ig metrics maturity model and the new ig fisma assessment
play

IG Metrics: Maturity Model and the New IG FISMA Assessment Approach - PowerPoint PPT Presentation

Dec 20, 2023 •6 likes •86 views

IG Metrics: Maturity Model and the New IG FISMA Assessment Approach John Ippolito CISSP, PMP Consultant Mary Harmison CPA, Audit Manager Office of Inspector General Federal Trade Commission FISMA = FISMA Federal Information Security

  1. IG Metrics: Maturity Model and the New IG FISMA Assessment Approach John Ippolito CISSP, PMP Consultant Mary Harmison CPA, Audit Manager Office of Inspector General Federal Trade Commission

  2. FISMA = FISMA Federal Information Security Modernization Act (FISMA) of 2014 Replaced Federal Information Security Management Act (FISMA) 2 3/15/ 2016

  3. FISMA Requires Annual Independent Evaluation FISMA Independent Evaluations Combine Information Security ¥ Structured Processes with Control Effectiveness Metrics 3 3/15/ 2016

  4. NIST 800-53 Definition of Effectiveness “ Security control effectiveness addresses the extent to which the controls are implemented correctly, operating as intended, and pr oducing the desired outcome with respect to meeting the s ecurity requirements for the information system in its o perational environment.” 4 3/15/ 2016

  5. INFORMATION SECURITY AND PRIVACY ADVISORY BOARD IG Panel June 10, 2015 5 3/15/ 2016

  6. ISCM Maturity Model for FY2015 FISMA 5 level scale across 3 domains ¥ Scale/Domain People Processes T echnology 1 - Ad-hoc 2 - Defined 3 - Consistently Implemented 4 - Managed and Measurable 5 - Optimized 6 3/15/ 2016

  7. Educator’s Role Level 2 ¥ Assess the skills, knowledge, and resources needed to effectively implement an ISCM program. Develop a plan for closing any gaps identified. Level 3 ¥ Implement plans to close any gaps in skills, knowledge, and resources required to successfully implement an ISCM program. Personnel possess the required knowledge, skills, and abilities to effectively implement the organization’s ISCM program. Level 4 ¥ Consistently implement, monitor, and analyze qualitative and quantitative performance measures across the organization and collect, analyze, and report data on the effectiveness of the organization’s ISCM program. Level 5 ¥ Ensure assigned personnel collectively possess a high skill level to perform and update ISCM activities on a near real-time basis to make any changes needed to address ISCM results based on organization risk tolerance, the threat environment, and business/mission requirements. 7 3/15/ 2016

  8. Address Evaluation Criteria Demonstrate training effectiveness of training material ¥ Demonstrate training effectiveness ¥ ¥ Elimination of training GAPS ¥ Adapts to change Quantitative vs Qualitative measures ¥ 8 3/15/ 2016

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

KLU Building a Maturity Model A Maturity Model WHAT ARE MATURITY MODELS? Maturity means

KLU Building a Maturity Model A Maturity Model WHAT ARE MATURITY MODELS? Maturity means

KLU Building a Maturity Model A Maturity Model WHAT ARE MATURITY MODELS? Maturity means ripeness and describes the transition from an initial to a more advanced state of a process, project, etc. Maturity Models reflect the degree to

399 views • 26 slides
Software Process Assessment Using SEIs Software Capability Maturity Model Neal S. Coulter

Software Process Assessment Using SEIs Software Capability Maturity Model Neal S. Coulter

Software Process Assessment Using SEIs Software Capability Maturity Model Neal S. Coulter College of Computing, Engineering, and Construction University of North Florida Slide -1 Can Software Development Practices Improve Dramatically? - 1

744 views • 48 slides
Growth Maturity and Decline Metrics CHAOSSCON Europe 2019 February 1, 2019 Brussels, Belgium

Growth Maturity and Decline Metrics CHAOSSCON Europe 2019 February 1, 2019 Brussels, Belgium

Growth Maturity and Decline Metrics CHAOSSCON Europe 2019 February 1, 2019 Brussels, Belgium Growth Maturity and Decline Metrics 1. Current status & Roadmap 2. Focus Areas 3. Use Cases 4. Metrics 5. How to contribute Current status

455 views • 11 slides
Traffic Incident Management Capability Maturity Self-Assessment 2018 Results 1 TIM Capability

Traffic Incident Management Capability Maturity Self-Assessment 2018 Results 1 TIM Capability

Traffic Incident Management Capability Maturity Self-Assessment 2018 Results 1 TIM Capability Maturity Self-Assessment Originally developed by FHWA in 2002 as a way to assess current state-of-practice in TIM and for local/regional/state

560 views • 20 slides
ICH and IT-AAC FITARA Roadmap for Sustainable IT Reform A decision analytics maturity model for

ICH and IT-AAC FITARA Roadmap for Sustainable IT Reform A decision analytics maturity model for

ICH and IT-AAC FITARA Roadmap for Sustainable IT Reform A decision analytics maturity model for measuring business value and risk of commercial IT 1 ICH and IT-AAC Public/Private Partnership Used on the Risk Assessment Best Practices, Design

410 views • 23 slides
Organizing for Innovation Excellence Introduction to an International Innovation Maturity Model

Organizing for Innovation Excellence Introduction to an International Innovation Maturity Model

Organizing for Innovation Excellence Introduction to an International Innovation Maturity Model Product Development and Management Association 1 Why should organizations implement an Innovation Maturity Model? Commoditization is

428 views • 25 slides
Taking account of maturity: assessment and good practice European alternatives to custody

Taking account of maturity: assessment and good practice European alternatives to custody

Taking account of maturity: assessment and good practice European alternatives to custody workshop. By Amy Hall Equality Officer What we will look at Introduction to maturity What the evidence tell us Best practice for staff and

384 views • 24 slides
Vector-Based Metrics for Assessing Technology Maturity Gerard E. Sleefe, Ph.D. Senior Technical

Vector-Based Metrics for Assessing Technology Maturity Gerard E. Sleefe, Ph.D. Senior Technical

Vector-Based Metrics for Assessing Technology Maturity Gerard E. Sleefe, Ph.D. Senior Technical Deputy to the Chief Engineer Sandia National Laboratories Albuquerque, NM, USA Contact: 505-844-2195; gesleef@sandia.gov Sandia is a

327 views • 20 slides
Roundtable on the Review of the Benchmark Regulation Organised by DG FISMA, European Commission,

Roundtable on the Review of the Benchmark Regulation Organised by DG FISMA, European Commission,

Roundtable on the Review of the Benchmark Regulation Organised by DG FISMA, European Commission, 26 November 2019 Meeting room Thierry Stoll, DG FISMA, Rue de Spa 2, 1000 Brussels 1 8:15 9:00 Registration and welcome coffee 9:00

664 views • 3 slides
Cybersecurity Maturity Model Certification (CMMC) CMMC Model v1.0 31 January 2020 DISTRIBUTION

Cybersecurity Maturity Model Certification (CMMC) CMMC Model v1.0 31 January 2020 DISTRIBUTION

Cybersecurity Maturity Model Certification (CMMC) CMMC Model v1.0 31 January 2020 DISTRIBUTION A. Approved for public release Without a Secure Foundation All Functions are at Risk Cost, Schedule, and Performance are only effective in a SECURE

481 views • 15 slides
INFORMS Analytics Maturity Model Rocky Mountain INFORMS Chapter Meeting Denver CO| May 28, 2014

INFORMS Analytics Maturity Model Rocky Mountain INFORMS Chapter Meeting Denver CO| May 28, 2014

INFORMS Analytics Maturity Model Rocky Mountain INFORMS Chapter Meeting Denver CO| May 28, 2014 Norm Reitter, Director of Analytics CANA Advisors, nreitter@canallc.com INFORMS AMM Committee Chair 1 INFORMS Analytics Maturity Agenda

419 views • 14 slides
ASAS applications maturity assessment Operational concept 4 3 Benefits & Transition issues

ASAS applications maturity assessment Operational concept 4 3 Benefits & Transition issues

Aeronautics Days, 19 th 21 st June 2006 Airborne Separation Assistance System (ASAS) Thematic Network 2: ASAS applications maturity assessment Operational concept 4 3 Benefits & Transition issues 2 constraints 1 0 Systems, HMI

504 views • 15 slides
CYBERSECURITY MATURITY MODEL CERTIFICATION V1.0 PRESENTED TO: DEFENSE ALLIANCE OF NC S&T

CYBERSECURITY MATURITY MODEL CERTIFICATION V1.0 PRESENTED TO: DEFENSE ALLIANCE OF NC S&T

NORTH CAROLINA MILITARY BUSINESS CENTER CYBERSECURITY MATURITY MODEL CERTIFICATION V1.0 PRESENTED TO: DEFENSE ALLIANCE OF NC S&T FORUM 13 FEB 2020 WWW.NCMBC.US What is CMMC? Unified cybersecurity standard for DoD acquisition

390 views • 22 slides
ASAS applications maturity assessment Operational concept 4 3 Benefits & Transition issues

ASAS applications maturity assessment Operational concept 4 3 Benefits & Transition issues

ASAS-TN2 Seminar, Paris, 14-15 April 2008 Airborne Separation Assistance System (ASAS) Thematic Network 2: ASAS applications maturity assessment Operational concept 4 3 Benefits & Transition issues 2 constraints 1 0 Systems, HMI

362 views • 13 slides
role of metrics in research assessment and management. The review will consider the robustness

role of metrics in research assessment and management. The review will consider the robustness

I can announce today that I have asked HEFCE to undertake a review of the role of metrics in research assessment and management. The review will consider the robustness of metrics across different disciplines and assess their potential

468 views • 17 slides
Towards development of a toplevel TC/268 maturity model TC268 Working Group 4: Page 1

Towards development of a toplevel TC/268 maturity model TC268 Working Group 4: Page 1

08/03/2018 Towards development of a toplevel TC/268 maturity model TC268 Working Group 4: Page 1 Strategies for smart and sustainable communities Introduction At the Paris meeting of TC/268, the UK suggested that it would be helpful

472 views • 7 slides
Office of Inspector General Friedrich Wilhelm Von [Baron] Steuben, (1730 1794), Revolutionary

Office of Inspector General Friedrich Wilhelm Von [Baron] Steuben, (1730 1794), Revolutionary

National Endowment for the Arts Office of Inspector General Friedrich Wilhelm Von [Baron] Steuben, (1730 1794), Revolutionary War general The first Inspector General: appointed by George Washington to ready the troops at Vally Forge

212 views • 19 slides
RESULTS PRESENTATION Half Year Ended 30 th November 2017 IG Group Holdings plc H1 FY18 Results

RESULTS PRESENTATION Half Year Ended 30 th November 2017 IG Group Holdings plc H1 FY18 Results

RESULTS PRESENTATION Half Year Ended 30 th November 2017 IG Group Holdings plc H1 FY18 Results DISCLAIMER This presentation, prepared by IG Group Holdings plc (the Company), may contain forward-looking statements about the Company.

539 views • 41 slides
Modern Software Solutions for Wealth Management: Efficiency through automation STOCKHOLM

Modern Software Solutions for Wealth Management: Efficiency through automation STOCKHOLM

Modern Software Solutions for Wealth Management: Efficiency through automation STOCKHOLM 2019-04-25 Richard Nordin FA SOLUTIONS OUR STORY Turnover growth rate hit We decided that SaaS FA Solutions is the future 100% and has varied between

341 views • 12 slides
Your Diagnostics Partner March 2019 Nasdaq: TRIB Overview Founded in 1992 quoted on

Your Diagnostics Partner March 2019 Nasdaq: TRIB Overview Founded in 1992 quoted on

POINT OF CARE | CLINICAL LABORATORY Your Diagnostics Partner March 2019 Nasdaq: TRIB Overview Founded in 1992 quoted on NASDAQ (TRIB) Headquartered in Bray, Ireland (favourable tax regime 12% corporation tax) Significant

341 views • 22 slides
Number of South Florida Multi-Housing Sales 300 250 200 150 100 50 - 2007 2008 2009 2010

Number of South Florida Multi-Housing Sales 300 250 200 150 100 50 - 2007 2008 2009 2010

Number of South Florida Multi-Housing Sales 300 250 200 150 100 50 - 2007 2008 2009 2010 2011 2012 2013 YTD PCG Sales IG Sales PCG Sales < $20 million IG Sales > $20 million * Source :: Costar CBRE | Page 1 Dollar Volume

80 views • 3 slides
Interest Group on International Law of Culture Presentation The IG on International Law of

Interest Group on International Law of Culture Presentation The IG on International Law of

Interest Group on International Law of Culture Presentation The IG on International Law of Culture was created at the 2018 ESIL Conference (Manchester). It aims to gather the many researchers working in this highly developed but fast-changing

313 views • 3 slides
Promoting Ethics in Government John A. Carey INSPECTOR GENERAL History of U.S. Inspectors

Promoting Ethics in Government John A. Carey INSPECTOR GENERAL History of U.S. Inspectors

ENHANCING PUBLIC TRUST IN GOVERNMENT The IGs Role in Promoting Ethics in Government John A. Carey INSPECTOR GENERAL History of U.S. Inspectors General. The Palm Beach County Office of Inspector General. The IGs

476 views • 43 slides
Regulated Products Working Group Open Stakeholder Meeting March 2016 Nancy Shadeed Health

Regulated Products Working Group Open Stakeholder Meeting March 2016 Nancy Shadeed Health

Regulated Products Working Group Open Stakeholder Meeting March 2016 Nancy Shadeed Health Canada RPS Implementation Plan 2 What is Implementation? STANDARD Defines all possible data and relationships Submissions ( i.e. Shonin, Class

171 views • 14 slides

More recommend