The Unified Information Security Framework - ISACA Chapter Event
The National Institute of Standards and Technology has revised its information security and risk management guidelines for protecting federal information systems from hostile cyber-attacks and other common threats. The Unified Information Security Framework is the current framework in use by the federal government and its contractors. NIST, in partnership with the private sector, has also led an initiative to develop a Cybersecurity Framework for critical infrastructure owners and operators. This session is focused on the federal Unified Information Security Framework which has been operationalized to align separate but overlapping security programs for civilian, military, and intelligence agencies. Dr. Ross will also speak to the relationship between the federal framework and the Cybersecurity Framework just released on February 12, 2014.
WHAT YOU WILL LEARN
This series of four sessions will provide an in-depth examination of the Unified Information Security Framework developed by the National Institute of Standards and Technology, the Department of Defense, and the United States Intelligence Community to protect federal information systems and organizations against a diverse set of threats. In particular, the sessions will provide comprehensive training on several NIST security standards and guidelines including FIPS Publications 199 and 200, and Special Publications 800-39, 800-37, 800-53, and 800-137.
• Understand how to manage information security risks at the governance, mission/business process, and information system levels within organizations.
• Understand how to conduct targeted risk assessments.
• Understand how to use the Risk Management Framework to: categorize information and information systems; select, implement, and assess security controls; authorize information systems for operation; and monitor systems and organizations on an ongoing (continuous) basis.
WHO SHOULD ATTEND
Enterprise and security architects, systems and security engineers, CISOs, ISSOs, information system owners, authorizing officials, mission/business owners, Inspectors General, auditors, system evaluators, assessors.
This all day session qualifies for 8 CPE credits. To receive CPE credit, ISACA Greater Hartford Chapter (GHC) (www.isacact.org ) requires that participants sign-in on the ISACA GHC Sign-in Sheet provided at registration. CPE certificates will be provided after participant completion of the Session Evaluation Form that will be distributed at the end of the program.
ABOUT YOUR SPEAKER
Ron Ross, Fellow at the National Institute of Standards and Technology (NIST)
Ron's current areas of specialization include information security and risk management. Dr. Ross leads the Federal Information Security Management Act (FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical information infrastructure. His recent publications include Federal Information Processing Standards (FIPS) Publication 199 (security categorization standard), FIPS Publication 200 (security requirements standard), NIST SP 800-39 (risk management guideline), NIST Special Publication (SP) 800-53 (security controls guideline), NIST SP 800-53A (security assessment guideline), NIST SP 800-37 (security authorization guideline), and NIST SP 800-30 (risk assessment guideline). Dr. Ross is the principal architect of the Risk Management Framework and multi-tiered approach that provides a disciplined and structured methodology for integrating the suite of FISMA standards and guidelines into a comprehensive enterprise-wide information security program. Dr. Ross also leads the Joint Task Force Transformation Initiative, a partnership with NIST, the Department of Defense, the Intelligence Community, the Office of the Director National Intelligence, and the Committee on National Security Systems to develop a unified information security framework for the federal government.
In addition to his responsibilities at NIST, Dr. Ross supports the U.S. State Department in the international outreach program for information security and critical infrastructure protection. Dr. Ross previously served as the Director of the National Information Assurance Partnership, a joint activity of NIST and the National Security Agency. A graduate of the United States Military Academy at West Point, Dr. Ross served in a variety of leadership and technical positions during his over twenty-year career in the United States Army. While assigned to the National Security Agency, he received the Scientific Achievement Award for his work on an inter-agency national security project and was awarded the Defense Superior Service Medal upon his departure from the agency. Dr. Ross is a three-time recipient of the Federal 100 award for his leadership and technical contributions to critical information security projects affecting the federal government and is a recipient of the Department of Commerce Gold and Silver Medal Awards. Dr. Ross has been inducted into the Information Systems Security Association (ISSA) Hall of Fame and given its highest honor of ISSA Distinguished Fellow. Dr. Ross has also received many private sector cyber security awards and recognition including the Applied Computer Security Associates (ACSA) Distinguished Practitioner Award, the Vanguard Chairman’s Award, the Symantec Cyber 7 Award, InformationWeek’s Government CIO 50 Award, Best of GTRA Award, and the ISACA National Capital Area Conyers Award. During his military career, Dr. Ross served as a White House aide and as a senior technical advisor to the Department of the Army. Dr. Ross is a graduate of the Defense Systems Management College and holds Masters and Ph.D. degrees in Computer Science from the U.S. Naval Postgraduate School specializing in artificial intelligence and robotics.
If you have any questions, please contact email@example.com directly.