NIST Risk Management Framework and New Gov Security Initiatives Training Workshop (formerly Certification and Accreditation Training Workshop)

Government Employees: $1,295 (Federal, State or Local Government Issued ID)
Early Bird Reduced Rates in Support of Government Budget Reductions:
Now $1,095 (a 15% savings if registration is before August 31st)

Team Rate for Government: Send a government team to learn together. Register two government employees from the same office at the same time and the third person registers at 50% of the standard government rate.

Industry and Contractors: $1,395 (Including contractors on-site and in direct support of government agencies).
Special Early Bird Reduced Rates:

Now $1,195 (a 15% savings if registration is before August 31st)

Fees include presentation materials, presentations, continental breakfast, refreshment breaks and luncheon at the Willard InterContinental Hotel (Hotel of the Presidents).

This event is NOT for industry business developers or marketing personnel - only technical and management staff are welcome from industry

Overview of the Workshop:

Please join your government and industry colleagues for an educational event that will explore the Federal Information Security Act (FISMA), the NIST Risk Management Framework (RMF), Security Assessment and Authorization (formerly Certification and Accreditation) and new Federal Security initiatives including FedRAMP for Cloud Computing. Attendees will learn current best practices integrated into an Agency’s overall Security Program. Whether you are required to assess and authorize your systems under FISMA or DIACAP or manage, review, implement or observe IT Security, the information you will learn can be immediately applied within your environment.

You will hear from government and industry leaders who are involved in the Security Assessment and Authorization process and who will share with you the lessons they have learned along the way. These interactive sessions will also review some of the emerging implications and considerations in the field of Enterprise Wide Information Security.

Hear directly from the National Institute for Standards and Technology about FISMA and the Security Assessment and Authorization (formally Certification and Accreditation process), the Risk Management Framework and where the government are going to meet its IT Security needs. Pose your questions directly to those involved in writing the guidelines mandated by FISMA.

Speaker and Presenter Information

Keynote Speaker: Dr. Ron Ross NIST Fellow and FISMA Implementation Project Leader, (NIST) Computer Security Division Project Leader, Joint Task Force Transformation Initiatives Interagency Working Group (Working Group that Developed the Unified Controls for DoD, Civilian and Intelligence Communities) Dr. Ron Ross is a NIST Fellow and a senior computer scientist and information security researcher at the National Institute of Standards and Technology (NIST). His areas of specialization include security requirements definition, security testing and evaluation, and information assurance. Dr. Ross currently leads the FISMA Implementation Project for NIST, which includes the development of key security standards and guidelines for the federal government and critical information infrastructure. His recent publications include FIPS 199 (the security categorization standard), Special Publication 800-53 (the security controls guideline), and Special Publication 800-37 (the system certification and accreditation guideline) and the new Special Publication 800-37 Revision 1, (Risk Management Framework) and Special Publication 800 -53 Rev 1, 2, 3 and 4.. Ross is also the architect of the risk management framework that integrates the suite of NIST security standards and guidelines into a comprehensive enterprise security program. Guest Speakers: Tim Ruland Chief IT Security Officerand CISO US Census Bureau Mr. Ruland began his career in the military where he served 13 years in the US Army. He served in many assignments; including Thailand, Germany, Fort Ord, CA., and Ft. Meade, MD., as a Military Intelligence Analyst and Linguist (Vietnamese, Russian and Korean) and Military Policeman. Upon his honorable discharge from the Army he served as a Software Configuration Manager with a Defense contractor for four years. Mr. Ruland began his career at the Census Bureau in 1991 when he was hired to establish a configuration management process for the 1992 Economic Census. After which he earned the position of Division Security Officer. After spending 18 months as the Division Security Officer, Configuration Manager and system administrator, Mr. Ruland moved to the ADP Security Branch. The ADP Security Branch was a small branch of seven people in the Administrative and Finance Division. In 1998, Mr. Ruland was promoted to Branch Chief where his first action was to change the name of the organization to better reflect the more diverse role of the organization, the IT Security Branch. Mr. Ruland has been instrumental in the development of the Census Bureau IT Security Program and the office has grown to four staffs consisting of 27 employees and approximately 20 contractors in support of the enterprise IT Security Program. He has managed the Census Bureau IT Security Program through two Decennial Census operations in 2000 and 2010 and is engaged in security planning for the 2020 Decennial Census. He has begun to implement the Risk Management Framework at the Census Bureau and began by deciding to completely change the process of system security to one that embraces and fosters a risk based environment. He and his team have briefed Ron Ross on the process and at Ron�s suggestion have begun to present the Census Bureau framework methodology to other federal agencies. The growth of the security staffs resulted in a reorganization establishing Mr. Ruland as the Chief Information Security Officer (CISO) reporting directly to the CIO and providing regular briefings and support to the Census senior executives as well as providing briefings to the Department of Commerce. He also successfully re-named the office to the Office of Information Security, again recognizing the changes in the scope of the mission. Mr. Ruland is a CISSP, CISM, CFCP and holds a Master�s Certificate in Project Management from George Washington University. He has completed the Framework for FISMA Seminar Series hosted by the Potomac Forum and is a FISMA Fellow. He is currently pursuing certification as a Information System Security Engineering Professional (ISSEP) from ISC(2), and a professional certification as a Certified in Risk and Information Security Controls (CRISC) specialist through ISACA. Mr Ruland is working also working on a degree as a Paralegal. Mr. Ruland holds a Sociology Degree from the University of Maryland. Instructors: Daniel Philpott, CISSP, CAP Information Security Engineer Information Assurance Division OnPoint Consulting Daniel Philpott is an Information Security Engineer with the Information Assurance Division of OnPoint Consulting where he works with Federal agencies on FISMA compliance and Risk Management. Daniel is the founder of the FISMApedia.org wiki and FISMA Arts training projects. His pre-FISMA work at NIST involved the securing of external servers, incident response, development of security checklists, and creation of baseline system configurations. With his technical focus, Daniel brings an operational security perspective to the theory and practice of FISMA compliance. His long experience in the IT security space provides his Federal clients with depth of knowledge and a diverse skill set encompassing compliance, practice and risk management. He is depended upon to provide analysis and insight on IT security and governance matters for senior staff. Michael Smith, CISSP-ISSEP Security Evangelist Akamai Technologies Michael Smith serves as Akamai�s Security Evangelist and the customer-facing ambassador from the Information Security Team. He is a cross-functional liaison between security, sales, product management, compliance, engineering, professional services, and marketing. He helps government and industry better understand complex IT security issues, government policy and regulations and implementation of NIST guidelines and standards. Previously, Michael Smith was a Manager in the Audit and Enterprise Risk Services organization of Deloitte & Touche LLP, where he lead engagements to provide security services to both commercial enterprises and government agencies. Prior to Joining Deloitte, Michael served as the Chief Information Security Officer with the Unisys Federal Service Delivery Center based in Reston, Virginia. His scope of responsibility included both providing governance and managing risk for several data centers, Security Operations Center, Network Operations Center, and Server Management Team. Michael has performed numerous tasks throughout the Certification and Accreditation (C&A) process for clients in the Federal Civilian and Department of Defense environments. He has designed and performed security testing and evaluation engagements against national level systems in both the Federal Civilian and Department of Defense environments. Michael assisted with development of a DITSCAP methodology and Standard Operating Procedures for the Department of Defense's Tricare Management Activity (TMA) as well as performed many of the tasks associated with that methodology. Throughout the time Michael spent working with the TMA, he was responsible for development of documentation, performing security testing and evaluation, evaluating and conducting assessments of physical security, and the development and performance of risk assessments for remote sites throughout the continental United States. While engaged with the Transportation Security Administration, Michael developed C&A documentation for numerous systems and sites throughout the Transportation Security Administration and helped to use C&A as the catalyst to build a security program. Michael graduated from the prestigious Defense Language Institute in Monterey, CA with a Department of Defense advanced linguistic certification in Russian and spent several years on active duty in the US army as a translator and specialist in information security. In 2004, Michael was activated as a member of the Virginia National Guard and deployed to Afghanistan, where he conducted numerous combat patrols as an infantry squad leader.

Relevant Government Agencies

Air Force, Army, Navy & Marine Corps, Intelligence Agencies, DOD & Military, Office of the President (includes OMB), Dept of Agriculture, Dept of Commerce, Dept of Education, Dept of Energy, Dept of Health & Human Services, Dept of Homeland Security, Dept of Housing & Urban Development, Dept of the Interior, Dept of Justice, Dept of Labor, Dept of State, Dept of Transportation, Dept of Treasury, Dept of Veterans Affairs, EPA, GSA, USPS, SSA, NASA, Other Federal Agencies, Legislative Agencies (GAO, GPO, LOC, etc.), Judicial Branch Agencies, State Government, County Government, City Government, Municipal Government, CIA, FEMA, Office of Personnel Management, Coast Guard, National Institutes of Health, FAA, Census Bureau, USAID