Analyzing and Choosing a Digital Framework for Your Business
Data Governance. Cyber Governance. Privacy Governance. Your Business! You know you need one (or is it two?), but what applies when? How do you choose? Once you choose, how do you get it “right”?
This presentation will focus on the “Why care” aspect of frameworks, and provide an overview into the types, how to choose and implement them. The information can benefit an organization just starting on this journey, or bring additional insight into a mature framework, and help to answer the question of is it still right for my organization today.
By understanding the type of frameworks available, and how they help improve an organization from data protection to building trust, meeting compliance needs or ensuring privacy and applying that knowledge to the unique needs of business you will have a better understanding of what frameworks are important to your culture and organization.
What makes this course unique?
The panel brings a unique lens on Government and Private partnerships. Frameworks allow unique entities to have a common understanding and language so they can communicate and operate with clarity. By using the right frameworks, an organization can convey a message of assurance to their partners, supply chain and customers.
You will learn:
Why they should care about frameworks
Three types of cybersecurity frameworks
Overview of what frameworks exist
What to consider when choosing a framework
Keys to implementing a framework
Why each implementation is unique to your business
What to do after implementation
Why frameworks are a continuous journey, not an end state
Organizational culture matters
About the cost or the returns of a framework
Applicable to any industry dealing with data, cyber or privacy needs (and everyone in the DIB).
Who Should Attend?
Chief Risk Officers
Data Protection Officers
Chief Executive Officers
Chief Information Officers
Data Privacy Officers
Chief Compliance Officer
Chief Legal Officer
Chief Information Security Officer
Senior Director at Ankura
Formerly Chief of Staff, Department of Homeland Security, office of Cybersecurity & Communications (CS&C)
Daniel V. Medina is a Senior Director at Ankura based in Washington, DC. Daniel has over 20 years of experience as an information security executive in the United States government and in the private sector both domestically and abroad. He is a proven national security, cybersecurity, policy, strategic risk planner, and operations leader who has managed various security engagements, including security architecture reviews, security baseline standards development, enhancing the protection of controlled unclassified information, and incident response cases. Daniel specializes in designing pragmatic standards-based solutions to complex information security problems in order to meet business needs and ensure success.
Daniel is a Harvard Kennedy School Senior Executive Fellow, an alumni of the Carnegie Mellon Executive Chief Information Security Officer (CISO) Program.
Director of Privacy at Easy Dynamics Corp
Formerly Director, Senior Privacy Officer, National Protection and Programs Directorate, U.S. Department of Homeland Security
Jamie Danker leads the Privacy Practice at Easy Dynamics Corp where she is responsible delivering Privacy Risk Management, Privacy Engineering, and Privacy Program Management services all aimed at helping clients build more trustworthy systems that protect individuals from harm related to the collection, storage, and use of personally identifiable information. She supports the National Institute of Standards in Technology (NIST) in development and implementation of the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management. Prior to joining EDC, she spent 10 years at the Department of Homeland Security (DHS) in various roles in the DHS privacy enterprise advocating for building privacy into the earliest stages of system and program development including as Director, Senior Privacy Officer at the National Protection and Programs Directorate. She co-authored privacy requirements and considerations in NIST Special Publication 800-63-3, Digital Identity Guidelines. Prior to joining DHS, Ms. Danker led and contributed to several audits concerning government-wide and agency-specific privacy issues at the US Government Accountability Office.
She is a Certified Information Privacy Professional (CIPP/G/US/T), Certified Information Systems Security Professional and holds a Master of Science Information System Technology and Bachelor of Business Administration from the George Washington University.
Stephen P. Gilmer
Senior Director at Ankura
25 years as an Information Security executive with a focus in Aerospace, Defense, and Life Sciences.
Stephen P. Gilmer is a Senior Director at Ankura based out of Washington, DC. Stephen is a Certified Chief Information Security Officer (C|CISO) with more than 25 years of experience as a technical expert and executive leader focused on securing technology companies’ most sensitive and valuable data and systems. Stephen previously was in-house CISO at both a biotechnology startup and at two Fortune 10 aerospace, defense, and technology companies. In these roles, Stephen designed and implemented sensitive data and IP security control programs; shaped policy at the national level and security framework formation; and proactively resolved complex investigation, audit, and regulatory oversight issues.
Stephen is a Six Sigma Black Belt who led the transition of the IT infrastructure of a private start-up to address the regulatory and operational requirements of becoming a publicly traded company. As a CISO executive in an aerospace defense company subject to a consent agreement with the United States Government, Stephen also led global cyber investigations, risk analysis, engagement, and mitigation controls necessary for the organization to successfully navigate oversight requirements and re-establish credibility with government customers. Concurrently, Stephen built and led the cybersecurity components required to support winning and executing multi-billion-dollar government contracts.
Stephen frequently speaks at global cybersecurity conferences, publishes articles on the business necessity of proactive cyber risk management, and advises on and conducts cybersecurity education/training for corporate leadership including the board of directors, the C-suite and compliance officers.