Prepared / Tested / Compliant: The Modern Incident Response Strategy

You must register to attend: https://www.eventbrite.com/e/prepared-tested-compliant-the-modern-incident-response-strategy-tickets-1977194947312

#### Meeting location will be announced soon.

#### Topic One: Navigating the Global GRC Tsunami and the New Reality of AI Governance in 2026

The GRC landscape is no longer driven by voluntary standards; it is now being defined by mandatory, prescriptive regulations (DORA, NIS2, SEC Rules) that prioritize operational resilience and board-level accountability. Simultaneously, the rapid deployment of Generative AI is creating profound, unmanaged risks that traditional GRC frameworks are ill-equipped to handle. This session will provide cybersecurity professionals with an actionable blueprint for integrating operational resilience into their core GRC structure and establishing measurable, future-proof AI governance models for 2026 and beyond.

Key Learning Objectives & Discussion Points:

1. From Compliance to Resilience: Understanding the shift mandated by regulations like the EU's Digital Operational Resilience Act (DORA) and NIS2, and how to prove operational continuity to regulators, rather than just checking boxes.
2. AI Governance as the Next GRC Frontier: How to implement organizational controls (NIST AI RMF, EU AI Act principles) over the use, development, and data security risks associated with internal and third-party Agentic AI and Large Language Models (LLMs).
3. Accountability and Auditability: Strategies for quantifying AI risk (Model Risk Management) and establishing audit trails that satisfy regulators regarding the responsible use of high-risk AI systems.
4. The New Boardroom Mandate: Reviewing the impact of the US SEC Cybersecurity Disclosure Rules and CISA's CIRCIA on C-suite liability and mandatory incident reporting timelines, and what GRC teams must prepare for immediately.
5. Scaling GRC with Automation: Practical examples of leveraging integrated GRC platforms to harmonize controls across multiple frameworks (e.g., ISO 27001:2022, SOC 2, HIPAA) to meet the dramatically increased volume of global regulatory requirements.

#### Speaker One: Alfred Ayala

Alfred is currently the GRC Chief at Longship International. He has created innovative, defensible, and purpose-engineered programs to protect banking, financial, technology, as well as the data infrastructures for $70M start-ups to $2.5T fortune-100 businesses.

His previous roles include Global Privacy Risk Compliance Manager for Meta, Chief Compliance Officer, SVP of Nano Banc, and Senior Compliance Officer, VP at MUFG. He holds CISM, CAMLS, CFLI, NMLS, and CIPP/US certifications. Alfred serves on many Boards, including EBPA and CSU-San Bernardino.

#### Topic Two: Prepared / Tested / Compliant: The Modern Incident Response Strategy

In today’s threat landscape, a structured Incident Response Plan (IRP) is not just a compliance checkbox—it’s a cornerstone of organizational resilience. We’ll explore the critical role of IR planning in safeguarding your data and meeting regulatory obligations under the NIST 800-171 framework. You’ll gain a high-level view of IRP components, including preparation, detection, containment, recovery, and post-incident analysis. We’ll also discuss the importance of tabletop exercises as a practical method to validate the IRP, uncover gaps, and strengthen coordination between departments. Hear how to integrate compliance requirements with operational readiness, ensuring a calm, rapid, and effective response to cyber incidents.

#### Speaker Two: Eddie Darmawan

Since 1997, Eddie has combined his passion for technology with his belief that small and mid-sized businesses are the backbone of America. His career has spanned pivotal moments in technology—from helping migrate Los Angeles courthouses during Y2K, to weathering the dot-com bubble with one of the first free internet service providers (ISPs), to supporting a national bank through the financial crisis.

Through D1 Defend, an IT managed security service provider based in Ontario, California, Eddie helps businesses simplify the complexities of IT and Cybersecurity. Eddie serves on the Board of Putera Indonesia Sejahtera, a nonprofit in Jakarta, Indonesia, dedicated to creating educational opportunities for underserved communities.