CyberThreats 2025 - State & Local Requirements for Cyber Resilience - Day Two

This event qualifies for .2 CEUs

This event qualifies for 2 CPEs

This event qualifies for 2 CLPs

State and local, territorial, and tribal governments are not bound by the federal agency mandate to implement zero trust architectures, but there are numerous reasons they are either considering it or taking action to put it in place.

Zero trust is a particularly important concept for these smaller government bodies because they own and operate critical infrastructure and provide vital day-to-day services to their residents, from issuing driver’s licenses to approving building permits. It also helps these governments comply with various privacy and security regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), which protects sensitive health information from being disclosed without the patient’s consent.

Learning Objectives:

Delineate the elements of identity, how they change by location, task and group
Evaluate the concept of micro-segmentation and how it can be applied as a cybersecurity measure
Define the connections between automation and orchestration in cybersecurity and how they assist in analytics

Speaker and Presenter Information

Hosted By:

Claudia Hosky, Publisher, FedInsider

Claudia Hosky
Publisher,
FedInsider

John Breeden II, Moderator & Contributing Editor, FedInsider

John Breeden II
Contributing Editor,
FedInsider

Session One: Least Permissive to Least Privilege
The premise of zero trust architectures is based on the maxim never trust, always verify. This can be difficult when working with siloed legacy systems, where communication links are tenuous because of proprietary technology or dont exist because they were never connected to each other. Additionally, ZT is identity-based, but users often have multiple identities depending on their physical location, their day-to-day work, groups they may belong to, etc. Incorporating the concept of least privilege takes identity-based access one step further.

Session Two: ICAM & Micro-segmentation
The role of micro-segmentation dividing networks into smaller segments that can be isolated, often at the individual workload level can mitigate threats from users that legitimately have access to one part of a system but should not be able to move laterally to other parts of that system. This fits into the least privilege paradigm, building flexible, responsive controls that can block unexpected or inappropriate movements within a network.

Cesar Gamez, Information Security Administrator, City of Roseville CA

Cesar Gamez
Information Security Administrator,
City of Roseville CA

Session Three: Applying Analytics to Least Privilege
Maximizing the value of identity verification and network micro-segmentation requires visibility across not just identity and networks, but devices, applications, workloads, and data. With that visibility comes the opportunity for analytics, to create a unified cybersecurity picture. Automation and orchestration can streamline security operations, and improve governance by applying relevant regulations and reporting requirements.

Relevant Government Agencies

Air Force, Army, Navy & Marine Corps, Intelligence Agencies, DOD & Military, Office of the President (includes OMB), Dept of Agriculture, Dept of Commerce, Dept of Education, Dept of Energy, Dept of Health & Human Services, Dept of Homeland Security, Dept of Housing & Urban Development, Dept of the Interior, Dept of Justice, Dept of Labor, Dept of State, Dept of Transportation, Dept of Treasury, Dept of Veterans Affairs, EPA, GSA, USPS, SSA, NASA, Other Federal Agencies, Legislative Agencies (GAO, GPO, LOC, etc.), Judicial Branch Agencies, State Government, County Government, City Government, Municipal Government, CIA, FEMA, Office of Personnel Management, Coast Guard, National Institutes of Health, FAA, Census Bureau, USAID, National Guard Association, EEOC, Federal Government, State & Local Government, FDA, Foreign Governments/Agencies, NSA, FCC