Federal IT Security Professional - Manager FITSP-M Module 1.

Slides:

Advertisements

Similar presentations

Module N° 7 – SSP training programme

Advertisements

Effective Contract Management Planning

Subchapter M-Indian Self- Determination and Education Assistance Act Program Part 273-Education Contracts under Johnson-OMalley Act.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

Campus Improvement Plans

1 NIST, FIPS, and you... Bob Grill Medi-Cal ISO July 16, 2009.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

SSA’s Electronic Information Data Exchange Information Security Certification and Compliance Monitoring Program Presented by: Michael G. Johnson, Director,

Near Real Time Risk Management Transforming the Certification and Accreditation Process ISSA-Baltimore Chapter Meeting May 28, 2008 Dr. Ron Ross.

Presented By: Thelma Ameyaw Security Management TEL2813 4/18/2008Thelma Ameyaw TEL2813.

Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.

National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.

Office of Inspector General (OIG) Internal Audit

Internal Audits, Governmental Audits, and Fraud Examinations

First Practice - Information Security Management System Implementation and ISO Certification.

Risk Assessment Frameworks

Risk Management Framework

Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.

Complying With The Federal Information Security Act (FISMA)

An overview of the NIST Risk Management Framework ISA 652 Fall 2010

Effectively applying ISO9001:2000 clauses 5 and 8

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

Information Security Framework & Standards

INFORMATION SECURITY REGULATION COMPLIANCE By Insert name dd/mm/yyyy senior leadership training on the primary regulatory requirements,

A Security Training Program through Transformational Leadership and Practical Approaches Tanetta N. Isler Federal Information Systems Security Educators’

D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.

Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2007 ISA ISA 99 WG4 Technical Requirements Organization and.

Basics of OHSAS Occupational Health & Safety Management System

SECURITY POLICIES Indu Ramachandran. Outline General idea/Importance of security policies When security policies should be developed Who should be involved.

1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.

NIST Special Publication Revision 1

Federal IT Security Professional - Auditor

1 DOE IMPLEMENTATION WORKSHOP ASSESSING MY EMS Steven R. Woodbury

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.

TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Integrated Enterprise-wide Risk Management Protecting Critical Information Assets and Records FIRM Forum.

© Securities Commission, Malaysia 1 What the Audit Oversight Board will do ICAA-MICPA Audit Forum 3 August 2010.

© MCR, LLC MCR Proprietary - Distribution Limited Earned Value Management Application, Guidance, and Education Neil F. Albert President/CEO MCR, LLC

National Institute of Standards and Technology 1 The Federal Information Security Management Act Reinforcing the Requirements for Security Awareness Training.

Holistic Approach to Security

FOURTH EUROPEAN QUALITY ASSURANCE FORUM "CREATIVITY AND DIVERSITY: CHALLENGES FOR QUALITY ASSURANCE BEYOND 2010", COPENHAGEN, NOVEMBER IV FORUM-

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

Environmental Management System Definitions

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Managing Risk in New Computing Paradigms Applying FISMA Standards and Guidelines to Cloud Computing Workshop.

1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.

It is imperative that leaders and managers at all levels understand their responsibilities and are held accountable for managing information security risk.

Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.

NIST HIPAA Security Rule Toolkit Kevin Stine Computer Security Division Information Technology Laboratory National Institute of Standards and Technology.

Company: Cincinnati Insurance Company Position: IT Governance Risk & Compliance Service Manager Location: Fairfield, OH About the Company : The Cincinnati.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Project Management Career Development Program (PMCDP) development-program Linda Ott.

Federal Information Security Management Act (F.I.S.M.A.) [ Justin Killian ]

Organizations of all types and sizes face a range of risks that can affect the achievement of their objectives. Organization's activities Strategic initiatives.

1 DoD Environmental Management Policy. 2 EO 13148: Greening the Government Through Leadership in Environmental Management.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

NIST SP800 53R4 WMISACA Conferance April 2016 By Dean E Brown CISSP, ISSMP, CSSLP, MCSD Owner – ITSecurityAxioms.com 262 Barrington Cir Lansing, MI

Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.

© ITT Educational Services, Inc. All rights reserved. IS4680 Security Auditing for Compliance Unit 1 Information Security Compliance.

SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.

Computer Security Division Information Technology Laboratory

Special Publication Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations Dr. Ron Ross Computer Security.

Matthew Christian Dave Maddox Tim Toennies

Cybersecurity ATD technical

An overview of Internal Controls Structure & Mechanism

MANAGEMENT of INFORMATION SECURITY, Fifth Edition

Presentation transcript:

Federal IT Security Professional - Manager FITSP-M Module 1

Leadership Only through diligence and a well-trained workforce will we be able to adequately defend the nation’s vital information resources. - Michael V. Hayden CNSS Secretariat

Overview  Section A: Objectives, Expectations, & Introductions –FISMA Compliance Defined –Expectation & Goals –Target Audience –Introductions  Section B: Security Certifications Exams –Federal IT Security Institute –FITSP – Manager Certification  Section C: FITSP-M Courseware Logistics –Course Outline –Course Materials –Course Evaluation

OBJECTIVES, EXPECTATIONS, & INTRODUCTIONS Section A

In Accordance with FISMA…  Secretary of Commerce shall, on the basis of standards and guidelines developed by NIST, prescribe standards and guidelines pertaining to federal information systems.  FISMA requires that federal agencies comply with FIPS standards  Federal agencies must follow NIST Special Publications mandated in FIPS.  Other security-related publications are mandatory only when specified by OMB.  Compliance schedules are established by OMB (and now the DHS - e.g., annual FISMA Reporting Guidance)

Course Expectations & Goals  Clear Understanding of FISMA Compliance, via NIST Risk Management Framework, based on : –Governmental Laws and Regulations –OMB/DHS Policies, Directives, Or Memoranda –NIST Special Publications –NIST Federal Information Processing Standards (FIPS) –NIST Interagency Reports  Further Education, Training & Certification  IT Security Workforce Training is Critical to the FISMA Mandate

Target Audience [Excerpt from SP Guide for Applying the Risk Management Framework to Federal Information Systems]  Individuals associated with the design, development, implementation, operation, maintenance, and disposition of federal information:  Ownership Responsibilities  Development and Integration Responsibilities  Oversight Responsibilities  Assessment and Monitoring Responsibilities  Security Implementation and Operational Responsibilities

Introductions  Introducing Your Instructor Introducing Your Instructor Student Information  Experience –Auditors –Operators –Managers  Employer –DoD, NSA –Civilian Agency –Other  Education –IT/IA Degrees –MBA  Certifications –FITSP/CAP –SANS –CISSP –Security+  Expectations –Starting from 0? –What’s New (800-37r1)

IT SECURITY TRAINING AND CERTIFICATION Section B

Federal IT Security Institute "To help secure the Nation's Federal Information Systems by certifying that Federal Workforce members understand and can apply appropriate Federal IT security standards.“ - Jim Wiggins, FITSI Executive Director 2010 FISSEA Educator of the Year

Federal IT Security Professional

Federal IT Security Professional Domains & Security Topics  Domain 1 – NIST Special Publications  Domain 2 – NIST Federal Information Processing Standards (FIPS)  Domain 3 – NIST Control Families  Domain 4 – Governmental Laws and Regulations  Domain 5 – NIST Risk Management Framework  Domain 6 – NIST Interagency Reports

FITSP-M COURSEWARE LOGISTICS Section C

All About the RMF  Categorize the information system based on a FIPS 199 impact analysis;  Select an initial set of baseline security controls for the information system based on system impact level and apply tailoring guidance, as needed;  Implement the security controls and document the design, development, and implementation details for the controls;  Assess the security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system;  Authorize information system operation based on a determination of risk to organizational operations and assets, individuals, other organizations, and the Nation resulting from the operation and use of the information system and the decision that this risk is acceptable; and  Monitor the security controls in the information system and environment of operation on an ongoing basis…

FITSP–M Course Outline  US Government Laws  Risk Management Framework Overview  Gap Analysis –Categorization –Security Control Selection –Security Control Implementation  Security Control Assessment  Authorization  Continuous Monitoring

Course Material  FITSI Authorized Training Workbook –  Public Domain Reference Documents – – – resources.shtmhttp:// resources.shtm  Activity Files and Other Miscellaneous: –2011 FISMA Report, –2012 Reporting Metrics for CIOs/OIGs, /SAOPs/Micro Agencies –Relative OMB Memos (listed and unlisted) –FedRAMP ConOps

Course Evaluation  Continuous Monitoring of Student Feedback –Good – What did you like about today’s session? –Bad – What would you like to see different in tomorrow’s session? –Opportunity – This is your class! Frequent input allows for corrective action to mitigate the risk of disappointment.  End of Course Survey

Questions? Next Module: US Government LawsUS Government Laws