Welcome to the East Tennessee (ISC)² Chapter.
Our Mission & Vision:
To provide an environment where information security professionals may exchange ideas, share experiences, and promote security awareness and understanding within the local community and the great state of Tennessee.
Our mission is advancing the understanding of the roles that information security plays across organizations and society in Tennessee.
Welcome!
2024 Event Schedule
May 2024
5/21/2024 – Live Zoom Webinar – Speaker: Carlos Lobato, CPA, CISO – Effective Security Culture Begins at the Top
Talk Details: New CISOs may find themselves wondering where to start when selected to lead information security. Enterprise risk management and communication skills are essential to ensure an effective program. The goal is to protect your organization while enabling the business and reducing cybersecurity risk to an acceptable level. An effective information security culture is needed at the highest level to ensure proper tone. When cybersecurity is noted as a business enabler by the board and executive management, a security culture at all levels results in assets that are better protected.
Objectives:
- Establish an information security strategy with effective board and executive management buy-in.
- Utilize enterprise risk management to ensure your organization’s information security program is comprehensive, risk-based and focused on the top priorities.
- Apply effective communication to create a positive security culture across your organization.
5/24/2024 – 10th Annual BSIDES Knoxville – ISC2 East Tennessee will be a community sponsor of this fantastic event. Please stop by our table in the event hall to connect! It’s not too late to grab a ticket! https://www.10-sec.org/bsides-knoxville
June 2024
– Social Networking Event – TBA
July 2024
7/16/2024 – Live Zoom Webinar – Speaker: Daniel A. Paillet, CISSP, CCSK, CEH, CCNA – A Common Sense Approach to Deploying Zero Trust in Industrial Control Systems
BIO: Daniel Paillet is Cyber Security Lead Architect, Energy Management, at Schneider Electric. He has worked with the U.S. Department of Defense, as well as in information technology, operational technology, retail, point-of-sale and banking. In his current role, he develops, architects and improves secure solutions and offerings. He is a contributor to several ISA/IEC 62443 working groups and is a published author and speaker.
Talk Details: As critical infrastructure becomes a better-known area for bad actors, how should we apply Zero Trust in industrial control system networks, especially where health and safety are the primary concerns in security and integrity? This session will examine the functions of the Purdue Model and the operational technology environments that are increasingly connected to the cloud. We’ll identify where Zero Trust makes sense in securing critical infrastructure while being mindful that, if improperly deployed, it could impact health and safety.
Learning Objectives:
- Identify the impacts of Zero Trust on the functions described in the Purdue Model.
- Recognize the potential impacts of deploying Zero Trust on health and safety.
- Evaluate Zero Trust practices when applying them to critical infrastructure while minimizing impacts on health and safety.