Join us on Tuesday, June 19 for our monthly chapter meeting:
Topic:
Incorporating Enterprise Priorities to the Risk Management Framework
Speaker:
Noel A Nazario
Federal Cyber Security Senior Director for Annuk Inc.
Abstract:
On September 28th, the National Institute of Standards and Technology (NIST) announced the release of a discussion draft of Special Publication (SP) 800-37, Revision 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. A key goal of this document is to institutionalize critical enterprise-wide risk management preparatory activities to facilitate a more efficient and cost-effective execution of the Risk Management Framework at the system and operational level.
This presentation will discuss this organizational preparation step and propose implementation strategies that facilitate better communication between system owners and senior leaders and executives at the enterprise and mission/business process levels. We will also discuss outputs of the organizational preparation step including the clear definition of organizational risk tolerance and acceptable limits for the implementation of security and privacy controls; identification of common controls and the development of organization-wide tailored security and privacy control baselines; reductions to the complexity of the IT infrastructure; and identification of high-value assets and high-impact systems to prioritize their protection.
About the Speaker:
Noel A. Nazario is Federal Cyber Security Senior Director for Annuk Inc. He is focused on growing Annuk's presence within the U.S. Federal market and supporting the Washington Metropolitan Area Transit Authority (WMATA) by leading their IT Architecture Review Board. As ARB Lead, he brings a wealth of technical and leadership experience to steer WMATA towards a coherent IT Enterprise Architecture that is closely aligned with organization-wide goals and supports the integration of best-in-class practices and new technologies.
Mr. Nazario currently holds a Certified Information Security Manager (CISM) designation. He participates in multiple industry groups and is a frequent conference host and speaker for organizations such as the ISACA Greater Washington, DC Chapter.
Specialties: Cyber Security; IT Enterprise Architecture; IT Governance; Federal Cloud; FedRAMP; Federal Information Security Management Act (FISMA); IT Program Management; IT Strategy and Risk Management; Public Key Infrastructure (PKI); security labels and data categorization; development of IT security standards and secure communications protocols; IT controls and risk assessment; shared service provider assessments; compliance with Federal cyber security requirements.
Please RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.
Tuesday, June 19, 2018 6:30 PM
Center for American Progress (CAP)
1333 H St. NW
10th Floor
Washington, DC, 20005
Click here for details.