Training Topics - Presentations

Navigating Clinical Research Operations and Compliance

Training Topic | July 2024

Presented by:  Polina Eshkol of UCLA Health

 [Presentation | Meeting Recording]

Debrief of "A Day with the CMMC Assessors" 

Presenters: Louis Daher, University of Michigan | Erik Deumens, University of Florida | Jesus Olmedo, Midland University | William Haskell, Buffalo University |  Tina Rimbeck, Buffalo University | Christian Sousa, Colorado University | Cynthia Grigorescu, University of Illinois

June 2024 |Training Topic 

May 1, 2024 at the EDUCAUSE Cybersecurity Privacy Professionals Conference, a full day workshop titled "A Day with the CMMC Assessors" was held.  This was taken from the Abstract of the workshop: "In this year’s advanced skill workshop, attendees will gain a better understanding of preparation required for the eventual third-party Cybersecurity Maturity Model Certification (CMMC) assessment for research enclave(s) and labs by engaging with the Certified CMMC Assessors (CCAs). This session will feature presentations and discussions with CCAs sharing exclusive lessons learned and tips. As an EDUCAUSE event, content is tailored towards assessing research activities by recognizing both the similarities and the differences between large prime contractors and higher education institutions. By attending this workshop, attendees should expect to gain or build upon their fundamental grasp of cybersecurity compliance requirements for CMMC, enabling the organization to be prepared for CMMC assessments in higher education and be better prepared for engaging with Certified Third-Party Assessment Organizations (C3PAOs).  This can ultimately help reduce an institution’s cost to CMMC compliance."

This presentation will focus on the learning outcomes from this full day workshop. 

Day of Resources: [ Presentation | Meeting Recording | Full Report

What you really need to know about HIPAA

Training Topic | April 2024

Presented By:  Deb McCaffrey, Arizona State University & Jim Keynon, University of Michigan

[Q&A | Presentation | Recording]

Department of the Navy Blue Cyber Education Series for Small Businesses and Academic/Research Institutions

Presented By: Kelley Kiernan, Department of the Navy

July 12, 2023  Training Topic 

Department of the Navy Blue Cyber Education Series for Small Business and Academic / Research Institutions, Kelley Kiernan. Kelley will introduce the resources available to us all. Blue Cyber is an early-partnership with Defense Industrial Base contractors and potential contractors to arm them with the latest in cybersecurity best practices. [Presentation |Meeting Recording]

System Security Plan Workshop Summary

Advanced System Security Workshop - Summary

Presented By: Carolyn Ellis

May 10, 2023 | Institutional Showcase

On May 1st 2023, RRCoP hosted it's first full day workshop at EDUCAUSE Cybersecurity Privacy Professionals Conference to develop a portion of an SSP together. This included 60 individuals, representing 45 different institutions. We came together to learn where others landed on their implementations to 42 of the most challenging controls. During this talk, we will review the outputs of this first of its kind workshop, and then discuss how we will move forward with what was developed. [Presentation | Meeting Recording]

Panel on GRC Tools

Presented by: 

April 12th, 2023 | Training Topic 

GRC (Governance, Risk, and Compliance) tools help organizations manage and monitor their performance against various regulatory, industry-specific, and internal policies and standards. It helps streamline and automate processes related to risk management, compliance, and governance, allowing organizations to effectively identify, assess, and mitigate potential risks and compliance issues.


This panel discussion features 4 institutions running various GRC tools to share their experiences and insights. Learn how these tools have transformed their businesses and discover the potential benefits for your own organization.

[Presentation & Q&A  | Meeting Recording]

Automate Your CMMC Efforts with ChatGPT

Presented by: Derrich Phillips, AspireCyber

March 8th, 2023 | Training Topic 

ChatGPT is a powerful natural language processing tool that can help defense contractors automate their CMMC efforts. With ChatGPT, you can easily create custom chatbots to assist with tasks such as:  1. Auditing and assessment 2. Reporting and documentation 3. Real-time guidance and feedback 4. Reminders for certification renewals and updates 

[Presentation & Full ChatGPT Conversation  | Meeting Recording]

The Path to CMMC Assessment

Presented by: Amy Starzynski Coddens, REN-ISAC

February 8th, 2023 | Training Topic 


What does the path to CMMC assessments looks like including: CCP & CCA objectives, what a training would look like and then briefly touch on how an actual assessment would happen. 

[ Presentation + Q&A | Meeting Recording]

Debrief from Certified CMMC Professional course 

Presented by: Laura Raderman, Carnegie Mellon University

October 12, 2022 | Training Topic 

“Certified CMMC Professional training key points” Laura Raderman shares her key take-aways and lessons learned after attending "Certified CMMC Professional" course. Are your scoping choices the same as the assessors? Is everything perfectly black and white [Presentation + Q&A | Meeting Recording]

Preparing and Engaging in Third-Party Assessors

Presented By: 

August 10, 2022 |Training Topic

Erik Deumens, University of Florida, describes the general flow of the external assessment process by a company or by an Office of Internal Audit. UF has some experience because it has gone through a few of them and is going through one right now. This will be useful for many institutions as more compliance requirements will include assessment by a third party.

Damon Armour, North Carolina State University, presented on recent third party assessments by consulting firms on establishing a more formal IT risk management approach, meeting NIST 800-171 requirements for both DFARS and GLBA compliant environments and maintaining HIPAA Security Rule compliance for a non-academic medical institution. Each assessment resulted in commonalities that were foundational to have an effective compliance, cybersecurity and risk management programs. 

[Presentation + Q&A | Meeting Recording]