A Field Guide to Using The Risk Management Framework – Saturday, June 11 @ 11 AM – 1 PM

A Field Guide to Using The Risk Management Framework

Saturday, June 11 @ 11 AM – 1 PM

Step 2

We will roll our sleeves up and get dirty in our field guide discussion. We will do a deep dive into applying selected controls with real world examples. We will look at:

Recap Step 1

Selecting the minimum baseline

Applying Common Controls

Inheritance

Scoping Guidance

Tailoring

Continuous Monitoring Strategy

Outline of the SSP

Impact of Cloud Based Systems (FEDRAMP)

Preview of Step 3

REGISTER at http://www.meetup.com/NCR-Risk-Management-Framework-Lifeboat/ SOONEST.   You’ll find the practical information for our meeting there. If you decide against using a Meetup account, please call 703-402-4379 for a BCC email with the info.

Presenter’s Bio – John Brown

John Brown’s Information Technology career spans 40+ years. Over the course of that time he held many job titles. He remains passionate about each career experience. He is now an independent consultant performing duties as an Information System Security Officer (ISSO). One of his proudest achievements was winning the ISSO of the year award for all of DHS. He won that award while taking on one of the hardest challenges at Transportation Security Administration (TSA). He earned his cherished DHS award as the TSA ISSO for the network infrastructure and an integral participant consolidating datacenters into the brand new DHS mega center. John always works tirelessly to bridge the gap between operations and security compliance.

John contributed and built his ISSO expertise at several government agencies including USDA, USSS, NGB and the VA. He honed his skills utilizing the NIST Risk Management Framework at these agencies. John wrote numerous security plans, Contingency Plans, Business Impact Assessments, Security Assessment Reports, and POA&Ms. He has been able to obtain a coveted Authority to Operate (ATO) for most systems he worked on.

John has also spent 20+ years in the performance management, modeling and simulation field on a vendor team supporting tool deployment and consulting. He started as a programmer then systems analyst. He considers himself more of a generalist because of this varied background.