FISMA Act 2014By: Israel ReyesOct 23, 2018

New Reality

New Reality

FISMA Act 2014.

The Federal Information Security Management Act (FISMA) isUnited States legislation that defines a comprehensiveframework to protect government information, operations andassets against natural or man-made threats

Assign responsibilities to the heads of the agencies. Conducts annual reviews in information security programs.

Establish a quantitative Risk framework.

Develop contingency and continuity of operations plans.

FISMA Act 2014

FISMA

ELECTRONIC GOBERNMENT

ACT 2002

OMB

NIST

Framework

FISMA Act. 2014

Categorize the information to be protected.Select minimum baseline controls.Refine controls using a risk assessment procedure.Document the controls in the system security plan.Implement security controls in appropriate information systems.Assess the effectiveness of the security.

Vertical connectivity

Determine agency-level risk to the mission or business case.Authorize the information system for processing.Monitor the security controls on a continuous basis.

Vertical connectivity

How FISMA framework helps

Catalyse good decisions

Enable people to manage time

Facilitate information flow

Manage assumptions

Focus on solutions and outcomesPrevent surprises

The challenge Of FISMA implementation

Disconnectivity

Look at the figure. What do you see -an old womanor young woman? Now look again to see if you canvisually and mentally reorganize the data to form adifferent image.

Disconnectivity – cognitive biased

Mind-sets tend to be quick to form but resistant to change.Picture above illustrates this principle by showing part of alonger series of progressively modified drawing that changealmost imperceptibly from a man into a woman.

Disconnectivity – cognitive biased

What is wrong in the above ? We tend to perceived what we expect to perceived

LEADERSH

IPMAN

AGEM

ENT

Routine

certainty stability predictability ambiguity dynamism riskEVENT

NormalSimple

Lackofknowledge

Change

Complex

Meta-Leadership / management during change

Meta-Leadership

Management

The situation

FISMAAct2014

Disconnectivity – the dilema of the cube

Viewpoint

BViewpointA

ViewpointB

Viewpoint

A

Known knowns unknown knowns

unknown unknownsKnown unknowns

Knowledge – matrix

Disconnectivity – the silo mentality

Meta-lead

ership

Multidisciplinary

FISMA. Reduce cross silo conflict

“Unidad de esfuerzo”

and“RESILENCIA una capacidad necesaria para prevalecer ante los retos y la adversidad”

This is whatWE DO

(together)

This is whatYOU DO

(and I don’t)

This is whatI DO

(and you don’t)

Embrace adversity together

Disconnectivity – cognitive biased

QUESTIONS?

Thank youIsraelReyesisrael.cisco@gmail.com

ThispresentationisforexclusiveuseoftheCNS