SecureWorld Government Virtual Conference 2023

Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

Session description to come.

Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

The past year alone has revealed major vulnerabilities in critical infrastructure systems that resulted in immediate action to be taken by the White House. If there’s one lesson to be learned from the Colonial Pipeline attack and similar recent attacks such as the SolarWinds breach, it’s that companies must do everything they can to protect their critical infrastructure, environments, and networks.

Within the last year, nearly half of organizations were victims of a cyberattack that was caused by a third-party vendor. The effectiveness of hackers using third parties to infiltrate internal networks is still seen in attacks on critical infrastructure systems like water plants and gas pipelines. The only way to really know the threats emerging from sophisticated and advanced hacking methods is by assessing all points of vulnerability.

In this presentation, learn how government organizations can take action and put the right protocols in place to protect specifically against third-party breaches and provide actionable best practices using real life examples. With 54% of organizations not monitoring the security and privacy practices of third parties that they share sensitive or confidential information with on an ongoing basis, we will touch on why these organizations are so susceptible to attacks in the first place and the underlying issues when it comes to government entities using external vendors.

Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

State, Local, Tribal and Territorial (SLTT) governments face the threat of continuous cyber-attacks from numerous groups with different intentions to disrupt their ability to provide services and support to citizens. Citizens trust an rely on their governments to provide and maintain services that they rely on for essential life sustainment and emergencies. In recent decades research and investments in technology to enhance methods, solutions, and equipment have improved service delivery and emergency response operations provided by governments.
SLTTs have adopted and embraced advanced technology solutions that increased and improved their capabilities to provide essential and emergency services to their citizens. The effective management and security of these critical services are under constant scrutiny, and even the smallest system failure may be unacceptable to citizens and erode their trust in government. Several studies have shown that cybersecurity programs at the SLTT level receive varying support to ensure security and reduce the risk of compromise. How can budget constrained, understaffed, and low skilled employees of SLTTs establish, maintain and protect the security of their critical information (CI) systems reducing risk and avoiding failures due to cyber-attack? Security professionals, Chief Information Officers (CIO) and Chief Information Security Officers (CISO) are often placed in frustrating positions that limit their options to reduce risk because they are resource constrained. Implementing cybersecurity and risk frameworks that offer foundations to build stakeholder awareness, increase funding, establish needed enforcement authorities can identify gaps, reduce frustration and boost confidence in programs. Combining these basic frameworks with continuous improvement through leadership, information sharing, and partnership building has proven successful in industry cybersecurity programs and can work in SLTTs.

Measuring one’s cybersecurity framework against others in the same industry, or even outside of their vertical, can provide valuable insights into areas to improve or adjust.

Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

Key take-away: 
How to rethink database security controls in a cloud-first world.

For most organizations, data repositories hold our most sensitive, mission critical assets. As enterprises continue their digital transformation journeys, data repositories and the sensitive assets within are more exposed than ever before for several reasons, including a dramatic rise in the:

• Amount of data created, collected, and stored
• Number of repositories storing sensitive data across clouds
• Number of users and applications that need access to data

Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

This informative session analyses the growing threat of cyberattacks and risks to internet security in today’s world. Col. Leighton explores the various types of attacks and vectors, including how bad actors can impact businesses and individuals. The session also examines the role of governments and international organizations—partnering with public and private businesses—in protecting against cyber threats.

Col. Leighton describes how nefarious actions are becoming increasingly more sophisticated and widespread, with hackers targeting not just large corporations but also smaller businesses and even individuals. He emphasizes the need for organizations to take proactive measures to protect their networks and data, including investing in advanced security technologies and providing regular training to employees.

He shares examples of cyber activity—good and bad; offensive and defensive—from Ukraine, China, and around the globe.

Key Take-away:
How to navigate the establishment of a TPRM program for FinTechs and Startups with simplicity.

You have a great idea, you pitch it and the investors love it, you received your first (or second) round of funding, but now you are left stumped. A sponsor is asking you how are you managing the risk of your third parties. You think, I don’t have any “third parties” then you remember your cloud service provider, you connected APIs, the applications your employees (hopefully) installed via legitimate channels, the open-source software used in the development, and all the unknowns. You are left thinking you may have just opened Pandora’s box. How do you navigate this process, now, tomorrow, and into the future?

Presentation Level:
GENERAL (InfoSec best practices, trends, solutions, etc.)