Simon Hill (VP - head of legal and compliance , PSI Certes Networks)
Location: N261
Date: Monday, March 27
Time: 2:15 pm - 2:45 pm
Pass Type:
All Access, Quick Pass Monday
Track:
Cybersecurity, Policy and Governance
Format:
Power Session
Vault Recording: TBD
Criminal justice Information (CJIS) system compliance has become more challenging than ever before as agencies migrate to cloud environments. By applying Zero Trust Architecture principles such as policy definition, micro segmentation and observability, government organizations can meet several data assurance requirements of the CJIS Security Policy.
Attendees will learn:
* CJIS - back to basics - top reasons for audit failures
* Overview of requirements for encryption of data
* Real world examples of cyber-attacks, with discussion on mitigation strategies to avoid these attacks
* Zero trust – what does it mean and how did it evolve
Attendee Take-aways:
* What are the common hurdles to meet the requirements to secure criminal justice information in transit
* Secure CJI data in transit with FIPS 140–2 certified encryption
* Create policies to drop unencrypted, unauthorized or other undesired traffic
* Overcomes security concerns with deploying VoIP
* Protect CJI when migrating to a cloud environment
* Demonstrate compliance during audits by means of automated reports to show traffic flows have complied with policy requirements
* Meet information integrity requirements by mitigating the risk of malicious behavior and ransomware
* The importance of decoupling security from the underlying network in accordance with NIST's Zero Trust Architecture recommendations