Do you currently have a government contract (or want one)? Did you know that if you don’t have a strong cybersecurity plan in place, you could be at risk of losing it? #CyberStrength will help ensure your business is in compliance with upcoming regulations.
#CyberStrength will explore and challenge the business owner/IT professional to prepare and strengthen their cybersecurity plan. It will position their company to take advantage of the opportunities provided by having a strong, cybersecurity posture.
This year’s speakers will include:
- SAC Fredrick Wimberly, Georgia Bureau of Investigation (GBI), District 2 – Basic CyberSecurity Considerations
- Mark Lupo, MBCP – DFARS 252.204-7012/NIST SP 800-171, Rev 1 – DOD Information Security Compliance Requirements for Government Contractors (Prime or Sub)
- Jan Pytelewski, GCPM – Deputy State Purchasing Agent, GA Dept of Administrative Services – State Information Security Requirements
- Wassel Lewis – Director of Strategic Sourcing, Aflac – Vendor Requirements and Process for Doing Business with Aflac
- Desirée Spain, CPCU, Underwriter, Technology, Media and Business Services – Beazley Insurance – CyberSecurity/CyberLiability Insurance
- Chief Robert Futrell – Director of Homeland Security, Columbus/Muscogee County – Local CyberSecurity Threat Overview/Response Guidance
- Panel Discussion
- a. Wassel Lewis
- b. Jan Pytelewski, DOAS
- c. Desiree Spain, CyberSecurity Insurance
- d. Chief Robert Futrell, Director of Homeland Security, Columbus/Muscogee County
Why Attend the Workshop?
What are the regulations/requirements that companies will need to satisfy?
NIST SP 800-171 – Very important. With the 109 control points of a cybersecurity plan needing to be in place and documented prior to 31 Dec 2017 (for companies dealing with controlled, unclassified information: https://en.wikipedia.org/wiki/Controlled_Unclassified_Information), companies that are not in compliance by that date will not be able to be awarded a Federal contract. And, if they currently have a federal contract, could be at risk of losing it. These control points are included within 14 families of security requirements and include very detailed items that must be documented by an auditing organization outside the business. Items such as: Limiting information system access to authorized users, controlled connection of mobile devices, limited use of portable storage devices, monitoring and controlling remote access sessions, etc. These are just 4 out of 22 requirements from one of the 14 families (Access Control).
How would it increase a business’ marketability to larger corporations?
If they do not have the cybersecurity measures in place, documented within a plan, they will not be awarded a federal contract and will probably lose the contracts they do have (if they are dealing with controlled, unclassified information (CUI)). For larger, private sector companies, these requirements will be similar and are already starting to show themselves in contracting relationships. Our panel discussion will address some of these.
What are a few of the things that could help harden a business’ cyber security infrastructure?
Implementing multi-factor authentication, limiting information system access to authorized users, authorize wireless access prior to allowing such connections, encrypting data, restrict, disable and prevent the use of nonessential programs, functions, ports, protocols and services, control and limit user installed software, enforce a minimum password complexity, testing the organizational incident response capability, etc.
What are the challenges a business may have that strengthening their plan could help resolve?
Most of the challenges are not really known by a business owner up until now (unless they suffered a malware attack). Now the issue becomes that in order to continue in business with customers and are vendor relationships, they are going to have to prove they are in compliance. If they don’t, their customers will no longer trust the businesses online presence and will go to another business that provides proof that they are more trustworthy in protecting confidential customer information. For the vendor relationships, whether government or private sector, the downstream entity will require that all upstream and downstream vendor relationships can prove an established level of cybersecurity infrastructure in place (as part of a more enhanced business continuity plan) to continue as part of the supply chain.
What are the opportunities that come along with having a strong cybersecurity plan?
The ability to grow their business in an environment that has become increasingly sensitized to the threats that cyber attacks can pose. This will most readily become apparent within the DOD/Federal contracting arena as of 31 Dec 17. This article on our blog from the Harvard Business Review communicates some of the opportunities for private sector companies that have a strong cyber presence: https://www.georgiasbdc.org/good-cybersecurity-can-be-good-marketing/