Friday, January 13, 2017

Upcoming Conferences in South Florida 2017

There are several conferences in the South Florida (and general area) that I plan to be at in the coming months, and some I hope to speak at.

The South Florida ISACA Chapter will be having their 10th WOW event on Friday, February 24th. [UPDATE: Friday, April 21st] This will be an all day event at the FIU Biscayne Campus as usual.  Registration is already open and the focus is on "Emerging Threats in Cybersecurity".

The South Florida ISSA Chapter will be having their biannual security conference on Friday, March 10th.  This will be an all day event at the Signature Grand.  Registration is open, sponsors are being lined up and a call for presenters is open.

BSides Orlando will be April 8th, again at University of Central Florida.  Unlike past years, this will be a one day event, but will again be right before SANS Orlando.

HackMiami will be back with their 5th conference on May 19-21, again at the Deauville Beach Resort in Miami Beach.

So some great events and I look forward to them.

NIST Cybersecurity Framework v1.1 is coming!!!

Well, NIST (National Institute of Standards and Technology) has announced an update for the Cybersecurity Framework (CSF).  The new version will be v1.1, an incremental update which was expected.

They have released a draft of this update for comments.

You may read about it HERE.   There is also THIS page that explain the update AND gives info on feedback, which has a deadline of APRIL 10, 2017 and were to send comments.

At that page you can read the draft in a couple of different versions.

What has been added/updated?

They added more stuff regarding supply chain.  They did a few tweaks on the Core.  I had hoped they would have gotten rid of the Implementation Tiers, but instead of dumping it or major work they did some tweaks to it.  And there is a new section on metrics and measurement.

I was disappointed they didn't update the Critical Security Controls references.  They are still listing v5, which is no longer valid and the group that managed it is no more.  However, they note they are still updating all the Information References, so hopefully that is just something that is in progress and will appeared in the released version.

I had hoped that the HIPAA crosswalk that was done would be incorporated into the document, at least as an appendix.  And I think the should add a PCI DSS crosswalk.  Am told it exists, and think it would be good to include it.  Again, maybe this will be including in the final version.

Am debating if I should put together a talk on this proposed draft for upcoming conferences.

BSides Tampa 2017

I will be speaking at BSides Tampa 2017 this February.

The topic will be on "HIPAA for Security Professionals".  My aim is to introduce to security professionals what HIPAA is and what they need to know about it.  With the increased pressure on healthcare organizations and their third party vendors for information security, this is important.  Especially with HHS doing random audits going forward.

Hope to see many of you there.