Workshop Description
Please join your government colleagues for an educational event that will explore Certification and Accreditation from current best practices through integration into the overall Security Program. Whether you are required to certify and accredit your systems under FISMA or DITSCAP, the information you will learn can be immediately applied within your environment.
You will hear from government and industry leaders who are involved in the Certification and Accreditation process and who will share with you the lessons they have learned along the way. These interactive sessions will also review some of the emerging implications and considerations in the field of Enterprise Wide Information Security.
Hear directly from the National Institute for Standards and Technology about FISMA and the Certification and Accreditation process; where it began and where we are going. Pose your questions directly to those involved in writing the guidelines mandated by FISMA.
What You Will Learn
- Certification & Accreditation guidance, methodology and requirements
- Scope of verification and validation testing, evaluations, and analysis
- How to develop a FISMA-compliant Security Plan
- The essential roles and responsibilities for the Certification & Accreditation life-cycle
- How to form teams to guide and perform Certification & Accreditation
- Risk management concepts
- The essentials of developing comprehensive security policies, standards, & procedures and other fundamentals of Enterprise Security
Who Should Attend
- CIOs, CISOs, CTOs, Deputies, Associates and Staff
- Compliance and Enforcement Officers
- Security Managers and Staff
- C&A Managers and Staff
- Executives, Managers, and Staff Responsible for FISMA Compliance
- CFO and Staff who are focusing on Certification and Accreditation Issues
- IGs and Auditors
- Program Managers Developing or Maintaining IT Systems
- IT Professionals Interesting in Improving IT Security
Workshop Format
- Presentations by professional C & A consultants
- Panel discussions led by experienced government and industry experts
- A hands-on workshop about developing the security plan
Agenda
Day One:
| 7:30 AM |
Registration & Continental Breakfast |
|
8:30 AM
|
Welcome Remarks
Art Chantker - President, Potomac Forum, Ltd. |
| 8:45 |
Keynote Address
Marianne Swanson
FISMA Program Office
Computer Security Division
NIST
|
| 9:45 |
Introduction to Certification & Accreditation: How we got here |
| 10:30 |
Break |
| 10:45 |
Systems Security Categorization: Why it is important and how to determine it |
| 12:15 PM |
Networking Lunch |
| 1:15 |
Government CIO Featured Presentation
Mr. Ed Meagher
Deputy Chief Information Officer
Department of the Interior |
| 2:00 |
C&A Phase 1: Initiation Phase / System Security Plan Exercise |
| 2:45 |
Break |
| 3:00 |
C&A Phase 2: Certification |
| 4:00 |
Wrap-up and Consulting Period
Opportunity to discuss specific Agency C&A Challenges with the Instructors |
5:00
|
Workshop Adjourns |
Day Two:
| 7:30 AM |
Registration/check-in and Continental Breakfast |
| 8:30 AM |
Security Test and Evaluation/Risk Assessment Methodologies |
| 9:00 |
Forgotten Aspects of FISMA: Information Technology Contingency Planning |
| 9:45 |
Break |
| 10:00 |
Determining the Minimum Baseline Security Controls and their application within the environment |
| 11:15 |
Real Life experiences with the Accreditation Process: Government Panel
Pat Howard, Chief Information Systems Security Officer, HUD
and
Timothy P. Ruland, Chief IT Security Officer, U.S. Census Bureau
|
| 12:15 PM |
Hosted Luncheon |
| 1:15 |
DoD Breakout: Preview of the upcoming DIACAP (for DoD Employees) |
| 1:15 |
Certification and Accreditation Tips, Tricks, and Lessons Learned |
| 2:30 |
Questions and Answers |
| 3:00 |
Break |
| 3:15 |
C & A Phase 3: Accreditation |
| 3:45 |
C & A Phase 4: Post-Accreditation |
| 4:15 |
Wrap-up and Consulting Period |
5:00
|
Workshop Adjourns |
(Agenda subject to change)
Instructors
The instructors for the workshop are selected from leading corporations performing IT security work for the government. Each instructor is an expert in C&A and FISMA. Each has both practical experience with DoD and Civilian Agencies and has taught C&A and FISMA subjects for Potomac Forum, Ltd. and has been rated as “excellent” by previous attendees.
In addition, current and former leaders from the government CIO and CISO community will participate as guest speakers and provide their experiences in the C&A and FISMA process.
Their insight and experience will help to provide additional “front line” experiences from the government perspective.
Leaders from NIST and agencies will also participate.
Instructors:
Robert E. “Bob” Littlejohn – CAP
Newberry Group Incorporated
Bob Littlejohn is a Senior Computer System Security Specialist with Newberry Group Incorporated in St. Charles Missouri. He is currently involved in developing both NIST and DIACAP methodologies to strengthen an already very productive Security Practice. Bob has over 17 years experience in information system security and accreditation with a variety of agencies. Initially beginning as a system security analyst with McDonnell Douglas Corporation, he has worked in information security with Johnson Controls World Services Incorporated, NCI Information Systems Inc., Unisys Corporation, APPTIS and now Newberry Group. He has provided contract Information System Security Officer and Alternate COMSEC Custodian support to TSA’s Freedom Center for APPTIS. While with Unisys Corporation he was responsible for certification and accreditation of systems for PEOSTRI in Orlando Florida, the Air Force Weather Agency in Omaha Nebraska, US Transportation Command in southern Illinois, Sandia National Laboratory in Albuquerque New Mexico, the Air Force Flight Test Center at Edwards AFB California and assisted with development of the US Coast Guard certification and accreditation strategy for Telecommunication and Information Systems Command in Alexandria Virginia. He is familiar with the latest government standards for certification and accreditation of information systems having been involved with development of certification and accreditation doctrine. He has published and maintained Information Assurance and Information Protect Security Architecture and worked with the Joint Staff, National Command Authority and DOD Staff on issues regarding Information Security. Bob holds an AAS – Weather Technology; BS – Management, Human Resources; MA – Computer Resource and Information Management as well as the Certification and Accreditation Professional and Facility Security Officer certifications.
Joseph A. Faraone, CISSP
GCI Corporation
Joe Faraone is a Senior Information Security Architect with GCI Corporation, based in Reston, Virginia with over 20 years’ experience in Information Security. Joe has delivered services for numerous Federal customers including Certification and Accreditation support, Security Governance Gap Analysis and Independent Validation and Verification (IV&V). Over his career, he has served as Lead Independent Security Engineer, Manager and Architect of a managed security center for an Intelligence Community Agency, and has performed Certification and Accreditation services for several high-assurance systems. He has served customers including the Central Intelligence Agency; National Security Agency; other U.S. Intelligence agencies, Department of Justice, Department of Energy, Federal Trade Commission, United States Navy; United States Army; United States Marine Corps; and United States Air Force. He has also served customers in State and Local Government, Education, and Law Enforcement as well as private-sector customers in the Financial Services, Entertainment, Food Services and Technology industries.
Joe’s unique technical background and experience allows him to provide insights to the C&A process across multiple agencies and compliance frameworks. This makes him equally able to converse with highly technical staff of a data center or executives in the boardroom. He is often called upon to rapidly solve solutions issues to meet project deadlines.
Michael Smith, CISSP- ISSEP
Deloitte & Touche, LLP
Michael Smith is a Manager in the Audit and Enterprise Risk Services organization of Deloitte & Touche LLP, where he leads engagements to provide security services to both commercial enterprises and government agencies.
Prior to Joining Deloitte, Michael served as the Chief Information Security Officer with the Unisys Federal Service Delivery Center based in Reston, Virginia. His scope of responsibility included both providing governance and managing risk for several data centers, Security Operations Center, Network Operations Center, and Server Management Team.
Michael has performed numerous tasks throughout the Certification and Accreditation (C&A) process for clients in the Federal Civilian and Department of Defense environments. He has designed and performed security testing and evaluation engagements against national level systems in both the Federal Civilian and Department of Defense environments.
Michael assisted with development of a DITSCAP methodology and Standard Operating Procedures for the Department of Defense's Tricare Management Activity (TMA) as well as performed many of the tasks associated with that methodology. Throughout the time Michael spent working with the TMA, he was responsible for development of documentation, performing security testing and evaluation, evaluating and conducting assessments of physical security, and the development and performance of risk assessments for remote sites throughout the continental United States.
While engaged with the Transportation Security Administration, Michael developed C&A documentation for numerous systems and sites throughout the Transportation Security Administration and helped to use C&A as the catalyst to build a security program.
Michael graduated from the prestigious Defense Language Institute in Monterey, CA with a Department of Defense advanced linguistic certification in Russian and spent several years on active duty in the US army as a translator and specialist in information security.
In 2004, Michael was activated as a member of the Virginia National Guard and deployed to Afghanistan, where he conducted numerous combat patrols as an infantry squad leader
Unisys Corporation
Michael Smith is an Information Security Architect with the Unisys Federal Information Security Practice based in Reston, Virginia. He has performed numerous tasks throughout the Certification and Accreditation (C&A) process for clients in the Federal Civilian and Department of Defense environments. He has designed and performed security testing and evaluation engagements against national level systems in both the Federal Civilian and Department of Defense environments.
Mr. Smith assisted with development of a DITSCAP methodology and Standard Operating Procedures for the Department of Defense's Tricare Management Activity (TMA) as well as performed many of the tasks associated with that methodology. Throughout the time Michael spent working with the TMA, he was responsible for development of documentation, performing security testing and evaluation, evaluating and conducting assessments of physical security, and the development and performance of risk assessments for remote sites throughout the continental United States.
Michael recently returned from a deployment to Afghanistan with the Virginia National Guard, where he conducted numerous combat patrols as an infantry squad leader.
Michael’s current engagement has him developing C&A documentation for numerous systems and sites throughout the Transportation Security Administration.
Registration Information
On site Registration is Available at the City Club at Franklin Square on Monday Feb 25th. On-line and FAX in Registration is Now Closed
Seats Are Reserved for Walk-in, On-site Registration and Available.
Government Employees: $1,295
(Federal, State or Local Government Issued ID)
Includes instruction, presentations, Training Workshop Notebook, and continental breakfasts, morning and afternoon refreshments, and lunch
Industry and Contractors: $1,495
(Including contractors on-site and in direct support of government agencies)
Includes instruction, presentations, Training Workshop Notebook, and continental breakfasts, morning and afternoon refreshments, and lunch
To register for this event, click below or call 703-683-1613.
Registration fees include Includes Continental Breakfast, Refreshment Breaks, Seated Luncheon, and Conference Notebook.
* Government Registrations are given First Preference!
Send a Government Team Rate: To Encourage Your Government Team to Learn Together.
Register two persons from the same government office at the same time and the third registers at 50% of the registration fee.
Money Back Guarantee for Government
At the end of the C&A Training Workshop, if you are not satisfied with the quality of instruction provided, your fee will be refunded or a credit given for another Potomac Forum, Ltd. Training Workshop (your choice). We feel confident that you will find the workshop a valuable learning experience. Previous attendees have found the workshop of great value in helping them meet their Agency C&A requirements. You will too! (This offer applies to government employees only).
Cancellation Policy
Confirmed registrations who cancel within 3 business days of the program will be subject to a $250 cancellation fee. Registrations cancelled after the program starts are subject to the full registration fee. Substitutions can be made at any time. In the event a particular training workshop is cancelled, the liability of Potomac Forum, Ltd is limited to refund of any prepaid registration fee.
Meeting Location
City Club of Washington at Franklin Square
1300 I Street, N.W.
Washington D.C. 20005
202-408-1300
Testimonials from Previous C&A Workshops
Comments from the Sept 25-26, 2007 C&A Training Worshop
Great Instructors! Instructors were very knowledgeable and encouraged participation and welcomed questions.
IT Specialist
NRC
Excellent!
Information Systems Security Program Manager
Dept of Agriculature Agency
Excellent presentations by the facilitators and speakers
Information Systems Security Manager (ISSM)
Government Contractor Supporting a DHS Agency
This Class was very helpful to me
the instructors were excellent and the amount and depth of information was just right.
IG - Chief of IT Branch
Cabinet Level Department
The workshop is well designed and taught by experienced professionals. The keynote speaker and panel speakers are icing on the cake. The workshop oferd me the basic knowledge needed to participate in the C&A process.
Supervisory IT Specialist
Department of Commerce Bureau
Loved the workshop. Instructors were great. Guest speaker and CISO Panel added a lot. Material covered met my objective. Loved the food!
Project Engineer
SPAWAR/DOD
Comments from Previous C&A Training Workshops
Instructors very Knowledgeable and Approachable
Information Management Specialist
Farm Credit Administration
All instructors were Top Notch!
IT Specialist, AMCOM CIO/G6 Redstone Arsenal
I loved the workshop, good information.
Telecommunications Specialist, GSA
The whole workshop was a great learning experience…
J6, Army
Presenters knowledgeable of FISMA, DIACAP, etc.
INFOO Security Specialist, Pension Benefit Guarantee Corporation
A recipe for success in C&A development! Speaks to the business manager without confusing techn-no-speak.
Public Health Analyst, CDC
Great dialogue & participant involvement. Brought a variety of issues and real life “security” challenges to a dry subject. Panelists and special presenters, as well as exercises, particularly strong.
CIO Staff, Department of Transportation
Very informative – workshop presenters and panel speakers were extremely knowledgeable on the C&A process as well as agency “best practices”.
Information Technology Specialist - IT Security Office, U.S. Census Bureau
Everything was great! Instructors were knowledgeable friendly, and professional
IT Specialist, International Boundary and Water Commission, Department of State
Informative. Good handouts can be used on the job.
Auditor, Treasury IG for Tax Administration, Department of the Treasury
The exercises and samples of documents were very helpful.
Supervisory Systems Accountant, Animal and Plant Heath Inspection Service, USDA
I’ve already sent a note to other IT people to recommend this course
Director, Budget and Resource Management, Department of Energy