Presentation is loading. Please wait.

Presentation is loading. Please wait.

New Paradigms for Capital Planning in IT Security Sandy Washington Federal Railroad Administration July 22, 2008.

Published byRobert Phelps Modified over 8 years ago

Similar presentations

Presentation on theme: "New Paradigms for Capital Planning in IT Security Sandy Washington Federal Railroad Administration July 22, 2008."— Presentation transcript:

1 New Paradigms for Capital Planning in IT Security Sandy Washington Federal Railroad Administration July 22, 2008

2 Topics Federal Railroad Administration’s (FRA) IT Governance Integrating Continuous Monitoring into IT Security Governance

3 FRA’s IT Governance Cycle Cycle/Quarters 1 & 2: Program Reviews ▫Review Content: cost, schedule, performance and risk ▫Information Sources: Investment Review Template, PM Notebook ▫Decisions: “Continue As-Is”, “Continue With Modifications”, “Discontinue” Cycle/Quarter 3: Portfolio Review ▫Review Content: portfolio “mix”, total spending, new budget year requirements, mid- year requirements, Ex300 95% Solution ▫Information Sources: Spending Matrix, OMB Exhibit 53, new investments ▫Decisions: “Continue Portfolio As-Is”, “Continue Portfolio With Modifications” Cycle/Quarter 4: Process Review ▫Review Content: CPIC and EA processes, communication channels, review template ▫Information Sources: FRA Integrated EA & CPIC Handbook, PM Handbook, Investment Review Template ▫Decisions: “Continue Process As-Is”, “Continue Process With Modifications” 3 Q1 Program Review Q2 Program Review Q3 Portfolio Review Q4 Process Review PM Notebook Investment Review Template IT Spending Matrix FRA IT Governance Documents

4 FRA IT Governance Relationships 4

5 Continuous Monitoring ▫The continuous monitoring of security controls can be achieved through security reviews, self-assessments, security testing and evaluation, or audits. 1 ▫Continuous Monitoring requires tight inventory control and a well documented baseline IT configuration/ enterprise architecture. Initiation Phase Security Certification Phase Security Accreditation Phase Continuous Monitoring Phase 1 NIST Special Publication 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems, May 2004.

6 Integration Configuration Control Board (CCB) Implement and enforce the FRA’s Configuration Control Board to include: ▫Continuous monitoring status reporting and documentation of all software and hardware. Expand documentation changes to the organization’s information systems and supporting infrastructure beyond the operational information system. Identify all Configuration Items.

7 FRA Accomplishments & Next Steps Accomplishments ▫Security team formed a close relationship with the enterprise architecture team and leveraged segment architecture development. ▫Provided continuous monitoring training to system owners. Next Steps ▫Update FRA’s CCB Charter. ▫Identify changes to working group processes. ▫Realign security funding.

8 Contact Information Sandy Washington Federal Railroad Administration Office of Information Technology (202) 493-1309 Sandy.washington@dot.gov

Download ppt "New Paradigms for Capital Planning in IT Security Sandy Washington Federal Railroad Administration July 22, 2008."

Similar presentations

GRO Project Management Handbook

GRO Project Management Handbook
CPIC Training Session: Enterprise Architecture

CPIC Training Session: Enterprise Architecture
An Overview of the Federal Segment Architecture Methodology

An Overview of the Federal Segment Architecture Methodology
Enterprise Performance Life Cycle (EPLC) Stage Gate Reviews

Enterprise Performance Life Cycle (EPLC) Stage Gate Reviews
The Value of a Project Management Office Copyright: Kathy J. Lang, 2004.

The Value of a Project Management Office Copyright: Kathy J. Lang, 2004.
Global Congress Global Leadership Vision for Project Management.

Global Congress Global Leadership Vision for Project Management.
Texas Department of Information Resources Presents

Texas Department of Information Resources Presents
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
Presented by: Leslie H. Smith, Manager Flight Technologies and Procedures Division, AFS-400 AVS Acquisition Executive Board (AEB) Member Date: October.

Presented by: Leslie H. Smith, Manager Flight Technologies and Procedures Division, AFS-400 AVS Acquisition Executive Board (AEB) Member Date: October.
NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.

NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.
CDC PM SUMMIT Operational Analysis. Federal Concierge LLC All Rights Reserved Janelle B. Hill Lead Consultant of Federal Concierge LLC, www.federalconcierge.comwww.federalconcierge.com.

CDC PM SUMMIT Operational Analysis. Federal Concierge LLC All Rights Reserved Janelle B. Hill Lead Consultant of Federal Concierge LLC,
Presented By: Thelma Ameyaw Security Management TEL2813 4/18/2008Thelma Ameyaw TEL2813.

Presented By: Thelma Ameyaw Security Management TEL2813 4/18/2008Thelma Ameyaw TEL2813.
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.

NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
Overarching Roles of Critical Partners In A Project 9:30 – 10:00 Rob Curlee, FMO Joseph Dominque, OCISO Mike Perry, EA.

Overarching Roles of Critical Partners In A Project 9:30 – 10:00 Rob Curlee, FMO Joseph Dominque, OCISO Mike Perry, EA.
OPM Cybersecurity Competencies by Occupation (Technical Competencies) 2210085508540391 Information Technology Management Series Electronics Engineering.

OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.
CHIEF INFORMATION OFFICER DEPARTMENT OF HEALTH AND HUMAN SERVICES OFFICE OF THE U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES John Teeter Deputy Chief Information.

CHIEF INFORMATION OFFICER DEPARTMENT OF HEALTH AND HUMAN SERVICES OFFICE OF THE U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES John Teeter Deputy Chief Information.
HHS CEA Executive Briefing Enterprise Performance Life Cycle (EPLC) Overview February 6, 2009.

HHS CEA Executive Briefing Enterprise Performance Life Cycle (EPLC) Overview February 6, 2009.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Enterprise Architecture The Arkansas Approach. Key Areas What is enterprise architecture? Why is it important? How you can participate Current status.

Enterprise Architecture The Arkansas Approach. Key Areas What is enterprise architecture? Why is it important? How you can participate Current status.
Project Process Discussion Adam D. Martinez Mgr, Market Ops Divisional Projects Organization ERCOT RMS Meeting May 10, 2006.

Project Process Discussion Adam D. Martinez Mgr, Market Ops Divisional Projects Organization ERCOT RMS Meeting May 10, 2006.

Similar presentations

Ads by Google