SlideShare a Scribd company logo

Cybersecurity Risk Management Framework Strategy Workshop

Download as PPTX, PDF
Life Cycle Engineering
Life Cycle Engineering

The Cybersecurity Risk Management Framework Strategy for Defense Platform Systems course prepares command leadership to implement the National Institute of Standards and Technology’s (NIST) cybersecurity Risk Management Framework (RMF) from a Platform Information Technology (PIT) perspective. This one-day workshop reviews the five functions of cybersecurity that leadership must consider when making decisions about program resources and requirements.

Education
1 of 12
1© Life Cycle Institute© Life Cycle Institute Cybersecurity Risk Management Framework Strategy for Defense Platform Systems Workshop
2© Life Cycle Institute Cybersecurity ensures information technology systems are available, reliable and secure Cybersecurity is… Software and hardware based Technical and non-technical Based on information from NSA, DoD, DISA and DoN
3© Life Cycle Institute Participants will learn how to: Explain the context of cybersecurity in Defense Platform IT (PIT) systems  Summarize how to apply the NIST Risk Management Framework to Defense Platform IT (PIT) systems  Estimate requirements and resources to address cybersecurity compliance in their organization/infrastructure 
4© Life Cycle Institute Cybersecurity Risk Management Framework Strategy for Defense Platform Systems Workshop 1-day workshop .7 Continuing education units (CEUs) Private Workshops may be tailored to your specific needs and delivered at your site.
5© Life Cycle Institute Who Should Attend Individuals and teams responsible for the application of Risk Management Framework People with funding authority for security. For example: – DoD Program Managers – Technical Managers – Technical Directors – Requirements Officers – IT Managers
6© Life Cycle Institute Review the Five Functions of Cybersecurity Identify Protect Detect Respond Recover
7© Life Cycle Institute Platform Information Technology (PIT) PIT process is a modified form of the DIACAP process. Differences include: • Signature approval cycle - the Certification Authority (CA- SPAWAR 05) is not involved in the PIT signature chain • Information Assurance Controls (IACs) is less restrictive than in DIACAP PIT Training • Because the PIT process is so similar to DIACAP, there is no separate training available. – DON-CIO PIT Policy of Feb 2010 applies until RMF transition. • Upon transition to RMF, PIT will be treated the same as any other IT system. Aboard or on a platform Standalone Interconnection to other platform IT Interconnection to other non- platform IT PIT Structures Computer resources that are physically part of, dedicated to, or essential in real time to the mission performance of special-purpose systems
8© Life Cycle Institute Risk Management Framework (RMF) • Replaces DIACAP • 6-step process – aligns to DIACAP phases Categorize Select Implement Assess Authorize Monitor
9© Life Cycle Institute RMF vs. DIACAP Security requirements and standards uniquely determined by each system. More granular than DIACAP. PIT is included. All systems inherit enterprise standards and requirements PIT systems have a separate process. Validator is a qualified, resourced, and permanent member of the CIO staff Validator is a qualified, resourced, and permanent member of the CIO staff 6 Steps (analogous to phases) 5 pre-defined phases. Each system works to a plan that aligns to the system life-cycle Accreditation status communicated via letter and status code (IATO, ATO) in EMASS Accreditation status communicated by assigned IA controls’ compliance ratings and letter and status code (ATO, IATO, ATT) in DIACAP Scorecard Automated tools, enterprise managed KS, requirements tied to architecture Automated tools, enterprise managed KS, requirements tied to architecture ATO means security risk is at an acceptable level to support mission and live data ATO means security risk is at an acceptable level to support mission and live data Continuous asynchronous monitoring; reaccreditation TBD; reviewed annually, FISMA reporting Continuous asynchronous monitoring; reaccreditation every 3-4 years; reviewed annually, FISMA reporting
10© Life Cycle Institute Learn to apply RMF Identify cyber threats Assign control strategies Analyze the cost and benefits of secure designs
11© Life Cycle Institute Reasons to Choose the Life Cycle Institute Extensive cybersecurity experience within DoD and commercial sector We provide vulnerability scanning, penetration testing, risk analysis and remediation services Our engineers are qualified mentors for industry-leading security trainers An active learning experience Learning by doing vs. lecture Group activities, assessments, case studies Network with peers Develop action plans to drive results post-training   
12© Life Cycle Institute Education@LCE.com www.LCE.com 800-556-9589 The Life Cycle Institute is the learning, leadership and change management practice at Life Cycle Engineering.

Recommended

Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
LogRhythm
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 

Recommended

Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
LogRhythm
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
seadeloitte
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
MetroStar
 
Cybersecurity risk management 101
Cybersecurity risk management 101Cybersecurity risk management 101
Cybersecurity risk management 101
Srinivasan Vanamali
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
Karl Kispert
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Security operation center
Security operation centerSecurity operation center
Security operation center
MuthuKumaran267
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
NICSA
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
Priyanka Aash
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
Komand
 
Soc
SocSoc
Soc
Mukesh Chaudhari
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
Sirius
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
Brencil Kaimba
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk Assessments
JoAnna Cheshire
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
CRISC Course Preview
CRISC Course PreviewCRISC Course Preview
CRISC Course Preview
Invensis Learning
 
Introduction to Reliability Excellence
Introduction to Reliability ExcellenceIntroduction to Reliability Excellence
Introduction to Reliability Excellence
Life Cycle Engineering
 
8 Factors to Fix a Dysfunctional Storeroom
8 Factors to Fix a Dysfunctional Storeroom8 Factors to Fix a Dysfunctional Storeroom
8 Factors to Fix a Dysfunctional Storeroom
Life Cycle Engineering
 

More Related Content

What's hot

Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
Sirius
 
CRISC Course Preview
CRISC Course PreviewCRISC Course Preview
CRISC Course Preview
Invensis Learning
 

What's hot (20)

Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
 
Cybersecurity risk management 101
Cybersecurity risk management 101Cybersecurity risk management 101
Cybersecurity risk management 101
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Security operation center
Security operation centerSecurity operation center
Security operation center
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
 
Soc
SocSoc
Soc
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk Assessments
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
CRISC Course Preview
CRISC Course PreviewCRISC Course Preview
CRISC Course Preview
 

Viewers also liked

Viewers also liked (11)

Introduction to Reliability Excellence
Introduction to Reliability ExcellenceIntroduction to Reliability Excellence
Introduction to Reliability Excellence
 
8 Factors to Fix a Dysfunctional Storeroom
8 Factors to Fix a Dysfunctional Storeroom8 Factors to Fix a Dysfunctional Storeroom
8 Factors to Fix a Dysfunctional Storeroom
 
ISO 55000: Asset Management System Workshop
ISO 55000: Asset Management System WorkshopISO 55000: Asset Management System Workshop
ISO 55000: Asset Management System Workshop
 
5 Biggest Risks to Effective Asset Management
5 Biggest Risks to Effective Asset Management5 Biggest Risks to Effective Asset Management
5 Biggest Risks to Effective Asset Management
 
Maintenance Management Certification
Maintenance Management CertificationMaintenance Management Certification
Maintenance Management Certification
 
Institute of Asset Management Certificate Workshop
Institute of Asset Management Certificate WorkshopInstitute of Asset Management Certificate Workshop
Institute of Asset Management Certificate Workshop
 
Competency Based Learning
Competency Based LearningCompetency Based Learning
Competency Based Learning
 
Hack Warz® Cyber Attack: A Hands-On Lab for Network Defenders
Hack Warz® Cyber Attack: A Hands-On Lab for Network DefendersHack Warz® Cyber Attack: A Hands-On Lab for Network Defenders
Hack Warz® Cyber Attack: A Hands-On Lab for Network Defenders
 
World class factory equipment spare parts program
World class factory equipment spare parts programWorld class factory equipment spare parts program
World class factory equipment spare parts program
 
Leading high performance teams
Leading high performance teamsLeading high performance teams
Leading high performance teams
 
Stakeholder Risk Management
Stakeholder Risk ManagementStakeholder Risk Management
Stakeholder Risk Management
 

Similar to Cybersecurity Risk Management Framework Strategy Workshop

SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
akquinet enterprise solutions GmbH
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Doeren Mayhew
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention
Manish Dixit Ceh
 

Similar to Cybersecurity Risk Management Framework Strategy Workshop (20)

CERTIFIED DATA CENTRE RISK PROFESSIONAL
CERTIFIED DATA CENTRE RISK PROFESSIONALCERTIFIED DATA CENTRE RISK PROFESSIONAL
CERTIFIED DATA CENTRE RISK PROFESSIONAL
 
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
 
GRCAlert Capabilities Deck - 2018
GRCAlert Capabilities Deck - 2018GRCAlert Capabilities Deck - 2018
GRCAlert Capabilities Deck - 2018
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
 
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171
 
Cyber-Security Certifications
Cyber-Security CertificationsCyber-Security Certifications
Cyber-Security Certifications
 
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
 
CompTIA CAS-002 VCE Outline
CompTIA CAS-002 VCE OutlineCompTIA CAS-002 VCE Outline
CompTIA CAS-002 VCE Outline
 
Security & Risk Management
Security & Risk ManagementSecurity & Risk Management
Security & Risk Management
 
CMGT 400 Effective Communication/tutorialrank.com
CMGT 400 Effective Communication/tutorialrank.com CMGT 400 Effective Communication/tutorialrank.com
CMGT 400 Effective Communication/tutorialrank.com
 
Corporate Cyber Program
Corporate Cyber ProgramCorporate Cyber Program
Corporate Cyber Program
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
 
Building Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsBuilding Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & Metrics
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
 
Revealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i SecurityRevealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i Security
 
Does audit make us more secure
Does audit make us more secureDoes audit make us more secure
Does audit make us more secure
 
In-House Development Vs. Off-the-Shelf – Factors to consider
In-House Development Vs. Off-the-Shelf – Factors to considerIn-House Development Vs. Off-the-Shelf – Factors to consider
In-House Development Vs. Off-the-Shelf – Factors to consider
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention
 

More from Life Cycle Engineering

Planning for Shutdowns, Turnarounds and Outages Workshop
Planning for Shutdowns, Turnarounds and Outages WorkshopPlanning for Shutdowns, Turnarounds and Outages Workshop
Planning for Shutdowns, Turnarounds and Outages Workshop
Life Cycle Engineering
 
Lean Maintenance Training
Lean Maintenance Training Lean Maintenance Training
Lean Maintenance Training
Life Cycle Engineering
 

More from Life Cycle Engineering (13)

LCE Corporate Capabilities Brief-Life Cycle Talent
LCE Corporate Capabilities Brief-Life Cycle TalentLCE Corporate Capabilities Brief-Life Cycle Talent
LCE Corporate Capabilities Brief-Life Cycle Talent
 
SMRP Body of Knowledge Guided Study Slide Share
SMRP Body of Knowledge Guided Study Slide ShareSMRP Body of Knowledge Guided Study Slide Share
SMRP Body of Knowledge Guided Study Slide Share
 
10 Factors that May Affect the Future of Subsea Production
10 Factors that May Affect the Future of Subsea Production10 Factors that May Affect the Future of Subsea Production
10 Factors that May Affect the Future of Subsea Production
 
Reliability Engineering Certification Program
Reliability Engineering Certification ProgramReliability Engineering Certification Program
Reliability Engineering Certification Program
 
ISO 55000 for Leaders: Developing an Asset Management Policy
ISO 55000 for Leaders: Developing an Asset Management PolicyISO 55000 for Leaders: Developing an Asset Management Policy
ISO 55000 for Leaders: Developing an Asset Management Policy
 
Connecting Reliability & Business + ISO 55000 Framework
Connecting Reliability & Business + ISO 55000 FrameworkConnecting Reliability & Business + ISO 55000 Framework
Connecting Reliability & Business + ISO 55000 Framework
 
Planning for Shutdowns, Turnarounds and Outages Workshop
Planning for Shutdowns, Turnarounds and Outages WorkshopPlanning for Shutdowns, Turnarounds and Outages Workshop
Planning for Shutdowns, Turnarounds and Outages Workshop
 
Shutdown Turnaround and Outage Competency Improvement Program
Shutdown Turnaround and Outage Competency Improvement ProgramShutdown Turnaround and Outage Competency Improvement Program
Shutdown Turnaround and Outage Competency Improvement Program
 
Leadership for Shutdowns, Turnarounds and Outages Workshop
Leadership for Shutdowns, Turnarounds and Outages WorkshopLeadership for Shutdowns, Turnarounds and Outages Workshop
Leadership for Shutdowns, Turnarounds and Outages Workshop
 
ISO 55000 Overview
ISO 55000 OverviewISO 55000 Overview
ISO 55000 Overview
 
Introduction to Agile Software Development
Introduction to Agile Software DevelopmentIntroduction to Agile Software Development
Introduction to Agile Software Development
 
Lean Maintenance Training
Lean Maintenance Training Lean Maintenance Training
Lean Maintenance Training
 
Leading a Lean Implementation
Leading a Lean ImplementationLeading a Lean Implementation
Leading a Lean Implementation
 

Recently uploaded

Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 

Recently uploaded (20)

Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptx
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 

Cybersecurity Risk Management Framework Strategy Workshop

  • 1. 1© Life Cycle Institute© Life Cycle Institute Cybersecurity Risk Management Framework Strategy for Defense Platform Systems Workshop
  • 2. 2© Life Cycle Institute Cybersecurity ensures information technology systems are available, reliable and secure Cybersecurity is… Software and hardware based Technical and non-technical Based on information from NSA, DoD, DISA and DoN
  • 3. 3© Life Cycle Institute Participants will learn how to: Explain the context of cybersecurity in Defense Platform IT (PIT) systems  Summarize how to apply the NIST Risk Management Framework to Defense Platform IT (PIT) systems  Estimate requirements and resources to address cybersecurity compliance in their organization/infrastructure 
  • 4. 4© Life Cycle Institute Cybersecurity Risk Management Framework Strategy for Defense Platform Systems Workshop 1-day workshop .7 Continuing education units (CEUs) Private Workshops may be tailored to your specific needs and delivered at your site.
  • 5. 5© Life Cycle Institute Who Should Attend Individuals and teams responsible for the application of Risk Management Framework People with funding authority for security. For example: – DoD Program Managers – Technical Managers – Technical Directors – Requirements Officers – IT Managers
  • 6. 6© Life Cycle Institute Review the Five Functions of Cybersecurity Identify Protect Detect Respond Recover
  • 7. 7© Life Cycle Institute Platform Information Technology (PIT) PIT process is a modified form of the DIACAP process. Differences include: • Signature approval cycle - the Certification Authority (CA- SPAWAR 05) is not involved in the PIT signature chain • Information Assurance Controls (IACs) is less restrictive than in DIACAP PIT Training • Because the PIT process is so similar to DIACAP, there is no separate training available. – DON-CIO PIT Policy of Feb 2010 applies until RMF transition. • Upon transition to RMF, PIT will be treated the same as any other IT system. Aboard or on a platform Standalone Interconnection to other platform IT Interconnection to other non- platform IT PIT Structures Computer resources that are physically part of, dedicated to, or essential in real time to the mission performance of special-purpose systems
  • 8. 8© Life Cycle Institute Risk Management Framework (RMF) • Replaces DIACAP • 6-step process – aligns to DIACAP phases Categorize Select Implement Assess Authorize Monitor
  • 9. 9© Life Cycle Institute RMF vs. DIACAP Security requirements and standards uniquely determined by each system. More granular than DIACAP. PIT is included. All systems inherit enterprise standards and requirements PIT systems have a separate process. Validator is a qualified, resourced, and permanent member of the CIO staff Validator is a qualified, resourced, and permanent member of the CIO staff 6 Steps (analogous to phases) 5 pre-defined phases. Each system works to a plan that aligns to the system life-cycle Accreditation status communicated via letter and status code (IATO, ATO) in EMASS Accreditation status communicated by assigned IA controls’ compliance ratings and letter and status code (ATO, IATO, ATT) in DIACAP Scorecard Automated tools, enterprise managed KS, requirements tied to architecture Automated tools, enterprise managed KS, requirements tied to architecture ATO means security risk is at an acceptable level to support mission and live data ATO means security risk is at an acceptable level to support mission and live data Continuous asynchronous monitoring; reaccreditation TBD; reviewed annually, FISMA reporting Continuous asynchronous monitoring; reaccreditation every 3-4 years; reviewed annually, FISMA reporting
  • 10. 10© Life Cycle Institute Learn to apply RMF Identify cyber threats Assign control strategies Analyze the cost and benefits of secure designs
  • 11. 11© Life Cycle Institute Reasons to Choose the Life Cycle Institute Extensive cybersecurity experience within DoD and commercial sector We provide vulnerability scanning, penetration testing, risk analysis and remediation services Our engineers are qualified mentors for industry-leading security trainers An active learning experience Learning by doing vs. lecture Group activities, assessments, case studies Network with peers Develop action plans to drive results post-training   
  • 12. 12© Life Cycle Institute Education@LCE.com www.LCE.com 800-556-9589 The Life Cycle Institute is the learning, leadership and change management practice at Life Cycle Engineering.

Editor's Notes

  1. Identify Protect Detect Respond Recover