Speaker

Laura Rodgers

Laura Rodgers

Director of Cybersecurity Practice, NC State University

Actions

Laura Rodgers is the Director of the North Carolina Partnership for Cybersecurity Excellence (NC-PaCE) and works with the member education institutions and industry to develop programs to support cybersecurity in North Carolina. She is also the Director of Cybersecurity Practice in the Department of Computer Science at North Carolina State University, acting as the technical liaison between industry, government agencies, the Secure Computing Institute, and NC PaCE.

Prior to joining NC State, Rodgers was the Sr. Cyber Compliance Manager for the North Carolina Military Business Center, where she helped defense contractors develop cybersecurity compliance programs.

She has held a variety of positions in the defense industry, including with Lockheed Martin’s MX and Titan Missile Programs and General Dynamics Information Technology’s urban training programs.

Ms. Rodgers holds a B.S in Accounting and an MBA from Oklahoma State University. She is a certified Data Privacy and Protection Specialist and is working toward a CMMC Certified Professional certification.

Building a Governance, Risk, and Compliance Program From the Ground Up

GRC programs help organizations take a comprehensive and integrated approach to managing risks. In cybersecurity, this means addressing not only technical vulnerabilities but also considering the broader organizational and regulatory landscape.

A GRC program for cybersecurity is essential for organizations to proactively manage risks, comply with regulations, and maintain a resilient and effective cybersecurity posture in an ever-evolving threat landscape.

Application of Model-Based System Engineering for Assuring Enterprise Cybersecurity

Researchers at UNCW are working to advance the theory and application of model-based system engineering (MBSE) for the purpose of resolving targeted cybersecurity use cases. The initial use case or system of interest that will be covered during the presentation is that of a modern digital enterprise. Within the cybersecurity knowledge domain enterprise cybersecurity merits special consideration because it typically presents as a large-scale, complex system of digital systems. A simple four step work process will be presented as a means for developing a risk treatment plan. The four steps are model, analyze, design, and implement. Key in the modeling step is creation of a novel descriptive enterprise system model that serves as an artifact showing how enterprise type, digital strategy, and behavior influences its attack surface structure. A DESM artifact is useful for analyzing assets of value, motivated threat actors, and vulnerabilities. A synthesis of the analyses enables creation of a risk register which is the primary input for designing a risk treatment plan using known risk treatment options and security controls. A plan of action with milestones will show how the risk treatment plan will be implemented. The target outcome for the four-step work process is conversion of the attack surface into a trust boundary at a level sufficient for achieving a defined security objective. The four-step work process will be linked to triple-loop learning which promotes cyber-defender cognitive skill development and performance improvement. The use case will be presented using a model-based system engineering web application.

Laura Rodgers

Director of Cybersecurity Practice, NC State University

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top