Data Into Tracked Actions!
Please note that we will be meeting at another different location for our 4 February meeting. We are still searching for a new home location for our meetup. Everyone can easily get information for our Special Interest Group meetings and many other rewarding activities by starting on our parent organization’s International System Security Association (ISSA) Northern Virginia (NOVA) chapter home page at http://nova.issa.org/ . Please see the practical information for our LIfeBoat group meeting and REGISTER SOONEST by starting there and RSVPing at http://www.meetup.com/NCR-Risk-Management-Framework-Lifeboat/ or calling 703-402-4379.
Continuous Monitoring of the information systems is a hallmark of the Risk Management Framework. We face the critical challenge to continuously collect vulnerability data, gather threat data, determine appropriate security controls and perform our multidimensional analysis activities. Our simple unified objective and chant must be “Data into Tracked Actions!”
We must translate these volumes of data into useful information for responsible decision makers. The presented translations must support meaningful prioritization of diverse resources for actionable remediation of information systems. The ability to track remediation progress and support management oversight and assignment of resources to reduce risk to the information system is often overlooked.
Guidelines for maintaining ongoing awareness of information security, vulnerabilities, and threats to support their organizational risk management decisions are provided in a highly respected consensus document, NIST Special Publication 800-137, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations.
Tom Marshall will lead the meetup discussions of this keystone document on Risk Management Framework (RMF) continuous monitoring. After summarizing the ISCM guidance, he will present the end-to-end process of implementing continuous monitoring strategy, data collection, dashboards implementation, remediation tracking, and applying lesson learned across the enterprise. As time allows, he will demonstrate an application for Continuous Monitoring and Risk Remediation.
We were delighted to when Tom Marshall volunteered to share his experience as an Information System Security Officer (ISSO) supporting DoD clients. He has over 10 years of providing cyber security support to Army, Air Force, Joint Staff and Defense Threat Reduction Agency (DTRA) offices in the Pentagon and in the National Capitol Region.
Besides earning Professional Development Units (PDUs) for participating our ISSA NOVA chapter SIG meeting, we all receive the encouragement and help we need for our cyber security professional growth. The friendly interactive presentations by our members of the meetup always lead to lively respectful discussions. Members always take away information that they that can be applied on the job in the following weeks! In additional our LifeBoat group meetings provide opportunities for the all-important professional networking. If you have a vexing problem, share with like-minded security professionals. They may have already successfully developed a way forward to resolve it.
****** WHERE/WHEN/PARKING for our 4 February meeting *****
We will meet at 11am-1pm at the Pohick Regional Library Room 2. Our room is available at 10:45. Everyone needs to bring their own lunch and drinks to the meeting. Parking is available there. Here is our meeting location information:
February 4 – 11am-1pm (our conference room is available at 10:45).
6450 Sydenstricker Road, Burke, VA