Certification and Accreditation (Risk Management) Training Workshop

March 30-31, 2009 – Willard InterContinental Hotel

On-site Registrations Are Accepted at the Willard Hotel on Monday, May 30.
Go directly to the hotel for on-site registration. 

Keynote Speaker
Marianne Swanson
FISMA Team
Computer Security Division
NIST
---
Additional Government Guest Speakers:
 ----
Timothy Ruland, CISM, CISSP
CISO & Chief IT Security Office
US. Census Bureau
-----
Porter Davis, IV CISSP
Information Security Officer
Department of Housing and Urban Development
---
Paul Ricketts
Senior Information Security Officer
Nuclear Regulatory Commission



Workshop Description

Please join your government colleagues for an educational event that will explore Certification and Accreditation from current best practices through integration into the overall Security Program. Whether you are required to certify and accredit your systems under FISMA or DITSCAP, the information you will learn can be immediately applied within your environment.

You will hear from government and industry leaders who are involved in the Certification and Accreditation process and who will share with you the lessons they have learned along the way. These interactive sessions will also review some of the emerging implications and considerations in the field of Enterprise Wide Information Security.

Hear directly from the National Institute for Standards and Technology about FISMA and the Certification and Accreditation process; where it began and where we are going. Pose your questions directly to those involved in writing the guidelines mandated by FISMA.

What You Will Learn

  • Certification & Accreditation guidance, methodology and requirements
  • Scope of verification and validation testing, evaluations, and analysis
  • How to develop a FISMA-compliant Security Plan
  • The essential roles and responsibilities for the Certification & Accreditation life-cycle
  • How to form teams to guide and perform Certification & Accreditation
  • Risk management concepts
  • The essentials of developing comprehensive security policies, standards, & procedures and other fundamentals of Enterprise Security

Who Should Attend

  • CIOs, CISOs, CTOs, Deputies, Associates and Staff
  • Compliance and Enforcement Officers
  • Security Managers and Staff
  • C&A Managers and Staff
  • Executives, Managers, and Staff Responsible for FISMA Compliance
  • CFO and Staff who are focusing on Certification and Accreditation Issues
  • IGs and Auditors
  • Program Managers Developing or Maintaining IT Systems
  • IT Professionals Interesting in Improving IT Security

Workshop Format

  • Presentations by professional C & A consultants
  • Panel discussions led by experienced government and industry experts
  • A hands-on workshop about developing the security plan

Agenda

Day One:

7:30 AM Registration & Continental Breakfast

8:30 AM

Welcome Remarks
Art Chantker - President, Potomac Forum, Ltd.
8:45

Special Keynote
Keynote Speaker
Marianne Swanson
FISMA Team
Computer Security Division
NIST

9:45
 Introduction to Certification & Accreditation: How we got here and where we are going
10:45 Break
11:00
C&A Phase 1: Initiation Phase
12:00 PM Networking Lunch
1:00 Determining System Boundaries
2:00 System Security Categorization: Why it is important and how to determine it
3:00 Break
3:15 Applying Minimum Baseline Security Controls Using SP 800-53
4:30 Wrap-up and Consulting Period
Opportunity to discuss specific Agency C&A Challenges with the Instructors
5:00
 Workshop Adjourns

Day Two:

7:30 AM Registration/check-in and Continental Breakfast
8:30 AM C&A Phase 2: Certification Phase
9:30 Validating and Testing Security Controls: NIST SP 800-53a
10:15 Break
10:30 S.3474 "FISMA 2008"
11:15 Real Life Experiences with the Accreditation Process

Timothy Ruland, CISM, CISSP
CISO & Chief IT Security Office
US. Census Bureau
-----
Porter Davis, IV CISSP
Information Security Officer
Department of Housing and Urban Development
---
Paul Ricketts
Senior Information Security Officer
Nuclear Regulatory Commission
12:15 PM Networking Luncheon
1:15 SP 800-53A Exercise
2:15 C&A Phase 3: Accreditation and Phase 4: Continuous Monitoring
3:15 Break
3:30 Information Security Initiatives
4:30 Wrap-up and Consulting Period
Opportunity to discuss specific Agency C&A Challenges with the Instructors
5:00
 Workshop Adjourns

(Agenda subject to change)

Guest Speakers:

Timothy Ruland, CISM, CISSP
CISO & Chief IT Security Office
US. Census Bureau
----
Porter Davis, IV CISSP
Information Security Officer
Department of Housing and Urban Development
---
Paul Ricketts
Senior Information Security Officer
Nuclear Regulatory Commission

Instructors

Instructors:  Our Instruction Team has presented C&A Training Workshops to Government and Industry Students for over 6 years and has received the highest ratings. Our instructors know FISMA & C&A and know government - They present real world management and technical solutions - not theory.  They are seasoned veterans - not academicians.

 In addition, current and former leaders from the government CIO and CISO community will participate as guest speakers and provide their experiences in the C&A and FISMA process.

Their insight and experience will help to provide additional “front line” experiences from the government perspective.

Leaders from NIST and agencies will also participate.

Instructors:

Graydon McKee, MSIA, CISSP
Vice President and COO
Ascension Risk Management Graydon McKee is the Vice President and Chief Operating Officer of Ascension Risk Management LLC.  Graydon is an accomplished Risk Management/Information Security professional with extensive experience in developing and implementing Information Risk Management and Information Security Programs to clients in both the public and private sector.  He is a recognized leader in government regulatory compliance (Federal Information Security Management Act and the Defense Information Technology Security Certification and Accreditation Process compliance) and has taught the process to over 2,000 individuals representing over 600 federal government agencies and offices.  Graydon has served as a Manager in Deloitte & Touche LLPs Security and Privacy Practice where he has assisted clients to redesign and implement reasonable Information Security Policy (Large Financial Institution) as well as assess and evaluate the need for Managed Security Services (Large Financial Institution). He interfaces both with the client’s senior management team and the technical team on business, systems architectural and technical issues.  Graydon has also served as a Senior Security Architect with the Unisys Federal Information Security Practice serving clients such as Department of Justice, Department of Homeland Security – United States Coast Guard, an Intelligence Agency, the General Services Administration, and the United States Capitol Police. Graydon received his education at Norwich University in Northfield, Vermont (Master of Science in Information Assurance) where he graduated with High Honors and Susquehanna University in Selinsgrove, Pennsylvania (Bachelor of Arts – Sociology).  Graydon achieved the professional designation of Certified Information Systems Security Professional (CISSP) in 2004 and the Global Information Assurance Certification in 2003.  Graydon has been recognized for “Outstanding Contributions to Federal Government Information System Security Education” by the Potomac Forum, Ltd; a non-profit educational foundation. (2004, 2005, 2006, 2007), awarded the 2005 Unisys Global Gold Recognition Award for outstanding contributions to Information Security and Unisys and recognized by Unisys Customers as “significantly contributing to their business success” in a 2005-2006 Customer Satisfaction Survey.  Graydon has been published in Network World, CSO Magazine and Government Computer News.

 

Michael Smith, CISSP- ISSEP
Deloitte & Touche, LLP

Michael Smith is a Manager in the Audit and Enterprise Risk Services organization of Deloitte & Touche LLP, where he leads engagements to provide security services to both commercial enterprises and government agencies.

Prior to Joining Deloitte, Michael served as the Chief Information Security Officer with the Unisys Federal Service Delivery Center based in Reston, Virginia. His scope of responsibility included both providing governance and managing risk for several data centers, Security Operations Center, Network Operations Center, and Server Management Team.

Michael has performed numerous tasks throughout the Certification and Accreditation (C&A) process for clients in the Federal Civilian and Department of Defense environments. He has designed and performed security testing and evaluation engagements against national level systems in both the Federal Civilian and Department of Defense environments.

Michael assisted with development of a DITSCAP methodology and Standard Operating Procedures for the Department of Defense's Tricare Management Activity (TMA) as well as performed many of the tasks associated with that methodology. Throughout the time Michael spent working with the TMA, he was responsible for development of documentation, performing security testing and evaluation, evaluating and conducting assessments of physical security, and the development and performance of risk assessments for remote sites throughout the continental United States.

While engaged with the Transportation Security Administration, Michael developed C&A documentation for numerous systems and sites throughout the Transportation Security Administration and helped to use C&A as the catalyst to build a security program.

Michael graduated from the prestigious Defense Language Institute in Monterey, CA with a Department of Defense advanced linguistic certification in Russian and spent several years on active duty in the US army as a translator and specialist in information security.

In 2004, Michael was activated as a member of the Virginia National Guard and deployed to Afghanistan, where he conducted numerous combat patrols as an infantry squad leader.

 

Daniel Philpott, CISSP, CAP
OnPoint Consulting

Daniel Philpott is an Information Security Engineer with the Information Assurance Division of OnPoint Consulting where he works with Federal agencies on FISMA compliance and Risk Management.Daniel is the founder of the FISMApedia.org wiki and FISMA Arts training projects.  His pre-FISMA work at NIST involved the securing of external servers, incident response, development of security checklists, and creation of baseline system configurations.

With his technical focus, Daniel brings an operational security perspective to the theory and practice of FISMA compliance.  His long experience in the IT security space provides his Federal clients with depth of knowledge and a diverse skill set encompassing compliance, practice and risk management.  He is depended upon to provide analysis and insight on IT security and governance matters for senior staff.
uctors:

 

 Ian Charters – Deloitte and Touche LLP 

Ian Charters is a Senior Manager in the Audit and Enterprise Risk Services organization of Deloitte & Touche LLP, where he leads engagements to provide security services to both commercial enterprises and government agencies.Prior to Joining Deloitte, Ian served as the Security Practice Leader with the Unisys Federal Group based in Reston, Virginia.  He was responsible for the development, sales and delivery of a full range of IT security solutions to the Federal Government.  He also took on special sensitive security assignments. His clients perhaps knew him best for his development and introduction of a code application assurance program into the Federal market. Ian also retired from Federal service after serving a full career with the Central Intelligence Agency. 

At the CIA, Mr. Charters filled a variety of roles in primarily the analytical, operational, and management ranks.  This included tours in the Director’s Office providing for the intelligence needs of the highest government officials, building and managing the largest coop program in the Agency, as a plank-holder in Information Operations Center, and in the field providing direct intelligence support to national programs.  Before joining the government, Mr. Charters ran his own profitable networking and software development and systems integration firm, focusing on the needs of the local professional community.

Jeffrey Winn, J.D., CISSP, CIPP/G – Deloitte and Touche LLP

Mr. Winn is seasoned information security executive with 15 years experience in information technology and security consulting skills.  He is particularly skilled in building efficient, effective technical operations centers and leading technical teams who design, deploy and operate technical support centers, secure enterprise data facilities, network operations centers and security operations centers.As a Lieutenant Colonel in the Unites States Marine Corps Reserve, Mr. Winn is responsible for immediately immediate responses to national emergencies by coordinating Department of Defense responses to requests for assistance from FEMA and other federal agencies.  He carries licenses to practice law in Florida and Georgia and serves as Marine Judge Advocate.Mr. Winn has a thorough knowledge of information security practices, Public Key Infrastructure, firewall deployment strategies, intrusion detection, vulnerability assessments, vulnerability management and penetration testing through his experiences with specialized security firms and managing GeoTrust’s PKI support organization (GeoTrust was the world’s second largest issuing certification authority that has since been purchased by Verisign, Inc.).


 

 

Registration Information

 

 On-site (walk in) Registration will be accepted at the Willard.  Proceed to the Registration Desk at the Willard between 7:30 and 8:30 am. 

 Government Employees: $1,295
(Federal, State or Local Government Issued ID)
Includes instruction, presentations, Training Workshop Notebook, and continental breakfasts, morning and afternoon refreshments, and lunch

Industry and Contractors: $1,495
(Including contractors on-site and in direct support of government agencies)
Includes instruction, presentations, Training Workshop Notebook, and continental breakfasts, morning and afternoon refreshments, and lunch

To register for this event, click below or call 703-683-1613.

Registration fees include Includes Continental Breakfast, Refreshment Breaks, Seated Luncheon, and Conference Notebook.

* Government Registrations are given First Preference!

Send a Government Team Rate: To Encourage Your Government Team to Learn Together.
Register two persons from the same government office at the same time and the third registers at 50% of the registration fee.

Money Back Guarantee for Government
At the end of the C&A Training Workshop, if you are not satisfied with the quality of instruction provided, your fee will be refunded or a credit given for another Potomac Forum, Ltd. Training Workshop (your choice). We feel confident that you will find the workshop a valuable learning experience. Previous attendees have found the workshop of great value in helping them meet their Agency C&A requirements. You will too! (This offer applies to government employees only).

Cancellation Policy

Confirmed registrations who cancel within 3 business days of the program will be subject to a $250 cancellation fee. Registrations cancelled after the program starts are subject to the full registration fee. Substitutions can be made at any time. In the event a particular training workshop is cancelled, the liability of Potomac Forum, Ltd is limited to refund of any prepaid registration fee.

Meeting Location

Willard InterContinental Hotel
1401 Pennsylvania Avenue N.W.
Washington D.C. 20004
202-628-9100

Testimonials from Previous C&A Workshops



Comments from Previous C&A Training Worshops

Great Instructors! Instructors were very knowledgeable and encouraged participation and welcomed questions.
IT Specialist
NRC

Excellent!
Information Systems Security Program Manager
Dept of Agriculature Agency

Excellent presentations by the facilitators and speakers
Information Systems Security Manager (ISSM)
Government Contractor Supporting a DHS Agency

This Class was very helpful to me
the instructors were excellent and the amount and depth of information was just right.
IG - Chief of IT Branch
Cabinet Level Department

The workshop is well designed and taught by experienced professionals. The keynote speaker and panel speakers are icing on the cake. The workshop oferd me the basic knowledge needed to participate in the C&A process.
Supervisory IT Specialist
Department of Commerce Bureau

Loved the workshop. Instructors were great. Guest speaker and CISO Panel added a lot. Material covered met my objective. Loved the food!
Project Engineer
SPAWAR/DOD

Instructors very Knowledgeable and Approachable
Information Management Specialist
Farm Credit Administration

All instructors were Top Notch!
IT Specialist, AMCOM CIO/G6 Redstone Arsenal

I loved the workshop, good information.
Telecommunications Specialist, GSA

The whole workshop was a great learning experience…
J6, Army

Presenters knowledgeable of FISMA, DIACAP, etc.
INFOO Security Specialist, Pension Benefit Guarantee Corporation

A recipe for success in C&A development! Speaks to the business manager without confusing techn-no-speak.
Public Health Analyst, CDC

Great dialogue & participant involvement. Brought a variety of issues and real life “security” challenges to a dry subject. Panelists and special presenters, as well as exercises, particularly strong.
CIO Staff, Department of Transportation

Very informative – workshop presenters and panel speakers were extremely knowledgeable on the C&A process as well as agency “best practices”.
Information Technology Specialist - IT Security Office, U.S. Census Bureau

Everything was great! Instructors were knowledgeable friendly, and professional
IT Specialist, International Boundary and Water Commission, Department of State

Informative. Good handouts can be used on the job.
Auditor, Treasury IG for Tax Administration, Department of the Treasury

The exercises and samples of documents were very helpful.
Supervisory Systems Accountant, Animal and Plant Heath Inspection Service, USDA

I’ve already sent a note to other IT people to recommend this course
Director, Budget and Resource Management, Department of Energy