Software SIG: Overview of the NIST Risk Management Framework as described in SP 800-37  

Overview of the NIST Risk Management

Framework as described in SP 800-37

by: Lance Kelson

Tuesday May 24, 2011

xxxx  xxxx

NIST SP 800-37 Rev 1, what�s changed?  What was the Guide for the Security Certification and Accreditation of Federal Information Systems is now the Guide for applying the Risk Management Framework to Federal Information Systems.  How is that different?   In addition, the basics of the Risk Management Framework as outlined in the updated 800-37 will be addressed.

Lance Kelson is currently the Department of the Interior (DOI) information security training program manager and an Adjunct Associate Professor teaching a graduate Information System Security course for Webster University on-site at Bolling Air Force Base.  He holds Project Management Professional, Certified Information System Security Professional, Certified Secure Software Lifecycle Professional, and Software Engineering Institute Capability Maturity Model Integration Appraiser certifications.  Mr. Kelson earned a Bachelor of Science in Industrial Engineering at Arizona State University and a Master of Business Administration at the University of Rochester.  Lance Kelson worked in private industry, mostly as an Information Technology Project Manager, before joining DOI.  He served as the HIPAA Security/Privacy Officer for a Medicaid Management Information System developer.  Mr. Kelson was a Certification Agent for a Learning Management System deployed throughout the Department of Homeland Security and for a Library of Congress Copyright Office Workflow Reengineering project.  He was also the Independent Verification and Validation (IV&V) team lead, project management and information assurance Subject Matter Expert for the Library of Congress project.

6:30 PM � Networking and Pizza(*)