Dr. Sarbari Gupta Will Offer Insights on “A Structured Approach for Privacy Risk Assessments of Federal Organizations”
Dr. Sarbari Gupta
On November 7–9, 2018, NIST will host the 2018 Cybersecurity Risk Management Conference. The event will explore best practices on key cybersecurity and privacy risk management topics.
WHAT: The 2018 Cybersecurity Risk Management Conference is a continuation of the annual Cybersecurity Framework Workshops of the past, with the addition of topics and stakeholder groups associated with NIST projects such as Risk Management Framework, Supply Chain Risk Management and Privacy Engineering. The conference will be organized around three main tracks: executive risk governance and administration, risk management programs and operations.
WHO: Sarbari Gupta, PhD, CISSP, CISA, President and CEO of Electrosoft Services, Inc., will address the topic, “A Structured Approach for Privacy Risk Assessments of Federal Organizations.” Dr. Gupta will propose a two-level Privacy Risk Assessment (PRA) methodology:
- 1.an organizational-level PRA that focuses on NIST SP 800-53 Rev. 4 Appendix J privacy controls
- 2.a system-level PRA for each information system that focuses on system-level privacy controls and analyzes the Privacy Impact Assessment for that system.
Dr. Gupta’s proposed approach focuses on the application of an SP 800-30 Rev. 1–style risk assessment at each PRA level to identify potential threats, gaps and vulnerabilities in privacy control implementations; ascertain their likelihood of occurrence; and assess the resulting impact. Dr. Gupta posits that the impact of an attack (a privacy threat exploiting a privacy vulnerability) can be derived by considering the magnitude of harm to individuals if their Personally Identifiable Information suffers from low-quality, unintended aggregation; unauthorized disclosure; or unauthorized modification/destruction as a result of the attack. The risk is seen as low, moderate or high if the individual suffers limited, serious or catastrophic harm, respectively.
Dr. Gupta’s expertise spans software development, computer security and cryptographic applications for public and private organizations. She speaks frequently at industry conferences on cybersecurity and PKI, helps develop IT security standards, publishes papers on information security and related topics and holds several patents.
WHEN: Thursday, November 8, 2018, 3:30 ? 4:15 p.m. ET, Maryland Ballroom F, 5th Floor
WHERE:
Renaissance Baltimore Harborplace Hotel
202 E. Pratt Street
Baltimore, Maryland 21202
For Attendees:
Individuals interested in attending the 2018 NIST Cybersecurity Risk Management Conference may register here. Registration ends on October 31, 2018 at 11:59 p.m. ET.
ABOUT ELECTROSOFT:
Electrosoft, headquartered in Reston, Virginia, delivers a diversified set of technology-based solutions and services to federal civilian and defense agencies. We couple domain knowledge and experience with proven, mature management practices to design and deliver the right solutions on time and within budget. Our practices include an ISO 9001:2015 registered Quality Management System and Capability Maturity Model Integration (CMMI) Level 3 assessed processes. Founded in 2001, Electrosoft is an 8(a) certified Small Disadvantaged Business (SDB) and an 8(m) certified Economically Disadvantaged Woman-Owned Small Business (EDWOSB). For more information about Electrosoft, visit our website at www.electrosoft-inc.com.