Logo

MAy 23 Fairfax, VA - Shared screen with speaker view
Dion Jackson
04:52
We apologize for the delay, there was a problem with the zoom application setup which required a new meeting ID but we will get started shortly with abbreviated speakers so we can get to the content on time
Dion Jackson
17:18
Thank you for your patience. This is a prsentation that is extra today and the actual training will start in another 15 minutes
misse.parzow
19:20
Ok, thank you for letting us know!
Damita Zweiback
20:23
Ok. Thank you. Can you tell us who is talking?
Shahnaz Syeda
20:39
Hello! There seems to be two mics running. Is anyone else experiencing an echo?
Damita Zweiback
21:07
Yes
Lori Esau
21:11
I, too, am receiving an audio echo.
John Abbey
21:13
Ok, thank for the update
misse.parzow
21:20
I am too. When she gets closer to what looks like the AV equipment, the echo gets worse. When she's on the other side of the screen, it's ok.
Christine Kennefick
21:25
Yes, I am getting an echo that makes it difficult to follow the speaker.
LauraKelmelis
22:29
Agreed - an echo here too.
Lori Esau
22:40
Will this slide deck of the extra presentation be made available to attendees?
LauraKelmelis
22:46
It's better where she's standing now
Elizabeth Torrens
22:48
is it better now?
caroltg
22:54
yes
Shahnaz Syeda
23:03
Yes perfect!
misse.parzow
23:08
Yes! Thanks!
Christine Kennefick
23:31
Yes, now it is more clear.
Damita Zweiback
23:53
Yes, thank you!
Damita Zweiback
27:48
Is the speaker Dr. Neuman?
Elizabeth Torrens
33:51
the agenda is posted here at the bottom of the page if you'd like to get speaker names: https://virginiaptac.ecenterdirect.com/events/2590
Lori Esau
33:51
Could you please repeat those sites - Bitsite?
SMassop
35:41
it would be helpful if she repeated the questions that are being asked before answering them
Jason Starkey
36:19
will these slides be available to participants?
Dewey Phan
36:57
The slides are inluded in the email notification and you can download them in the pop up as PDF
SMassop
37:31
slides here unless they changed: https://sites.usc.edu/cyberworkshops/workshop-materials/
Dion Jackson
37:42
Yes, we will send out Katie Harrington's slides tomorrow along with the video. These are new and not part of the actual standard workshop.
caroltg
38:12
thank you
Jason Starkey
38:20
Thanks
Sheila Zattau
38:41
give the people asking question a mic please
SMassop
38:49
yes
hubbard
40:32
can't hear questions
Damita Zweiback
40:40
I agree - it would be nice to hear the questions.
LauraKelmelis
40:45
Agreed
SMassop
41:20
or at least repeat the question
Dion Jackson
41:57
The question was a long story and was recommending someone for her advisory committee.
Dion Jackson
42:21
Email any uestions you have for Katherine.
SMassop
42:38
will those questions/comments be included in some way of the promised video recording of this?
misse.parzow
42:54
We can't hear him as well as we could hear Katherine
SMassop
42:55
the audience ones I mean
LauraKelmelis
42:56
We cannot hear you
SMassop
43:06
this is frustrating
misse.parzow
43:11
Thanks! Much better with the mic!
Dion Jackson
43:12
Can you hear now?
SMassop
43:17
better
LauraKelmelis
43:18
yes thank you!
Sam
43:19
yes
michael.cromer
43:26
yes
SMassop
43:28
but much lower than the previous soeaker
SMassop
43:31
better
hubbard
44:21
what is the password for the slides?
Akbar karimi
44:27
Cyber
SMassop
44:31
cyber
Dion Jackson
44:37
Small c
Sheila Zattau
47:13
what was the name of the authentification system?
Sean
48:01
I think he said kerberos
Sheila Zattau
48:33
Thanks
Dion Jackson
55:03
An earlier question was whether the questions you couldn't hear will be included in the recording. Unfortunately, the recording is the same as what you can see and hear online. The instructor, Dr. Neuman is practiced at repeating questions so there should be no further issues.
Dion Jackson
01:02:15
The slide deck from Katherine Arrington will be sent you tomorrow with a copy of the video of her presentation.
hubbard
01:03:51
where cann we get the recording? I would like to download the audio from the 5/3 seminar
Dion Jackson
01:04:05
As a reminder, the current slide deck is available at https://sites.usc.edu/cyberworkshops/workshop-materials/ using the password: cyber.
Todd G
01:05:18
Same question on recordings. I remotely attended Houston session and would like recording of that or another session. Was told it would be available and didn't take enough notes in case it wasn't. Oops.
hubbard
01:05:59
question for speaker: if our business receives spam or phish email, they DO require reporting to DIB?
hubbard
01:06:24
re: recording - thankyou
Dion Jackson
01:07:03
Today's recording will be made available due to the issues encountered and the guest speaker and the significance of her presentation. Other workshops are not available.
Tony Bostic
01:09:55
how do we ask the presentator a question?
Dion Jackson
01:11:41
Type your questions here and I will relay them.
Tony Bostic
01:11:44
ok
hubbard
01:11:55
question for speaker: if our business receives spam or phish email, they DO require reporting to DIB?
misse.parzow
01:13:51
For the IoTs, what if we have people who work from home that can access CUI from a "secure" laptop. DO they need to make a separate internet access point from their home devices?
misse.parzow
01:17:11
Thanks! Didn't even think about someone seeing the screen through the window! :)
Dion Jackson
01:19:32
Or from a drone with a camera.
Slamani
01:24:11
What is CMMC?
Dion Jackson
01:24:55
Cybersecurity Maturity Model Certification (CMMC)
Dion Jackson
01:25:17
This morning's speaker spoke about DoD's plans for this.
Dion Jackson
01:25:52
The DoD is working with John Hopkins University Applied Physics Laboratory (APL) and Carnegie Mellon University Software Engineering Institute (SEI) to review and combine various cybersecurity standards into one unified standard for cybersecurity.
Dion Jackson
01:27:41
These slides will be sent out tomorrow with the video and they include a proposed timeline and levels of security required. It will also include a third party certification in 2020.
hubbard
01:29:47
NIST SP 800-171 version 2 is due out "any day" now. Is this the same as the DOD's CMMC or still happening, or what? How are they related?
misse.parzow
01:32:33
do we have to send it to ALL primes or only the one(s) affected?
jayesh lakhiani
01:34:41
we have to report incident caused by COTS product even we are not responsible for fixing it and have to wait for vendor
Dion Jackson
01:35:21
CMMC and NIST SP 800-171 fit together. You will see how in the slides I will send tomorrow. A level one security has to implement fewer of the controls than a level two and above. The CMMC is still under development and there will be 10 collaborative sessions across the country.Time Frame: July – Aug 2019
jayesh lakhiani
01:49:52
can the microphone of folks online be muted please
LauraKelmelis
01:50:53
mute everyone please
Henry
01:51:11
Appleton - please mute
misse.parzow
01:51:26
someone is talking in another language over the presenter!
LauraKelmelis
01:51:33
and we can see him
michael.cromer
01:51:45
Appleton, please mute your feed
Bayo
01:51:46
Apleton
Tony Bostic
01:51:47
appleton please mute
Bayo
01:52:02
Appleton Please mute your phone
misse.parzow
01:52:09
We missed everything because of Appleton
Midge's iPad (2)
01:52:10
Appleton - please turn off your video
Bayo
01:52:22
We can hear and see you
LauraKelmelis
01:52:31
omg this guy we cant hear the presenter
Tony Bostic
01:52:32
appleton please mute and turn off camera
John Abbey
01:52:48
Appleyton, please mute your mike
LauraKelmelis
01:52:48
Dion can you please mute them?
michael.cromer
01:52:49
MUTE YOUR FEED APPLETON PLEASE
Tony Bostic
01:52:55
dion could you please ask appleton to mute
misse.parzow
01:53:01
No clue what's going on now! So frustrating!
Bayo
01:53:07
Dion and Deepak
Midge's iPad (2)
01:53:17
Appleton turn off your camera and mike pleas
Bayo
01:53:18
Could you please mute Appleton
Thomas Stamulis
01:53:27
Ask the host to say it over the audio as he’s not monitoring the presentation
Wanda Damon
01:53:31
Please ask Dr. Neuman to ask Appleton to mute his speaker since he's not seeing the messages
Tony Bostic
01:53:55
thank you
michael.cromer
01:53:57
thank you
John Abbey
01:54:01
Appleton, please pay attention. You're distracted.
Dion Jackson
01:54:20
I have been able to mute Appleton.
SMassop
01:54:25
thanks
misse.parzow
01:56:18
Thank you!!
jayesh lakhiani
01:57:26
how are CUI/CDI meet if we are resellers ?
Slamani
01:57:46
CMMC and NIST SP 800-171 fit together. You will see how in the slides I will send tomorrow. A level one security has to implement fewer of the controls than a level two and above. The CMMC is still under development and there will be 10 collaborative sessions across the country.Is there a list of NIST compliant IT vendors?
Dion Jackson
01:58:29
We are now looking at a new slide not in your slide deck. We will post the updated slide deck at lunch and re-send the link.
hubbard
02:01:11
where [and how] are COTS defined? Can we get our product on that list?
jayesh lakhiani
02:03:51
what about data collected and monitored using the cots product ? e.g. video software
Dion Jackson
02:09:24
I believe the curent slide answers this question - data is your responsibility.
Thomas Stamulis
03:05:17
Did the host announce when the lunch break would occur? I missed the first few minutes and may have missed it.
carlos.burrell
03:05:31
12pm
Thomas Stamulis
03:05:35
Thank you
Alma Garlington
03:06:28
Ibelieve at 12
LauraKelmelis
03:24:21
What about systems like SharePoint? If all data is held on SharePoint not on individual machines.
misse.parzow
03:24:23
Remote access- user has a company provided device. SHould we have software like NordVPN that hides their locations and who they are?
jayesh lakhiani
03:31:45
sanitization of data in the cloud ? doesit leave some thing there ? amazon s3
Thomas Stamulis
03:34:09
Isn’t this addressed by GCC High from Microsoft and Azure?
Slamani
03:34:39
Is shredding files using software such as McAfee acceptable as a mean to "sanitize"
LauraKelmelis
03:44:48
When are we back?
jayesh lakhiani
03:45:55
put the link in the chat
SMassop
04:36:37
should the larger slide deck already be posted?
Slamani
04:56:30
Is "malwarebytes" a good software to detect malware?
Dion Jackson
05:05:04
The larger slide deck is not yet available. We couldn't execute on that over lunch. You can get it tomorrow.
skyhawkdrones@gmail.com
05:09:05
KASPERSKY
Slamani
05:22:35
Do you have a sample plan you can provide?
Thomas Stamulis
05:23:50
Slamani, Are you asking about a POA&M template
Dion Jackson
05:24:30
On slide 81:
Dion Jackson
05:24:45
NIST has released a template which you can use as the basis for writing your system security plan.See:https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-1/final/documents/CUI-SSP-Template-final.docx
Dion Jackson
05:25:31
On Slide 82:
Dion Jackson
05:25:35
NIST has release a template (blank table) for your plan of actions andmilestones:https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev- 1/final/documents/CUI-Plan-of-Action-Template-final.docx
Thomas Stamulis
05:26:32
There is also a template provided in the tools section of the link they shared during lunch.
Dion Jackson
05:26:36
These may be new slides. If so, you will receive a link to the updated slide deck tomorrow.
misse.parzow
05:29:53
Would you please repost the link from lunch? I had to reboot my computer and lost it! Thanks!
Dion Jackson
05:36:12
https://sites.usc.edu/cyberworkshops/workshop-materials/
Dion Jackson
05:36:17
Password: cyber
michael.cromer
05:44:31
Any tips on implementing auto log out?
michael.cromer
05:45:58
Where are these settings in Windows?
michael.cromer
05:46:09
I cannot find them
Dion Jackson
05:48:54
Google Root Policy editor to find the settings location. Apparently it is not in an obvious location.
Dion Jackson
05:49:08
The auto log out location.
carlos.burrell
05:49:08
Local Security Policy
Dion Jackson
05:50:59
I'm taking a 5 minute break and will pass along your questions when I return.
Sheila Zattau
06:00:55
How effictive is harddrive encryption after the drive has been in use? Is it better to encrypt prior to using the harddrive?
skyhawkdrones@gmail.com
06:03:34
ME
SMassop
06:04:02
can u ask him to go back where the camera can see him please?
Dion Jackson
06:15:12
Your questions are welcome
Dion Jackson
06:18:10
Is the camera angle better?
SMassop
07:14:49
yes thanks
Pennie D
07:33:38
Is it better to use webmail for email as opposed to email clients that store data on local computer?
Slamani
07:43:23
What is CUI at rest? in 3.13.16
skyhawkdrones@gmail.com
07:58:24
SCADA?
Thomas Stamulis
08:03:47
Supervisory Control and Data Aquisition
Thomas Stamulis
08:16:24
Thank you for the presentation.
mkuster
08:16:59
where is this presentation recording being posted?
Pennie D
08:17:10
Thank you...this was very informative presentation.
lakhiani
08:17:34
i would like to get the recording of the presentation from this morning
skyhawkdrones@gmail.com
08:18:03
YES, VERY INFORMATIVE. THANK U
misse.parzow
08:18:09
Thank you so much for this great presentation! Even better... thank you for making it free for us small businesses that may not have been able to afford this training if it had a cost!
lakhiani
08:18:41
thanks a lot it was very usefull
Bayo
08:19:31
Please help us add your comments to the post workshop survey, you will be receiving shortly
Phil
08:19:33
This workshop was great! Thank you to Northrop, USC and George Mason Univ. for working with the small business community
Bayo
08:19:34
Thank you
Akbar karimi
08:20:07
This training session was very informative-Thank you!
Dion Jackson
08:20:27
We will email you the link to the recording and Katie's slides tomorrow. Dr, Neuman's updated slides will be available on the website tomorrow as well. https://sites.usc.edu/cyberworkshops/resources/
Slamani
08:21:15
Dion, thanks for your help. The training was vey informative
Dion Jackson
08:21:22
The last link as some resources and will be improved next week. Not sure if the ones you want have been developed by NIST or others yet.
Henry
08:22:28
I'll pile on to all the comments and add that there is obviously lots of interest in the topic, one I find quite daunting with respect to implementing at a small company with limited resources (both skill and $$) and were to do next - let us know if there is any follow-on training please!
Dion Jackson
08:22:47
Thank you, will do.
Lori Esau
08:23:36
THANK YOU Dr. Neuman for a very informative presentation, Dion for your adept facilitating of the presentation/questions, and Northrop Grumman for hosting!
Dion Jackson
08:25:19
Thank you signing off.