New Paradigms for Capital Planning in IT Security Sandy Washington Federal Railroad Administration July 22, 2008.

Slides:

Advertisements

Similar presentations

GRO Project Management Handbook

Advertisements

CPIC Training Session: Enterprise Architecture

An Overview of the Federal Segment Architecture Methodology

Enterprise Performance Life Cycle (EPLC) Stage Gate Reviews

The Value of a Project Management Office Copyright: Kathy J. Lang, 2004.

Global Congress Global Leadership Vision for Project Management.

Texas Department of Information Resources Presents

BENEFITS OF SUCCESSFUL IT MODERNIZATION

Presented by: Leslie H. Smith, Manager Flight Technologies and Procedures Division, AFS-400 AVS Acquisition Executive Board (AEB) Member Date: October.

NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.

CDC PM SUMMIT Operational Analysis. Federal Concierge LLC All Rights Reserved Janelle B. Hill Lead Consultant of Federal Concierge LLC,

Presented By: Thelma Ameyaw Security Management TEL2813 4/18/2008Thelma Ameyaw TEL2813.

NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.

Overarching Roles of Critical Partners In A Project 9:30 – 10:00 Rob Curlee, FMO Joseph Dominque, OCISO Mike Perry, EA.

OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.

CHIEF INFORMATION OFFICER DEPARTMENT OF HEALTH AND HUMAN SERVICES OFFICE OF THE U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES John Teeter Deputy Chief Information.

HHS CEA Executive Briefing Enterprise Performance Life Cycle (EPLC) Overview February 6, 2009.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Enterprise Architecture The Arkansas Approach. Key Areas What is enterprise architecture? Why is it important? How you can participate Current status.

Project Process Discussion Adam D. Martinez Mgr, Market Ops Divisional Projects Organization ERCOT RMS Meeting May 10, 2006.

Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.

© 2008 Prentice Hall11-1 Introduction to Project Management Chapter 11 Managing Project Execution Information Systems Project Management: A Process and.

Project Execution.

Series 2: Project Management Advanced Project Management for Behavioral Health Electronic Health Records (EHRs) 9/2013 From the CIHS Video Series “Ten.

Basel Accord IITRANSITIONSERVICES Business Integration Support FCM Management Limited Paris New York Toronto.

Proposed EA Assessment Framework 2.0 Chief Architect’s Forum (CAF) Dick Burk Chief Architect and Director of Federal Enterprise Architecture Program, OMB.

The Microsoft Office 2007 Enterprise Project Management Solution:

PMP® Exam Preparation Course

N-Wave Shareholders Meeting May 23, 2012 N-Wave Security Update Lisa

Project Management for RIM Professionals Last Updated: 3/13/2011 Sarina Arcari, PMP VP Implementation & Product Planning Amerigroup Corporation 3/15/11.

September 2004 Copyright 2004 Antevorte Consulting, LLC Vision for Information Technology Service Delivery in Oregon David Rudawitz Antevorte Consulting,

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

December 14, 2011/Office of the NIH CIO Operational Analysis – What Does It Mean To The Project Manager? NIH Project Management Community of Excellence.

1.  Describe an overall framework for project integration management ◦ RelatIion to the other project management knowledge areas and the project life.

Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.

MD Digital Government Summit, June 26, Maryland Project Management Oversight & System Development Life Cycle (SDLC) Robert Krauss MD Digital Government.

Lecture 11 Managing Project Execution. Project Execution The phase of a project in which work towards direct achievement of the project’s objectives and.

Business and Systems Aligned. Business Empowered. TM Federal Identity Management Handbook May 5, 2005.

© Dr. John T. Whiting All Rights Reserved Slide 1 Information Technology – The Key to Public Education Reform Based.

0 Un ited States Environmental Protection Agency Office of Environmental Information Enterprise Architecture Program Enterprise Architecture Working Group.

1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.

IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.

1 Geospatial Enterprise Architecture Community of Practice Development of a Federal Enterprise Architecture Geospatial Profile Update for the Federal Geographic.

Dr. Jana Jagodick Polytechnic of Namibia, 2012 Project Management Chapter 5 Project Integration Management.

CALIFORNIA DEPARTMENT OF EDUCATION Tom Torlakson, State Superintendent of Public Instruction CAIS Overview for FPM Reviews and Title III Improvement Plans.

Department of Defense Knowledge Fair Tim Young Office of Management and Budget September 27, 2007.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.

Project Management Project Integration Management Minder Chen, Ph.D. CSU Channel Islands

Project Management Basics

Evaluate Phase Pertemuan Matakuliah: A0774/Information Technology Capital Budgeting Tahun: 2009.

The Project Plan Plan Your Work, then Work Your Plan

HHS CEA Executive Briefing HHS Enterprise Performance Life Cycle (EPLC) and Program/Project Manager (PM) Certification NIH PM Forum September 12, 2007.

Capital Planning and Investment Control First Annual Federal Capital Planning & Investment Control Conference - July 23, 2008 Marla Somerville, Director,

1 The Department of Homeland Security CPIC Innovation and DHS First Annual Federal CPIC Conference Charles A. Santangelo Director, CPIC, U.S. Department.

The NIST Special Publications for Security Management By: Waylon Coulter.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Agenda 1. Key Activities, Accomplishments and Status 2. Meeting Notes and Action Items.

HRSA Overview HHS Op. Div. Budget Authority ($M) FY20081 IT Budget

Enterprise Content Management Owners Representative Contract Approval

CDC Project Management Resources for EHDI Programs

CDC Project Management Resources for EHDI Programs

CDC PM SUMMIT Operational Analysis

CDC Project Management Resources for EHDI Programs

CAF Quarterly Meeting Measuring the Value of an EA Practice

Achieving an Operational Office of Water Enterprise Architecture: FY Roadmap November 23, 2005 Achieving an Operational Office of Water Enterprise.

The Methodology for Business Transformation

Agenda Purpose for Project Goals & Objectives Project Process & Status Common Themes Outcomes & Deliverables Next steps.

SHARE Special Project Enterprise Learning Management Pilot Project Planning/Implementation Certification December 17, 2014 Requesting Agency: Cassandra.

Presentation transcript:

New Paradigms for Capital Planning in IT Security Sandy Washington Federal Railroad Administration July 22, 2008

Topics Federal Railroad Administration’s (FRA) IT Governance Integrating Continuous Monitoring into IT Security Governance

FRA’s IT Governance Cycle Cycle/Quarters 1 & 2: Program Reviews ▫Review Content: cost, schedule, performance and risk ▫Information Sources: Investment Review Template, PM Notebook ▫Decisions: “Continue As-Is”, “Continue With Modifications”, “Discontinue” Cycle/Quarter 3: Portfolio Review ▫Review Content: portfolio “mix”, total spending, new budget year requirements, mid- year requirements, Ex300 95% Solution ▫Information Sources: Spending Matrix, OMB Exhibit 53, new investments ▫Decisions: “Continue Portfolio As-Is”, “Continue Portfolio With Modifications” Cycle/Quarter 4: Process Review ▫Review Content: CPIC and EA processes, communication channels, review template ▫Information Sources: FRA Integrated EA & CPIC Handbook, PM Handbook, Investment Review Template ▫Decisions: “Continue Process As-Is”, “Continue Process With Modifications” 3 Q1 Program Review Q2 Program Review Q3 Portfolio Review Q4 Process Review PM Notebook Investment Review Template IT Spending Matrix FRA IT Governance Documents

FRA IT Governance Relationships 4

Continuous Monitoring ▫The continuous monitoring of security controls can be achieved through security reviews, self-assessments, security testing and evaluation, or audits. 1 ▫Continuous Monitoring requires tight inventory control and a well documented baseline IT configuration/ enterprise architecture. Initiation Phase Security Certification Phase Security Accreditation Phase Continuous Monitoring Phase 1 NIST Special Publication , Guide for the Security Certification and Accreditation of Federal Information Systems, May 2004.

Integration Configuration Control Board (CCB) Implement and enforce the FRA’s Configuration Control Board to include: ▫Continuous monitoring status reporting and documentation of all software and hardware. Expand documentation changes to the organization’s information systems and supporting infrastructure beyond the operational information system. Identify all Configuration Items.

FRA Accomplishments & Next Steps Accomplishments ▫Security team formed a close relationship with the enterprise architecture team and leveraged segment architecture development. ▫Provided continuous monitoring training to system owners. Next Steps ▫Update FRA’s CCB Charter. ▫Identify changes to working group processes. ▫Realign security funding.

Contact Information Sandy Washington Federal Railroad Administration Office of Information Technology (202)