FISMA 2014 CNS - gob.mx · FISMA Act. 2014 Categorize the information to be protected. Select...
Transcript of FISMA 2014 CNS - gob.mx · FISMA Act. 2014 Categorize the information to be protected. Select...
![Page 1: FISMA 2014 CNS - gob.mx · FISMA Act. 2014 Categorize the information to be protected. Select minimum baseline controls. Refine controls using a risk assessment procedure. Document](https://reader033.fdocuments.in/reader033/viewer/2022042313/5edd5ff9ad6a402d6668718f/html5/thumbnails/1.jpg)
FISMA Act 2014By: Israel ReyesOct 23, 2018
![Page 2: FISMA 2014 CNS - gob.mx · FISMA Act. 2014 Categorize the information to be protected. Select minimum baseline controls. Refine controls using a risk assessment procedure. Document](https://reader033.fdocuments.in/reader033/viewer/2022042313/5edd5ff9ad6a402d6668718f/html5/thumbnails/2.jpg)
![Page 3: FISMA 2014 CNS - gob.mx · FISMA Act. 2014 Categorize the information to be protected. Select minimum baseline controls. Refine controls using a risk assessment procedure. Document](https://reader033.fdocuments.in/reader033/viewer/2022042313/5edd5ff9ad6a402d6668718f/html5/thumbnails/3.jpg)
New Reality
![Page 4: FISMA 2014 CNS - gob.mx · FISMA Act. 2014 Categorize the information to be protected. Select minimum baseline controls. Refine controls using a risk assessment procedure. Document](https://reader033.fdocuments.in/reader033/viewer/2022042313/5edd5ff9ad6a402d6668718f/html5/thumbnails/4.jpg)
New Reality
![Page 5: FISMA 2014 CNS - gob.mx · FISMA Act. 2014 Categorize the information to be protected. Select minimum baseline controls. Refine controls using a risk assessment procedure. Document](https://reader033.fdocuments.in/reader033/viewer/2022042313/5edd5ff9ad6a402d6668718f/html5/thumbnails/5.jpg)
FISMA Act 2014.
The Federal Information Security Management Act (FISMA) isUnited States legislation that defines a comprehensiveframework to protect government information, operations andassets against natural or man-made threats
Assign responsibilities to the heads of the agencies. Conducts annual reviews in information security programs.
Establish a quantitative Risk framework.
Develop contingency and continuity of operations plans.
![Page 6: FISMA 2014 CNS - gob.mx · FISMA Act. 2014 Categorize the information to be protected. Select minimum baseline controls. Refine controls using a risk assessment procedure. Document](https://reader033.fdocuments.in/reader033/viewer/2022042313/5edd5ff9ad6a402d6668718f/html5/thumbnails/6.jpg)
FISMA Act 2014
FISMA
ELECTRONIC GOBERNMENT
ACT 2002
OMB
NIST
![Page 7: FISMA 2014 CNS - gob.mx · FISMA Act. 2014 Categorize the information to be protected. Select minimum baseline controls. Refine controls using a risk assessment procedure. Document](https://reader033.fdocuments.in/reader033/viewer/2022042313/5edd5ff9ad6a402d6668718f/html5/thumbnails/7.jpg)
Framework
FISMA Act. 2014
Categorize the information to be protected.Select minimum baseline controls.Refine controls using a risk assessment procedure.Document the controls in the system security plan.Implement security controls in appropriate information systems.Assess the effectiveness of the security.
![Page 8: FISMA 2014 CNS - gob.mx · FISMA Act. 2014 Categorize the information to be protected. Select minimum baseline controls. Refine controls using a risk assessment procedure. Document](https://reader033.fdocuments.in/reader033/viewer/2022042313/5edd5ff9ad6a402d6668718f/html5/thumbnails/8.jpg)
Vertical connectivity
Determine agency-level risk to the mission or business case.Authorize the information system for processing.Monitor the security controls on a continuous basis.
![Page 9: FISMA 2014 CNS - gob.mx · FISMA Act. 2014 Categorize the information to be protected. Select minimum baseline controls. Refine controls using a risk assessment procedure. Document](https://reader033.fdocuments.in/reader033/viewer/2022042313/5edd5ff9ad6a402d6668718f/html5/thumbnails/9.jpg)
Vertical connectivity
How FISMA framework helps
Catalyse good decisions
Enable people to manage time
Facilitate information flow
Manage assumptions
Focus on solutions and outcomesPrevent surprises
![Page 10: FISMA 2014 CNS - gob.mx · FISMA Act. 2014 Categorize the information to be protected. Select minimum baseline controls. Refine controls using a risk assessment procedure. Document](https://reader033.fdocuments.in/reader033/viewer/2022042313/5edd5ff9ad6a402d6668718f/html5/thumbnails/10.jpg)
The challenge Of FISMA implementation
![Page 11: FISMA 2014 CNS - gob.mx · FISMA Act. 2014 Categorize the information to be protected. Select minimum baseline controls. Refine controls using a risk assessment procedure. Document](https://reader033.fdocuments.in/reader033/viewer/2022042313/5edd5ff9ad6a402d6668718f/html5/thumbnails/11.jpg)
Disconnectivity
Look at the figure. What do you see -an old womanor young woman? Now look again to see if you canvisually and mentally reorganize the data to form adifferent image.
![Page 12: FISMA 2014 CNS - gob.mx · FISMA Act. 2014 Categorize the information to be protected. Select minimum baseline controls. Refine controls using a risk assessment procedure. Document](https://reader033.fdocuments.in/reader033/viewer/2022042313/5edd5ff9ad6a402d6668718f/html5/thumbnails/12.jpg)
Disconnectivity – cognitive biased
Mind-sets tend to be quick to form but resistant to change.Picture above illustrates this principle by showing part of alonger series of progressively modified drawing that changealmost imperceptibly from a man into a woman.
![Page 13: FISMA 2014 CNS - gob.mx · FISMA Act. 2014 Categorize the information to be protected. Select minimum baseline controls. Refine controls using a risk assessment procedure. Document](https://reader033.fdocuments.in/reader033/viewer/2022042313/5edd5ff9ad6a402d6668718f/html5/thumbnails/13.jpg)
Disconnectivity – cognitive biased
What is wrong in the above ? We tend to perceived what we expect to perceived
![Page 14: FISMA 2014 CNS - gob.mx · FISMA Act. 2014 Categorize the information to be protected. Select minimum baseline controls. Refine controls using a risk assessment procedure. Document](https://reader033.fdocuments.in/reader033/viewer/2022042313/5edd5ff9ad6a402d6668718f/html5/thumbnails/14.jpg)
LEADERSH
IPMAN
AGEM
ENT
Routine
certainty stability predictability ambiguity dynamism riskEVENT
NormalSimple
Lackofknowledge
Change
Complex
Meta-Leadership / management during change
Meta-Leadership
Management
![Page 15: FISMA 2014 CNS - gob.mx · FISMA Act. 2014 Categorize the information to be protected. Select minimum baseline controls. Refine controls using a risk assessment procedure. Document](https://reader033.fdocuments.in/reader033/viewer/2022042313/5edd5ff9ad6a402d6668718f/html5/thumbnails/15.jpg)
The situation
FISMAAct2014
![Page 16: FISMA 2014 CNS - gob.mx · FISMA Act. 2014 Categorize the information to be protected. Select minimum baseline controls. Refine controls using a risk assessment procedure. Document](https://reader033.fdocuments.in/reader033/viewer/2022042313/5edd5ff9ad6a402d6668718f/html5/thumbnails/16.jpg)
Disconnectivity – the dilema of the cube
Viewpoint
BViewpointA
ViewpointB
Viewpoint
A
![Page 17: FISMA 2014 CNS - gob.mx · FISMA Act. 2014 Categorize the information to be protected. Select minimum baseline controls. Refine controls using a risk assessment procedure. Document](https://reader033.fdocuments.in/reader033/viewer/2022042313/5edd5ff9ad6a402d6668718f/html5/thumbnails/17.jpg)
Known knowns unknown knowns
unknown unknownsKnown unknowns
Knowledge – matrix
![Page 18: FISMA 2014 CNS - gob.mx · FISMA Act. 2014 Categorize the information to be protected. Select minimum baseline controls. Refine controls using a risk assessment procedure. Document](https://reader033.fdocuments.in/reader033/viewer/2022042313/5edd5ff9ad6a402d6668718f/html5/thumbnails/18.jpg)
Disconnectivity – the silo mentality
Meta-lead
ership
Multidisciplinary
![Page 19: FISMA 2014 CNS - gob.mx · FISMA Act. 2014 Categorize the information to be protected. Select minimum baseline controls. Refine controls using a risk assessment procedure. Document](https://reader033.fdocuments.in/reader033/viewer/2022042313/5edd5ff9ad6a402d6668718f/html5/thumbnails/19.jpg)
FISMA. Reduce cross silo conflict
“Unidad de esfuerzo”
and“RESILENCIA una capacidad necesaria para prevalecer ante los retos y la adversidad”
This is whatWE DO
(together)
This is whatYOU DO
(and I don’t)
This is whatI DO
(and you don’t)
Embrace adversity together
![Page 20: FISMA 2014 CNS - gob.mx · FISMA Act. 2014 Categorize the information to be protected. Select minimum baseline controls. Refine controls using a risk assessment procedure. Document](https://reader033.fdocuments.in/reader033/viewer/2022042313/5edd5ff9ad6a402d6668718f/html5/thumbnails/20.jpg)
Disconnectivity – cognitive biased
QUESTIONS?