FISMA 2014 CNS - gob.mx · FISMA Act. 2014 Categorize the information to be protected. Select...
Transcript of FISMA 2014 CNS - gob.mx · FISMA Act. 2014 Categorize the information to be protected. Select...
FISMA Act 2014By: Israel ReyesOct 23, 2018
New Reality
New Reality
FISMA Act 2014.
The Federal Information Security Management Act (FISMA) isUnited States legislation that defines a comprehensiveframework to protect government information, operations andassets against natural or man-made threats
Assign responsibilities to the heads of the agencies. Conducts annual reviews in information security programs.
Establish a quantitative Risk framework.
Develop contingency and continuity of operations plans.
FISMA Act 2014
FISMA
ELECTRONIC GOBERNMENT
ACT 2002
OMB
NIST
Framework
FISMA Act. 2014
Categorize the information to be protected.Select minimum baseline controls.Refine controls using a risk assessment procedure.Document the controls in the system security plan.Implement security controls in appropriate information systems.Assess the effectiveness of the security.
Vertical connectivity
Determine agency-level risk to the mission or business case.Authorize the information system for processing.Monitor the security controls on a continuous basis.
Vertical connectivity
How FISMA framework helps
Catalyse good decisions
Enable people to manage time
Facilitate information flow
Manage assumptions
Focus on solutions and outcomesPrevent surprises
The challenge Of FISMA implementation
Disconnectivity
Look at the figure. What do you see -an old womanor young woman? Now look again to see if you canvisually and mentally reorganize the data to form adifferent image.
Disconnectivity – cognitive biased
Mind-sets tend to be quick to form but resistant to change.Picture above illustrates this principle by showing part of alonger series of progressively modified drawing that changealmost imperceptibly from a man into a woman.
Disconnectivity – cognitive biased
What is wrong in the above ? We tend to perceived what we expect to perceived
LEADERSH
IPMAN
AGEM
ENT
Routine
certainty stability predictability ambiguity dynamism riskEVENT
NormalSimple
Lackofknowledge
Change
Complex
Meta-Leadership / management during change
Meta-Leadership
Management
The situation
FISMAAct2014
Disconnectivity – the dilema of the cube
Viewpoint
BViewpointA
ViewpointB
Viewpoint
A
Known knowns unknown knowns
unknown unknownsKnown unknowns
Knowledge – matrix
Disconnectivity – the silo mentality
Meta-lead
ership
Multidisciplinary
FISMA. Reduce cross silo conflict
“Unidad de esfuerzo”
and“RESILENCIA una capacidad necesaria para prevalecer ante los retos y la adversidad”
This is whatWE DO
(together)
This is whatYOU DO
(and I don’t)
This is whatI DO
(and you don’t)
Embrace adversity together
Disconnectivity – cognitive biased
QUESTIONS?
Thank [email protected]
ThispresentationisforexclusiveuseoftheCNS