Presentation is loading. Please wait.

Presentation is loading. Please wait.

Federal IT Security Professional - Manager FITSP-M Module 1.

Published byJodie Grant Modified over 8 years ago

Similar presentations

Presentation on theme: "Federal IT Security Professional - Manager FITSP-M Module 1."— Presentation transcript:

1 Federal IT Security Professional - Manager FITSP-M Module 1

2 Leadership Only through diligence and a well-trained workforce will we be able to adequately defend the nation’s vital information resources. - Michael V. Hayden CNSS Secretariat

3 Overview  Section A: Objectives, Expectations, & Introductions –FISMA Compliance Defined –Expectation & Goals –Target Audience –Introductions  Section B: Security Certifications Exams –Federal IT Security Institute –FITSP – Manager Certification  Section C: FITSP-M Courseware Logistics –Course Outline –Course Materials –Course Evaluation

4 OBJECTIVES, EXPECTATIONS, & INTRODUCTIONS Section A

5 In Accordance with FISMA…  Secretary of Commerce shall, on the basis of standards and guidelines developed by NIST, prescribe standards and guidelines pertaining to federal information systems.  FISMA requires that federal agencies comply with FIPS standards  Federal agencies must follow NIST Special Publications mandated in FIPS.  Other security-related publications are mandatory only when specified by OMB.  Compliance schedules are established by OMB (and now the DHS - e.g., annual FISMA Reporting Guidance)

6 Course Expectations & Goals  Clear Understanding of FISMA Compliance, via NIST Risk Management Framework, based on : –Governmental Laws and Regulations –OMB/DHS Policies, Directives, Or Memoranda –NIST Special Publications –NIST Federal Information Processing Standards (FIPS) –NIST Interagency Reports  Further Education, Training & Certification  IT Security Workforce Training is Critical to the FISMA Mandate

7 Target Audience [Excerpt from SP 800-37 Guide for Applying the Risk Management Framework to Federal Information Systems]  Individuals associated with the design, development, implementation, operation, maintenance, and disposition of federal information:  Ownership Responsibilities  Development and Integration Responsibilities  Oversight Responsibilities  Assessment and Monitoring Responsibilities  Security Implementation and Operational Responsibilities

8 Introductions  Introducing Your Instructor Introducing Your Instructor Student Information  Experience –Auditors –Operators –Managers  Employer –DoD, NSA –Civilian Agency –Other  Education –IT/IA Degrees –MBA  Certifications –FITSP/CAP –SANS –CISSP –Security+  Expectations –Starting from 0? –What’s New (800-37r1)

9 IT SECURITY TRAINING AND CERTIFICATION Section B

10 Federal IT Security Institute http://www.FITSI.org "To help secure the Nation's Federal Information Systems by certifying that Federal Workforce members understand and can apply appropriate Federal IT security standards.“ - Jim Wiggins, FITSI Executive Director 2010 FISSEA Educator of the Year

11 Federal IT Security Professional

12 Federal IT Security Professional Domains & Security Topics  Domain 1 – NIST Special Publications  Domain 2 – NIST Federal Information Processing Standards (FIPS)  Domain 3 – NIST Control Families  Domain 4 – Governmental Laws and Regulations  Domain 5 – NIST Risk Management Framework  Domain 6 – NIST Interagency Reports

13 FITSP-M COURSEWARE LOGISTICS Section C

14 All About the RMF  Categorize the information system based on a FIPS 199 impact analysis;  Select an initial set of baseline security controls for the information system based on system impact level and apply tailoring guidance, as needed;  Implement the security controls and document the design, development, and implementation details for the controls;  Assess the security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system;  Authorize information system operation based on a determination of risk to organizational operations and assets, individuals, other organizations, and the Nation resulting from the operation and use of the information system and the decision that this risk is acceptable; and  Monitor the security controls in the information system and environment of operation on an ongoing basis…

15 FITSP–M Course Outline  US Government Laws  Risk Management Framework Overview  Gap Analysis –Categorization –Security Control Selection –Security Control Implementation  Security Control Assessment  Authorization  Continuous Monitoring

16 Course Material  FITSI Authorized Training Workbook –http://www.amazon.comhttp://www.amazon.com  Public Domain Reference Documents –http://csrc.nist.gov/http://csrc.nist.gov/ –http://www.whitehouse.gov/omb/memoranda_defaulthttp://www.whitehouse.gov/omb/memoranda_default –http://www.dhs.gov/files/programs/fns-announcements- resources.shtmhttp://www.dhs.gov/files/programs/fns-announcements- resources.shtm  Activity Files and Other Miscellaneous: –2011 FISMA Report, –2012 Reporting Metrics for CIOs/OIGs, /SAOPs/Micro Agencies –Relative OMB Memos (listed and unlisted) –FedRAMP ConOps http://www.federalcybersecurity.org/downloads.html

17 Course Evaluation  Continuous Monitoring of Student Feedback –Good – What did you like about today’s session? –Bad – What would you like to see different in tomorrow’s session? –Opportunity – This is your class! Frequent input allows for corrective action to mitigate the risk of disappointment.  End of Course Survey

18 Questions? Next Module: US Government LawsUS Government Laws

Download ppt "Federal IT Security Professional - Manager FITSP-M Module 1."

Similar presentations

Module N° 7 – SSP training programme

Module N° 7 – SSP training programme
Effective Contract Management Planning

Effective Contract Management Planning
Subchapter M-Indian Self- Determination and Education Assistance Act Program Part 273-Education Contracts under Johnson-OMalley Act.

Subchapter M-Indian Self- Determination and Education Assistance Act Program Part 273-Education Contracts under Johnson-OMalley Act.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Campus Improvement Plans

Campus Improvement Plans
1 NIST, FIPS, and you... Bob Grill Medi-Cal ISO July 16, 2009.

1 NIST, FIPS, and you... Bob Grill Medi-Cal ISO July 16, 2009.
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
SSA’s Electronic Information Data Exchange Information Security Certification and Compliance Monitoring Program Presented by: Michael G. Johnson, Director,

SSA’s Electronic Information Data Exchange Information Security Certification and Compliance Monitoring Program Presented by: Michael G. Johnson, Director,
Near Real Time Risk Management Transforming the Certification and Accreditation Process ISSA-Baltimore Chapter Meeting May 28, 2008 Dr. Ron Ross.

Near Real Time Risk Management Transforming the Certification and Accreditation Process ISSA-Baltimore Chapter Meeting May 28, 2008 Dr. Ron Ross.
Presented By: Thelma Ameyaw Security Management TEL2813 4/18/2008Thelma Ameyaw TEL2813.

Presented By: Thelma Ameyaw Security Management TEL2813 4/18/2008Thelma Ameyaw TEL2813.
Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.

Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.
National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.

National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.

Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
Internal Audits, Governmental Audits, and Fraud Examinations

Internal Audits, Governmental Audits, and Fraud Examinations
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
Risk Assessment Frameworks

Risk Assessment Frameworks
Risk Management Framework

Risk Management Framework

Similar presentations

Ads by Google