Summit Speaker Irene Garcia-Goan
Facility Management Considerations in Cybersecurity—Tips for Achieving Compliance
Wednesday, June 5, 2019 1:15 p.m. - 2:00 p.m.
Organizational information assets are threatened by an array of sources, both internal and external. Many attack methods and mitigation measures involve facility operations. Facility managers must consider everything from physical security to contractor network access. They are also often responsible for ensuring appropriate controls and documentation are in place. The Department of Defense and NIST have teamed up to create control requirements for companies and DoD contractors whose networks must comply with the Defense Federal Acquisition Regulation Supplement (DFARS) or adhere to the Risk Management Framework (RMF). Based on completion of more than 85 DFARS compliance processes and nearly a dozen RMF accreditations, we have found that organizations often overlook threats and vulnerabilities that exist at the physical level and facilities often lack the controls and documentation required for compliance. Cybersecurity risks faced by companies require new approaches to security. DFARS and RMF processes and controls present one way for companies to assess their security posture and “bake in” information security to their operations. Examples of cybersecurity regulations and federal guidance related to facility management include having proper documentation of when people enter and leave physical facilities, video surveillance, restricting mobile or storage devices, role-based training, access authorizations through access control devices (e.g. keys, badges, cipher locks), environmental controls (e.g. temperature in server rooms), storage site protection, and having a plan to continually monitor flow of resources and sensitive information, both hard copies and digital formats. Subcontractors and vendors are often subject to regulations and security-related responsibilities as well. We discuss strategies in which Facility Managers and Security Officers can collaborate with IT to create an organization-wide “culture of security” as well as confront challenges posed by cyber criminals and governance regulation and control. Additionally, we introduce the basic components of DFARS and RMF, and practical first steps to achieve compliance and accreditation.
Von Braun Center - South Hall | Ballroom 2
Senior Cybersecurity Analyst
Jocquette Blue is a Security Analyst of H2L Solutions, Inc. Jocquette AKA “Jackie” served eight years in the California National Guard and United States Army Reserve. She worked for four years at Wounded Warrior Project as a Technical Trainer instructing military veterans and their spouses A+, Network+, and Security+ prior to attending the University of Alabama in Huntsville where she received a master’s degree in Cybersecurity.
Senior Cybersecurity Analyst
Irene Goan a the Senior Cybersecurity Analyst at H2L Solutions, Inc., a native Texan, she served over twenty years in the United States Air Force. Irene has proved to be an exceptional leader not only in the military, serving on active duty during the Gulf, Iraq, and Afghanistan conflicts/wars and during the 9/11 attacks. She is highly sought after and is quickly becoming the “go to” person for Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 and Risk Management Framework (RMF). Irene obtained an undergraduate degree in Information Systems and has earned three master’s Degrees; each in Human Resources Development, Management and Cybersecurity.
Chief Operating Office and President
Jonathan Hard is the CEO and President of H2L Solutions, Inc. In the past four years, he has successfully conducted over 150 security assessments, gap analysis and provided compliance solutions. Jonathan is a sought-after speaker in the field, and has presented to Infragard, ISACA, ASIS, NCMA, NCMS regional conference and many other events on the subject of Safeguarding Covered Defense Information in compliance with DFARS 252.204-7012 clause. Jonathan has been an information technology and security professional since 2008. Prior to founding H2L, Jonathan served as a Cyber Security Engineer in the Defense Industry. He also was in the Alabama National Guard for 12 years; during that time, he graduated from Infantry Officer Basic Course, Ranger school, Airborne school, and completed a tour in Iraq as an Infantry officer.