Over the past year, Office of Management and Budget (OMB) and  National Institute of Standards and Technology (NIST) have made some major advances in improving the future of government information system security.  These include the following

• Standardized the Authorization process for all government entities (NIST SP800-37)
• Establish the goal to achieve “near-real-time security awareness” for all government Information Technology (IT) systems
• Increased CIO’s authority (Federal Information Technology (IT) Reform Plan and OMB Memo 11-29)
• Made Department Homeland Security (DHS)  responsible for FISMA reporting oversight (OMB Memo 10-28)
• Required FISMA reporting be made monthly to the CyberScope system (OMB Memo-10-15)
• Enhanced DHS support to resolve agency issues using CyberStats reviews (OMB 2010 Report to Congress), and
• Published new guidelines on how to do risk management (NIST SP800-39), risk management (NIST SP800-30), and continuous monitoring planning (NIST SP800-137)

How do you leverage all of these advances to successfully meet your 2012 FISMA requirements?  This 2-day course explains the specifics of these advances and provides strategies for leveraging them into meeting your individual and enterprise FISMA responsibilities in 2012. Attendees will gain a practical understanding of the strategies by working real-world examples during group activities and by reviewing actual samples of the key FISMA documents:  

• System security Plan (SSP)
• Plan of Action and Milestones (POAM)
• Security Assessment Report (SAR), and
• Information System Continuous Monitoring (ISCM) Plans

Speakers from DHS and NIST will be providing current information and guidance related to trends and the new FISMA reporting metrics, processes, and standards.  The main speaker is a Certified (ISC)2 Instructor, who has developed and taught DIACAP, CISSP, ISSEP and CAP review courses for over five years.  He also brings real-world practical experience from their supporting over 300 FISMA C&A's and continuous monitoring programs for systems in military, public and private sectors. He is the author of six published books on computer security, management and Certified Authorization Professional (CAP) review courses.  Using his experience, he will provide practical examples and strategies for solving individual and enterprise IT security solutions for real-world systems.  

Featured Speakers

Kelley Dempsey, CISSP, Senior Information Security Specialist, National Institute of Standards and Technology, Information Technology Lab/Computer Security Division will discuss the NIST strategy and objectives overview for the New 800-39 "Managing Risk for Information Systems: An Organization Perspective"

Jeannette Cockrell, Information Technology Specialist, Department of Homeland Security, National Cyber Security Division, Federal Network Security Branch will provide information surrounding the Federal Network Security guidance from Office of Management and Budget (OMB) Memorandum 10-28, CyberScope and FISMA Reporting trends, and the CyberStat Review Process

Course Attendees Will:

• Gain a thorough understanding of the new FISMA requirements and processes (FISMA metrics, CyberScope, SCAP, CyberStat Reviews, etc.)
• Understand the new NIST standards for the new Authorization Process, Risk Management Framework (RMF), Risk Assessments, and Continuous Monitoring
• Learn how to conduct a risk assessment and use the results to identity and justify more effective security solutions and gain additional resources
• Participate in solving problems related to establishing effective boundaries, conducting risk assessments, facilitating group solutions, leveraging common controls, and tailoring security controls
• Know the new roles, responsibilities, requirements and reports related to FISMA
• Receive strategies on how to leverage these changes to improve their security and make their FISMA efforts more effective, and
• Review and increase resources for improving system and enterprise security

Who Should Attend

The intended audience for the course is for senior information security officers (SISOs), information system owners, project managers, information system security officers (ISSOs), system managers,  administrators and their staffs and any individuals seeking to better understand how to secure an IT system and meet FISMA requirements and develop a Continuous Monitoring Program  This course is recommended for all of these roles from the contractor, integrator, government agency, military and intelligence communities.

Learning Objectives:

The learning objectives for this 2-day, Executive, Manager and Operations Level course, are broad ranging and include a number of concepts and strategies including understanding the:

• New NIST SP 800-37, Revision 1, and SP 800-39 standards for the new Authorization Process and Risk Management Framework
• Updated NIST SP 800 series documents that support the new process, e.g., risk assessments (NIST SP 800-30) and ITCM planning (NIST SP 800-137)
• Practical method for implementing the new process successfully into your environment and culture
• Methods for reducing the amount of resources and paperwork
• Answers to "How much is enough?" using “cost-effective and risk-based” methodologies
• Strategies for developing a key FISMA documents, with examples:  Samples of Key FISMA documents:  SSP, POAM, SAR, and ISCM Plans
• Tactics for gaining resources to support your security improvements

Earn PDUs / CPEs

• PMI® PMPs will earn 11 PDUs for attending this Training Seminar (approval pending)
• Earn 11 (ISC)² CPEs: Attendees who carry the SSCP, CISSP, ISSEP, ISSMP, ISSAP, CSSLP or CAP credential from (ISC)² can receive 11 Continuing Professional Education (CPE) credits. Credential holders must enter their CPE credits in the usual manner on the (ISC)² website.

Attendees will receive a Certificate of Completion as a result of their seminar participation.

What Attendees will Receive

• Course Manual, Study Guide, and Training Materials
• Samples of Key FISMA documents:  SSP, POAM, SAR, and ISCM Plans
• Copy of the current Office of Management and Budget FISMA guidance
• Signed copy of Jim Litchko’s Know Cyber Risk book
• Certificate of Completion
• Continental Breakfast and Lunch

What Attendees Enjoyed Most

About Digital Government Institute's Previous FISMA Training Seminar, and Course Instructor Jim Litchko:

• "I've attended other related training and this was by far the best value."
• "Good examples used to convey understanding."
• I enjoyed "How Jim could translate his lecture into selling points / common sense."
• "Real scenarios and experiences."
• I enjoyed the "Group exercises – gain everyone’s attention and opinions from a broad range across the industry."
• The course provided "Supplemental / Information beyond just guidance. (I also enjoyed the ) Real world / life examples / discussions."
• I enjoyed "The real life stories and how they interact with the materials."
• "The entire session was engaging and very informative.  The materials are awesome."
• I enjoyed "Learning more in-depth procedures on how security should be implemented."
• "Wide breadth of material covered in a well organized fashion."
• I enjoyed the "Instructor's practical knowledge in implementing concepts."

About the Course Instructor

James Litchko, CISSP-ISSEP, CAP, MBCI, CMAS, Senior Security Expert, Litchko & Associates, Inc.
Mr. Litchko has been working as a security expert for over 30 years. Jim created and taught the first graduate computer security course as an adjunct professor at Johns Hopkins University for ten years and was a project manager and executive at NSA for five years.  He has supervised and supported the securing of over 200 military, government and commercial IT systems.  Over the past three years alone, he has supported the securing of IT systems at DHS, VHA, NASA, DOE, EPA, GAO, USDA, USAF, DOJ, and FEMA.  Currently, he is a senior security expert for Litchko & Associates and is a Certified (ISC)2 Instructor teaching the CISSP, Engineering Professional (ISSEP), and Certification and Accreditation Professional (CAP) review courses, and the DIACAP and Continuous Monitoring courses for (ISC)2, Digital Government Institute, Intense Schools, and InfoSec Institute.  A student of Ken Blanchard, Ph.D., the author of The One-Minute Manager®, Jim holds a Masters degree from Johns Hopkins University and has authored five books on security and management topics, to include:  2011 FISMA Authorization Process Guide: A Review for the (ISC)2® CAP® Certification Exam, KNOW IT Security, KNOW Your Life, and co-authored (ISC)2's Official Information System Security Management Professional, Cyber Threat Levels Response Handbook, and Know Cyber Risk.