ig metrics: maturity model and the new ig fisma assessment … · ig metrics: maturity model and...
TRANSCRIPT
![Page 1: IG Metrics: Maturity Model and the New IG FISMA Assessment … · IG Metrics: Maturity Model and the New IG FISMA Assessment Approach John Ippolito CISSP, PMP Consultant Mary Harmison](https://reader033.vdocument.in/reader033/viewer/2022043013/5fad3ecf5c8d0474d45eae08/html5/thumbnails/1.jpg)
IG Metrics: Maturity Model and the New IG FISMA Assessment Approach
John Ippolito CISSP, PMP Consultant
Mary Harmison CPA, Audit Manager Office of Inspector General Federal Trade Commission
![Page 2: IG Metrics: Maturity Model and the New IG FISMA Assessment … · IG Metrics: Maturity Model and the New IG FISMA Assessment Approach John Ippolito CISSP, PMP Consultant Mary Harmison](https://reader033.vdocument.in/reader033/viewer/2022043013/5fad3ecf5c8d0474d45eae08/html5/thumbnails/2.jpg)
2016 2
Federal Information Security Modernization Act (FISMA) of 2014 Replaced
Federal Information Security Management Act (FISMA)
3/15/
FISMA = FISMA
![Page 3: IG Metrics: Maturity Model and the New IG FISMA Assessment … · IG Metrics: Maturity Model and the New IG FISMA Assessment Approach John Ippolito CISSP, PMP Consultant Mary Harmison](https://reader033.vdocument.in/reader033/viewer/2022043013/5fad3ecf5c8d0474d45eae08/html5/thumbnails/3.jpg)
¥
2016 3
FISMA Independent Evaluations Combine Information Security Structured Processes with Control Effectiveness Metrics
3/15/
FISMA Requires Annual Independent Evaluation
![Page 4: IG Metrics: Maturity Model and the New IG FISMA Assessment … · IG Metrics: Maturity Model and the New IG FISMA Assessment Approach John Ippolito CISSP, PMP Consultant Mary Harmison](https://reader033.vdocument.in/reader033/viewer/2022043013/5fad3ecf5c8d0474d45eae08/html5/thumbnails/4.jpg)
“
prso
2016 4
NIST 800-53 Definition of Effectiveness Security control effectiveness addresses the extent to which the
controls are implemented correctly, operating as intended, and oducing the desired outcome with respect to meeting the
ecurity requirements for the information system in its perational environment.”
3/15/
![Page 5: IG Metrics: Maturity Model and the New IG FISMA Assessment … · IG Metrics: Maturity Model and the New IG FISMA Assessment Approach John Ippolito CISSP, PMP Consultant Mary Harmison](https://reader033.vdocument.in/reader033/viewer/2022043013/5fad3ecf5c8d0474d45eae08/html5/thumbnails/5.jpg)
2016 5 3/15/
INFORMATION SECURITY AND PRIVACY ADVISORY BOARD IG Panel June 10, 2015
![Page 6: IG Metrics: Maturity Model and the New IG FISMA Assessment … · IG Metrics: Maturity Model and the New IG FISMA Assessment Approach John Ippolito CISSP, PMP Consultant Mary Harmison](https://reader033.vdocument.in/reader033/viewer/2022043013/5fad3ecf5c8d0474d45eae08/html5/thumbnails/6.jpg)
3/15/
¥
2016 6
5 level scale across 3 domains
ISCM Maturity Model for FY2015 FISMA
Scale/Domain People Processes Technology
1 - Ad-hoc
2 - Defined
3 - Consistently Implemented
4 - Managed and Measurable
5 - Optimized
![Page 7: IG Metrics: Maturity Model and the New IG FISMA Assessment … · IG Metrics: Maturity Model and the New IG FISMA Assessment Approach John Ippolito CISSP, PMP Consultant Mary Harmison](https://reader033.vdocument.in/reader033/viewer/2022043013/5fad3ecf5c8d0474d45eae08/html5/thumbnails/7.jpg)
3/15/
¥
¥
¥
¥
2016 7
Level 2 Assess the skills, knowledge, and resources needed to effectively implement an ISCM program.Develop a plan for closing any gaps identified.
Level 3 Implement plans to close any gaps in skills, knowledge, and resources required to successfully implement an ISCM program. Personnel possess the required knowledge, skills, and abilities toeffectively implement the organization’s ISCM program.
Level 4 Consistently implement, monitor, and analyze qualitative and quantitative performance measuresacross the organization and collect, analyze, and report data on the effectiveness of the organization’s ISCM program.
Level 5 Ensure assigned personnel collectively possess a high skill level to perform and update ISCMactivities on a near real-time basis to make any changes needed to address ISCM results based on organization risk tolerance, the threat environment, and business/mission requirements.
Educator’s Role
![Page 8: IG Metrics: Maturity Model and the New IG FISMA Assessment … · IG Metrics: Maturity Model and the New IG FISMA Assessment Approach John Ippolito CISSP, PMP Consultant Mary Harmison](https://reader033.vdocument.in/reader033/viewer/2022043013/5fad3ecf5c8d0474d45eae08/html5/thumbnails/8.jpg)
3/15/
¥
¥
¥
2016 8
Demonstrate training effectiveness of training material Demonstrate training effectiveness ¥ Elimination of training GAPS ¥ Adapts to change
Quantitative vs Qualitative measures
Address Evaluation Criteria