Federal IT Security Professional - Manager
description
Transcript of Federal IT Security Professional - Manager
![Page 1: Federal IT Security Professional - Manager](https://reader033.fdocuments.net/reader033/viewer/2022051518/56815deb550346895dcc133a/html5/thumbnails/1.jpg)
Federal IT Security Professional - Manager
FITSP-MModule 1
![Page 2: Federal IT Security Professional - Manager](https://reader033.fdocuments.net/reader033/viewer/2022051518/56815deb550346895dcc133a/html5/thumbnails/2.jpg)
Leadership
Only through diligence and a well-trained workforce will we be able to adequately defend the nation’s vital information resources.
- Michael V. Hayden CNSS Secretariat
![Page 3: Federal IT Security Professional - Manager](https://reader033.fdocuments.net/reader033/viewer/2022051518/56815deb550346895dcc133a/html5/thumbnails/3.jpg)
Overview Section A: Objectives, Expectations, & Introductions
– FISMA Compliance Defined– Expectation & Goals– Target Audience– Introductions
Section B: Security Certifications Exams– Federal IT Security Institute– FITSP – Manager Certification
Section C: FITSP-M Courseware Logistics– Course Outline– Course Materials– Course Evaluation
![Page 4: Federal IT Security Professional - Manager](https://reader033.fdocuments.net/reader033/viewer/2022051518/56815deb550346895dcc133a/html5/thumbnails/4.jpg)
OBJECTIVES, EXPECTATIONS, & INTRODUCTIONS
Section A
![Page 5: Federal IT Security Professional - Manager](https://reader033.fdocuments.net/reader033/viewer/2022051518/56815deb550346895dcc133a/html5/thumbnails/5.jpg)
In Accordance with FISMA… Secretary of Commerce shall, on the basis of standards
and guidelines developed by NIST, prescribe standards and guidelines pertaining to federal information systems.
FISMA requires that federal agencies comply with FIPS standards
Federal agencies must follow NIST Special Publications mandated in FIPS.
Other security-related publications are mandatory only when specified by OMB.
Compliance schedules are established by OMB (and now the DHS - e.g., annual FISMA Reporting Guidance)
![Page 6: Federal IT Security Professional - Manager](https://reader033.fdocuments.net/reader033/viewer/2022051518/56815deb550346895dcc133a/html5/thumbnails/6.jpg)
Course Expectations & Goals
Clear Understanding of FISMA Compliance, via NIST Risk Management Framework, based on :– Governmental Laws and Regulations – OMB/DHS Policies, Directives, Or Memoranda – NIST Special Publications – NIST Federal Information Processing Standards (FIPS) – NIST Interagency Reports
Further Education, Training & Certification IT Security Workforce Training is Critical to the
FISMA Mandate
![Page 7: Federal IT Security Professional - Manager](https://reader033.fdocuments.net/reader033/viewer/2022051518/56815deb550346895dcc133a/html5/thumbnails/7.jpg)
Target Audience
[Excerpt from SP 800-37 Guide for Applying the Risk Management Framework to Federal Information Systems]
Individuals associated with the design, development, implementation, operation, maintenance, and disposition of federal information:
Ownership Responsibilities Development and Integration Responsibilities Oversight Responsibilities Assessment and Monitoring Responsibilities Security Implementation and Operational
Responsibilities
![Page 8: Federal IT Security Professional - Manager](https://reader033.fdocuments.net/reader033/viewer/2022051518/56815deb550346895dcc133a/html5/thumbnails/8.jpg)
Introductions Introducing Your Instru
ctor Student Information Experience
– Auditors– Operators– Managers
Employer– DoD, NSA– Civilian Agency– Other
Education– IT/IA Degrees– MBA
Certifications– FITSP/CAP– SANS– CISSP– Security+
Expectations– Starting from 0?– What’s New
(800-37r1)
![Page 9: Federal IT Security Professional - Manager](https://reader033.fdocuments.net/reader033/viewer/2022051518/56815deb550346895dcc133a/html5/thumbnails/9.jpg)
IT SECURITY TRAINING AND CERTIFICATION
Section B
![Page 10: Federal IT Security Professional - Manager](https://reader033.fdocuments.net/reader033/viewer/2022051518/56815deb550346895dcc133a/html5/thumbnails/10.jpg)
Federal IT Security Institutehttp://www.FITSI.org
"To help secure the Nation's Federal Information Systems by certifying that Federal Workforce members understand and can apply appropriate Federal IT security standards.“
- Jim Wiggins, FITSI Executive Director 2010 FISSEA Educator of the Year
![Page 11: Federal IT Security Professional - Manager](https://reader033.fdocuments.net/reader033/viewer/2022051518/56815deb550346895dcc133a/html5/thumbnails/11.jpg)
Federal IT Security Professional
![Page 12: Federal IT Security Professional - Manager](https://reader033.fdocuments.net/reader033/viewer/2022051518/56815deb550346895dcc133a/html5/thumbnails/12.jpg)
Federal IT Security Professional Domains & Security Topics
Domain 1 – NIST Special Publications Domain 2 – NIST Federal Information Processing
Standards (FIPS) Domain 3 – NIST Control Families Domain 4 – Governmental Laws and Regulations Domain 5 – NIST Risk Management Framework Domain 6 – NIST Interagency Reports
![Page 13: Federal IT Security Professional - Manager](https://reader033.fdocuments.net/reader033/viewer/2022051518/56815deb550346895dcc133a/html5/thumbnails/13.jpg)
FITSP-M COURSEWARE LOGISTICS
Section C
![Page 14: Federal IT Security Professional - Manager](https://reader033.fdocuments.net/reader033/viewer/2022051518/56815deb550346895dcc133a/html5/thumbnails/14.jpg)
All About the RMF Categorize the information system based on a FIPS 199 impact analysis; Select an initial set of baseline security controls for the information system
based on system impact level and apply tailoring guidance, as needed; Implement the security controls and document the design, development,
and implementation details for the controls; Assess the security controls to determine the extent to which the controls
are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system;
Authorize information system operation based on a determination of risk to organizational operations and assets, individuals, other organizations, and the Nation resulting from the operation and use of the information system and the decision that this risk is acceptable; and
Monitor the security controls in the information system and environment of operation on an ongoing basis…
![Page 15: Federal IT Security Professional - Manager](https://reader033.fdocuments.net/reader033/viewer/2022051518/56815deb550346895dcc133a/html5/thumbnails/15.jpg)
FITSP–M Course Outline US Government Laws Risk Management Framework Overview Gap Analysis
– Categorization– Security Control Selection– Security Control Implementation
Security Control Assessment Authorization Continuous Monitoring
![Page 16: Federal IT Security Professional - Manager](https://reader033.fdocuments.net/reader033/viewer/2022051518/56815deb550346895dcc133a/html5/thumbnails/16.jpg)
Course Material FITSI Authorized Training Workbook
– http://www.amazon.com Public Domain Reference Documents
– http://csrc.nist.gov/– http://www.whitehouse.gov/omb/memoranda_default– http://www.dhs.gov/files/programs/fns-announcements-resourc
es.shtm Activity Files and Other Miscellaneous:
– 2011 FISMA Report, – 2012 Reporting Metrics for
• CIOs/OIGs, /SAOPs/Micro Agencies– Relative OMB Memos (listed and unlisted)– FedRAMP ConOps
http://www.federalcybersecurity.org/downloads.html
![Page 17: Federal IT Security Professional - Manager](https://reader033.fdocuments.net/reader033/viewer/2022051518/56815deb550346895dcc133a/html5/thumbnails/17.jpg)
Course Evaluation
Continuous Monitoring of Student Feedback– Good – What did you like about today’s session?– Bad – What would you like to see different in tomorrow’s
session?– Opportunity – This is your class! Frequent input allows for
corrective action to mitigate the risk of disappointment. End of Course Survey
![Page 18: Federal IT Security Professional - Manager](https://reader033.fdocuments.net/reader033/viewer/2022051518/56815deb550346895dcc133a/html5/thumbnails/18.jpg)
Questions?
Next Module: US Government Laws