FISMA 2.0: A CISO Perspective

Slides:



Advertisements
Similar presentations
U.S Constitution: Creates Sovereign Power
Advertisements

SHIFTING INFORMATION SECURITY LANDSCAPE FROM C&AS TO CONTINUOUS MONITORING ANDREW PATCHAN JD, CISA ASSOCIATE IG FOR IT, FRB LOUIS C. KING, CPA, CISA, CMA,
Environmental Affairs 1 Introduction; Corporate Compliance… Accountability for Environmental Matters “Environmental liability is strict liability….”
IT Security Law for Federal Agencies As of: 30 December 2002.
Module 11 Federal Funds and Single Audits Convery
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
CENDI/NFAIS Quality Workshop: The Importance of Quality and Integrity Kevin Kirby, Enterprise Data Architect US Environmental Protection Agency Office.
Ensuring Compliance Part 2 JAQUELINE REESE AND RICHARD SHEAFFER | MAY 12, 2014.
Proposed Maturity Model for
Effective Internal Control, Establishing an Internal Audit Function, and Compliance Plans 2014 Governmental Accounting For Local Public Health September.
Protected Areas Conservation Trust’s (PACT) Accreditation to the Adaptation Fund Board: The Process and experience. By: Kerry Belisle (PACT)
Chapter 15 section1: The Federal Bureaucracy
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Office of Inspector General (OIG) Internal Audit
PPA 573 – Emergency Management and Homeland Security Lecture 4c – Planning, Training, and Exercising.
Session 121 National Incident Management Systems Session 12 Slide Deck.
Purpose of the Standards
Vers. national spatial data infrastructure training program Geospatial Business Planning Introduction to FGDC Initiatives Related to Geospatial Business.
Federal IT Security Professional - Manager FITSP-M Module 1.
Complying With The Federal Information Security Act (FISMA)
Chapter 15: Government at Work: The Bureaucracy Section 2
District Planning Council Program Overview. District Planning Concept Local Elected Officials Emergency Managers Emergency Responders Local Business Community.
CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.
Module J Audits and Inspections Patricia E. Koziol 1Module J Final Version 1-May-2010.
Portfolio Committee on the Department of Police Auditor’s General perspective 2 March 2010.
Federal IT Security Professional - Auditor
1 DOE IMPLEMENTATION WORKSHOP ASSESSING MY EMS Steven R. Woodbury
FISMA’s Facelift: In the Eye of the Beholder? October 4, 2010.
DEPARTMENT OF MANAGEMENT SERVICES OFFICE OF INSPECTOR GENERAL.
Role of the Board of Directors
Recognition: the national centre and the ENIC Network Seminar on the recognition of qualifications Baku, 22 April 2005 Gunnar Vaht Head of the Estonian.
Assessment and Authorization for Cloud Computing Dr. Sarbari Gupta ext 12 Third Workshop on Cyber Security & Global.
MD Digital Government Summit, June 26, Maryland Project Management Oversight & System Development Life Cycle (SDLC) Robert Krauss MD Digital Government.
Chapter 15: Government at Work: The Bureaucracy Section 2
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
Strengthening Science Supporting Fishery Management  Standards for Best Available Science  Implementation of OMB’s Peer Review Bulletin  Separation.
Supreme Audit Office (the NIK): Basic Facts Riga, 4 April 2012.
Electronic Records Management: A New Understanding of Policy, Compliance, and Discovery Robert J. Sobie, Ph.D. Director Information Systems Department.
Preston Alderman MSDE, Director of Audit.  As recipients of federal and state funds we are charged with ensuring that the funds are adequately accounted.
RECOMMENDATIONS FOR THE INSTITUTIONALIZATION OF THE ACTIVITIES OF THE REMJA WORKING GROUP ON MUTUAL LEGAL ASSISTANCE IN CRIMINAL MATTERS AND EXTRADITION.
ISSAI 400 Compliance Auditing
University of Maryland University College (UMUC) 3/11/2004 POA&M and FISMA What does it really mean? FISSEA Annual Conference.
Briefing to the Portfolio Committee on International Relations and Cooperation on the audit outcomes for the 2013/2014 financial year 15 October 2014.
OMB Memorandum M Implementation of the Government Charge Card Abuse Prevention Act of 2012 (Charge Card Act) September 2013.
Briefing to the Portfolio Committee on Economic Development Department on the audit outcomes for the 2013/2014 financial year Presenter: Ahmed Moolla October.
Agricultural Marketing Service USDA Oversight of Beef Checkoff Program Agricultural Marketing Service.
Evaluate Phase Pertemuan Matakuliah: A0774/Information Technology Capital Budgeting Tahun: 2009.
CITY MANAGER’S OFFICE INTERNAL AUDIT FRAMEWORK January 25, 2016 Audit Committee Meeting Presented by: Ruthe Holden, Internal Audit Manager.
NATIONAL INCIDENT MANAGEMENT SYSTEM Department of Homeland Security Executive Office of Public Safety.
Verification, Validation and Internal Audits - Jose Jimenez Federal Facilities Program Manager – EPA Region III.
ISO 9001 Quality Management System implementation experience in the Agency on Statistics of the Republic of Kazakhstan (ASRK) Zhasser Jarkinbayev, ASRK.
Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.
A risk assessment is the process of identifying potential hazards an organization may face and analyzing methods of response if exposure occurs.
Federal Information Security Management Act (F.I.S.M.A.) [ Justin Killian ]
Ministry of Finance Compliance assessment of the management and control systems of the managing authorities under the Operational programmes. Conclusions.
Internal Audits Presentation to California State Lottery Commission April 26, 2012 Director’s Report 6e.
Security Methods and Practice Principles of Information Security, Fourth Edition CET4884 Planning for Security Ch5 Part I.
PORT OF TACOMA Nationally: Port Security Grant Program (PSGP) Port Security Grant funds first appropriated in 2002 Approximately $400M each Federal Fiscal.
Agenda FISMA – an introduction Roles and Responsibilities
Winning with KEHA Roles and Responsibilities
Information Security Review Panel Report
The Policies and Processes of the WFME Recognition Program
Economic Policymaking Process
Advances in Aligning Performance Data and Budget Information:
Matthew Christian Dave Maddox Tim Toennies
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
Importance of Law and Policies in the Environmental Management System
Office of Inspector General
Structure of the Federal Bureaucracy
Presentation transcript:

FISMA 2.0: A CISO Perspective Marian Cody, CISO, EPA Richard Prentiss, CISO, OTS/Treasury Pat Howard, CISO, NRC

INTRODUCTION FISMA 1.0: Focus on compliance rather than proven security measures. “FISMA 2.0” Senate Bill S. 3474, Senator Tom Carper Approved by Senate Homeland Security and Governmental Affairs Committee in September Purpose: Strengthen federal IT security

SIGNIFICANT CHANGES Annual independent audits rather than evaluations Increased responsibility for the CISO Requirement for Operational Evaluations by DHS Establishment of a CISO Council Requirement for standard, government-wide contract language Annual DHS reports to Congress

ANNUAL INDEPENDENT AUDIT REQUIREMENT Changes in auditing standards Changes in scope to include audit of sub-set of both government-owned and contractor-owned IT systems Audit report must include overall conclusion about effectiveness of security controls

CISO RESPONSIBILITIES Appointment by the agency head Separation of duties between CIO and CISO mandated Quarterly submission of “security architecture framework documentation” to US-CERT CISO directly responsible for security programs of subordinate organizations Responsible for creating IT security performance measurement system Authority to disconnect agency IT systems CISO granted enforcement authority

OPERATIONAL EVALUATIONS To be conducted at least annually by DHS Agencies to establish security controls testing protocols Findings to be reported to the agency head, CIO, and CISO CISO to respond to results with corrective action plan within 30 days to agency head and CIO

CISO COUNCIL Purpose is to establish best practices and recommendations for operational evaluations Promote the development and use of standard performance metrics Recommend CISO qualifications

CONTRACT LANGUAGE OMB to publish standard security contract language in coordination with NIST Include standard terms for security of systems collection and transmission of information incident response procedures COTS products must comply with security requirements

ANNUAL DHS REPORT TO CONGRESS DHS to report on results of operational evaluations and testing protocols Provide detailed information on agency evaluation including results and pending corrective actions Describe effectiveness of testing protocols Describe information security posture of the federal government

SIGNIFICANT CHANGES Annual Audits rather than Evaluations Increased responsibility for the CISO Requirement for Operational Evaluations by DHS Establishment of a CISO Council Requirement for standard, government-wide contract language DHS annual report to Congress

QUESTIONS ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.