Implementing Federal Cybersecurity – The “One Document” Solution Training
May 31 – June 1, 2017
Today, you have over 20 different sets of “stove-piped” Cybersecurity requirements, each created to reduce the risk to your systems: New 2014 Federal Information Security Modernization Act (FISMA), OMB circular and memorandums, three FISMA metrics, six frameworks, and many other requirements, guidance, processes, and automation solutions. The result is an increased duplication of processes, procedures, documentation, and reports.
Now is the time to step back and answer the question, “How we can consolidate these requirements, implement all of these advances, deploy them in the most efficient, practical, effective manner and increase the system’s security?” This seminar will look at all the new advances and requirements and provide “cost-effective, risk-based”, “One Document” option for consolidating, improving and implementing the security for your systems, and meeting your FISMA metrics.
This seminar will review of all the requirements, which include the following:
- FISMA 2014: Cost-effective and risk-based security, roles and responsibilities, eliminate inefficient and wasteful reporting, on-going authorization, new privacy incident reporting requirements, etc.
- OMB Circular A-130: On-going authorization, eliminate inefficient and wasteful reporting, leveraging the Cybersecurity Framework, new incident response reporting, etc.
- DHS Secretary Binding Operational Directives (BOD): BOD-16-1 – Security High Value Assets (HVA) and BOD-16-2 – Threat to Network Infrastructure Devices.
- FISMA Metrics: Chief Information Officer (CIO), Inspector General (IG), and Senior Agency Official for Privacy (SAOP) – Information Security Continuous Monitoring (ISCM), Strong Authentication (Identity, Credential, and Assess Management (ICAM)), and Anti-Phishing and Malware Defense (APMD).
- Frameworks: System Development Life Cycle (SDLC), Risk Management Framework (RMF), Department of Defense (DoD) RMF, Cybersecurity Framework (CSF), System Security Engineering Framework (SSEF), High Value Asset Process Framework, etc.
- Guidance: Security and Privacy Controls for Federal Information Systems and Organizations (SP800-53 Rev5), Security Engineering Guideline (SP 800-160), Automation Support for Ongoing Assessment (NISTIR 8011), NIST Cybersecurity Practice Guides (SP1800 Series), Supplemental Guidance on Ongoing Authorization Transitioning to Near-Real-Time Risk Management, etc.
- Automation: Continuous Diagnostic Mediation (CDM) Solutions and Dashboard, Host Based Security System (HBSS), Assured Compliance Assessment Solution (ACAS), and Security Content Automation Protocol (SCAP).
- DHS Activities: EINSTIEN, Trusted Internet Connection (TIC), Managed Trusted Internet Protocol Services (MTIPS), and DHS Cybersecurity Hygiene Reviews.
- Clouds: Federal Risk and Authorization Management Program (FedRAMP).
After understanding all the above, the training will use an approach with a goal of documenting all the requirements and solutions in one document. Over the past year, the review of an actual Federal system has been performed, resulting in a “One Document” solution that concludes with a single document that supports the ongoing authorization and FISMA requirements from a security and operational perspective.
Simplified approaches to solving security problems, facilitation concepts, and risk assessment procedures will be presented. Finally, the attendees will be provided a sample of the “One Document” solution that supports the OMB, DHS and NIST Cybersecurity requirements for implementing and maintaining a system’s security and privacy controls will be provided.
Speakers from NIST and DHS will be providing current information and guidance related to trends and the new FISMA reporting metrics, processes, standards and solutions. The seminar instructor brings real-world practical experience from supporting over 300 FISMA Agency, Military, Intelligence, and Commercial authorizations and continuous monitoring programs for systems in military, public and private sectors.
Course Attendees will:
- Gain a thorough, up to date understanding of the new FY2017 cybersecurity frameworks, requirements and processes
- Receive strategies on how to leverage these changes to improve their security and make their FISMA efforts more effective
- Identify what “Near-Real-Time” means in continuous monitoring and ongoing authorization
- Review the automated solutions and how to use them
- Learn how to conduct a risk assessment and use the results to identity and justify more effective security solutions and gain additional resources
- Identify CDM, SCAP, HBSS, and ACAS automated security solutions for meeting OMB ISCM implementation requirements
- Participate in solving problems related to categorization, conducting risk assessments, facilitating group solutions, leveraging common controls, tailoring security controls and using security overlays templates, and identifying automated solutions
- Review and obtain a real-world example of the “One Document” solution
- How to create a Cybersecurity Calendar and Monthly Cybersecurity Status Report to effectively manage and document their cybersecurity actions and increase resources for improving their system and enterprise security
Who should attend:
The intended audience for the course is for Federal Agency, DoD and Intelligence:
- Authorization Officers (AOs)
- Chief Information Officers (CIOs)
- Chief Operations Officers (COOs)
- Chief Financial Officers (CFOs)
- Project Managers (PMs)
- Senior Information Security Officers / Chief Information Security Officers (SISOs/CISOs)
- Information System Owners and Information Owners
- Senior Agency Official for Privacy / Chief Privacy Officer (SAOP/CPO)
- Information System Security Managers (ISSMs)
- Information System Security Engineers (ISSEs)
- Information System Security Officers (ISSOs)
- Security Control Assessors (SCAs)
- System Administrators (SysAdm)
- Consultants, Integrators and Supporting Contractors
- Cybersecurity Professionals
- Supporting staff members
The learning objectives for this 2-day, Executive, Manager and Operations Level course, are broad ranging and include a number of concepts and strategies including understanding the:
- Requirements of the new FISMA, OMB, DHS, DoD and NIST requirements
- Updated NIST SP800 series documents that support the process, e.g., risk assessments (SP800-30, Rev1), security controls catalog (SP800-53, Rev5), system security engineering (SP800-160), cybersecurity practice guides (SP1800 series), etc.
- Approaches to leverage the security overlay templates, common and hybrid controls, and DHS initiatives
- Advantage of creating and using your own personal Cybersecurity Calendar and Monthly Cybersecurity Status Report to effectively manage your FISMA actions and gain resources to support your security improvements
- EINSTIEN, TIC, MTIPS, CDM, HBSS and ACAS solutions
- Methods for reducing the amount of resources and paperwork
- How to use the “One Document” solution to meeting Federal security requirements
Earn pdus / cpes:
- PMI® PMPs will earn 11 PDUs for attending this Training Seminar
- SSCP, CISSP, ISSEP, ISSMP, ISSAP, CSSLP or CAP credential holders from (ISC)2 can receive 11 Continuing Professional Education (CPE) credits. Credential holders must enter their CPE credits in the usual manner on the (ISC)2 website.
- CISA, CISM, CRISC and CGEIT credential holders from ISACA can earn 11 CPE credits. (Any course that pertains to at least one of the job practice areas of the certification will qualify for CPEs. It is up to the certified person to determine if the course or activity qualifies for CPE.)
Attendees will receive a Certificate of Completion as a result of their seminar participation.
James Litchko, CISSP-ISSEP, CAP, MBCI, CMAS, Senior Security Expert, Litchko & Associates, Inc.
Mr. Litchko has been working as a security expert for over 30 years. Jim created and taught the first graduate computer security course as an adjunct professor at Johns Hopkins University for ten years, military officer for twenty years, and was a project manager and executive at NSA for five years. He has supervised and supported the securing of over 300 military, government and commercial IT systems. Over the past seven years alone, he has supported the securing of IT systems at DHS, VHA, NASA, DOE, EPA, GAO, USDA, USAF, DOJ, and FEMA.
Currently, he is a senior security expert for Litchko & Associates and is a Certified (ISC)2 Instructor teaching the CISSP, Engineering Professional (ISSEP), and Certified Authorization Professional (CAP) review courses, and the DIACAP and Continuous Monitoring courses for (ISC)2, Global Knowledge, Digital Government Institute, and Johns Hopkins University. A student of Ken Blanchard, Ph.D., the author of The One-Minute Manager®, Jim holds a Masters degree from Johns Hopkins University and has authored five books on security and management topics, to include: FY2016 DoD RMF Manual, FY2016 FISMA Authorization Process Guide: A Review for the (ISC)2® CAP® Certification Exam, KNOW IT Security, KNOW Your Life, 2010 Official DIACAP for Global Knowledge, and co-authored (ISC)2‘s Official Information System Security Management Professional, Cyber Threat Levels Response Handbook, and Know Cyber Risk. Soon to be released Implementing Practical Cybersecurity
By May 19:
After May 19:
Government Training Forms are Accepted
Group Rates Available. Call 703-752-6243 for details.
May 31- June 1, 2017
UVA/Virginia Tech Northern Virginia Center
7054 Haycock Road
Falls Church, VA 22043
The UVA/Virginia Tech Northern Virginia Center is adjacent to the West Falls Church Metro (orange line), and about 200 yards from the Metro lobby, across the parking lot.
Click here for a list of hotels in the area.
What attendees will receive:
Course Manual, Study Guide, and Training Materials
Samples of real-world “One Document” solution
List of current military, government and commercial continuous monitoring tools
Certificate of Completion
Continental Breakfast and Lunch