Guest speaker Scott Giordano discusses how data discovery and data classification, when combined with information security frameworks help bring organizations into compliance with a myriad of regulations, including the GDPR.
October of 2016, the U.S. Department of Defense published the final version of Safeguarding Covered Defense Information and Cyber Incident Reporting (DFARS 252.204-7012). The rule requires contractors to establish information security controls based on NIST SP 800-171 and to notify the DoD of a cybersecurity breach within 72 hours. Moreover, these requirements must be flowed down to subcontractors.
Much of the challenge in complying with the rule is in determining where Controlled Unclassified Information (CUI) lies throughout your organization and labeling it in a way that leverages the data protection abilities of data loss prevention (DLP) and other tools you already have in place. Data Discovery & Classification (DD&C) represents the ability to examine your entire information ecosystem in real time, identify a variety of sensitive data types, and apply the labels that will both assist in meeting the requirements of 800-171 and effectively proving it to prime contractors or the DoD. With a December 31 deadline looming, getting a compliance program in place has become imperative for many in the aerospace and defense industry.
In this session, industry veterans will offer their perspectives on using DD&C to meet 7012 ahead of the deadline, including:
Who should attend: Federal employees and contractors in information security and cyber security, also Information Officers including CIOs, Information Security Directors, Staff Attorneys, Privacy and Compliance