A "How To" Workshop with Focus on Progress to Date and Implementing Key Requirements
Dr. Ron Ross
Author of the NIST Risk Management Framework and numerous NIST 800 Series Publications.
Ricci L. Mulligan
Acting Principal Deputy Assistant Secretary
Office of Information and Technology
Department of Veterans Affairs (VA)
Chief Information Officer
U.S. International Trade Commission
Additional guest speakers awaiting agency approval.
Metro Center (Red, Orange, Blue Lines). Use the exit marked “12th & F Sts” to exit onto F St., then continue straight two blocks and cross 14th St.
This workshop will focus on the progress to date in implementing the President’s EO on Cybersecurity with emphasis on key requirement: identification of High Value Assets, implementation of NIST’s Risk Management Framework (RMF) and Cybersecurity Framework (CSF). The CSF and RMF are critical for the federal government in its efforts to mitigate risk within enterprise information systems. The workshop will also discuss the relationship of the RMF and CSF to NIST SP 800-53 r5.
Hear from industry experts and government officials tasked with implementing robust cybersecurity and risk management strategies along with learning how NIST’s CSF and RMF can be effectively implemented to reduce the risk of cyber-attacks.
Listen to a government panel of CIO, CISO and IG staff to understand the challenges they are facing on a day-to-day basis and how implementation of NIST’s CSF and RMF helps them identify the risks and what it takes to mitigate those risks. Gaining insights from the panel and peer interactions at the workshop should be invaluable in moving the needle forward to improve federal cybersecurity.
- The value of the integration of the NIST RMF, NIST CSF and their relationship to NIST SP 800-53 r5
- Lessons learned from agency risk management and high value asset reporting
- Dos and don’ts for agencies in implementing the Cybersecurity Executive Order
- Best practices for responding to the Cybersecurity Executive Order
- Next steps for agencies in implementing cybersecurity best practices
• Gain a better understanding of the May 11th Presidential Executive Order on Cybersecurity and how it is being implemented
• Obtain practical knowledge of lessons learned from government leaders who are involved in implementing the Cybersecurity Executive Order
• Collect information on how NIST frameworks can be leveraged to enhance the security of your organization
• Learn how risk management and cybersecurity are essential for regulatory compliance
• Meet with risk management, cybersecurity, and CIO colleagues
- CIOs, CISOs, and Staff
- IT security and risk management practitioners
- IGs and Staff
- Senior Accountable Officials for Risk Management and Enterprise Risk Managers
- Program Managers responsible for risk management
- Government Executives, Managers and Staff who want to better understand how the Cybersecurity Executive Order is being implemented
- Industry and Contractors who want to better understand how the Cybersecurity Executive Order is being implemented
- All government and industry members who want to better understand how the Cybersecurity Executive Order is being implemented to help improve Agency Cyber Security.
Registration and Continental Breakfast
Welcome and Introduction
Art Chantker, President, Potomac Forum, Ltd
“The Cybersecurity Executive Order: Building the Next Generation Risk Management Framework and Controls”
NIST Fellow, Author of the NIST Risk Management Framework and
Agency Risk Management & High Value Asset Reporting – lessons learned; needed improvements; and steps going forward
Implementing the Presidential Executive Order
Hosted Working Luncheon
Participants will be given table topics to discuss.
CIO/CISO/OIG Government Panel Discussion: Operational and Compliance Challenges and Best Practices for Risk Management in Implementing the President’s Executive Order
· What are the differences in perspectives of Risk Management
· How can IGs help their agencies address Risk Management
· How have CISOs integrated Risk Management into their agency’s Enterprise Risk Management
· Agency response to the Executive Order on cybersecurity
Moderator: John Lainhart, Director, Global Public Sector, Grant Thornton
- Kirit Amin, Chief Information Officer, U.S. International Trade Commission
- Ricci L. Mulligan, Acting Principal Deputy Assistant Secretary, Office of Information and Technology, Department of Veterans Affairs (VA)
Additional Government Panel Members Awaiting Confirmation
Integration of NIST Risk Management Framework with Cybersecurity Framework and SP 800-53 r5 - Putting the Pieces Together to Meet the Requirements of the Executive Order
· Overview of the changes to the NIST RMF, CSF and SP 800-53 r5
· Understanding of compliance-based vs. risk-based governance structure
· Implementing the Requirements of the Executive Order
Dave Simprini, Principal, Grant Thornton
Predictive Cybersecurity – the next phase in government cybersecurity:
Christopher Ballister, Director, Grant Thornton
Lessons Learned from Implementing the Executive Order
Wrap-up and Q&A
Post-workshop discussions with instructors in specific individual topics.
|Early Bird Registration Fee||AFTER AUG 12TH|
(Federal, State or Local Government Issued ID)
Special Reduced Rates in Support of Government Budget Reductions
|Team Rate for both Government and Industry: Send a government team to learn together. Register two government employees from the same office at the same time and the third person receives $100 off the current government rate. Team rate applies to every tiered registration fee.|
Industry and Contractors:
(Including contractors on-site and in direct support of government agencies).
Registration Includes: Presentations, Workshop Notebook, Continental Breakfast, All Day Refreshments and Hosted Luncheon
National Institute of Standards and Technology
Ron Ross is a Fellow at the National Institute of Standards and Technology. His focus areas include information security, systems security engineering, and risk management. Dr. Ross leads the Federal Information Security Modernization Act (FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical infrastructure. His current publications include Federal Information Processing Standards (FIPS) 199 (security categorization), FIPS 200 (security requirements), and NIST Special Publication (SP) 800-39 (enterprise risk management), SP 800-53 (security and privacy controls), SP 800-53A (security assessment), SP 800-37 (Risk Management Framework), SP 800-30 (risk assessment), SP 800-160 (systems security engineering), and SP 800-171 (security requirements for nonfederal systems and organizations). Dr. Ross also leads the Joint Task Force, an interagency partnership with the Department of Defense, Office of the Director National Intelligence, U.S. Intelligence Community, and the Committee on National Security Systems, with responsibility for the development of the Unified Information Security Framework for the federal government and its contractors.
Dr. Ross previously served as the Director of the National Information Assurance Partnership, a joint activity of NIST and the National Security Agency. In addition to his responsibilities at NIST, Dr. Ross supports the U.S. State Department in the international outreach program for information security and critical infrastructure protection. He has also lectured at many universities and colleges across the country including the Massachusetts Institute of Technology, Dartmouth College, Stanford University, the George Washington University, and the Naval Postgraduate School. A graduate of the United States Military Academy at West Point, Dr. Ross served in many leadership and technical positions during his twenty-year career in the United States Army. While assigned to the National Security Agency, Dr. Ross received the Scientific Achievement Award for his work on an inter-agency national security project and was awarded the Defense Superior Service Medal upon his departure from the agency. Dr. Ross is a four-time recipient of the Federal 100 award for his leadership and technical contributions to critical information security projects affecting the federal government and is a recipient of the Presidential Rank Award. He has also received the Department of Commerce Gold and Silver Medal Awards and has been inducted into the Information Systems Security Association Hall of Fame and given its highest honor of Distinguished Fellow. In addition, Dr. Ross has been inducted into the National Cyber Security Hall of Fame.
Dr. Ross has received numerous private sector cybersecurity awards including the Partnership for Public Service Samuel J. Heyman Service to America Medal for Homeland Security and Law Enforcement, Applied Computer Security Associates Distinguished Practitioner Award, Government Computer News Government Executive of the Year Award, Vanguard Chairman’s Award, Government Technology Research Alliance Award, InformationWeek’s Government CIO 50 Award, Billington Cybersecurity Leadership Award, ISACA National Capital Area Conyers Award, ISACA Joseph J. Wasserman Award, Symantec Cyber 7 Award, SC Magazine’s Cyber Security Luminaries, (ISC)2 Inaugural Lynn F. McNulty Tribute Award, 1105 Media Gov30 Award, and three-time Top 10 Influencers in Government IT Security.
During his military career, Dr. Ross served as a White House aide and a senior technical advisor to the Department of the Army. He is a graduate of the Defense Systems Management College and holds Masters and Ph.D. degrees in Computer Science from the U.S. Naval Postgraduate School specializing in artificial intelligence and robotics.
Chief Information Officer,
U.S. International Trade Commission
Kirit Amin was named US International Trade Commission (USITC) , Chief Information Officer (CIO) in December 2014. He works directly for the Board of Commissioners and has already mapped out the Data Center , Cloud and shared services strategy as well as the road map for the modernization of the commission’s IT infrastructure and mission critical systems.
Kirit was the U.S. Department of Commerce, Deputy Chief Information Officer and Chief Technology Officer (CTO) from November 2012 until his move to USITC in December 2014. He provided leadership and strategic technology implementation, fulfilling the CIO and Department’s IT operational mission, while expanding the use of Department-wide shared services, cloud implementation and emerging technologies.
Prior to joining the Department of Commerce, Mr. Amin served as the Chief Technology and Innovation Officer at HUD where he provided valuable leadership and vision to help define its 5 year IT Transformation initiatives, acquisition strategy for HUDNET, HUD’s next generation Enterprise Infrastructure including WAN, Data Center and end user functions, shared services strategy and implementation, as well as cloud strategy and implementation.
Prior to HUD, Amin was the Chief Information Officer for the Bureau of Consular Affairs (CA), for nearly five years where his leadership was instrumental in transforming the US State Department, Office of Consular Systems and Technology’s [CST] IT operations consisting of a multitude of overlapping legacy systems, to an exemplar cutting edge IT operation, that was recognized as one of the most innovative and successful IT shops in the Federal Government. He served as a senior advisor and participant for various interagency/international groups.
During his long and successful career in the Federal IT private sector at organizations such as Nortel/PEC, Infotec, CSC etc. serving Federal Departments such as DOA, DHS, DOI, DOT, VA, DOJ, the USAF, DIA, etc.
Acting Principal Deputy Assistant Secretary
Office of Information and Technology
Department of Veterans Affairs (VA)
As the Acting Principal Deputy Assistant Secretary for the Office of Information and Technology (OI&T), Ms. Mulligan serves as the primary manager for leveraging Ol&T's resources and aligning the business and mission in support of VA's ongoing transformation efforts, her purview includes the planned effort for a new electronic health record and other enterprise modernization initiatives.
She previously served as the Executive Director of IT Budget and Finance (ITBF), Ms. Mulligan oversaw the preparation, development and analysis of the IT Budget for VA IT initiatives across the Department. She also served as the Deputy Chief Financial Officer for OI&T and worked closely with the Office of Management's Financial Managers and provided expert IT budget and financial advice throughout 01T. Prior to joining VA, Ms. Mulligan served as the Assistant Director, Office of Resource Management, Federal Protective Service, Department of Homeland Security.
A Tampa, Florida native, Ms. Mulligan is a retired United States Army Intelligence professional serving honorably from 1978 until 1999. She received the prestigious Legion of Merit, in recognition of her exceptional meritorious conduct and outstanding achievements during her military career. She started her career as an intelligence analyst and was stationed worldwide during her career. She served in a variety of assignments from overseeing signals intelligence missions covering Bosnia, deploying to Somalia, and serving as the Deputy Business Manager for Program Intelligence and Effects developing intelligence systems for the United States Army.
With her civilian and military careers combined, Ms. Mulligan has 34 years of service. She possesses a Bachelor of Science in Business Administration from the University of Maryland, and a Master of Arts degree from Troy State in Alabama in Public Administration.
Director, Global Public Sector
John is a Director in the Public Sector Practice of Grant Thornton’s Alexandria office. He is a member of the Information Assurance and Cybersecurity group.
John has 45+ years of U.S. federal government experience in IT Governance, Security, Privacy, IT Risk Management, IT Value, and Cybersecurity. He has 30+ years of experience as an IT auditor and culminated his public sector career serving as the first Inspector General and Officer of the U.S. House of Representatives. He joined PwC consulting service as the Partner responsible for providing Security and IT Management services to the U.S. Public Sector and served as the Partner, Cybersecurity & Privacy Services Leader for the U.S. Public Sector when IBM acquired PwC’s consulting business until retiring in June 2016.
John serves on the Board of Directors of George Washington University’s Center for Cyber and Homeland Security. John is active in the ISACA community, and currently serves as Advisor to the ISACA Board of Directors. He previously served as Co-chair of the COBIT 5 Task Force and served on the AICPA’s Assurance Services Executive Committee and was instrumental in the development of the AICPA’s Trust Services and SSAE No. 16.
M.A., Management and Supervision, Central Michigan University, 1976
B.A., Business Administration, Davis & Elkins College, 1969
Wharton Information Systems Program, Wharton School of Finance, 1974
Professional qualifications and memberships
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified in Risk and Information Systems Control (CRISC)
- Certified in the Governance of Information Technology (CGEIT)
- Certified Information Privacy Professional/Government (CIPP/G)
- Certified Information Privacy Professional/U.S. (CIPP/US)
Grant Thornton LLP
Mr. Simprini has experience auditing NIST-governed IT controls, Federal Information System Controls Audit Manual (FISCAM) controls, A-123 Controls, Sarbanes-Oxley compliance controls, segregation of duties, data migration, Enterprise Resource Planning (ERP) implementations, performance audits, and internal audit functions for clients from a broad spectrum of industries including Aerospace and Defense, Financial Services, Entertainment and Media, and Technology. He also has experience in planning integrated Federal financial audits, executing all phases of field work. As the lead IT Manager on the first independent external financial statement audit of any kind for the USMC, Mr. Simprini assisted with the planning and development of the overall audit approach, scoping assessment, and modified FISCAM IT test program. Throughout the testing phase, he led teams in field work at USMC financial centers and their associated financial and reporting IT Systems.
Mr. Ballister is a Director for Grant Thornton supporting the Information Assurance Service Line across Federal, DoD, State and Local environments. Chris provides subject matter expert support in a variety of cybersecurity areas based on his experience as a senior systems engineer and Chief Information Officer in multiple areas of executive government and industry. He has served in Senior Executive Service (SES) level positions in both Executive and Legislative branches of government and held the positions of President and Chief Executive Officer for a small technology consulting company.
Chris is a 1983 graduate of the United States Naval Academy and served nine years active duty as a Naval Flight Officer in the S-3A Viking aircraft for antisubmarine warfare. He also obtained a Masters of Science degree in Information Management from George Washington University in 1992. Chris additionally served 15 years as a Naval Reserve Officer supporting various programs at Naval Air Systems Command and transitioned to an Aerospace Engineering Duty Officer. He commanded a reserve Unit supporting the Joint Strike Fighter and Unmanned Aerial Vehicle programs. Chris retired from military service in 2007 as a Navy Captain.
From 1992 to 1998 he worked as a Director for Information Systems Development at Betac Corporation. During this time he supported the design and build-out of both the National Drug Intelligence Center and the Pacific Disaster Center. He also supported the National Security Council and White House Situation Support Staff with systems design and implementation.
In 1998 he accepted the position as Deputy Chief Information Officer (CIO) for the U.S. House of Representatives where he authored the Systems Development Life-Cycle (SDLC) Policy and managed support for the telecommunications, information technology. And information security needs of House Members, Committees, and staff. He managed over 220 technical government staff with supporting industry technology contracts.
At the start of the new decade, he founded an information technology subsidiary as a commercially-based company serving both government and commercial customers. He led the family of companies from $8M to $60M in revenue and achieved several INC 500 and Washington Fast 50 awards. He provided systems engineering and technical support to congressionally sponsored programs including the Joint Counterintelligence Assessment Group (JCAG), the Counterintelligence Field Activity (CIFA) under Presidential Decision Directive 75, and the FBI Foreign Terrorist Tracking Task Force (FTTTF).
In both 2001 and 2004, Chris served as the Deputy Chief Information Officer for the Executive Office of the President (EOP) where he created the organizational structure and operating practices and information security services of the first CIO organization at the White House before transitioning back to industry for technology consulting.
Chris entered government service again in 2006 and joined the Department of Health and Human Services (HHS) in the Office of Inspector General and served as the CIO and Assistant Inspector General for Management and Policy. He also worked closely with the Office of the National Coordinator for Health Information Technology and the associated challenges of securing healthcare information. He spent over eight years at IBM as a key leader in the Cybersecurity practice area for security compliance and security intelligence initiatives supporting the CXO level of government security programs.
Confirmed registrations who cancel within 3 business days of the program will be subject to a $250 cancellation fee. Registrations cancelled after the program starts are subject to the full registration fee. Substitutions can be made at any time. In the event a particular training workshop is cancelled, the liability of Potomac Forum, Ltd is limited to refund of any prepaid registration fee.