From: Digital Government Institute
August 28 – August 29, 2012
Office of Management and Budget (OMB), Department of Homeland Security (DHS) and National Institute of Standards and Technology (NIST) are placing increased emphasis on implementing an effective “information security continuous monitoring (ISCM) program” for all government and contractor run IT systems. This will be accomplished by DHS and OMB increasing the annual FISMA reporting requirements and NIST issuing NIST Special Publications (SP):
- Information Security Continuous Monitoring Guideline (SP 800-137) – Final
- Security-Focused Configuration Management Guideline (SP 800-128) – Final
- Update Risk Assessment Guideline (SP 800-30 Rev 1)
- Update Security Control Catalog (SP 800-53 Rev 4)
- Update Assessment Guideline (800-53A Rev 1)
This seminar is about getting onboard with these requirements and meeting the ISCM challenges for your systems. This will be accomplished by real-case studies from government and commercial sectors, using strategies that are successfully used in all security sectors, including: healthcare, energy, military, manufacturing, distribution and even entertainment. Learn where proven Casino security techniques can improve the security of government systems.
What are the most effective and efficient ways to meet these new ISCM requirements? What strategies and tools are available to support a seamless implementation of these requirements into your IT systems, which will be most effective for your system and organizational culture? All of these questions will be answered during this workshop by experts who have supported the implementation of security in over 200 government and contractor run IT systems. After the course attendees will:
- Make decisions based on the Rules, Reality and the Risk;
- Understand the new FISMA requirements for ISCM;
- Know how to define “Near-Real-Time” monitoring and meet FISMA reporting requirements;
- Learn the various strategies and tools available to support this requirement;
- Create a tailored continuous monitoring program in to their organization;
- Know the difference between SCAP and SEIM and their uses;
- Determine “How much security is enough?”;
- Integrate seamlessly continuous monitoring efforts into their existing operations and organizational culture; and
- Influence IT funding using continuous monitoring results.
Attendees will be provided three example ISCM plans and approaches to review for developing their system specific ISCM plans.
View the Seminar Agenda.
Read NISTS’s Frequently Asked Questions on Continuous Monitoring.
Leave a Reply