12th Year Anniversary
Event: Training: Build Your IT Security Continuous Monitoring Program
Build Your IT Security Continuous Monitoring Program March 10 - March 11, 2010

New FISMA requirements place increased emphasis on implementing and effective "continuous monitoring program" for all government IT systems.  This will be accomplished by OMB increasing the annual FISMA reporting requirements and NIST issuing NIST Special Publication 800-37, Revision 1.  

 

What are the most effective and efficient ways to meet these new OMB and NIST FISMA requirements?  What strategies and tools are available to support a seamless implementation of these requirements into your IT system, which will be most effective for your system and organizational culture?  All of these questions will be answered during this workshop by experts who have supported the implementation of security in over 200 government and contractor run government IT systems.   Through this Course, attendees will:

  • Understand the new FISMA and NIST requirements for Continuous Monitoring (CM);
  • Know the new CM related OMB reporting requirements;
  • Learn the various strategies and tools available to support this requirement;
  • Be able to create a tailored CM program in to their organization;
  • Determine "How much is enough?";
  • Learn how to integrate seamlessly CM efforts into existing operations and culture; and
  • Influence IT funding using CM results.

 

Featured Speaker

Marianne Swanson, Senior Advisor for Information System Security, National Institute of Standards and Technology will provide a NIST strategy and objectives overview for the New 800-37 Revision 1 NIST Guide for the Security Certification and Accreditation of Federal Information Systems.

 

  

Learning Objectives

The learning objectives for this 2-day, Manager and Operations Level course are broad ranging and include a number of concepts including understanding the:

  • New FISMA and NIST Continuous Monitoring (CM) requirements;
  • Updated OMB reporting requirements and the relationship to a CM program;
  • Components of an effective CM Program;
  • Myths, facts, issues and concerns;
  • GOTs and COTs solutions available to support a CM Program;
  • Strategies for creating and implementing an effective program;
  • Answer to "How much is enough?"; and
  • Way to use the results of their CM to influence fund and resources.

 

Who Should Attend

The intended audience for the course is individuals with security responsibility in Federal, Department of Defense, and Intelligence organizations to include:  authorizing officials (AOs), designated approving authorities (DAAs), certifiers, Chief Information Security Officers (CISOs), IT system owners, project managers, information system security officers (ISSOs), and system administrators and their staffs and any individuals seeking to maintain and monitor their IT security within the US Government.

  • Configuration management and control processes;
  • Security impact analyses on actual or proposed changes to information systems and environments of operation;
  • Assessment of selected security controls in information systems and controls inherited by those systems (i.e., common controls); and
  • Security status reporting to appropriate organizational officials.

 

Earn PDUs / CPEs

  • PMI® PMPs will earn 11 PDUs for attending this Training Seminar
  • Earn 10 (ISC)2 CPEs: Attendees who carry the SSCP, CISSP, ISSEP, ISSMP, ISSAP or CAP credential from (ISC)2 can receive 10 Continuing Professional Education (CPE) credits. Credential holders must enter their CPE credits in the usual manner on the (ISC)2 website.

 

Attendees will receive a Certificate of Completion as a result of their seminar participation.

 

 

Agenda

Wednesday, March 10


8:00AM      Registration Opens / Continental Breakfast Served

8:30AM      Overview and introductions

9:00AM      Guest Speaker:  Marianne Swanson:  NIST strategy

                      and objectives overview on New 800-37, Revision 1

                      NIST Guide for Applying the Risk Management

                      Framework to Federal Information Systems.

10:00AM     Break

10:15AM     OMB's New Annual Reporting Requirements Review

11:15AM     Technical Components of a Continuous Monitoring

                    Program

                       - Configuration Management

                       -  Update and Patch Management

                       -  Security Control Assessment Program

                       -  Detection Systems: IDS, AV, SPAM filters, Users

                       -  Vulnerability Scans overview

Noon           Lunch

1:00PM       Components of a Continuous Monitoring Program

                       -  Document Updates (i.e., System Security Plan  

                          (SSP), Risk Assessment (RA), and Plan of

                          Actions and Milestones (POA&M))  

                       -  Awareness, Training and Education

                       -  Audits

                       -  Status Reports and Journals

2:00PM       Continuous Monitoring Tools Overview

3:45PM       Adjourn


Thursday, March 11

8:00AM       Continental Breakfast Served

8:30AM       Continuous Monitoring Control Exercise

9:45AM       Keys to Success:  Mission, Methodology, Milestones,  

                    Management, and Money

10:00AM     Break

10:15AM     Mission:  Strategies for Building a Successful CMP for 

                    Your System

10:45AM     Methodology:  CMP Outline and Report Formats

12:00PM      Lunch

1:00PM       Methodology (continued):  Checklists and Tools

1:45PM       Milestones:  Create Your Own CMP

2:15PM       Management:  Control and Monitor Your CMP in an 

                    Hour a Month 

2:30PM       Break

2:45PM       Money:  Use Your CMP Reports to Influence Funding

                   and Resources

3:30PM      Summary

3:45PM      Adjourn

 

 

What Attendees will Receive

  • A copy of the book Know Cyber Risk
  • Training Materials
  • A Certificate of Completion
  • Continental Breakfast
  • Lunch

 

 

Why Attend

Explore in a hands-on, vendor-neutral, interactive academic setting how to effectively meet the new FISMA and NIST requirements for continuous monitoring in your organization and increase the security of your IT systems.

 

 

Instructors

James Litchko, CISSP-ISSEP, MBCI, CMAS, Senior Security Expert, Cyber Security Professionals

Mr. Litchko has been working as a security expert for over 30 years. Jim created and taught the first graduate computer security course at Johns Hopkins University for ten years and was a project manager at NSA for five years.  He has supervised and supported the securing of over 200 military, government and commercial IT systems.  Over the past two years alone, he has supported the securing of IT systems at DHS, DOE, VHA, NASA, EPA, GAO, USDA, USAF, DOJ, and FEMA.  Currently, he is a senior security expert and managing director for Cyber Security Professionals and an instructor for ISC2 teaching the CISSP, Engineering Professional and Certification and Accreditation Professional review courses.  A student of Ken Blanchard, Ph.D., the author of The One-Minute Manager®, Jim holds a Masters degree from Johns Hopkins University and has authored five books on security and management topics, to include KNOW Cyber Risk.  

 


Al Payne, CISSP, CAP, Senior Security Expert, Theta Solutions

Mr. Payne has over 30 years of IT experience including 12 years in security.  In the course of his security career he has performed over 150-security assessment projects.  He has performed these security tasks for military, government / civilian agencies and medical applications.  Over the last five years his clients have included DOE, DOI, EPA, USAID, USDA, HHS, NASA, VA, and commercial medical companies. Mr. Payne has performed all facets of the NIST risk management framework including policies and procedures.  He is a security expert that is also an author, business consultant, instructor and speaker. His current engagement is implementing and conducting Continuous Monitoring for a government client with 11 sites and over 45 accreditation boundaries (unclassified and classified).  Mr. Payne co-authored Know Cyber Risk and contributed to Know Cyber Security.  

 

 

What Attendees Said...

About past Seminars on  this subject:

  • "Lots of real world examples."
  • "The group activities really made you think about the subject matter."
  • "I enjoyed the ability to hear from my peers how they dealt with certain issues."
  • "Good instructors. Well organized information.  Useful resources."
  • "Provided practical methods to conduct our CMP."
  • "Good coordination of materials and anecdotal information."
  • "I enjoyed the presentation ,  the real experiences shared, and the exercises on continuous monitoring action."
  • "The course materials are great reference materials."
  • "Interesting stories from real life experiences."
  • "The exercise identifying control monitoring actions/frequency was helpful."
  • "Comprehensive coverage of CMP."
  • "Great explanation of Continuous Monitoring tools.  The correlation of real life events in explanation of process was helpful.  Lots of great information on effective CMP."
  • "The exercises and exchanges of information and participants were invaluable."
  • "Good exchange of ideas / thoughts."

 

date March 10 - March 11, 2010 location UVA/Virginia Tech Northern Virginia Center

7054 Haycock Road
Falls Church, VA 22043

The Virginia Tech Northern Virginia Center is located 100 yards southwest of the Metro station across the parking lot. Click Here for directions. registration fee Before February 26:
Government: $795
Industry: $895

After February 26:
Government: $895
Industry: $995










Home | Events | Knowledge Centers | About Us | Privacy Policy
© 2008 The Digital Government Institute, LLC