- This event has passed.
NIST RMF: A Flexible Methodology to Manage Information Security & Privacy Risk
March 9 @ 9:30 am - 11:30 am
The subject NIST RMF webcast will be the foundation this meetup.
Details of this Feb 28, 2019 webcast can be viewed at https://www.nist.gov/news-events/events/2019/02/nist-risk-management-framework-webcast-flexible-methodology-manage
For those who missed the webcast, you may download its recording on the Meetup’s Google Drive at URL: https://drive.google.com/open?id=1qn3n1oE8wjNQMv2VfPoO5_exoqRZblBz If you have the opportunity to review prior to the meeting, you’ll be better able to join in the lively discussion.
Dr. Ron Ross, NIST Fellow, introductory overview of the updates in SP[masked], Revision 2 will be shown, followed by a deep dive into the Steps and Tasks of the RMF. The meetup will selectively review one or more of these topics:
1. Providing a closer link and communication between the risk management processes and activities at the C-suite and the individuals, processes, and activities at the system and operational level of the organization through the addition of the Prepare Step;
2. Institutionalizing foundational risk management preparatory activities at all risk management levels;
3. Demonstrating how the NIST Cybersecurity Framework can be aligned with the RMF and implemented using established NIST risk management processes;
4. Integrating privacy risk management processes into the RMF to better support the privacy protection needs for which privacy programs are responsible;
5. Promoting the development of trustworthy secure software and systems by aligning life cycle-based systems engineering processes in NIST SP[masked] Volume 1;
6. Integrating security-related, supply chain risk management (SCRM) concepts into the RMF to address untrustworthy suppliers, insertion of counterfeits, tampering, unauthorized production, theft, insertion of malicious code, and poor manufacturing and development practices throughout the SDLC; and
7. Allowing for an organization-generated control selection approach to complement the traditional baseline control selection approach and support the use of the consolidated security and privacy control catalog in NIST SP[masked] Revision 5.
IF YOU WOULD LIKE TO LEARN MORE BY LEADING THE DISCUSSION ON ANY OF THESE TOPICS, please contact the meetup organizers.
MEETUP LOCATION: Marymount University Ballston Center, 1000 N. Glebe Road, Arlington, Virginia. Parking is available in their underground garage; entrance on N. Wakefield Street. Go to lobby and take elevator to 2nd Floor. Turn to your left to another elevator to fourth floor. Follow signs to the assigned room that will be determined by number of people who RSVP.
Besides earning Professional Development Units (PDUs) for participating our ISSA NoVa RMF LifeBoat meeting, we all receive the encouragement and help we need for our cyber security professional growth. The friendly interactive presentations by our members of the meetup always lead to lively respectful discussions. Members always take away information that they that can be applied on the job in the following weeks! In additional our LifeBoat group meetings provide opportunities for the all-important professional networking. If you have a vexing problem, share with like-minded security professionals. They may have already successfully developed a way forward to resolve it.