June 16, 2009

June Meeting Topic: Integrated Enterprise-wide Risk Management
Organization, Mission, and Information Systems View

Dr. Ron Ross
Computer Security Division
Information Technology Laboratory
National Institute of Standards and Technology

Abstract
Helping organizations develop an enterprise-wide risk management strategy that integrates information security requirements into mission/business processes and the information systems supporting those processes is a top priority for NIST as it updates and revises key information security publications in 2009. Proposed changes in federal legislation seek to "operationalize" FISMA moving away from strict compliance-based policies to a full implementation of a Risk Management Framework. NIST Special Publications 800-53, 800-37, 800-39, and 800-30 are being updated to incorporate new strategic and tactical guidance for implementing information security programs and managing risk in dynamic environments of operation with sophisticated adversaries and advanced cyber threats.

Dr Ron Ross


About Dr. Ross
Dr. Ron Ross is a senior computer scientist and information security researcher at the National Institute of Standards and Technology (NIST). His current areas of specialization include security requirements definition, testing and evaluation, risk management, and information assurance. Dr. Ross leads the Federal Information Security Management Act (FISMA) Implementation Project for NIST, which includes the development of key security standards and guidelines for the federal government, support contractors, and the United States critical information infrastructure. His recent publications include Federal Information Processing Standards (FIPS) Publication 199 (security categorization standard), FIPS Publication 200 (security requirements standard), NIST Special Publication 800-53 (security controls guideline), NIST Special Publication 800-53A (security assessment guideline), NIST Special Publication 800-37 (security certification and accreditation guideline), and NIST Special Publication 800-39 (risk management guideline). Dr. Ross is also the principal architect of the NIST Risk Management Framework that provides a disciplined and structured methodology for integrating the suite of FISMA security standards and guidelines into a comprehensive enterprise-wide information security program.

June 16, 2009 6:30 PM

740 15th Street NW
4th floor
Washington, DC 20005

Click here for details.

Please email your RSVP if you plan to attend.