME:EST DTSTART:20251102T060000 END:STANDARD BEGIN:DAYLIGHT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT DTSTART:20260308T070000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:-0400 TZOFFSETTO:-0500 TZNAME:EST DTSTART:20261101T060000 END:STANDARD END:VTIMEZONE BEGIN:VEVENT DTSTART;TZID=America/New_York:20250417T144500 DTEND;TZID=America/New_York:20250417T170000 DTSTAMP:20260526T055336 CREATED:20241231T201037Z LAST-MODIFIED:20250423T144400Z UID:33393-1744901100-1744909200@61fa6d0a-79e8-4650-b4f1-a848cf17abef.express.conves.io SUMMARY:FISMA and Risk Management Framework Panel Discussion DESCRIPTION:To protect federal information and systems\, the Federal Information Security Modernization Act of 2014 (FISMA) requires federal agencies to develop\, document\, and implement information security programs. The Annual FISMA Conference provides a useful update to IT Auditors and the Federal IT community on the current landscape and efforts to comply with FISMA. Come hear perspectives from senior federal executives who play key roles in FISMA compliance efforts. During this session\, you will learn about recent changes to the FISMA metrics\, and the opportunities and challenges agencies face in complying with FISMA. \nRegistration closes on April 16th @ 2pm. \nRegister Today! \n  \nEvent Sponsor \n  \n \nSikich is a Chicago-based global company specializing in technology-enabled professional services. With more than 1\,900 employees\, Sikich draws on a diverse portfolio of technology solutions to deliver transformative digital strategies. From corporations and not-for-profits to state and local governments and federal agencies\, Sikich clients utilize a broad spectrum of services and products to help them improve performance and achieve long-term\, strategic goals. As a full-service provider to Federal government agencies\, we provide financial management advisory and assurance services\, such as: \n\nAssisting the U.S. Defense Industrial Base (DIB) sector in enhancing its cybersecurity posture within the multi-tier supply chain to ensure compliance with Cybersecurity Maturity Model Certification (CMMC) requirements.\nConducting CFO Act engagements on behalf of more than three dozen federal CFOs and Offices of Inspectors General (OIGs) in the Executive and Legislative Branches.\nConducting FISMA audits and other custom IT and cybersecurity performance audits. Our testing includes evaluations of access controls\, configuration and change management\, systems development life cycle including audits of Agile and Waterfall implementations\, disaster recovery and contingency planning\, and overall governance and security frameworks.\nSupporting agencies adhere to the processes outlined in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800 series and conducting Security Assessment and Authorization (SA&A) activities.\n\n  \nConference Overview \n\nApril 17 \nThe conference will be held on April 17\, 2025 from \n2:45 pm to 5:00 pm. \nAdd this event to your calendar using the Add to Calendar link at the bottom of the page. \n  \nVirtual Event \nThe event will be held using Zoom. \nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits. \n\n\nGWDC Member Fee – $5 \nThe fee for GWDC Members is $5 for the conference.\nThe fee for all other registrants is $15 for the conference. \nTo become a member and take advantage of the member rate for our events\, among other benefits\, join ISACA and select the Greater Washington D.C. Chapter as your local chapter. \n  \nEarn up to 2 CPEs \nAttendees can earn up to 2 CPEs for this event. \nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls. \n\nShare this Event in Your Network \n\n \n \n \n \n \n \n \n \n \n Share on X\n \n \n \n \n \n \n \n \n \n \n \n Share on Linkedin\n \n \n \n \n \n \n \n \n \n \n \n Share on Facebook\n \n \n \n \n \n \n \n \n \n \n \n Share on Print\n \n \n \n \n \n \n \n \n \n \n Share on Email\n \n \n \n \n \n \n\n \n\n\n  \nAgenda \n \n\n2:45 PM – 2:55 PM \n\n\nOpening Remarks and Housekeeping \n  \n\n \n\n3:00 PM – 4:50 PM \n\n\n2025 Panel Discussion on FISMA and Risk Management Framework \nModerator: \n\nSarah Mirzakhani\nPrincipal @ Sikich\n\nPanelists: \n\nJennifer Franks\nDirector\, Center for Enhanced Cybersecurity @ US Government Accountability Office (GAO)\nMark Canter\nChief Information Security Officer (CISO) and Director of the Information Security Division at the U.S. Government Accountability Office (GAO)\nDr. Ron Ross\nChief Executive Officer @ RONROSSECURE\, LLC\nFormer Fellow @ the National Institute of Standards and Technology\n\n\n\n4:50 PM – 5:00 PM \n\n\nClosing Remarks \n\n  \n  \nModerator \n\n \n\n\nSarah Mirzakhani\nPrincipal @ Sikich \nCISA \nSarah Mirzakhani\, CISA\, is a principal with over 20 years of experience in information technology audit/information assurance and information security solutions. Sarah serves federal agencies with varied\, complex IT systems and environments. Her experience includes leading information technology internal control reviews and security audits\, such as the Federal Information Security Modernization Act (FISMA) and overseeing vulnerability assessments and penetration testing. \nSarah is also skilled in conducting and leading system and organization controls/SSAE18 audits and readiness assessments\, regulatory compliance reviews\, and system implementation reviews for not-for-profit\, commercial\, and governmental entities. She has extensive knowledge of the National Institute of Standards and Technology (NIST)\, Federal Information Processing Standards (FIPS)\, and Office of Management and Budget (OMB). \nShe provides services in areas\, such as IT and Cybersecurity Audits\, FISMA Audit Services\, and Performance Audits/p> \nSarah holds a Bachelor of Science in Business Administration\, Management Information Systems\, West Virginia University\, and is a Certified Information Systems Auditor (CISA). She is affiliated with the Information Systems Audit and Control Association (ISACA) and the Association of Government Accountants (AGA). \n \n\n  \nPanelists \n\n \n\n\nJennifer Franks\nDirector\, Center for Enhanced Cybersecurity\nActing Director\, Analytics Foundry\nUS Government Accountability Office (GAO) \nJennifer Franks directs the Center for Enhanced Cybersecurity within GAO’s Information Technology and Cybersecurity team. She oversees reviews that primarily focus on emerging cybersecurity issues and assessing an agency’s ability to protect the confidentiality\, integrity\, and availability of its sensitive data and computing infrastructure. Her multi-disciplinary teams actively review agencies’ computer security vulnerabilities across their enterprise-wide computing environment by assessing program management compliance and technical controls recommended for the agencies to follow in accordance with federal guidance and leading practices. In addition\, she leads reviews in the areas of IT management and operations\, financial management\, healthcare and public health IT\, data protection\, and privacy. \nFurther\, Jennifer serves as the Acting Director of the Analytics Foundry; a dedicated cloud computing environment that manages GAO’s complex analytical functions. \nJennifer earned a master’s degree in information security policy and management from Carnegie Mellon University and earned a bachelor’s degree in computer information systems from Hampton University. \n \n\n\n \n\n\nMark Canter\nChief Information Security Officer (CISO) and Director of the Information Security Division at the U.S. Government Accountability Office (GAO) \nMark Canter is the CISO and Director of the Information Security Division at GAO. In his capacity\, he oversees policy and governance\, information assurance and compliance\, and security operations. Prior to assuming this role\, he served as Assistant Director in the Information Technology and Cybersecurity (ITC) team at GAO. His portfolio included a diverse set of engagements on topics of financial and information systems internal control auditing\, cybersecurity\, emerging technologies such as blockchains\, AI\, and safeguarding/privacy of information. In addition\, he has authored various compliance and auditing tools and published several common vulnerabilities and exploits. \n\n\n \n\n\nDr. Ron Ross\nChief Executive Officer @ RONROSSECURE\, LLC\nFormer Fellow @ the National Institute of Standards and Technology \nRon Ross the Chief Executive Officer at RONROSSECURE\, LLC\, a cybersecurity advisory company and a Fellow at Dartmouth College. His focus areas include computer and information security\, systems security engineering\, trustworthy computing\, high assurance systems\, and security risk management. Dr. Ross currently supports the Dartmouth Institute for Security\, Technology\, and Society conducting applied research in secure systems engineering. A former Fellow at the National Institute of Standards and Technology\, Dr. Ross led the NIST Systems Security Engineering and FISMA Implementation Projects which included the development of cybersecurity standards and guidance for the federal government\, contractors\, and United States critical infrastructure. He also supported the State Department in its international outreach program for cybersecurity and critical infrastructure protection and led the Joint Task Force\, an interagency group with members from the Department of Defense\, Intelligence Community\, and Civil agencies. Dr. Ross served as the Director of the National Information Assurance Partnership\, a joint activity of NIST and the National Security Agency. During his twenty-year military career\, Dr. Ross served as a White House aide and senior technical advisor to the United States Army. He has lectured at colleges and universities throughout the United States and delivered the Commencement address at The George Washington University (School of Engineering). \nDr. Ross has authored numerous publications on risk management\, cybersecurity\, systems security engineering\, and system resiliency. These include: FIPS 199 (security categorization)\, FIPS 200 (security requirements)\, SP 800-30 (risk assessments)\,  SP 800-37 (risk management framework)\, SP 800-39 (enterprise risk management)\, SP 800-53 (security and privacy controls)\,  SP 800-53A (security and privacy control assessments)\, SP 800-53B (security and privacy control baselines)\, SP 800-128 (security configuration management)\, SP 800-160\, Vol. 1 (systems security engineering)\, SP 800-160\, Vol. 2 (cyber resiliency engineering)\, SP 800-171 (protection of controlled unclassified information)\, SP 800-171A (security assessments)\, SP 800-172 (enhanced security requirements)\, and SP 800-172A (enhanced security requirement assessments). \nDr. Ross has received many public and private sector awards including the Presidential Rank Award\, Samuel J. Heyman Service to America Medal for Homeland Security and Law Enforcement\, Michael V. Hayden Lifetime Achievement Award\, Department of Defense Superior Service Medal\, National Security Agency Scientific Achievement Award\, Department of Commerce Gold and Silver Medal Awards\, Applied Computer Security Distinguished Practitioner Award\, GCN Government Executive of the Year Award\, Vanguard Chairman’s Award\, Institute for Critical Infrastructure Technology Pioneer Award\, Information Week’s Government CIO 50 Award\, Billington Cybersecurity Leadership Award\, Office of Director National Intelligence Partnership Award\, ISACA National Capital Area Conyers Award\, ISACA Joseph J. Wasserman Award\, AFFIRM President’s Award\, Symantec Cyber 7 Award\, Government Technology Research Alliance Award\, SC Magazine’s Cyber Security Luminaries Award\, (ISC)2 Lynn F. McNulty Tribute Award\, American Bar Association Science and Technology Special Recognition Award\, 1105 Media Gov30 Award\, and CES Government Technology Leadership Award. He has also been recognized three-times as one of the Top 10 Influencers in Government IT Security and is a five-time recipient of the Federal 100 award for leadership and technical contributions to federal government cybersecurity projects. Dr. Ross has been inducted into the National Cyber Security Hall of Fame\, selected as an (ISC)2 Fellow\, and inducted into the Information Systems Security Association Hall of Fame receiving its highest honor of Distinguished Fellow. \nDr. Ross holds a Bachelor of Science degree in Engineering from the United States Military Academy at West Point. He also holds Masters and Ph.D. degrees in Computer Science from the United States Naval Postgraduate School with a concentration in artificial intelligence and robotics. He was commissioned as a Second Lieutenant in the United States Army\, served as a Mechanized Infantry and Army Acquisition Corp officer\, completed Airborne training\, and retired with the rank of Lieutenant Colonel. \n \n\n  \nEvent Questions and Policies \n\n\nRegistration Questions \nIf you have any registration questions about this event\, please contact us by completing the Registration Contact Form linked below. \nRegistration Questions \n  \n\n\n\n\nCPE Questions \nIf you have CPE questions after the event has concluded\, please contact us by completing the CPE contact form linked below. \nCPE Questions \n  \n\n\n\n\nCancellation and Refunds \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details. \n\n\n\n\nComplaints \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. \nAll complaints should be submitted through the Registration Contact Form. \n\n\n  \n  \nCPE Information \nEarn up to 2 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objective \nAfter attending this event\, attendees will learn about current and future trends in the IT Audit space. \n  \nCPE-Related Details \n\nPrerequisites: None\nAdvance Preparation: None\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet Based\nField of Study:  Information Technology – Technical URL:https://61fa6d0a-79e8-4650-b4f1-a848cf17abef.express.conves.io/event/fisma-rmf-panel-2025/ LOCATION:Virtual Event CATEGORIES:Panels ATTACH;FMTTYPE=image/png:https://61fa6d0a-79e8-4650-b4f1-a848cf17abef.express.conves.io/wp-content/uploads/2024/12/panel-fisma.png ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20240418T144500 DTEND;TZID=America/New_York:20240418T170000 DTSTAMP:20260526T055336 CREATED:20231031T000039Z LAST-MODIFIED:20240417T155729Z UID:31268-1713451500-1713459600@61fa6d0a-79e8-4650-b4f1-a848cf17abef.express.conves.io SUMMARY:2024 Annual FISMA and Risk Management Framework Panel Discussion DESCRIPTION:To protect federal information and systems\, the Federal Information Security Modernization Act of 2014 (FISMA) requires federal agencies to develop\, document\, and implement information security programs. The 2024 Annual FISMA Conference provides a useful update to IT Auditors and the Federal IT community on the current landscape and efforts to comply with FISMA. \nCome hear perspectives from senior federal executives who play key roles in FISMA compliance efforts in this year’s Federal Information Security Modernization Act of 2014 (FISMA) and Risk Management Framework (RMF) Panel Discussion. During this session\, you will learn about recent changes to the FISMA metrics\, and the opportunities and challenges agencies face in complying with FISMA. \nIT advisory or audit professionals that serve or support the Public Sector should attend this event. \nRegistration closes on April 17\, 2023 @ 2pm.   This is a free virtual event for GWDC Members. \nRegister Today! \n  \nEvent Sponsor \n  \n \nSikich LLP\, a professional services firm of more than 100 partners\, 1\,400 employees\, and 17 offices across the U.S. As a professional information technology (IT) firm\, Sikich provides client-tailored IT support\, managed security\, and numerous other expert IT services. As a full-service provider for government agencies and contractors\, we provide financial management and assurance services to support a wide range of federal and commercial clients\, including: \n\n Assist the U.S. Defense Industrial Base (DIB) sector in enhancing its cybersecurity posture within the multi-tier supply chain to ensure compliance with Cybersecurity Maturity Model Certification (CMMC) requirements.\n Conduct CFO Act engagements on behalf of more than three dozen federal CFOs and Offices of Inspectors General (OIGs) in the Executive and Legislative Branches.\n Conduct FISMA audits and other custom IT and cybersecurity performance audits. Our testing includes evaluations of access controls\, configuration and change management\, systems development life cycle including audits of Agile and Waterfall implementations\, disaster recovery and contingency planning\, and overall governance and security frameworks.\n\nThe ISACA Greater Washington D.C. Chapter is proud to have Sikich as the sponsor for this annual event. \n  \nAgenda \n\n2:45 PM – 2:55 PM \n\n\nOpening Remarks \n\n\n3:00 PM – 4:50 PM \n\n\nPanel Discussion: 2024 Annual FISMA and Risk Management Framework \nModerator: \n\n Sarah Mirzakhani\nPartner\, Sikich LLP\n\nPanelists: \n\n Steven Hernandez\nChief Information Security Officer\, and Director of Information Assurance Services @ U.S. Department of Education\n\n\n Jennifer Franks\nDirector\, Center for Enhanced Cybersecurity @ US Government Accountability Office (GAO)\n\n\n Victoria Yan Pillitteri\nFederal Information Security Modernization Act (FISMA) Implementation Project Lead @ National Institute of Standards and Technology (NIST)\n\n\n\n\n\n4:55 PM – 5:00 PM \n\n\nClosing Remarks \n\n  \nModerator \n\n \n\n\nSarah_Mirzakhani\nPartner @ Sikich LLP \nCISA \nSarah Mirzakhani\, CISA\, is a partner with over 20 years of experience in information technology audit/information assurance and information security solutions. Sarah serves federal agencies with varying\, complex IT systems and environments. Her experience includes leading information technology internal control reviews and security audits\, such as the Federal Information Security Modernization Act (FISMA) and overseeing vulnerability assessments and penetration testing. \nSarah is also skilled in conducting and leading system and organization controls/SSAE18 audits and readiness assessments\, regulatory compliance reviews\, and system implementation reviews for not-for-profit\, commercial\, and governmental entities. She has extensive knowledge of the National Institute of Standards and Technology (NIST)\, Federal Information Processing Standards (FIPS)\, and Office of Management and Budget (OMB). \nShe provides services in areas\, such as IT and Cybersecurity Audits\, FISMA Audit Services\, and Performance Audits. \nSarah holds a Bachelor of Science in Business Administration\, Management Information Systems\, West Virginia University\, and is a Certified Information Systems Auditor (CISA). She is affiliated with the Information Systems Audit and Control Association (ISACA) and the Association of Government Accountants (AGA). \n\n  \nPanelists \n\n \n\n\nSteven Hernandez\nChief Information Security Officer\, and Director of Information Assurance Services @ U.S. Department of Education\nMBA\, CISSP\, CISA\, CNSS\, CSSLP\, CDPSE\, SSCP\, CGGC\, ITIL \nSteven Hernandez is an information assurance executive serving the past twenty years in a variety of contexts and missions. His rich background includes law enforcement\, financial\, education\, healthcare\, credentialing\, heavy manufacturing\, non-profits\, and governments at the federal\, state\, and local levels. Steven’s experience ranges from the board room to leading tactical\, day-to-day security operations as well as leading broad security initiatives such as the US government’s Zero Trust Architecture approach across large and complex organizations. \nPresently he is the Chief Information Security Officer and Director of Information Assurance Services at the U.S. Department of Education. Steven also serves as the co-chair of the US Government Federal CISO Council and Government Chair of the ACT-IAC Cybersecurity Community of Interest. Prior to his position at Education\, he held a variety of roles at the Office of Inspector General\, US Department of Health and Human Services including CTO\, CIO\, CISO\, Senior Official for Privacy and Chief Services Engineering Officer. He is an inaugural member of the United States Scholarship for Service Hall of Fame and an ardent supporter of the next generation of cybersecurity professionals through his teaching work as an Honorary Professor\, Affiliate Faculty\, and guest lecturer at over a dozen Institutions of higher education. \n\n\n \n\n\nJennifer Franks\nDirector\, Center for Enhanced Cybersecurity @ US Government Accountability Office (GAO) \nJennifer Franks directs the Center for Enhanced Cybersecurity within GAO’s Information Technology and Cybersecurity team. She oversees reviews that primarily focus on emerging cybersecurity issues and assessing an agency’s ability to protect the confidentiality\, integrity\, and availability of its sensitive data and computing infrastructure. Her multi-disciplinary teams actively review agencies’ computer security vulnerabilities across their enterprise-wide computing environment by assessing program management compliance and technical controls recommended for the agencies to follow in accordance with federal guidance and leading practices. In addition\, she leads reviews in the areas of IT management and operations\, financial management\, healthcare and public health IT\, data protection\, and privacy. \nJennifer joined GAO in 2006. She is a Diversity Champion who leads efforts to increase inclusiveness at GAO. Since 2012\, she has facilitated numerous agency Diversity\, Equity\, Inclusion\, and Accessibility (DEIA) courses\, and holds facilitator certifications in “Engaging in Bold\, Inclusive Conversations” and “Green Dot Bystander Intervention” training. \nJennifer earned a master’s degree in information security policy and management from Carnegie Mellon University and earned a bachelor’s degree in computer information systems from Hampton University. \n\n\n \n\n\nVictoria Yan Pillitteri\nFederal Information Security Modernization Act (FISMA) Implementation Project Lead @ NIST\nCISSP \nVictoria Yan Pillitteri is a supervisory computer scientist in the Computer Security Division at the National Institute of Standards and Technology (NIST). Ms. Pillitteri is the Acting Manager of the Security Engineering and Risk Management Group and also leads the Federal Information Security Modernization Act (FISMA) Implementation Project\, supervising a team of technical and administrative staff that are responsible for conducting the research and development of the suite of risk management guidance used for managing cybersecurity risk in the federal government\, and associated stakeholder outreach and public-private coordination/collaboration efforts. She serves as the lead of the Joint Task Force working group\, a partnership with Department of Defense\, the Intelligence Community and Civilian Agencies to develop a unified security framework to protect USG from cyberattacks and is co-chair of the Federal Cybersecurity and Privacy Professionals Forum hosted NIST. \nShe previously worked on development of the Cybersecurity Framework and Privacy Framework\, led the NIST Smart Grid and Cyber Physical Systems Cybersecurity Research Programs\, served on the board of directors of the Smart Grid Interoperability Panel\, and completed a detail in the office of the NIST Director as an IT policy advisor. She has co-authored a number of NIST Special Publications (SPs) and Interagency Reports (IRs) on information security\, including SP 800-12\, 800-37\, 800-53\, 800-82\, 800-171\, 800-171A\, 800-171B\, 800-137A\, 1108 and IR 7628. \nVictoria holds a B.S. in Electrical Engineering from the University of Maryland\, a M.S in Computer Science\, with a concentration in Information Assurance\, from the George Washington University\, completed the Key Executive Leadership Program at American University\, and is a Certified Information Systems Security Professional (CISSP). She has completed a Senior Executive Service Candidate Development Program (SES CDP) and is SES certified. \n\n  \nVirtual Meeting Information \n\n This event will be presented through Zoom.\n Prior to the event\, participants must install the Zoom app on their respective devices or use the web-based Zoom. Calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n The ISACA Greater Washington\, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls.\n\n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 2 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objective \nAfter attending this event\, attendees will learn about recent changes to the FISMA metrics and the opportunities and challenges agencies face in complying with FISMA. \n  \nCPE-Related Details \n\n Prerequisites: None\n Advance Preparation: None\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://61fa6d0a-79e8-4650-b4f1-a848cf17abef.express.conves.io/event/2024-annual-fisma-and-risk-management-framework-panel-discussion/ LOCATION:Virtual Event CATEGORIES:Panels ATTACH;FMTTYPE=image/png:https://61fa6d0a-79e8-4650-b4f1-a848cf17abef.express.conves.io/wp-content/uploads/2023/10/panel-fisma-2024.png ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20231002T144500 DTEND;TZID=America/New_York:20231002T164500 DTSTAMP:20260526T055336 CREATED:20230827T152204Z LAST-MODIFIED:20231003T122315Z UID:30782-1696257900-1696265100@61fa6d0a-79e8-4650-b4f1-a848cf17abef.express.conves.io SUMMARY:Proposed Changes to GAO’s FISCAM Panel Discussion DESCRIPTION:On July 20\, 2023\, GAO issued an exposure draft of the revised Federal Information System Controls Audit Manual (FISCAM). FISCAM presents a methodology for assessing the design\, implementation\, and operating effectiveness of information system (IS) controls. GAO first issued FISCAM in 1999 and last issued a revision in 2009. GAO is requesting comments on the exposure draft from federal\, state\, and local government officials; managers and auditors at all levels of government; professional organizations; public interest groups; and other interested parties. When issued in final form\, this revision will supersede the February 2009 revision. \nThis panel discussion will provide attendees with an opportunity to learn more about the proposed revisions and ask questions before the comment period ends (comments due no later than October 18\, 2023).  IT advisory or audit professionals that serve or support the Public Sector should attend this event. \nRegistration closes on October 1\, 2023 @ 12pm.   This is a free virtual event. \nRegister Today! \n  \nEvent Sponsor \nThe ISACA Greater Washington D.C. Chapter is proud to have Cotton\, A Sikich Company as the sponsor for this event.  \n \nFounded in 1981\, Cotton is a certified public accounting firm headquartered in historic Old Town Alexandria\, Virginia. Cotton has focused our practice on providing services predominantly for governmental agencies and programs\, and we have continued to expand both our client base and our range of services. Today\, Cotton provides a full range of audit\, accounting\, IT\, and management consulting services. In 2022\, Cotton was acquired by Sikich LLP\, a global company specializing in technology-enabled professional services. With more than 1\,500 employees\, Sikich draws on a diverse portfolio of technology solutions to deliver transformative digital strategies and ranks as one of the largest CPA firms in the United States. From corporations and not-for-profits to state and local governments and federal agencies\, Sikich clients utilize a broad spectrum of services and products to help them improve performance and achieve long-term\, strategic goals. \n  \nAgenda \n\n2:45 PM – 2:55 PM \n\n\nOpening Remarks \n\n\n3:00 PM – 4:40 PM \n\n\nPresentation: 2023 FISCAM Exposure Draft\, follow-up with Q&A \nModerator: \n\n Loren Schwartz\nCPA\, CISA\, CISSP\nPartner\, Cotton\, A Sikich Company\n\nPanelists: \n\n Robert Dacey\nJD\, CPA\, CGFM\nChief Accountant\, GAO\n Nicole McGuire Burkart\nCPA\, CGFM\nAssistant Director\, GAO\n\n\n\n4:40 PM – 4:45 PM \n\n\nClosing Remarks \n\n  \nModerator \n\n \n\n\nLoren Schwartz\nPartner\, Cotton\, A Sikich Company \nCPA\, CISA\, CISSP \nLoren Schwartz joined Cotton in May 2002 and was elected a partner in April 2003. Loren has more than 25 years of diversified information system audit\, financial and operational audit\, privacy\, and risk management consulting experience. He directs many of the firm’s major information technology reviews and audits. \nLoren’s experience includes directing and participating in a wide range of system reviews\, Federal Information Security Modernization Act (FISMA) audits\, financial statement audits\, process re-engineering improvement projects\, and audits of internal management controls of automated information systems. He has directed projects with clients ranging in size from start-up entrepreneurial organizations to Fortune 500 organizations. His industry experience includes both commercial and governmental clients. He also has conducted speaking engagements for well-known industry organizations on a variety of Information Technology (IT) -related topics. \nLoren holds a Bachelor of Science degree in Accounting from Virginia Polytechnic Institute and State University. He is a Certified Public Accountant (CPA)\, a Certified Information Systems Security Professional (CISSP)\, and a Certified Information Systems Auditor (CISA). He is an active member of the American Institute of Certified Public Accountants (AICPA) and the ISACA Greater Washington D.C. Chapter \n\n  \nPanelists \n\n \n\n\nRobert Dacey\nChief Accountant\, GAO\nJD\, CPA\, CGFM\n \nMr. Dacey is Chief Accountant for the United States Government Accountability Office (GAO) and a member of the Federal Accounting Standards Advisory Board. Mr. Dacey has provided leadership for significant GAO efforts in financial accounting and auditing\, as well as audits and testimony related to information security\, homeland security\, and other information technology areas. He previously served as a member of the AICPA Auditing Standards Board and the International Public Sector Accounting Standards Board\, and as Chair of the AGA’s CEAR Board. Mr. Dacey is a CPA and CGFM. He received a B.B.A.\, magna cum laude\, from the University of Cincinnati and a J.D. from the George Mason University School of Law. \n\n\n \n\n\nNicole McGuire Burkart\nAssistant Director\, GAO\nCPA\, CGFM\n \nMs. Burkart is an Assistant Director in GAO’s Financial Management and Assurance team. She leads the information system controls assessments performed in connection with multiple GAO financial audits. She is also involved in the maintenance of GAO’s audit methodologies and led the recent efforts to revise FISCAM. Ms. Burkart served on the AICPA Attestation Standards Task force to clarify the attestation standards\, supporting the issuance of SSAE No. 18 and SAS No. 130. Ms. Burkart is also an alumnus of the AICPA’s second annual Leadership Academy\, Class of 2010. Ms. Burkart is a CPA and CGFM. She received a Bachelor of Science degree\, summa cum laude\, from Elmira College. \n\n  \nVirtual Meeting Information \n\n This event will be presented through Zoom.\n Prior to the event\, participants must install the Zoom app on their respective devices or use the web-based Zoom. Calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n The ISACA Greater Washington\, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls.\n\n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 2 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objective \nAfter attending this event\, attendees will obtain an understanding of (1) the major proposed changes to FISCAM\, (2) the impact of such changes on IS controls assessments\, and (3) the timeframe for public exposure and next steps. \n  \nCPE-Related Details \n\n Prerequisites: None\n Advance Preparation: None\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://61fa6d0a-79e8-4650-b4f1-a848cf17abef.express.conves.io/event/fiscam-panel-discussion/ LOCATION:Virtual Event CATEGORIES:Panels ATTACH;FMTTYPE=image/png:https://61fa6d0a-79e8-4650-b4f1-a848cf17abef.express.conves.io/wp-content/uploads/2023/08/fiscam_panel_2023.png ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20230413T144500 DTEND;TZID=America/New_York:20230413T170000 DTSTAMP:20260526T055336 CREATED:20230218T155631Z LAST-MODIFIED:20230403T134555Z UID:30042-1681397100-1681405200@61fa6d0a-79e8-4650-b4f1-a848cf17abef.express.conves.io SUMMARY:2023 Annual FISMA and Risk Management Framework Panel Discussion DESCRIPTION:The 2023 Annual FISMA Conference provides a useful update to IT Auditors on the current landscape of efforts to comply with the Federal Information Security Modernization Act of 2014 (FISMA). Come hear perspectives from senior federal executives from the Office of the National Cyber Director\, National Institute of Standards and Technology\, and the United States Department of Justice who play key roles in FISMA compliance efforts. During this session\, we will learn about recent changes to the FISMA metrics\, and the opportunities and challenges agencies face in complying with FISMA. \nIT advisory or audit professionals that serve or support the Public Sector should attend this event. \nRegistration closes on April 12\, 2023 @ 12pm.   This is a free virtual event for GWDC Members. \nRegister Today! \n  \nEvent Sponsor \nThe ISACA Greater Washington D.C. Chapter is proud to have Cotton\, A Sikich Company as the sponsor for this annual event.  \n \nFounded in 1981\, Cotton is a certified public accounting firm headquartered in historic Old Town Alexandria\, Virginia. Cotton has focused our practice on providing services predominantly for governmental agencies and programs\, and we have continued to expand both our client base and our range of services. Today\, Cotton provides a full range of audit\, accounting\, IT\, and management consulting services. In 2022\, Cotton was acquired by Sikich LLP\, a global company specializing in technology-enabled professional services. With more than 1\,500 employees\, Sikich draws on a diverse portfolio of technology solutions to deliver transformative digital strategies and ranks as one of the largest CPA firms in the United States. From corporations and not-for-profits to state and local governments and federal agencies\, Sikich clients utilize a broad spectrum of services and products to help them improve performance and achieve long-term\, strategic goals. \n  \nAgenda \n\n2:45 PM – 2:55 PM \n\n\nOpening Remarks \n\n\n3:00 PM – 4:50 PM \n\n\nPanel Discussion: 2023 Annual FISMA and Risk Management Framework \nModerator: \n\n Yehuda Schmidt\nCPA\, CISA\, CRISC\, CGEIT\nSr. Manager\, Cotton\, A Sikich Company\n\nPanelists: \n\n Melinda Rogers\nDeputy Assistant Attorney General Chief Information Officer\, United States Department of Justice\n Victoria Yan Pillitteri\nCISSP\nFederal Information Security Modernization Act (FISMA) Implementation Project Lead\n Lisa N. Barr\nDirector of Federal Cybersecurity\, Office of the National Cyber Director\n\n\n\n4:55 PM – 5:00 PM \n\n\nClosing Remarks \n\n  \nModerator \n\n \n\n\nYehuda Schmidt\nSr. Manager\, Cotton\, A Sikich Company \nCPA\, CISA\, CRISC\, CGEIT \nYehuda Schmidt joined Cotton\, A Sikich Company in January 2015. Yehuda has 30 years’ experience in assisting federal government agencies with finance\, accounting\, business process improvement\, information technology (IT) internal controls\, and program management. He has extensive experience in managing reviews of internal controls over financial reporting\, operational controls\, and risk management in compliance with Office of Management and Budget (OMB) Circular A-123. Yehuda is leading client’s IT risk assessments in compliance with NIST SP 800-37\, and IT assessment in compliance with NIST SP 800-53. \nYehuda holds an MBA in Finance and Entrepreneurship\, and B.Sc. in Accounting and Economics from the Hebrew University of Jerusalem\, Israel. He is a Certified Public Accountant (CPA)\, a Certified Information Systems Auditor (CISA)\, a Certified Risk and Information Systems (CRISC)\, and Certified Governance of Enterprise IT (CGEIT). \n\n  \nPanelists \n\n \n\n\nMelinda Rogers\nDeputy Assistant Attorney General Chief Information Officer\, United States Department of Justice \nMelinda Rogers was designated as Deputy Assistant Attorney General for Information Resource Management in September 2020. Prior to her designation\, she served as Deputy Chief Information Officer (CIO)\, and earlier she was the Department’s Chief Information Security Officer (CISO). In her role as CIO\, Ms. Rogers is responsible for overseeing the Department’s $3.4 billion Information Technology (IT) investment portfolio\, providing strategic direction to DOJ Components\, and directly supporting mission operations through IT service delivery. Additionally\, within Ms. Rogers’ purview is the Department’s Cybersecurity Program\, which proactively monitors and mitigates risks associated with the management\, security\, and acquisition of DOJ technology assets. Ms. Rogers also has extensive experience in the banking and financial services sector in private industry\, where she was most recently Equifax’s Assistant Vice President for Fraud Prevention and Identity Verification Solutions. \nMs. Rogers received her MBA from Emory University in Atlanta and is an alumna of George Mason University. \n\n\n \n\n\nVictoria Yan Pillitteri\nFederal Information Security Modernization Act (FISMA) Implementation Project Lead\, National Institute of Standards and Technology\nCISSP \nVictoria Yan Pillitteri is a supervisory computer scientist in the Computer Security Division at the National Institute of Standards and Technology (NIST). Ms. Pillitteri is the Acting Manager of the Security Engineering and Risk Management Group and also leads the Federal Information Security Modernization Act (FISMA) Implementation Project\, supervising a team of technical and administrative staff that are responsible for conducting the research and development of the suite of risk management guidance used for managing cybersecurity risk in the federal government\, and associated stakeholder outreach and public-private coordination/collaboration efforts. She serves as the lead of the Joint Task Force working group\, a partnership with Department of Defense\, the Intelligence Community and Civilian Agencies to develop a unified security framework to protect USG from cyberattacks and is co-chair of the Federal Cybersecurity and Privacy Professionals Forum hosted NIST. \nShe previously worked on development of the Cybersecurity Framework and Privacy Framework\, led the NIST Smart Grid and Cyber Physical Systems Cybersecurity Research Programs\, served on the board of directors of the Smart Grid Interoperability Panel\, and completed a detail in the office of the NIST Director as an IT policy advisor. She has co-authored a number of NIST Special Publications (SPs) and Interagency Reports (IRs) on information security\, including SP 800-12\, 800-37\, 800-53\, 800-82\, 800-171\, 800-171A\, 800-171B\, 800-137A\, 1108 and IR 7628. \nVictoria holds a B.S. in Electrical Engineering from the University of Maryland\, a M.S in Computer Science\, with a concentration in Information Assurance\, from the George Washington University\, completed the Key Executive Leadership Program at American University\, and is a Certified Information Systems Security Professional (CISSP). She has completed a Senior Executive Service Candidate Development Program (SES CDP) and is SES certified. \n\n\n \n\n\nLisa N. Barr\nDirector of Federal Cybersecurity\, Office of the National Cyber Director \nLisa Barr has over 20 years’ experience in the public and private sector leading and directing projects in Cybersecurity\, IT Strategic Planning and Risk Management. Lisa is the first Director for Federal Cybersecurity within the Office of National Cyber Director. She leads federal cybersecurity initiatives and efforts that focus on creating cohesion across the federal enterprise and reducing the burden on federal agencies. Within these 20 years\, she spent 13 years with the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency (CISA). She has held numerous trusted leadership positions covering cybersecurity policy\, supply chain cybersecurity\, federal cybersecurity governance\, and critical infrastructure resilience. Lisa served a one-year rotational assignment to the OMB Office of the Federal CIO as a Senior Advisor and program lead for the Federal Acquisition Security Council. Previous to her federal service\, Lisa spent several years in the private sector focusing on IT and cyber strategic planning and program management. \nLisa holds a Master’s degree in National Security and Resource Strategy; has received an Executive Chief Information Security Officer certification through Carnegie Mellon; and is a Certified Information Security Manager. \n\n  \nVirtual Meeting Information \n\n This event will be presented through Zoom.\n Prior to the event\, participants must install the Zoom app on their respective devices or use the web-based Zoom. Calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n The ISACA Greater Washington\, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls.\n\n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 2 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objective \nAfter attending this event\, attendees will learn about recent changes to the FISMA metrics and the opportunities and challenges agencies face in complying with FISMA. \n  \nCPE-Related Details \n\n Prerequisites: None\n Advance Preparation: None\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://61fa6d0a-79e8-4650-b4f1-a848cf17abef.express.conves.io/event/2023-fisma-panel/ LOCATION:Virtual Event CATEGORIES:Panels ATTACH;FMTTYPE=image/png:https://61fa6d0a-79e8-4650-b4f1-a848cf17abef.express.conves.io/wp-content/uploads/2023/02/fisma_panel_2023-e1676941581180.png ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT END:VCALENDAR