NORTH AMERICA EMEA ASIA
All programs BankAudit 2013 InfoSec World Conference & Expo 2013 SuperStrategies Conference & Expo 2013 The Conference on Big Data Security
All programs The Audit Directors & Managers Symposium The MIS Audit Leadership Institute The MIS CAE Master's Program
ABOUT MIS INTERNAL AUDIT IT AUDIT INFO SECURITY IN-HOUSE TRAINING  
 
     Conferences            >      Seminars            >      Symposia            >      Webinars      Online Self Study      Training Weeks      In-House Training      Certificate Programs>      Exhibiting Info      Ways to Save      Request Info      Event Downloads      White Papers      Call for Instructors      Contact MIS      Site Map
Internal Audit IT Audit Info Security
Internal Audit IT Audit Info Security
Applying the NIST Risk Management Framework to Federal Information Systems - ISG261 
Applying Guidance Provided by NIST SP 800-37 to FISMA Requirements and Your Organization's IT Environment
Learning Level: Intermediate
CPEs: 24 Fee: $2,150.00
Focus and Features Who Should Attend Agenda Register
Agenda

What You Will Learn
1. Why Perform the Security Authorization Process?
- regulatory requirements
- fiduciary responsibility
- increasing frequency and sophistication of cyber attacks

2. The Six-Step Risk Management Framework
- categorizing information systems
- selecting security controls
- implementing security controls
- assessing security controls
- authorizing information systems
- monitoring security controls

3. Categorizing Information Systems: Doing the Research
- defining the authorization boundary according to FISMA and NIST SP 800-37
- identifying information types as defined by NIST SP 800-60; CNSS 1199
- categorizing the information and the information system: FIPS Pub 199 and NIST SP 800-60
- documenting the information system description

4. Selecting Security Controls: Adequately Protecting Information Systems
- identifying the common controls: FIPS Pub 200 and NIST SP 800-53; CNSS Instructions 1253
- selecting system controls: FIPS Pub 200 and NIST SP 800-53; CNSS Instructions 1253
- performing the risk assessment: the 9-step process as outlined in NIST SP 800-30; CNSS Instruction 1230
- risk management as it applies to the organizational structure, mission and business processes and information system owners
- tailoring the security controls based on the risk assessment
- documenting management, operation, and technical security controls

5. Implementing Continuous Monitoring in Federal Information Systems
- OMB Memorandum M-10-15: "Agencies need to be able to continuously monitor security-related information..."
- configuration management
- patch management
- monitoring
- continuous control assessment

6. Implementing Security Controls: Realistic Implementation
- implementing controls; NIST Special Publications, DISA STIGS, NSA configuration guides
- documenting control implementation

7. Assessing Security Controls: NIST SP 800-53A; CNSS Instruction 1253A
- preparing for the assessment
- documenting the results of the assessment

8. Authorizing Information Systems
- preparing the plan of action and milestones
- risk determination and acceptability
- role of rick executive function in system authorization
- authorization decision

9. Monitoring Security Controls: Applying Continuous Monitoring
- configuration management and control
- security control monitoring
- status reporting and documentation
- risk determination and acceptances
- system removal


 
REGISTRATION QUESTIONS?
For questions about your registration, government and team discounts, or multiple registrations, please call Linda Ronconi at (508) 879-7999, ext. 501 or e-mail mis@misti.com.

IN-HOUSE SEMINARS
This seminar is available in-house. For more information about bringing this or other MIS seminars to your organization, please call Mimi Hatch at (410) 692-2465 or e-mail mhatch@misti.com.

 


Dates/Locations
March 20 - 22, 2013
Washington
June 10 - 12, 2013
Arlington
October 23 - 25, 2013
Washington