Potomac Forum, Ltd. – The Forum of Choice for Government & Industry Since 1982 ^TM

New NIST Security Controls Publication: Special Publication 800-53 Revision 3 August 1, 2009

September 15, 2009 – The New W Washington Hotel

We are Now only accepting On-Site Registration (As of 1:00 pm Sept 14).

Seats are available, but  On-Line and Fax-in Registration is now closed.

Please register on-site at the W Hotel starting at 7:30 AM.

Workshop Description

The much anticipated NIST Special Publication 800-53 Revision 3 was released Aug 1, 2009.  This document unifies the security controls from the DoD, Intelligence and Civilian Government communities.   It is truly a landmark document which will have a beneficial effect on government-wide security management.

At the Potomac Forum Workshop, Government and industry colleagues will  explore the changes this document brings and the implications for Government Agencies.

The day will start with an introduction and overview of NIST SPECIAL PUBLICATION 800-53 Revision 3 by Dr. Ron Ross (NIST), FISMA Implementation Project Leader and the leader of the Joint Task Transformation Initiatives Working Group. The Working Group included representatives from the Civil, Defense, and Intelligence Communities to produce the Unified Controls described Revision 3. 

After Dr. Ross’s introduction, a deep exploration will be conducted into this document to examine the specific changes it brings to the way the government  implements information security.  A panel of government Chief Information Security Officers from the Civilian Government and the Department of Defense will also share their views on how these changes will impact government. Revision 3 will be placed in context with the Unified Information Security Framework and why the Framework is important.

Workshop Presented to Meet Government Needs
As a continuation of the highly successful previous series of NIST Framework for FISMA and the acclaim (by Government and Industry attendees) of the six continuous years of the Certification and Accreditation (C&A) Workshop Series, Potomac Forum presents this workshop to help government agencies and its industry support contractors better understand the new NIST Security Controls and the Special Publication 800-53 Revision 3.  While NIST or the government are not  formal sponsors of this event, the workshop is in 100% support of the NIST goals, objectives, procedures and methodology specified in their guidelines and standards. We teach how to comply and why.

What You Will Learn

• The background and need for a Unified Information Security Framework
• The organizational responsibilities set forth in NIST 800-53 Revision 3
• How new, changed and withdrawn security controls in NIST SP 800-53 Revision 3 will affect your organization
• How to select and apply NIST 800-53 controls across the enterprise, in external environments, and in legacy systems
• How to tailor and scope security controls for your environment
• How security controls fit into an organizational perspective on risk management
• How to use the new recommended “Priority Code” assigned to all NIST SP 800-53 security controls
• How to implement the new Program Management Controls Perspectives from both the Defense and Intelligence Communities. 

Who Should Attend

• CIOs, CISOs, CTOs, Deputies, Associates and Staff
  
• IGs and Staff Responsible for FISMA and IT Security Oversight
• Security Managers and Staff
• C&A Managers and Staff
• Executives, Managers, and Staff Responsible for FISMA Compliance
• CFO and Staff who are focusing on Certification and Accreditation Issues
• Program Managers Developing or Maintaining IT Systems
• IT Professionals Interesting in Improving IT Security
  

Agenda

7:30 AM	Registration and Continental Breakfast
8:30	Welcome Art Chantker, President, Potomac Forum
8:45	Keynote Speaker: Overview and  Introduction to Revision 3 of NIST Special Publication 800-53 Dr. Ron Ross, Leader, FISMA Implementation Team NIST Leader, Joint Transformation Intiatives Interagency Working Group
9:45	Question and Answer Period with Dr. Ross Answers to Questions about SP 800-53 r3 from the Author
10:00	Break
10:15	Security Control Structure, Organization, Baselines, and Assurance
11:00	Implementing the Unified Information Security Framework Part One
12:00 PM	Hosted Lunch
1:00	Government Panel & Q&A Period A Panel Discussion with leading government information security executives  Pat Howard Chief Information Security Officer, CISSP Nuclear Regulatory Commission and Timothy Ruland, CISM, CISSP CISO & Chief IT Security Office US. Census Bureau
2:00	Implementing the Unified Information Security Framework Part Two
2:30	Break
2:45	Managing Risk from Information Systems Applying NIST Special Publication 800-39
3:30	Perspectives from the Defense Community Dr. Eustace King Office of the Deputy Assistant Secretary of Defense for Cyber, Identity and Information Assurance, DoD  and CoChair, CNSS SubCommittee and Chair, DoD DIACAP Technical Advisory Committee
4:00	Perspectives from the Intelligence Community
4:30	Wrap-up and Q&A
5:00	Workshop Adjourns

Keynote Speaker and Author of SP800-53 r3

Dr. Ron Ross
FISMA Implementation Project Leader, Computer Security Division, National Institute of Standards and Technology (NIST) and Leader, Joint PTransofmation Intiatiaves Interagency Working Group

 

Special DoD Guest Speaker

Dr. Eustace King
Office of the Deputy Assistant Secretary of Defense for Cyber, Identity and
Information Assurance, DoD 
and
CoChair, CNSS SubCommittee
and
Chair, DoD DIACAP Technical Advisory Committee

Eustace is assigned to the Office of the Deputy Assistant Secretary of Defense for Cyber, Identity and Information Assurance (DASD/CIIA). As the principle authority within DASD/CIIA for ensuring successful implementation of the DoD IA Certification and Accreditation Process (DIACAP), Eustace provides oversight and community outreach to ensure understanding and adherence to DIACAP policy vis-à-vis DoDI 8500.2, Information Assurance Implementation. He is also responsible for ensuring DoD is postured to comply with the C&A transformation initiative mutually agreed upon among the DoD, DNI, NIST, and CNSS communities. Additionally, he is responsible for fielding and ensuring enterprise-wide training for Enterprise Mission Assurance Support Service (eMASS), the DoD C&A automation capability, and management of the DIACAP Knowledge Service, the DoD C&A COI web portal.

Eustace co-chairs the CNSS Sub-Committee providing leadership to the Federal community to aggregately embed IA principles and services within National Security Systems. He also chairs the DIACAP Technical Advisory Group with responsibility for configuration management of the DIACAP. He retired from the Air Force in 2000.

Instrctors

Michael Smith, CISSP-ISSEP – Deloitte and Touche LLP

Michael Smith is a Manager in the Audit and Enterprise Risk Services organization of Deloitte & Touche LLP, where he leads engagements to provide security services to both commercial enterprises and government agencies.

Prior to joining Deloitte, Michael served as the Chief Information Security Officer with the Unisys Federal Service Delivery Center based in Reston, Virginia. His scope of responsibility includes both providing governance and managing risk for several data centers, Security Operations Center, Network Operations Center, and Server Management Team.

Michael has performed numerous tasks throughout the Certification and Accreditation (C&A) process for clients in the Federal Civilian and Department of Defense environments. He has designed and performed security testing and evaluation engagements against national level systems in both the Federal Civilian and Department of Defense environments.

Michael assisted with development of a DITSCAP methodology and Standard Operating Procedures for the Department of Defense's Tricare Management Activity (TMA) as well as performed many of the tasks associated with that methodology. Throughout the time Michael spent working with the TMA, he was responsible for development of documentation, performing security testing and evaluation, evaluating and conducting assessments of physical security, and the development and performance of risk assessments for remote sites throughout the continental United States.

While engaged with the Transportation Security Administration, Michael developed C&A documentation for numerous systems and sites throughout the Transportation Security Administration and helped to use C&A as the catalyst to build a security program.

Michael graduated from the prestigious Defense Language Institute in Monterey, CA with a Department of Defense advanced linguistic certification in Russian and spent several years on active duty in the US army as a translator and specialist in information security.

In 2004, Michael was activated as a member of the Virginia National Guard and deployed to Afghanistan, where he conducted numerous combat patrols as an infantry squad leader.

Daniel Philpott, CISSP, CAP – OnPoint Consulting

Daniel Philpott is an Information Security Engineer with the Information Assurance Division of OnPoint Consulting where he works with Federal agencies on FISMA compliance and Risk Management.

Daniel is the founder of the FISMApedia.org wiki and FISMA Arts training projects. His pre-FISMA work at NIST involved the securing of external servers, incident response, development of security checklists, and creation of baseline system configurations.

With his technical focus, Daniel brings an operational security perspective to the theory and practice of FISMA compliance. His long experience in the IT security space provides his Federal clients with depth of knowledge and a diverse skill set encompassing compliance, practice and risk management. He is depended upon to provide analysis and insight on IT security and governance matters for senior staff.

Chris Burton, CISSP – Information Assurance Professionals (IAP)

Chris Burton is the Security Programs Manager with Information Assurance Professionals (IAP), specializing in information system risk management, policy, compliance and assurance. Mr. Burton has over 10 years experience in the management and operations of information systems and over 7 years of information security experience.

Mr. Burton has spent time as a security architect, auditor, engineer and analyst working specifically with NIST guidance, OMB directives and agency specific policies. Prior to his position with IAP he worked with Verizon Business, Network Security Technologies (NetSec), BAE Systems and Orbital Science Corporation. He was instrumental in the development of the Verizon Business Federal compliance group's processes and procedures. He has developed enterprise wide security solutions for multiple government customers. These include Intrusion Detection and Prevention systems, hard drive encryption solutions, and enterprise-wide Anti-Virus solutions. He constructed a process to automate the collection and reporting of Security Test and Evaluation data. Recently, he is in the process of designing and implementing an information security program for a government customer with an Internet facing system.

Mr. Burton's government customers include components of HUD, Justice, Labor, Commerce, Agriculture, Health and Human Services, and the Treasury Department.

His personal thoughts on compliance, risk management and information security as a whole can be found at http://HowisThatAssuranceEvidence.blogspot.com . Chris is an contributor to the Open Web Application Security Project (OWASP) and an active member of the Information Systems Audit and Control Association (ISACA).

Ian Charters, CISSP

With over 20 years of experience in the fields of Cybersecurity, digital forensics, penetration testing, and privacy, Ian Charters has a unique perspective on the evolution of Cybersecurity. His career has taken him from the private sector into government service and back to the private sector. After successfully starting and running his own networking, software development and systems integration firm, Ian was recruited into the nation’s Intelligence Community, including service in both the Defense Intelligence Agency and the Central Intelligence Agency where he proudly served his country for over 20 years. Upon retiring from Federal service, Ian served as the Security Practice Leader with the Unisys Federal Group based in Reston, Virginia. While being responsible for leading the practices efforts in the development, sales, and delivery of a full range of IT security solutions, he was responsible for the development and introduction of a code application assurance into the Federal market. Ian is currently a Senior Manager in a Big 4 Accounting firm’s information security and risk management practice. His responsibilities include leading engagements to provide security services to both commercial enterprises and government agencies. He is also a member of the Firms National Information Assurance Center of Excellence.

Joseph Faraone, CISSP – CGI Corporation

Joe Faraone is a Senior Information Security Architect with GCI Corporation, based in Reston, Virginia with over 20 years’ experience in Information Security. Joe has delivered services for numerous Federal customers including Certification and Accreditation support, Security Governance Gap Analysis and Independent Validation and Verification (IV&V). Over his career, he has served as Lead Independent Security Engineer, Manager and Architect of a managed security center for an Intelligence Community Agency, and has performed Certification and Accreditation services for several high-assurance systems.

Joe has served customers including the Central Intelligence Agency; National Security Agency; other U.S. Intelligence agencies, Department of Justice, Department of Energy, Federal Trade Commission, United States Navy; United States Army; United States Marine Corps; and United States Air Force. He has also served customers in State and Local Government, Education, and Law Enforcement as well as private-sector customers in the Financial Services, Entertainment, Food Services and Technology industries.

Joe’s unique technical background and experience allows him to provide insights to the C&A process across multiple agencies and compliance frameworks. This makes him equally able to converse with highly technical staff of a data center or executives in the boardroom. He is often called upon to rapidly solve solutions issues to meet project deadlines.

Laura Harrison, CISSP, IAM, CISM – SE Solutions

Laura Harrison is a Senior Consultant with the Technology Solutions division of SE Solutions. She is responsible for leading toward successful Information Assurance & Security and Infrastructure Design Service projects.

Laura has supported numerous FISMA and DITSCAP programs to include detailed activities in C&A, vulnerability management, weakness remediation, plan of action and milestones, privacy reporting and continuous monitoring. She was the Security Exercise Validation lead responsible for reviewing the state of Cyber-Antiterrorism, Continuity of Operations Planning (COOP), and Defensive Information Operations (DIO) strategies for the Department of the Defense. AT the Transportation Security Administration she served as an Information Assurance (IA) lead where she was responsible for security assessments and artifacts, awareness and training, IA Policy and Procedures, and C&A program management.

She is a former Army Reserve Signal Communication Officer and holds the professional designations of Certified Information Systems Security Professional (CISSP), Certified Information Security Manger (CISM) and Certified NSA INFOSEC Assessment Methodology (IAM). She has over 15 years Information Technology and Security experience working with and growing teams. She has assisted many organizations in the development of performance Program Management budget analysis. Laura has a solid understanding of IT Security Governance, Communication Networks, Telecommunications, Protocols, and Project Management and effectively translates and communicates this understanding to both private public sector clients.

Kenya Jackmon CISSP, CAP Jacob and Sundstrom Inc.

Kenya Jackmon is an Information Security Specialist with Jacob and Sundstrom, located in Baltimore Maryland. Her areas of expertise lie in HSPD-12 implementation, information assurance, security assessment, intrusion detection, systems administration, network design and administration, storage management, and on-site and remote services. Mrs. Jackmon has over 13 years of experience in information security supporting both the intelligence community and the civilian Agencies

Mrs. Jackmon has served in many roles in her career. She was instrumental in the implementation of the Intelligence Community Public Key Infrastructure. She also served as a solution architect to the department of the Treasury and led a number of initiatives relating to E-Authentication and HSPD-12. Kenya is well know within the Federal PKI and E-Authentication communities As an ISSO, Mrs. Jackmon was responsible for the security posture of a number of high profile systems within the Department of the Treasury. She is currently supporting the Social Security Administration in its HSPD-12 implementation and Certification and Accreditation activities.

Registration

Cancellation Policy

Confirmed registrations who cancel within 3 business days of the program will be subject to a $250 cancellation fee. Registrations cancelled after the program starts are subject to the full registration fee. Substitutions can be made at any time. In the event a particular training workshop is cancelled, the liability of Potomac Forum, Ltd is limited to refund of any prepaid registration fee.

Meeting Location

The New W Washington Hotel
515 15th Street N.W.
Washington DC 20004
(202) 661-2400
New W Hotel in Washington D.C. Opened Aug 1, 2009