Get Ready for FY16 FISMA !!!
As security professionals, we utilize the NIST Risk Management Framework (RMF) to provide a disciplined and structured process that integrates information security and risk management activities into the system development life cycle. The RMF operates primarily at the information system level and its steps include categorize, select, implement, assess, authorize, and monitor.
REGISTER at http://www.meetup.com/NCR-Risk-Management-Framework-Lifeboat/ SOONEST. You’ll find the practical information for our meeting there. If you decide against using a Meetup account, you are welcome to call 703-402-4379, RSVP, and request your own BCC email with the info.
For the first time, however, the FISMA metrics are organized around the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework). The FY 2016 FISMA metrics leverage the Cybersecurity Framework as a standard for managing and reducing cybersecurity risks, and are organized around the framework’s five functions: Identify, Protect, Detect, Respond, and Recover. The Cybersecurity Framework (CSF), when used in conjunction with NIST’s Guide for Applying the Risk Management Framework to Federal Information Systems and associated standards and guidelines, provides a comprehensive structure for making more informed risk-based decisions and managing cybersecurity risks across their enterprise.
Learning about the CSF will help us better prepare our clients for their FY16 FISMA reporting requirements. For everyone’s convenient reference, here is the link for reading and/or sharing authoritative information about those requirements:
FY2016 CIO FISMA Metrics, Version 1.00, October 2015: https://www.dhs.gov/sites/default/files/publications/FY%202016%20CIO%20FISMA%20Metrics%20v1.0.pdf
Presenter’s Bio – Cindy Faith
Cindy Faith is a Cyber Risk Advisor in Deloitte’s Federal practice. She is a focused cybersecurity professional with over 15 years of diversified experience, as owner of her own consulting practice supporting various IT services companies in business development, capture management, and security assessments. She has developed security policy, performed assessments against NIST 800-53 controls, and was once a system administrator in ancient history. She has a broad understanding of risk management practices and the need for mature risk aware, resilient security practices.