Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Human Capital and the Investment in Proficiency
Sal DrsquoAgostino CSCIP
IDmachines LLC
27 September 2010
Cyber literacy
bull In order to prosper in the 21st Century individuals organizations nations and countries together have a need to develop their ability to leverage the evolving information infrastructure
bull This needs investment in infrastructure and human capital and to provide incentives and direct programs to promote this
27 September 2010
Implementation
bull Implementation of FICAM and PIV-I requires
ndash Infrastructure
bull Investment underway
ndash Products
bull Investment underway
ndash People (Services)
bull Skilled people to design build and operate
bull Training on proper user
27 September 2010
Who are you
bull ldquoThere are about 1000 security people in the US who have the specialized security skills to operate effectively in cyberspace We need 10000 to 30000rdquo (Jim Gosler Sandia Fellow NSA Visiting Scientist and the founding Director of the CIArsquos Clandestine Information Technology Office) CSIS A Human Capital Crisis in Cybersecurity
27 September 2010
Who are you X 100bull PKI System Security Engineer Description This position will be part of a team responsible
for building the Subordinate Certification Authority The position will require a wide range of knowledge and skills Network integration for the enterprise Windows environment Deploying and supporting Certificate Services on the Windows Server working knowledge with IC and DoD PKI Policies Certification and accreditation of information systems Extensive understanding of DCID 63 Certification and Accreditation of information systems
bull HSPD-12 LACS Technical Specialist Washington DC - View similar jobs Job type Full-Time Title HSPD-12 LACS Technical Specialist Location Washington DCPermanent Client is a Title HSPD-12 LACS Technical
bull DC 1 Week Ago Senior IT Security Analyst - View similar jobs Job type Full-Time guidance Assist in the certification and accreditation of systems associated with HSPD-12 and related guidance Assist in the
bull MD ndash Rockville 3 Weeks Ago Websphere Administrator - View similar jobs Job type Full-Time comply with Homeland Security Presidential Directive-12 (HSPD-12) the software we develop and comply with Homeland
bull MD ndash Woodlawn Yesterday Project Manager - View similar jobs Job type Full-Time Directive 12 (HSPD-12) As the Project Manager your main duties will be to manage the execution of Directive 12
bull Jobs Like HSPD-12 LACS Technical Spec 100 Results Found hellip
27 September 2010
Who are you X 3000bull Looking for Identity and Access Management expert Oracle Identity
ManagerOIM-OAM CA SiteMinder Full Time jobExcellent SalaryGreen card process
bull Looking for TIM Consultant for 12 months in NYC Job Requirements Experience with installing configuring customizing Tivoli Identity Manager Experience in performing upgrades from ITIM 46 to 50 or 51 Experience in developing integrating adaptors between ITIM and other client systems Working knowledge and experience in JavaScript Java Coding DB2 Linux UNIX WebSphere LDAP XML TCPIP ITIM and IDI
bull Senior Consultant Oracle- IdentityXXXX LLPs (XXXX) Audit and Enterprise Risk Services business has a risk-based approach experienced professionals comprehensive methodologies and technical resources XXXX services combine competency and experience in the areas of financial reporting risk management and compliance Providing security across the enterprise - XXXX ComputerIT Services
bull Senior Consultant Oracle- IdentityXXXX LLPs (XXXX) Audit and Enterprise Risk Services business has a risk-based approach experienced professionals comprehensive methodologies and technical resources XXXX services combine competency and experience in the areas of financial reporting risk management and compliance Providing security across the enterprise - XXXX Secu ComputerIT Services
bull Senior Consultant Oracle- IdentityXXXX LLPs (XXXX) Audit and Enterprise Risk Services business has a risk-based approach experienced professionals comprehensive methodologies and technical resources XXXX services combine competency and experience in the areas of financial reporting risk management and compliance Providing security across the enterprise - XXXX ComputerIT Services
bull Next Displaying 1 - 25 of 3231 Posting Date Today (31) Yesterday (199) Last 3 days (438) Last 7 Days (699) Last 14 Days (1489) Last 30 days (2549) Last 60 days (3231)
bull Manager Oracle- Identity amp Access MXXXX LLPs (XXXX) Audit and Enterprise Risk Services business has a risk-based approach experienced professionals comprehensive methodologies and technical resources XXXX services combine competency and experience in the areas of financial reporting risk management and compliance Providing security across the enterprise - XXXX ComputerIT Services
bull Identity Management Project ManagerYYYYY is a premier IT Consulting firm located in downtown Chicago We provide solutions to our clients on a contract contract-to-hire and permanent basis Currently we are seeing individuals who have a strong background in Identity Management to implement a new product (Forefront Identity Manager) Project LocationChicago ILWhile on site presence is preferred qualified candidaComputerIT Services Paradigm Technol
bull Sun Identity Mgmt Java Developer US Citizen or GREEN CARD or EADfull time or contract to hire OK - Salary Rate negotiableOur client - Sun IDM (Oracle) Consulting Partner has immediate need for Mid-Level Sun Idm Developer in North East Forth Worth TX - near Alliance Airport Large Fort Worth based company part of a big deal wersquove signed Sun Identity Manager developer 3-4+ years experience - 4+ years JavaJ2EE ComputerIT Services
bull Business Analyst-Identity ManagemenZZZZZ is an IT Services Organization and the leader with providing Information Security Identity Management and Application Security and Security Compliance amp Risk-Based Solutions We offer a Full Lifecycle of services associated to the strategy business process design development implementation support and management of identity management and security solutions And Through our managed Computer Software
27 September 2010
Security System Architect 684 jobs found
bull Categoryndash Information Technology (575)ndash Design (333)ndash Engineering (283)ndash Management (107)ndash Professional Services (84)ndash Sales (43)ndash Consultant (43)ndash Other (24)ndash Health Care (21)ndash Finance (18)ndash Construction (17)ndash Skilled Labor - Trades (16)ndash Strategy - Planning (16)ndash Telecommunications (13)ndash Accounting (11)ndash General Business (10)ndash Business Development (10)ndash QA - Quality Control (10)ndash Government (10)ndash Banking (9)
ndash Government - Federal (9)ndash Executive (7)ndash Manufacturing (7)ndash Real Estate (7)ndash Admin - Clerical (6)ndash Human Resources (6)ndash Facilities (6)ndash Inventory (5)ndash Retail (5)ndash Installation - Maint - (5)ndash Marketing (4)ndash Education (4)ndash Business Opportunity (4)ndash Supply Chain (3)ndash Insurance (3)ndash Customer Service (2)ndash Science (2)ndash Purchasing - Procurement (2)ndash Entry Level (2)ndash Research (2)
27 September 2010
Identity Management 1766 jobs found
bull Categoryndash Management (575)ndash Sales (417)ndash Information Technology (409)ndash Health Care (343)ndash Finance (267)ndash Business Development (248)ndash Accounting (198)ndash Engineering (165)ndash Marketing (161)ndash Consultant (156)ndash Nurse (150)ndash Professional Services (115)ndash Design (112)ndash Other (105)ndash Customer Service (101)ndash Insurance (87)ndash Strategy - Planning (84)ndash Retail (64)ndash Banking (63)ndash General Business (62)
ndash Admin - Clerical (60)ndash QA - Quality Control (44)ndash Pharmaceutical (39)ndash Education (38)ndash Manufacturing (37)ndash Training (36)ndash Research (33)ndash Telecommunications (32)ndash Skilled Labor - Trades (31)ndash Executive (29)ndash Nonprofit - Social (28)ndash Restaurant - Food (26)ndash Business Opportunity (26)ndash Human Resources (22)ndash Science (19)ndash Facilities (19)ndash Legal (19)ndash Transportation (19)ndash Media - Journalism - (18)ndash Hospitality - Hotel (16)
27 September 2010
And even if you ldquoknowrdquo IAM
bull There are likely 100000(s) + openings so this gap will remain for now
bull Donrsquotrsquo assume that a vendorrsquos FIPS 201 product or HSPD 12 roadmap actually hits the needs
bull And product knowledge is not ICAM and it doesnrsquot mean ldquoknowledgerdquo of the requirements and the hellip
27 September 2010
Standards (plural -)
bull FIPSndash 140ndash 197-201ndash Related SPs
bull ISObull GSA APL PIV-Ibull Common Criteriabull TWIC ICEbull ULLife Safety bull ietf Open IDOAuth UMAbull TPM Veracodebull helliphellip
bull Compliance - Industryndash HIPAAndash SOXndash CFATSndash PCIndash NRCFERCNERC-CIPndash hellip
bull Compliance ndash Government ndash And yes you need ahellip
27 September 2010
FISMAPEDIAbull Main Pagebull From FISMApediabull Jump to navigation searchbull Navigation Topic Clusters FIPS 200 Families Legal Requirements Annual Reports Access Control E-Government Act Audit and Accountability Audit and Accountability FISMA Authentication Awareness and Training
HSPD-12 Awareness and Training Certification Accreditation and Security Assessments HSPD-7 Biometrics Configuration Management HIPAA Certification and Accreditation Contingency Planning OMB Circular A-11 Communications and Wireless Identification and Authentication OMB Circular A-130 Contingency Planning Incident Response Cryptography Maintenance
bull Document Series Digital Signatures Media Protection Forensics Personnel Security NIST Special Publication 800 Series General IT Security Physical and Environmental Protection NIST FIPS Series Historical ArchivesPlanning NIST Interagency Reports Incident Response Risk Assessment NIST Security Bulletins Maintenance System and Communication Protection OMB Circulars PKI System and Information Integrity OMB Memorandum Personal Identity Verification System and Services Acquisition Presidential Directives Planning Laws Regulations Directives and Policy Research Committee for National Security Systems Risk Assessment DoD Directives Services and Acquisitions DoD Instructions Smart Cards DoD Memos Viruses and Malware DoD Administrative Instructions DoD Publications
bull What is FISMApediabull FISMApedia is a collection of documents and discussions focused on Federal IT security This site is a database of current guidance laws and directives on how the Federal government secures its IT assets We
focus on civilian sector sector security including bull Federal Information Security Management Act (FISMA) bull Federal Desktop Core Configuration (FDCC) bull Security Content Automation Protocol (SCAP) bull Homeland Security Presidential Directive 12 (HSPD-12) bull Federal Identity Credentialing Committee (FICC) bull For further information on FISMApedia please see our about page
bull Just Added bull Enhanced NIST SP 800-53Ar1 Assessment Procedures combined with associated NIST SP 800-53r3 Security Controls and Enhancementsbull NIST Frequently Asked Questions - Continuous Monitoring (Response to NASA Reinterpretation of Guidance) bull Updated NIST SP 800-53 Revision 3 to reflect Errata 05-01-2010 bull Comparisons between US ICE Act and FISA Act drafts based on differences in Content US Code and Sectionsbull M-10-15 FY 2010 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Managementbull NIST SP 800-37r1 Guide for Applying the Risk Management Framework to Federal Information Systems A Security Life Cycle Approachbull Guidelines for Secure Use of Social Media by Federal Departments and Agencies 10bull 2863 acronyms and abbreviations added with 7271 definitions from 97 documents published by NIST DoD CNSS GAO and other Federal agenciesbull 4235 term definitions added using 7997 definitions from 142 documents published by NIST DoD CNSS GAO and other Federal agenciesbull TIC OMB Memos and Einstein 2 Legal Analysisbull Granular Comparison of NIST SP 800-53r2 and NIST SP 800-53r3 Control and Enhancements Changes
bull FISMA Arts bull FISMApedia is proud to host the FISMA Arts project (also know as FISMArts) FISMArts is a project to provide educational material to those seeking to learn about the Federal IT security Its initial focus is on the
production of Mnemosyne Project media from NIST SP-800 series documents bull Retrieved from httpfismapediaorgindexphptitle=Main_Pagebull Viewsbull Slashdotbull This page was last modified on 1 July 2010 at 0558bull Content is available under Creative Commons Attribution-Share Alike 30 United States Licensebull Privacy policybull About FISMApediabull Disclaimers
httpfismapediaorgindexphptitle=Main_Page
27 September 2010
Includinghellip
bull 2863 acronyms and abbreviations added with 7271 definitions from 97 documents published by NIST DoD CNSS GAO and other Federal agencies
bull 4235 term definitions added using 7997 definitions from 142 documents published by NIST DoD CNSS GAO and other Federal agencies
27 September 2010
Back to Human Capital Investment
bull Of course you could always become a CSCIPhellip
bull Or CSCIP-G
bull Or attend Smart Cards in Governmenthellip
bull Including the education program on PIV-Ihellip
(Obligatory Smart Card Alliance Education Pitch)
27 September 2010
Standards
bull Need to find ways to consolidate
bull Time frames are an issue due to number and length
bull Economics assurance is an investment
bull Incentives for investment in products that meet high assurance levels
27 September 2010
Curriculum = Requirements
bull Overall complexity has an impact on the ability to teach and learn
bull Specialization is contrary to system knowledge
ndash Hardware Software People and Operations
bull PIV-I has real benefits as template
27 September 2010
Roles Donrsquot Align wJob Titles
bull Registrarbull Enrollment Officerbull Adjudicatorbull Issuance Officerbull Key CustodianVs CISO SVP HR Corporate Security Directorbull System Administrator(s)
ndash ADndash Oraclendash SAPndash PACSndash Hypervisor
27 September 2010
Role Alignment with Education
bull Access to resources is different from the control of them
bull Owner
bull Administrator
bull Service
bull User
bull All of these can use PIV-I to help define curriculum
27 September 2010
Scale = Distributed Education
bull Everyone teacheshellip
bull Everyone learnshellip
bull Everyone understands whyhellip
bull Everyone is rewarded
ndash Faster
ndash Safer
ndash More Cost Effective
27 September 2010
And identity and security as a service
bull What is the impact on human capital investment
bull GSA MSO did not reduce requirement for cyber literacy or PIV-I competence
bull Data center consolidation does not change the requirement for an investment in human capital
27 September 2010
Human Capital
bull Experiencendash Is an asset
bull Human Capital has a Cap Ex componentndash Getting to baseline skill setndash Investing in a team
bull It has a Op Ex componentndash Developing competencyndash Gaining proficiencyndash Maintaining a team
bull It provides a return on the investment
27 September 2010
Questions
bull Thankshellip
bull salIDmachinescom email
bull httpIDmachinesblogspotcom blog
bull httpwwwIDmachinescom web
bull httptwittercomIDmachines IDmachines
bull httpwwwfacebookcomref=homeIDmachines
bull httpwwwlinkedincominidmachines
27 September 2010
Cyber literacy
bull In order to prosper in the 21st Century individuals organizations nations and countries together have a need to develop their ability to leverage the evolving information infrastructure
bull This needs investment in infrastructure and human capital and to provide incentives and direct programs to promote this
27 September 2010
Implementation
bull Implementation of FICAM and PIV-I requires
ndash Infrastructure
bull Investment underway
ndash Products
bull Investment underway
ndash People (Services)
bull Skilled people to design build and operate
bull Training on proper user
27 September 2010
Who are you
bull ldquoThere are about 1000 security people in the US who have the specialized security skills to operate effectively in cyberspace We need 10000 to 30000rdquo (Jim Gosler Sandia Fellow NSA Visiting Scientist and the founding Director of the CIArsquos Clandestine Information Technology Office) CSIS A Human Capital Crisis in Cybersecurity
27 September 2010
Who are you X 100bull PKI System Security Engineer Description This position will be part of a team responsible
for building the Subordinate Certification Authority The position will require a wide range of knowledge and skills Network integration for the enterprise Windows environment Deploying and supporting Certificate Services on the Windows Server working knowledge with IC and DoD PKI Policies Certification and accreditation of information systems Extensive understanding of DCID 63 Certification and Accreditation of information systems
bull HSPD-12 LACS Technical Specialist Washington DC - View similar jobs Job type Full-Time Title HSPD-12 LACS Technical Specialist Location Washington DCPermanent Client is a Title HSPD-12 LACS Technical
bull DC 1 Week Ago Senior IT Security Analyst - View similar jobs Job type Full-Time guidance Assist in the certification and accreditation of systems associated with HSPD-12 and related guidance Assist in the
bull MD ndash Rockville 3 Weeks Ago Websphere Administrator - View similar jobs Job type Full-Time comply with Homeland Security Presidential Directive-12 (HSPD-12) the software we develop and comply with Homeland
bull MD ndash Woodlawn Yesterday Project Manager - View similar jobs Job type Full-Time Directive 12 (HSPD-12) As the Project Manager your main duties will be to manage the execution of Directive 12
bull Jobs Like HSPD-12 LACS Technical Spec 100 Results Found hellip
27 September 2010
Who are you X 3000bull Looking for Identity and Access Management expert Oracle Identity
ManagerOIM-OAM CA SiteMinder Full Time jobExcellent SalaryGreen card process
bull Looking for TIM Consultant for 12 months in NYC Job Requirements Experience with installing configuring customizing Tivoli Identity Manager Experience in performing upgrades from ITIM 46 to 50 or 51 Experience in developing integrating adaptors between ITIM and other client systems Working knowledge and experience in JavaScript Java Coding DB2 Linux UNIX WebSphere LDAP XML TCPIP ITIM and IDI
bull Senior Consultant Oracle- IdentityXXXX LLPs (XXXX) Audit and Enterprise Risk Services business has a risk-based approach experienced professionals comprehensive methodologies and technical resources XXXX services combine competency and experience in the areas of financial reporting risk management and compliance Providing security across the enterprise - XXXX ComputerIT Services
bull Senior Consultant Oracle- IdentityXXXX LLPs (XXXX) Audit and Enterprise Risk Services business has a risk-based approach experienced professionals comprehensive methodologies and technical resources XXXX services combine competency and experience in the areas of financial reporting risk management and compliance Providing security across the enterprise - XXXX Secu ComputerIT Services
bull Senior Consultant Oracle- IdentityXXXX LLPs (XXXX) Audit and Enterprise Risk Services business has a risk-based approach experienced professionals comprehensive methodologies and technical resources XXXX services combine competency and experience in the areas of financial reporting risk management and compliance Providing security across the enterprise - XXXX ComputerIT Services
bull Next Displaying 1 - 25 of 3231 Posting Date Today (31) Yesterday (199) Last 3 days (438) Last 7 Days (699) Last 14 Days (1489) Last 30 days (2549) Last 60 days (3231)
bull Manager Oracle- Identity amp Access MXXXX LLPs (XXXX) Audit and Enterprise Risk Services business has a risk-based approach experienced professionals comprehensive methodologies and technical resources XXXX services combine competency and experience in the areas of financial reporting risk management and compliance Providing security across the enterprise - XXXX ComputerIT Services
bull Identity Management Project ManagerYYYYY is a premier IT Consulting firm located in downtown Chicago We provide solutions to our clients on a contract contract-to-hire and permanent basis Currently we are seeing individuals who have a strong background in Identity Management to implement a new product (Forefront Identity Manager) Project LocationChicago ILWhile on site presence is preferred qualified candidaComputerIT Services Paradigm Technol
bull Sun Identity Mgmt Java Developer US Citizen or GREEN CARD or EADfull time or contract to hire OK - Salary Rate negotiableOur client - Sun IDM (Oracle) Consulting Partner has immediate need for Mid-Level Sun Idm Developer in North East Forth Worth TX - near Alliance Airport Large Fort Worth based company part of a big deal wersquove signed Sun Identity Manager developer 3-4+ years experience - 4+ years JavaJ2EE ComputerIT Services
bull Business Analyst-Identity ManagemenZZZZZ is an IT Services Organization and the leader with providing Information Security Identity Management and Application Security and Security Compliance amp Risk-Based Solutions We offer a Full Lifecycle of services associated to the strategy business process design development implementation support and management of identity management and security solutions And Through our managed Computer Software
27 September 2010
Security System Architect 684 jobs found
bull Categoryndash Information Technology (575)ndash Design (333)ndash Engineering (283)ndash Management (107)ndash Professional Services (84)ndash Sales (43)ndash Consultant (43)ndash Other (24)ndash Health Care (21)ndash Finance (18)ndash Construction (17)ndash Skilled Labor - Trades (16)ndash Strategy - Planning (16)ndash Telecommunications (13)ndash Accounting (11)ndash General Business (10)ndash Business Development (10)ndash QA - Quality Control (10)ndash Government (10)ndash Banking (9)
ndash Government - Federal (9)ndash Executive (7)ndash Manufacturing (7)ndash Real Estate (7)ndash Admin - Clerical (6)ndash Human Resources (6)ndash Facilities (6)ndash Inventory (5)ndash Retail (5)ndash Installation - Maint - (5)ndash Marketing (4)ndash Education (4)ndash Business Opportunity (4)ndash Supply Chain (3)ndash Insurance (3)ndash Customer Service (2)ndash Science (2)ndash Purchasing - Procurement (2)ndash Entry Level (2)ndash Research (2)
27 September 2010
Identity Management 1766 jobs found
bull Categoryndash Management (575)ndash Sales (417)ndash Information Technology (409)ndash Health Care (343)ndash Finance (267)ndash Business Development (248)ndash Accounting (198)ndash Engineering (165)ndash Marketing (161)ndash Consultant (156)ndash Nurse (150)ndash Professional Services (115)ndash Design (112)ndash Other (105)ndash Customer Service (101)ndash Insurance (87)ndash Strategy - Planning (84)ndash Retail (64)ndash Banking (63)ndash General Business (62)
ndash Admin - Clerical (60)ndash QA - Quality Control (44)ndash Pharmaceutical (39)ndash Education (38)ndash Manufacturing (37)ndash Training (36)ndash Research (33)ndash Telecommunications (32)ndash Skilled Labor - Trades (31)ndash Executive (29)ndash Nonprofit - Social (28)ndash Restaurant - Food (26)ndash Business Opportunity (26)ndash Human Resources (22)ndash Science (19)ndash Facilities (19)ndash Legal (19)ndash Transportation (19)ndash Media - Journalism - (18)ndash Hospitality - Hotel (16)
27 September 2010
And even if you ldquoknowrdquo IAM
bull There are likely 100000(s) + openings so this gap will remain for now
bull Donrsquotrsquo assume that a vendorrsquos FIPS 201 product or HSPD 12 roadmap actually hits the needs
bull And product knowledge is not ICAM and it doesnrsquot mean ldquoknowledgerdquo of the requirements and the hellip
27 September 2010
Standards (plural -)
bull FIPSndash 140ndash 197-201ndash Related SPs
bull ISObull GSA APL PIV-Ibull Common Criteriabull TWIC ICEbull ULLife Safety bull ietf Open IDOAuth UMAbull TPM Veracodebull helliphellip
bull Compliance - Industryndash HIPAAndash SOXndash CFATSndash PCIndash NRCFERCNERC-CIPndash hellip
bull Compliance ndash Government ndash And yes you need ahellip
27 September 2010
FISMAPEDIAbull Main Pagebull From FISMApediabull Jump to navigation searchbull Navigation Topic Clusters FIPS 200 Families Legal Requirements Annual Reports Access Control E-Government Act Audit and Accountability Audit and Accountability FISMA Authentication Awareness and Training
HSPD-12 Awareness and Training Certification Accreditation and Security Assessments HSPD-7 Biometrics Configuration Management HIPAA Certification and Accreditation Contingency Planning OMB Circular A-11 Communications and Wireless Identification and Authentication OMB Circular A-130 Contingency Planning Incident Response Cryptography Maintenance
bull Document Series Digital Signatures Media Protection Forensics Personnel Security NIST Special Publication 800 Series General IT Security Physical and Environmental Protection NIST FIPS Series Historical ArchivesPlanning NIST Interagency Reports Incident Response Risk Assessment NIST Security Bulletins Maintenance System and Communication Protection OMB Circulars PKI System and Information Integrity OMB Memorandum Personal Identity Verification System and Services Acquisition Presidential Directives Planning Laws Regulations Directives and Policy Research Committee for National Security Systems Risk Assessment DoD Directives Services and Acquisitions DoD Instructions Smart Cards DoD Memos Viruses and Malware DoD Administrative Instructions DoD Publications
bull What is FISMApediabull FISMApedia is a collection of documents and discussions focused on Federal IT security This site is a database of current guidance laws and directives on how the Federal government secures its IT assets We
focus on civilian sector sector security including bull Federal Information Security Management Act (FISMA) bull Federal Desktop Core Configuration (FDCC) bull Security Content Automation Protocol (SCAP) bull Homeland Security Presidential Directive 12 (HSPD-12) bull Federal Identity Credentialing Committee (FICC) bull For further information on FISMApedia please see our about page
bull Just Added bull Enhanced NIST SP 800-53Ar1 Assessment Procedures combined with associated NIST SP 800-53r3 Security Controls and Enhancementsbull NIST Frequently Asked Questions - Continuous Monitoring (Response to NASA Reinterpretation of Guidance) bull Updated NIST SP 800-53 Revision 3 to reflect Errata 05-01-2010 bull Comparisons between US ICE Act and FISA Act drafts based on differences in Content US Code and Sectionsbull M-10-15 FY 2010 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Managementbull NIST SP 800-37r1 Guide for Applying the Risk Management Framework to Federal Information Systems A Security Life Cycle Approachbull Guidelines for Secure Use of Social Media by Federal Departments and Agencies 10bull 2863 acronyms and abbreviations added with 7271 definitions from 97 documents published by NIST DoD CNSS GAO and other Federal agenciesbull 4235 term definitions added using 7997 definitions from 142 documents published by NIST DoD CNSS GAO and other Federal agenciesbull TIC OMB Memos and Einstein 2 Legal Analysisbull Granular Comparison of NIST SP 800-53r2 and NIST SP 800-53r3 Control and Enhancements Changes
bull FISMA Arts bull FISMApedia is proud to host the FISMA Arts project (also know as FISMArts) FISMArts is a project to provide educational material to those seeking to learn about the Federal IT security Its initial focus is on the
production of Mnemosyne Project media from NIST SP-800 series documents bull Retrieved from httpfismapediaorgindexphptitle=Main_Pagebull Viewsbull Slashdotbull This page was last modified on 1 July 2010 at 0558bull Content is available under Creative Commons Attribution-Share Alike 30 United States Licensebull Privacy policybull About FISMApediabull Disclaimers
httpfismapediaorgindexphptitle=Main_Page
27 September 2010
Includinghellip
bull 2863 acronyms and abbreviations added with 7271 definitions from 97 documents published by NIST DoD CNSS GAO and other Federal agencies
bull 4235 term definitions added using 7997 definitions from 142 documents published by NIST DoD CNSS GAO and other Federal agencies
27 September 2010
Back to Human Capital Investment
bull Of course you could always become a CSCIPhellip
bull Or CSCIP-G
bull Or attend Smart Cards in Governmenthellip
bull Including the education program on PIV-Ihellip
(Obligatory Smart Card Alliance Education Pitch)
27 September 2010
Standards
bull Need to find ways to consolidate
bull Time frames are an issue due to number and length
bull Economics assurance is an investment
bull Incentives for investment in products that meet high assurance levels
27 September 2010
Curriculum = Requirements
bull Overall complexity has an impact on the ability to teach and learn
bull Specialization is contrary to system knowledge
ndash Hardware Software People and Operations
bull PIV-I has real benefits as template
27 September 2010
Roles Donrsquot Align wJob Titles
bull Registrarbull Enrollment Officerbull Adjudicatorbull Issuance Officerbull Key CustodianVs CISO SVP HR Corporate Security Directorbull System Administrator(s)
ndash ADndash Oraclendash SAPndash PACSndash Hypervisor
27 September 2010
Role Alignment with Education
bull Access to resources is different from the control of them
bull Owner
bull Administrator
bull Service
bull User
bull All of these can use PIV-I to help define curriculum
27 September 2010
Scale = Distributed Education
bull Everyone teacheshellip
bull Everyone learnshellip
bull Everyone understands whyhellip
bull Everyone is rewarded
ndash Faster
ndash Safer
ndash More Cost Effective
27 September 2010
And identity and security as a service
bull What is the impact on human capital investment
bull GSA MSO did not reduce requirement for cyber literacy or PIV-I competence
bull Data center consolidation does not change the requirement for an investment in human capital
27 September 2010
Human Capital
bull Experiencendash Is an asset
bull Human Capital has a Cap Ex componentndash Getting to baseline skill setndash Investing in a team
bull It has a Op Ex componentndash Developing competencyndash Gaining proficiencyndash Maintaining a team
bull It provides a return on the investment
27 September 2010
Questions
bull Thankshellip
bull salIDmachinescom email
bull httpIDmachinesblogspotcom blog
bull httpwwwIDmachinescom web
bull httptwittercomIDmachines IDmachines
bull httpwwwfacebookcomref=homeIDmachines
bull httpwwwlinkedincominidmachines
27 September 2010
Implementation
bull Implementation of FICAM and PIV-I requires
ndash Infrastructure
bull Investment underway
ndash Products
bull Investment underway
ndash People (Services)
bull Skilled people to design build and operate
bull Training on proper user
27 September 2010
Who are you
bull ldquoThere are about 1000 security people in the US who have the specialized security skills to operate effectively in cyberspace We need 10000 to 30000rdquo (Jim Gosler Sandia Fellow NSA Visiting Scientist and the founding Director of the CIArsquos Clandestine Information Technology Office) CSIS A Human Capital Crisis in Cybersecurity
27 September 2010
Who are you X 100bull PKI System Security Engineer Description This position will be part of a team responsible
for building the Subordinate Certification Authority The position will require a wide range of knowledge and skills Network integration for the enterprise Windows environment Deploying and supporting Certificate Services on the Windows Server working knowledge with IC and DoD PKI Policies Certification and accreditation of information systems Extensive understanding of DCID 63 Certification and Accreditation of information systems
bull HSPD-12 LACS Technical Specialist Washington DC - View similar jobs Job type Full-Time Title HSPD-12 LACS Technical Specialist Location Washington DCPermanent Client is a Title HSPD-12 LACS Technical
bull DC 1 Week Ago Senior IT Security Analyst - View similar jobs Job type Full-Time guidance Assist in the certification and accreditation of systems associated with HSPD-12 and related guidance Assist in the
bull MD ndash Rockville 3 Weeks Ago Websphere Administrator - View similar jobs Job type Full-Time comply with Homeland Security Presidential Directive-12 (HSPD-12) the software we develop and comply with Homeland
bull MD ndash Woodlawn Yesterday Project Manager - View similar jobs Job type Full-Time Directive 12 (HSPD-12) As the Project Manager your main duties will be to manage the execution of Directive 12
bull Jobs Like HSPD-12 LACS Technical Spec 100 Results Found hellip
27 September 2010
Who are you X 3000bull Looking for Identity and Access Management expert Oracle Identity
ManagerOIM-OAM CA SiteMinder Full Time jobExcellent SalaryGreen card process
bull Looking for TIM Consultant for 12 months in NYC Job Requirements Experience with installing configuring customizing Tivoli Identity Manager Experience in performing upgrades from ITIM 46 to 50 or 51 Experience in developing integrating adaptors between ITIM and other client systems Working knowledge and experience in JavaScript Java Coding DB2 Linux UNIX WebSphere LDAP XML TCPIP ITIM and IDI
bull Senior Consultant Oracle- IdentityXXXX LLPs (XXXX) Audit and Enterprise Risk Services business has a risk-based approach experienced professionals comprehensive methodologies and technical resources XXXX services combine competency and experience in the areas of financial reporting risk management and compliance Providing security across the enterprise - XXXX ComputerIT Services
bull Senior Consultant Oracle- IdentityXXXX LLPs (XXXX) Audit and Enterprise Risk Services business has a risk-based approach experienced professionals comprehensive methodologies and technical resources XXXX services combine competency and experience in the areas of financial reporting risk management and compliance Providing security across the enterprise - XXXX Secu ComputerIT Services
bull Senior Consultant Oracle- IdentityXXXX LLPs (XXXX) Audit and Enterprise Risk Services business has a risk-based approach experienced professionals comprehensive methodologies and technical resources XXXX services combine competency and experience in the areas of financial reporting risk management and compliance Providing security across the enterprise - XXXX ComputerIT Services
bull Next Displaying 1 - 25 of 3231 Posting Date Today (31) Yesterday (199) Last 3 days (438) Last 7 Days (699) Last 14 Days (1489) Last 30 days (2549) Last 60 days (3231)
bull Manager Oracle- Identity amp Access MXXXX LLPs (XXXX) Audit and Enterprise Risk Services business has a risk-based approach experienced professionals comprehensive methodologies and technical resources XXXX services combine competency and experience in the areas of financial reporting risk management and compliance Providing security across the enterprise - XXXX ComputerIT Services
bull Identity Management Project ManagerYYYYY is a premier IT Consulting firm located in downtown Chicago We provide solutions to our clients on a contract contract-to-hire and permanent basis Currently we are seeing individuals who have a strong background in Identity Management to implement a new product (Forefront Identity Manager) Project LocationChicago ILWhile on site presence is preferred qualified candidaComputerIT Services Paradigm Technol
bull Sun Identity Mgmt Java Developer US Citizen or GREEN CARD or EADfull time or contract to hire OK - Salary Rate negotiableOur client - Sun IDM (Oracle) Consulting Partner has immediate need for Mid-Level Sun Idm Developer in North East Forth Worth TX - near Alliance Airport Large Fort Worth based company part of a big deal wersquove signed Sun Identity Manager developer 3-4+ years experience - 4+ years JavaJ2EE ComputerIT Services
bull Business Analyst-Identity ManagemenZZZZZ is an IT Services Organization and the leader with providing Information Security Identity Management and Application Security and Security Compliance amp Risk-Based Solutions We offer a Full Lifecycle of services associated to the strategy business process design development implementation support and management of identity management and security solutions And Through our managed Computer Software
27 September 2010
Security System Architect 684 jobs found
bull Categoryndash Information Technology (575)ndash Design (333)ndash Engineering (283)ndash Management (107)ndash Professional Services (84)ndash Sales (43)ndash Consultant (43)ndash Other (24)ndash Health Care (21)ndash Finance (18)ndash Construction (17)ndash Skilled Labor - Trades (16)ndash Strategy - Planning (16)ndash Telecommunications (13)ndash Accounting (11)ndash General Business (10)ndash Business Development (10)ndash QA - Quality Control (10)ndash Government (10)ndash Banking (9)
ndash Government - Federal (9)ndash Executive (7)ndash Manufacturing (7)ndash Real Estate (7)ndash Admin - Clerical (6)ndash Human Resources (6)ndash Facilities (6)ndash Inventory (5)ndash Retail (5)ndash Installation - Maint - (5)ndash Marketing (4)ndash Education (4)ndash Business Opportunity (4)ndash Supply Chain (3)ndash Insurance (3)ndash Customer Service (2)ndash Science (2)ndash Purchasing - Procurement (2)ndash Entry Level (2)ndash Research (2)
27 September 2010
Identity Management 1766 jobs found
bull Categoryndash Management (575)ndash Sales (417)ndash Information Technology (409)ndash Health Care (343)ndash Finance (267)ndash Business Development (248)ndash Accounting (198)ndash Engineering (165)ndash Marketing (161)ndash Consultant (156)ndash Nurse (150)ndash Professional Services (115)ndash Design (112)ndash Other (105)ndash Customer Service (101)ndash Insurance (87)ndash Strategy - Planning (84)ndash Retail (64)ndash Banking (63)ndash General Business (62)
ndash Admin - Clerical (60)ndash QA - Quality Control (44)ndash Pharmaceutical (39)ndash Education (38)ndash Manufacturing (37)ndash Training (36)ndash Research (33)ndash Telecommunications (32)ndash Skilled Labor - Trades (31)ndash Executive (29)ndash Nonprofit - Social (28)ndash Restaurant - Food (26)ndash Business Opportunity (26)ndash Human Resources (22)ndash Science (19)ndash Facilities (19)ndash Legal (19)ndash Transportation (19)ndash Media - Journalism - (18)ndash Hospitality - Hotel (16)
27 September 2010
And even if you ldquoknowrdquo IAM
bull There are likely 100000(s) + openings so this gap will remain for now
bull Donrsquotrsquo assume that a vendorrsquos FIPS 201 product or HSPD 12 roadmap actually hits the needs
bull And product knowledge is not ICAM and it doesnrsquot mean ldquoknowledgerdquo of the requirements and the hellip
27 September 2010
Standards (plural -)
bull FIPSndash 140ndash 197-201ndash Related SPs
bull ISObull GSA APL PIV-Ibull Common Criteriabull TWIC ICEbull ULLife Safety bull ietf Open IDOAuth UMAbull TPM Veracodebull helliphellip
bull Compliance - Industryndash HIPAAndash SOXndash CFATSndash PCIndash NRCFERCNERC-CIPndash hellip
bull Compliance ndash Government ndash And yes you need ahellip
27 September 2010
FISMAPEDIAbull Main Pagebull From FISMApediabull Jump to navigation searchbull Navigation Topic Clusters FIPS 200 Families Legal Requirements Annual Reports Access Control E-Government Act Audit and Accountability Audit and Accountability FISMA Authentication Awareness and Training
HSPD-12 Awareness and Training Certification Accreditation and Security Assessments HSPD-7 Biometrics Configuration Management HIPAA Certification and Accreditation Contingency Planning OMB Circular A-11 Communications and Wireless Identification and Authentication OMB Circular A-130 Contingency Planning Incident Response Cryptography Maintenance
bull Document Series Digital Signatures Media Protection Forensics Personnel Security NIST Special Publication 800 Series General IT Security Physical and Environmental Protection NIST FIPS Series Historical ArchivesPlanning NIST Interagency Reports Incident Response Risk Assessment NIST Security Bulletins Maintenance System and Communication Protection OMB Circulars PKI System and Information Integrity OMB Memorandum Personal Identity Verification System and Services Acquisition Presidential Directives Planning Laws Regulations Directives and Policy Research Committee for National Security Systems Risk Assessment DoD Directives Services and Acquisitions DoD Instructions Smart Cards DoD Memos Viruses and Malware DoD Administrative Instructions DoD Publications
bull What is FISMApediabull FISMApedia is a collection of documents and discussions focused on Federal IT security This site is a database of current guidance laws and directives on how the Federal government secures its IT assets We
focus on civilian sector sector security including bull Federal Information Security Management Act (FISMA) bull Federal Desktop Core Configuration (FDCC) bull Security Content Automation Protocol (SCAP) bull Homeland Security Presidential Directive 12 (HSPD-12) bull Federal Identity Credentialing Committee (FICC) bull For further information on FISMApedia please see our about page
bull Just Added bull Enhanced NIST SP 800-53Ar1 Assessment Procedures combined with associated NIST SP 800-53r3 Security Controls and Enhancementsbull NIST Frequently Asked Questions - Continuous Monitoring (Response to NASA Reinterpretation of Guidance) bull Updated NIST SP 800-53 Revision 3 to reflect Errata 05-01-2010 bull Comparisons between US ICE Act and FISA Act drafts based on differences in Content US Code and Sectionsbull M-10-15 FY 2010 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Managementbull NIST SP 800-37r1 Guide for Applying the Risk Management Framework to Federal Information Systems A Security Life Cycle Approachbull Guidelines for Secure Use of Social Media by Federal Departments and Agencies 10bull 2863 acronyms and abbreviations added with 7271 definitions from 97 documents published by NIST DoD CNSS GAO and other Federal agenciesbull 4235 term definitions added using 7997 definitions from 142 documents published by NIST DoD CNSS GAO and other Federal agenciesbull TIC OMB Memos and Einstein 2 Legal Analysisbull Granular Comparison of NIST SP 800-53r2 and NIST SP 800-53r3 Control and Enhancements Changes
bull FISMA Arts bull FISMApedia is proud to host the FISMA Arts project (also know as FISMArts) FISMArts is a project to provide educational material to those seeking to learn about the Federal IT security Its initial focus is on the
production of Mnemosyne Project media from NIST SP-800 series documents bull Retrieved from httpfismapediaorgindexphptitle=Main_Pagebull Viewsbull Slashdotbull This page was last modified on 1 July 2010 at 0558bull Content is available under Creative Commons Attribution-Share Alike 30 United States Licensebull Privacy policybull About FISMApediabull Disclaimers
httpfismapediaorgindexphptitle=Main_Page
27 September 2010
Includinghellip
bull 2863 acronyms and abbreviations added with 7271 definitions from 97 documents published by NIST DoD CNSS GAO and other Federal agencies
bull 4235 term definitions added using 7997 definitions from 142 documents published by NIST DoD CNSS GAO and other Federal agencies
27 September 2010
Back to Human Capital Investment
bull Of course you could always become a CSCIPhellip
bull Or CSCIP-G
bull Or attend Smart Cards in Governmenthellip
bull Including the education program on PIV-Ihellip
(Obligatory Smart Card Alliance Education Pitch)
27 September 2010
Standards
bull Need to find ways to consolidate
bull Time frames are an issue due to number and length
bull Economics assurance is an investment
bull Incentives for investment in products that meet high assurance levels
27 September 2010
Curriculum = Requirements
bull Overall complexity has an impact on the ability to teach and learn
bull Specialization is contrary to system knowledge
ndash Hardware Software People and Operations
bull PIV-I has real benefits as template
27 September 2010
Roles Donrsquot Align wJob Titles
bull Registrarbull Enrollment Officerbull Adjudicatorbull Issuance Officerbull Key CustodianVs CISO SVP HR Corporate Security Directorbull System Administrator(s)
ndash ADndash Oraclendash SAPndash PACSndash Hypervisor
27 September 2010
Role Alignment with Education
bull Access to resources is different from the control of them
bull Owner
bull Administrator
bull Service
bull User
bull All of these can use PIV-I to help define curriculum
27 September 2010
Scale = Distributed Education
bull Everyone teacheshellip
bull Everyone learnshellip
bull Everyone understands whyhellip
bull Everyone is rewarded
ndash Faster
ndash Safer
ndash More Cost Effective
27 September 2010
And identity and security as a service
bull What is the impact on human capital investment
bull GSA MSO did not reduce requirement for cyber literacy or PIV-I competence
bull Data center consolidation does not change the requirement for an investment in human capital
27 September 2010
Human Capital
bull Experiencendash Is an asset
bull Human Capital has a Cap Ex componentndash Getting to baseline skill setndash Investing in a team
bull It has a Op Ex componentndash Developing competencyndash Gaining proficiencyndash Maintaining a team
bull It provides a return on the investment
27 September 2010
Questions
bull Thankshellip
bull salIDmachinescom email
bull httpIDmachinesblogspotcom blog
bull httpwwwIDmachinescom web
bull httptwittercomIDmachines IDmachines
bull httpwwwfacebookcomref=homeIDmachines
bull httpwwwlinkedincominidmachines
27 September 2010
Who are you
bull ldquoThere are about 1000 security people in the US who have the specialized security skills to operate effectively in cyberspace We need 10000 to 30000rdquo (Jim Gosler Sandia Fellow NSA Visiting Scientist and the founding Director of the CIArsquos Clandestine Information Technology Office) CSIS A Human Capital Crisis in Cybersecurity
27 September 2010
Who are you X 100bull PKI System Security Engineer Description This position will be part of a team responsible
for building the Subordinate Certification Authority The position will require a wide range of knowledge and skills Network integration for the enterprise Windows environment Deploying and supporting Certificate Services on the Windows Server working knowledge with IC and DoD PKI Policies Certification and accreditation of information systems Extensive understanding of DCID 63 Certification and Accreditation of information systems
bull HSPD-12 LACS Technical Specialist Washington DC - View similar jobs Job type Full-Time Title HSPD-12 LACS Technical Specialist Location Washington DCPermanent Client is a Title HSPD-12 LACS Technical
bull DC 1 Week Ago Senior IT Security Analyst - View similar jobs Job type Full-Time guidance Assist in the certification and accreditation of systems associated with HSPD-12 and related guidance Assist in the
bull MD ndash Rockville 3 Weeks Ago Websphere Administrator - View similar jobs Job type Full-Time comply with Homeland Security Presidential Directive-12 (HSPD-12) the software we develop and comply with Homeland
bull MD ndash Woodlawn Yesterday Project Manager - View similar jobs Job type Full-Time Directive 12 (HSPD-12) As the Project Manager your main duties will be to manage the execution of Directive 12
bull Jobs Like HSPD-12 LACS Technical Spec 100 Results Found hellip
27 September 2010
Who are you X 3000bull Looking for Identity and Access Management expert Oracle Identity
ManagerOIM-OAM CA SiteMinder Full Time jobExcellent SalaryGreen card process
bull Looking for TIM Consultant for 12 months in NYC Job Requirements Experience with installing configuring customizing Tivoli Identity Manager Experience in performing upgrades from ITIM 46 to 50 or 51 Experience in developing integrating adaptors between ITIM and other client systems Working knowledge and experience in JavaScript Java Coding DB2 Linux UNIX WebSphere LDAP XML TCPIP ITIM and IDI
bull Senior Consultant Oracle- IdentityXXXX LLPs (XXXX) Audit and Enterprise Risk Services business has a risk-based approach experienced professionals comprehensive methodologies and technical resources XXXX services combine competency and experience in the areas of financial reporting risk management and compliance Providing security across the enterprise - XXXX ComputerIT Services
bull Senior Consultant Oracle- IdentityXXXX LLPs (XXXX) Audit and Enterprise Risk Services business has a risk-based approach experienced professionals comprehensive methodologies and technical resources XXXX services combine competency and experience in the areas of financial reporting risk management and compliance Providing security across the enterprise - XXXX Secu ComputerIT Services
bull Senior Consultant Oracle- IdentityXXXX LLPs (XXXX) Audit and Enterprise Risk Services business has a risk-based approach experienced professionals comprehensive methodologies and technical resources XXXX services combine competency and experience in the areas of financial reporting risk management and compliance Providing security across the enterprise - XXXX ComputerIT Services
bull Next Displaying 1 - 25 of 3231 Posting Date Today (31) Yesterday (199) Last 3 days (438) Last 7 Days (699) Last 14 Days (1489) Last 30 days (2549) Last 60 days (3231)
bull Manager Oracle- Identity amp Access MXXXX LLPs (XXXX) Audit and Enterprise Risk Services business has a risk-based approach experienced professionals comprehensive methodologies and technical resources XXXX services combine competency and experience in the areas of financial reporting risk management and compliance Providing security across the enterprise - XXXX ComputerIT Services
bull Identity Management Project ManagerYYYYY is a premier IT Consulting firm located in downtown Chicago We provide solutions to our clients on a contract contract-to-hire and permanent basis Currently we are seeing individuals who have a strong background in Identity Management to implement a new product (Forefront Identity Manager) Project LocationChicago ILWhile on site presence is preferred qualified candidaComputerIT Services Paradigm Technol
bull Sun Identity Mgmt Java Developer US Citizen or GREEN CARD or EADfull time or contract to hire OK - Salary Rate negotiableOur client - Sun IDM (Oracle) Consulting Partner has immediate need for Mid-Level Sun Idm Developer in North East Forth Worth TX - near Alliance Airport Large Fort Worth based company part of a big deal wersquove signed Sun Identity Manager developer 3-4+ years experience - 4+ years JavaJ2EE ComputerIT Services
bull Business Analyst-Identity ManagemenZZZZZ is an IT Services Organization and the leader with providing Information Security Identity Management and Application Security and Security Compliance amp Risk-Based Solutions We offer a Full Lifecycle of services associated to the strategy business process design development implementation support and management of identity management and security solutions And Through our managed Computer Software
27 September 2010
Security System Architect 684 jobs found
bull Categoryndash Information Technology (575)ndash Design (333)ndash Engineering (283)ndash Management (107)ndash Professional Services (84)ndash Sales (43)ndash Consultant (43)ndash Other (24)ndash Health Care (21)ndash Finance (18)ndash Construction (17)ndash Skilled Labor - Trades (16)ndash Strategy - Planning (16)ndash Telecommunications (13)ndash Accounting (11)ndash General Business (10)ndash Business Development (10)ndash QA - Quality Control (10)ndash Government (10)ndash Banking (9)
ndash Government - Federal (9)ndash Executive (7)ndash Manufacturing (7)ndash Real Estate (7)ndash Admin - Clerical (6)ndash Human Resources (6)ndash Facilities (6)ndash Inventory (5)ndash Retail (5)ndash Installation - Maint - (5)ndash Marketing (4)ndash Education (4)ndash Business Opportunity (4)ndash Supply Chain (3)ndash Insurance (3)ndash Customer Service (2)ndash Science (2)ndash Purchasing - Procurement (2)ndash Entry Level (2)ndash Research (2)
27 September 2010
Identity Management 1766 jobs found
bull Categoryndash Management (575)ndash Sales (417)ndash Information Technology (409)ndash Health Care (343)ndash Finance (267)ndash Business Development (248)ndash Accounting (198)ndash Engineering (165)ndash Marketing (161)ndash Consultant (156)ndash Nurse (150)ndash Professional Services (115)ndash Design (112)ndash Other (105)ndash Customer Service (101)ndash Insurance (87)ndash Strategy - Planning (84)ndash Retail (64)ndash Banking (63)ndash General Business (62)
ndash Admin - Clerical (60)ndash QA - Quality Control (44)ndash Pharmaceutical (39)ndash Education (38)ndash Manufacturing (37)ndash Training (36)ndash Research (33)ndash Telecommunications (32)ndash Skilled Labor - Trades (31)ndash Executive (29)ndash Nonprofit - Social (28)ndash Restaurant - Food (26)ndash Business Opportunity (26)ndash Human Resources (22)ndash Science (19)ndash Facilities (19)ndash Legal (19)ndash Transportation (19)ndash Media - Journalism - (18)ndash Hospitality - Hotel (16)
27 September 2010
And even if you ldquoknowrdquo IAM
bull There are likely 100000(s) + openings so this gap will remain for now
bull Donrsquotrsquo assume that a vendorrsquos FIPS 201 product or HSPD 12 roadmap actually hits the needs
bull And product knowledge is not ICAM and it doesnrsquot mean ldquoknowledgerdquo of the requirements and the hellip
27 September 2010
Standards (plural -)
bull FIPSndash 140ndash 197-201ndash Related SPs
bull ISObull GSA APL PIV-Ibull Common Criteriabull TWIC ICEbull ULLife Safety bull ietf Open IDOAuth UMAbull TPM Veracodebull helliphellip
bull Compliance - Industryndash HIPAAndash SOXndash CFATSndash PCIndash NRCFERCNERC-CIPndash hellip
bull Compliance ndash Government ndash And yes you need ahellip
27 September 2010
FISMAPEDIAbull Main Pagebull From FISMApediabull Jump to navigation searchbull Navigation Topic Clusters FIPS 200 Families Legal Requirements Annual Reports Access Control E-Government Act Audit and Accountability Audit and Accountability FISMA Authentication Awareness and Training
HSPD-12 Awareness and Training Certification Accreditation and Security Assessments HSPD-7 Biometrics Configuration Management HIPAA Certification and Accreditation Contingency Planning OMB Circular A-11 Communications and Wireless Identification and Authentication OMB Circular A-130 Contingency Planning Incident Response Cryptography Maintenance
bull Document Series Digital Signatures Media Protection Forensics Personnel Security NIST Special Publication 800 Series General IT Security Physical and Environmental Protection NIST FIPS Series Historical ArchivesPlanning NIST Interagency Reports Incident Response Risk Assessment NIST Security Bulletins Maintenance System and Communication Protection OMB Circulars PKI System and Information Integrity OMB Memorandum Personal Identity Verification System and Services Acquisition Presidential Directives Planning Laws Regulations Directives and Policy Research Committee for National Security Systems Risk Assessment DoD Directives Services and Acquisitions DoD Instructions Smart Cards DoD Memos Viruses and Malware DoD Administrative Instructions DoD Publications
bull What is FISMApediabull FISMApedia is a collection of documents and discussions focused on Federal IT security This site is a database of current guidance laws and directives on how the Federal government secures its IT assets We
focus on civilian sector sector security including bull Federal Information Security Management Act (FISMA) bull Federal Desktop Core Configuration (FDCC) bull Security Content Automation Protocol (SCAP) bull Homeland Security Presidential Directive 12 (HSPD-12) bull Federal Identity Credentialing Committee (FICC) bull For further information on FISMApedia please see our about page
bull Just Added bull Enhanced NIST SP 800-53Ar1 Assessment Procedures combined with associated NIST SP 800-53r3 Security Controls and Enhancementsbull NIST Frequently Asked Questions - Continuous Monitoring (Response to NASA Reinterpretation of Guidance) bull Updated NIST SP 800-53 Revision 3 to reflect Errata 05-01-2010 bull Comparisons between US ICE Act and FISA Act drafts based on differences in Content US Code and Sectionsbull M-10-15 FY 2010 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Managementbull NIST SP 800-37r1 Guide for Applying the Risk Management Framework to Federal Information Systems A Security Life Cycle Approachbull Guidelines for Secure Use of Social Media by Federal Departments and Agencies 10bull 2863 acronyms and abbreviations added with 7271 definitions from 97 documents published by NIST DoD CNSS GAO and other Federal agenciesbull 4235 term definitions added using 7997 definitions from 142 documents published by NIST DoD CNSS GAO and other Federal agenciesbull TIC OMB Memos and Einstein 2 Legal Analysisbull Granular Comparison of NIST SP 800-53r2 and NIST SP 800-53r3 Control and Enhancements Changes
bull FISMA Arts bull FISMApedia is proud to host the FISMA Arts project (also know as FISMArts) FISMArts is a project to provide educational material to those seeking to learn about the Federal IT security Its initial focus is on the
production of Mnemosyne Project media from NIST SP-800 series documents bull Retrieved from httpfismapediaorgindexphptitle=Main_Pagebull Viewsbull Slashdotbull This page was last modified on 1 July 2010 at 0558bull Content is available under Creative Commons Attribution-Share Alike 30 United States Licensebull Privacy policybull About FISMApediabull Disclaimers
httpfismapediaorgindexphptitle=Main_Page
27 September 2010
Includinghellip
bull 2863 acronyms and abbreviations added with 7271 definitions from 97 documents published by NIST DoD CNSS GAO and other Federal agencies
bull 4235 term definitions added using 7997 definitions from 142 documents published by NIST DoD CNSS GAO and other Federal agencies
27 September 2010
Back to Human Capital Investment
bull Of course you could always become a CSCIPhellip
bull Or CSCIP-G
bull Or attend Smart Cards in Governmenthellip
bull Including the education program on PIV-Ihellip
(Obligatory Smart Card Alliance Education Pitch)
27 September 2010
Standards
bull Need to find ways to consolidate
bull Time frames are an issue due to number and length
bull Economics assurance is an investment
bull Incentives for investment in products that meet high assurance levels
27 September 2010
Curriculum = Requirements
bull Overall complexity has an impact on the ability to teach and learn
bull Specialization is contrary to system knowledge
ndash Hardware Software People and Operations
bull PIV-I has real benefits as template
27 September 2010
Roles Donrsquot Align wJob Titles
bull Registrarbull Enrollment Officerbull Adjudicatorbull Issuance Officerbull Key CustodianVs CISO SVP HR Corporate Security Directorbull System Administrator(s)
ndash ADndash Oraclendash SAPndash PACSndash Hypervisor
27 September 2010
Role Alignment with Education
bull Access to resources is different from the control of them
bull Owner
bull Administrator
bull Service
bull User
bull All of these can use PIV-I to help define curriculum
27 September 2010
Scale = Distributed Education
bull Everyone teacheshellip
bull Everyone learnshellip
bull Everyone understands whyhellip
bull Everyone is rewarded
ndash Faster
ndash Safer
ndash More Cost Effective
27 September 2010
And identity and security as a service
bull What is the impact on human capital investment
bull GSA MSO did not reduce requirement for cyber literacy or PIV-I competence
bull Data center consolidation does not change the requirement for an investment in human capital
27 September 2010
Human Capital
bull Experiencendash Is an asset
bull Human Capital has a Cap Ex componentndash Getting to baseline skill setndash Investing in a team
bull It has a Op Ex componentndash Developing competencyndash Gaining proficiencyndash Maintaining a team
bull It provides a return on the investment
27 September 2010
Questions
bull Thankshellip
bull salIDmachinescom email
bull httpIDmachinesblogspotcom blog
bull httpwwwIDmachinescom web
bull httptwittercomIDmachines IDmachines
bull httpwwwfacebookcomref=homeIDmachines
bull httpwwwlinkedincominidmachines
27 September 2010
Who are you X 100bull PKI System Security Engineer Description This position will be part of a team responsible
for building the Subordinate Certification Authority The position will require a wide range of knowledge and skills Network integration for the enterprise Windows environment Deploying and supporting Certificate Services on the Windows Server working knowledge with IC and DoD PKI Policies Certification and accreditation of information systems Extensive understanding of DCID 63 Certification and Accreditation of information systems
bull HSPD-12 LACS Technical Specialist Washington DC - View similar jobs Job type Full-Time Title HSPD-12 LACS Technical Specialist Location Washington DCPermanent Client is a Title HSPD-12 LACS Technical
bull DC 1 Week Ago Senior IT Security Analyst - View similar jobs Job type Full-Time guidance Assist in the certification and accreditation of systems associated with HSPD-12 and related guidance Assist in the
bull MD ndash Rockville 3 Weeks Ago Websphere Administrator - View similar jobs Job type Full-Time comply with Homeland Security Presidential Directive-12 (HSPD-12) the software we develop and comply with Homeland
bull MD ndash Woodlawn Yesterday Project Manager - View similar jobs Job type Full-Time Directive 12 (HSPD-12) As the Project Manager your main duties will be to manage the execution of Directive 12
bull Jobs Like HSPD-12 LACS Technical Spec 100 Results Found hellip
27 September 2010
Who are you X 3000bull Looking for Identity and Access Management expert Oracle Identity
ManagerOIM-OAM CA SiteMinder Full Time jobExcellent SalaryGreen card process
bull Looking for TIM Consultant for 12 months in NYC Job Requirements Experience with installing configuring customizing Tivoli Identity Manager Experience in performing upgrades from ITIM 46 to 50 or 51 Experience in developing integrating adaptors between ITIM and other client systems Working knowledge and experience in JavaScript Java Coding DB2 Linux UNIX WebSphere LDAP XML TCPIP ITIM and IDI
bull Senior Consultant Oracle- IdentityXXXX LLPs (XXXX) Audit and Enterprise Risk Services business has a risk-based approach experienced professionals comprehensive methodologies and technical resources XXXX services combine competency and experience in the areas of financial reporting risk management and compliance Providing security across the enterprise - XXXX ComputerIT Services
bull Senior Consultant Oracle- IdentityXXXX LLPs (XXXX) Audit and Enterprise Risk Services business has a risk-based approach experienced professionals comprehensive methodologies and technical resources XXXX services combine competency and experience in the areas of financial reporting risk management and compliance Providing security across the enterprise - XXXX Secu ComputerIT Services
bull Senior Consultant Oracle- IdentityXXXX LLPs (XXXX) Audit and Enterprise Risk Services business has a risk-based approach experienced professionals comprehensive methodologies and technical resources XXXX services combine competency and experience in the areas of financial reporting risk management and compliance Providing security across the enterprise - XXXX ComputerIT Services
bull Next Displaying 1 - 25 of 3231 Posting Date Today (31) Yesterday (199) Last 3 days (438) Last 7 Days (699) Last 14 Days (1489) Last 30 days (2549) Last 60 days (3231)
bull Manager Oracle- Identity amp Access MXXXX LLPs (XXXX) Audit and Enterprise Risk Services business has a risk-based approach experienced professionals comprehensive methodologies and technical resources XXXX services combine competency and experience in the areas of financial reporting risk management and compliance Providing security across the enterprise - XXXX ComputerIT Services
bull Identity Management Project ManagerYYYYY is a premier IT Consulting firm located in downtown Chicago We provide solutions to our clients on a contract contract-to-hire and permanent basis Currently we are seeing individuals who have a strong background in Identity Management to implement a new product (Forefront Identity Manager) Project LocationChicago ILWhile on site presence is preferred qualified candidaComputerIT Services Paradigm Technol
bull Sun Identity Mgmt Java Developer US Citizen or GREEN CARD or EADfull time or contract to hire OK - Salary Rate negotiableOur client - Sun IDM (Oracle) Consulting Partner has immediate need for Mid-Level Sun Idm Developer in North East Forth Worth TX - near Alliance Airport Large Fort Worth based company part of a big deal wersquove signed Sun Identity Manager developer 3-4+ years experience - 4+ years JavaJ2EE ComputerIT Services
bull Business Analyst-Identity ManagemenZZZZZ is an IT Services Organization and the leader with providing Information Security Identity Management and Application Security and Security Compliance amp Risk-Based Solutions We offer a Full Lifecycle of services associated to the strategy business process design development implementation support and management of identity management and security solutions And Through our managed Computer Software
27 September 2010
Security System Architect 684 jobs found
bull Categoryndash Information Technology (575)ndash Design (333)ndash Engineering (283)ndash Management (107)ndash Professional Services (84)ndash Sales (43)ndash Consultant (43)ndash Other (24)ndash Health Care (21)ndash Finance (18)ndash Construction (17)ndash Skilled Labor - Trades (16)ndash Strategy - Planning (16)ndash Telecommunications (13)ndash Accounting (11)ndash General Business (10)ndash Business Development (10)ndash QA - Quality Control (10)ndash Government (10)ndash Banking (9)
ndash Government - Federal (9)ndash Executive (7)ndash Manufacturing (7)ndash Real Estate (7)ndash Admin - Clerical (6)ndash Human Resources (6)ndash Facilities (6)ndash Inventory (5)ndash Retail (5)ndash Installation - Maint - (5)ndash Marketing (4)ndash Education (4)ndash Business Opportunity (4)ndash Supply Chain (3)ndash Insurance (3)ndash Customer Service (2)ndash Science (2)ndash Purchasing - Procurement (2)ndash Entry Level (2)ndash Research (2)
27 September 2010
Identity Management 1766 jobs found
bull Categoryndash Management (575)ndash Sales (417)ndash Information Technology (409)ndash Health Care (343)ndash Finance (267)ndash Business Development (248)ndash Accounting (198)ndash Engineering (165)ndash Marketing (161)ndash Consultant (156)ndash Nurse (150)ndash Professional Services (115)ndash Design (112)ndash Other (105)ndash Customer Service (101)ndash Insurance (87)ndash Strategy - Planning (84)ndash Retail (64)ndash Banking (63)ndash General Business (62)
ndash Admin - Clerical (60)ndash QA - Quality Control (44)ndash Pharmaceutical (39)ndash Education (38)ndash Manufacturing (37)ndash Training (36)ndash Research (33)ndash Telecommunications (32)ndash Skilled Labor - Trades (31)ndash Executive (29)ndash Nonprofit - Social (28)ndash Restaurant - Food (26)ndash Business Opportunity (26)ndash Human Resources (22)ndash Science (19)ndash Facilities (19)ndash Legal (19)ndash Transportation (19)ndash Media - Journalism - (18)ndash Hospitality - Hotel (16)
27 September 2010
And even if you ldquoknowrdquo IAM
bull There are likely 100000(s) + openings so this gap will remain for now
bull Donrsquotrsquo assume that a vendorrsquos FIPS 201 product or HSPD 12 roadmap actually hits the needs
bull And product knowledge is not ICAM and it doesnrsquot mean ldquoknowledgerdquo of the requirements and the hellip
27 September 2010
Standards (plural -)
bull FIPSndash 140ndash 197-201ndash Related SPs
bull ISObull GSA APL PIV-Ibull Common Criteriabull TWIC ICEbull ULLife Safety bull ietf Open IDOAuth UMAbull TPM Veracodebull helliphellip
bull Compliance - Industryndash HIPAAndash SOXndash CFATSndash PCIndash NRCFERCNERC-CIPndash hellip
bull Compliance ndash Government ndash And yes you need ahellip
27 September 2010
FISMAPEDIAbull Main Pagebull From FISMApediabull Jump to navigation searchbull Navigation Topic Clusters FIPS 200 Families Legal Requirements Annual Reports Access Control E-Government Act Audit and Accountability Audit and Accountability FISMA Authentication Awareness and Training
HSPD-12 Awareness and Training Certification Accreditation and Security Assessments HSPD-7 Biometrics Configuration Management HIPAA Certification and Accreditation Contingency Planning OMB Circular A-11 Communications and Wireless Identification and Authentication OMB Circular A-130 Contingency Planning Incident Response Cryptography Maintenance
bull Document Series Digital Signatures Media Protection Forensics Personnel Security NIST Special Publication 800 Series General IT Security Physical and Environmental Protection NIST FIPS Series Historical ArchivesPlanning NIST Interagency Reports Incident Response Risk Assessment NIST Security Bulletins Maintenance System and Communication Protection OMB Circulars PKI System and Information Integrity OMB Memorandum Personal Identity Verification System and Services Acquisition Presidential Directives Planning Laws Regulations Directives and Policy Research Committee for National Security Systems Risk Assessment DoD Directives Services and Acquisitions DoD Instructions Smart Cards DoD Memos Viruses and Malware DoD Administrative Instructions DoD Publications
bull What is FISMApediabull FISMApedia is a collection of documents and discussions focused on Federal IT security This site is a database of current guidance laws and directives on how the Federal government secures its IT assets We
focus on civilian sector sector security including bull Federal Information Security Management Act (FISMA) bull Federal Desktop Core Configuration (FDCC) bull Security Content Automation Protocol (SCAP) bull Homeland Security Presidential Directive 12 (HSPD-12) bull Federal Identity Credentialing Committee (FICC) bull For further information on FISMApedia please see our about page
bull Just Added bull Enhanced NIST SP 800-53Ar1 Assessment Procedures combined with associated NIST SP 800-53r3 Security Controls and Enhancementsbull NIST Frequently Asked Questions - Continuous Monitoring (Response to NASA Reinterpretation of Guidance) bull Updated NIST SP 800-53 Revision 3 to reflect Errata 05-01-2010 bull Comparisons between US ICE Act and FISA Act drafts based on differences in Content US Code and Sectionsbull M-10-15 FY 2010 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Managementbull NIST SP 800-37r1 Guide for Applying the Risk Management Framework to Federal Information Systems A Security Life Cycle Approachbull Guidelines for Secure Use of Social Media by Federal Departments and Agencies 10bull 2863 acronyms and abbreviations added with 7271 definitions from 97 documents published by NIST DoD CNSS GAO and other Federal agenciesbull 4235 term definitions added using 7997 definitions from 142 documents published by NIST DoD CNSS GAO and other Federal agenciesbull TIC OMB Memos and Einstein 2 Legal Analysisbull Granular Comparison of NIST SP 800-53r2 and NIST SP 800-53r3 Control and Enhancements Changes
bull FISMA Arts bull FISMApedia is proud to host the FISMA Arts project (also know as FISMArts) FISMArts is a project to provide educational material to those seeking to learn about the Federal IT security Its initial focus is on the
production of Mnemosyne Project media from NIST SP-800 series documents bull Retrieved from httpfismapediaorgindexphptitle=Main_Pagebull Viewsbull Slashdotbull This page was last modified on 1 July 2010 at 0558bull Content is available under Creative Commons Attribution-Share Alike 30 United States Licensebull Privacy policybull About FISMApediabull Disclaimers
httpfismapediaorgindexphptitle=Main_Page
27 September 2010
Includinghellip
bull 2863 acronyms and abbreviations added with 7271 definitions from 97 documents published by NIST DoD CNSS GAO and other Federal agencies
bull 4235 term definitions added using 7997 definitions from 142 documents published by NIST DoD CNSS GAO and other Federal agencies
27 September 2010
Back to Human Capital Investment
bull Of course you could always become a CSCIPhellip
bull Or CSCIP-G
bull Or attend Smart Cards in Governmenthellip
bull Including the education program on PIV-Ihellip
(Obligatory Smart Card Alliance Education Pitch)
27 September 2010
Standards
bull Need to find ways to consolidate
bull Time frames are an issue due to number and length
bull Economics assurance is an investment
bull Incentives for investment in products that meet high assurance levels
27 September 2010
Curriculum = Requirements
bull Overall complexity has an impact on the ability to teach and learn
bull Specialization is contrary to system knowledge
ndash Hardware Software People and Operations
bull PIV-I has real benefits as template
27 September 2010
Roles Donrsquot Align wJob Titles
bull Registrarbull Enrollment Officerbull Adjudicatorbull Issuance Officerbull Key CustodianVs CISO SVP HR Corporate Security Directorbull System Administrator(s)
ndash ADndash Oraclendash SAPndash PACSndash Hypervisor
27 September 2010
Role Alignment with Education
bull Access to resources is different from the control of them
bull Owner
bull Administrator
bull Service
bull User
bull All of these can use PIV-I to help define curriculum
27 September 2010
Scale = Distributed Education
bull Everyone teacheshellip
bull Everyone learnshellip
bull Everyone understands whyhellip
bull Everyone is rewarded
ndash Faster
ndash Safer
ndash More Cost Effective
27 September 2010
And identity and security as a service
bull What is the impact on human capital investment
bull GSA MSO did not reduce requirement for cyber literacy or PIV-I competence
bull Data center consolidation does not change the requirement for an investment in human capital
27 September 2010
Human Capital
bull Experiencendash Is an asset
bull Human Capital has a Cap Ex componentndash Getting to baseline skill setndash Investing in a team
bull It has a Op Ex componentndash Developing competencyndash Gaining proficiencyndash Maintaining a team
bull It provides a return on the investment
27 September 2010
Questions
bull Thankshellip
bull salIDmachinescom email
bull httpIDmachinesblogspotcom blog
bull httpwwwIDmachinescom web
bull httptwittercomIDmachines IDmachines
bull httpwwwfacebookcomref=homeIDmachines
bull httpwwwlinkedincominidmachines
27 September 2010
Who are you X 3000bull Looking for Identity and Access Management expert Oracle Identity
ManagerOIM-OAM CA SiteMinder Full Time jobExcellent SalaryGreen card process
bull Looking for TIM Consultant for 12 months in NYC Job Requirements Experience with installing configuring customizing Tivoli Identity Manager Experience in performing upgrades from ITIM 46 to 50 or 51 Experience in developing integrating adaptors between ITIM and other client systems Working knowledge and experience in JavaScript Java Coding DB2 Linux UNIX WebSphere LDAP XML TCPIP ITIM and IDI
bull Senior Consultant Oracle- IdentityXXXX LLPs (XXXX) Audit and Enterprise Risk Services business has a risk-based approach experienced professionals comprehensive methodologies and technical resources XXXX services combine competency and experience in the areas of financial reporting risk management and compliance Providing security across the enterprise - XXXX ComputerIT Services
bull Senior Consultant Oracle- IdentityXXXX LLPs (XXXX) Audit and Enterprise Risk Services business has a risk-based approach experienced professionals comprehensive methodologies and technical resources XXXX services combine competency and experience in the areas of financial reporting risk management and compliance Providing security across the enterprise - XXXX Secu ComputerIT Services
bull Senior Consultant Oracle- IdentityXXXX LLPs (XXXX) Audit and Enterprise Risk Services business has a risk-based approach experienced professionals comprehensive methodologies and technical resources XXXX services combine competency and experience in the areas of financial reporting risk management and compliance Providing security across the enterprise - XXXX ComputerIT Services
bull Next Displaying 1 - 25 of 3231 Posting Date Today (31) Yesterday (199) Last 3 days (438) Last 7 Days (699) Last 14 Days (1489) Last 30 days (2549) Last 60 days (3231)
bull Manager Oracle- Identity amp Access MXXXX LLPs (XXXX) Audit and Enterprise Risk Services business has a risk-based approach experienced professionals comprehensive methodologies and technical resources XXXX services combine competency and experience in the areas of financial reporting risk management and compliance Providing security across the enterprise - XXXX ComputerIT Services
bull Identity Management Project ManagerYYYYY is a premier IT Consulting firm located in downtown Chicago We provide solutions to our clients on a contract contract-to-hire and permanent basis Currently we are seeing individuals who have a strong background in Identity Management to implement a new product (Forefront Identity Manager) Project LocationChicago ILWhile on site presence is preferred qualified candidaComputerIT Services Paradigm Technol
bull Sun Identity Mgmt Java Developer US Citizen or GREEN CARD or EADfull time or contract to hire OK - Salary Rate negotiableOur client - Sun IDM (Oracle) Consulting Partner has immediate need for Mid-Level Sun Idm Developer in North East Forth Worth TX - near Alliance Airport Large Fort Worth based company part of a big deal wersquove signed Sun Identity Manager developer 3-4+ years experience - 4+ years JavaJ2EE ComputerIT Services
bull Business Analyst-Identity ManagemenZZZZZ is an IT Services Organization and the leader with providing Information Security Identity Management and Application Security and Security Compliance amp Risk-Based Solutions We offer a Full Lifecycle of services associated to the strategy business process design development implementation support and management of identity management and security solutions And Through our managed Computer Software
27 September 2010
Security System Architect 684 jobs found
bull Categoryndash Information Technology (575)ndash Design (333)ndash Engineering (283)ndash Management (107)ndash Professional Services (84)ndash Sales (43)ndash Consultant (43)ndash Other (24)ndash Health Care (21)ndash Finance (18)ndash Construction (17)ndash Skilled Labor - Trades (16)ndash Strategy - Planning (16)ndash Telecommunications (13)ndash Accounting (11)ndash General Business (10)ndash Business Development (10)ndash QA - Quality Control (10)ndash Government (10)ndash Banking (9)
ndash Government - Federal (9)ndash Executive (7)ndash Manufacturing (7)ndash Real Estate (7)ndash Admin - Clerical (6)ndash Human Resources (6)ndash Facilities (6)ndash Inventory (5)ndash Retail (5)ndash Installation - Maint - (5)ndash Marketing (4)ndash Education (4)ndash Business Opportunity (4)ndash Supply Chain (3)ndash Insurance (3)ndash Customer Service (2)ndash Science (2)ndash Purchasing - Procurement (2)ndash Entry Level (2)ndash Research (2)
27 September 2010
Identity Management 1766 jobs found
bull Categoryndash Management (575)ndash Sales (417)ndash Information Technology (409)ndash Health Care (343)ndash Finance (267)ndash Business Development (248)ndash Accounting (198)ndash Engineering (165)ndash Marketing (161)ndash Consultant (156)ndash Nurse (150)ndash Professional Services (115)ndash Design (112)ndash Other (105)ndash Customer Service (101)ndash Insurance (87)ndash Strategy - Planning (84)ndash Retail (64)ndash Banking (63)ndash General Business (62)
ndash Admin - Clerical (60)ndash QA - Quality Control (44)ndash Pharmaceutical (39)ndash Education (38)ndash Manufacturing (37)ndash Training (36)ndash Research (33)ndash Telecommunications (32)ndash Skilled Labor - Trades (31)ndash Executive (29)ndash Nonprofit - Social (28)ndash Restaurant - Food (26)ndash Business Opportunity (26)ndash Human Resources (22)ndash Science (19)ndash Facilities (19)ndash Legal (19)ndash Transportation (19)ndash Media - Journalism - (18)ndash Hospitality - Hotel (16)
27 September 2010
And even if you ldquoknowrdquo IAM
bull There are likely 100000(s) + openings so this gap will remain for now
bull Donrsquotrsquo assume that a vendorrsquos FIPS 201 product or HSPD 12 roadmap actually hits the needs
bull And product knowledge is not ICAM and it doesnrsquot mean ldquoknowledgerdquo of the requirements and the hellip
27 September 2010
Standards (plural -)
bull FIPSndash 140ndash 197-201ndash Related SPs
bull ISObull GSA APL PIV-Ibull Common Criteriabull TWIC ICEbull ULLife Safety bull ietf Open IDOAuth UMAbull TPM Veracodebull helliphellip
bull Compliance - Industryndash HIPAAndash SOXndash CFATSndash PCIndash NRCFERCNERC-CIPndash hellip
bull Compliance ndash Government ndash And yes you need ahellip
27 September 2010
FISMAPEDIAbull Main Pagebull From FISMApediabull Jump to navigation searchbull Navigation Topic Clusters FIPS 200 Families Legal Requirements Annual Reports Access Control E-Government Act Audit and Accountability Audit and Accountability FISMA Authentication Awareness and Training
HSPD-12 Awareness and Training Certification Accreditation and Security Assessments HSPD-7 Biometrics Configuration Management HIPAA Certification and Accreditation Contingency Planning OMB Circular A-11 Communications and Wireless Identification and Authentication OMB Circular A-130 Contingency Planning Incident Response Cryptography Maintenance
bull Document Series Digital Signatures Media Protection Forensics Personnel Security NIST Special Publication 800 Series General IT Security Physical and Environmental Protection NIST FIPS Series Historical ArchivesPlanning NIST Interagency Reports Incident Response Risk Assessment NIST Security Bulletins Maintenance System and Communication Protection OMB Circulars PKI System and Information Integrity OMB Memorandum Personal Identity Verification System and Services Acquisition Presidential Directives Planning Laws Regulations Directives and Policy Research Committee for National Security Systems Risk Assessment DoD Directives Services and Acquisitions DoD Instructions Smart Cards DoD Memos Viruses and Malware DoD Administrative Instructions DoD Publications
bull What is FISMApediabull FISMApedia is a collection of documents and discussions focused on Federal IT security This site is a database of current guidance laws and directives on how the Federal government secures its IT assets We
focus on civilian sector sector security including bull Federal Information Security Management Act (FISMA) bull Federal Desktop Core Configuration (FDCC) bull Security Content Automation Protocol (SCAP) bull Homeland Security Presidential Directive 12 (HSPD-12) bull Federal Identity Credentialing Committee (FICC) bull For further information on FISMApedia please see our about page
bull Just Added bull Enhanced NIST SP 800-53Ar1 Assessment Procedures combined with associated NIST SP 800-53r3 Security Controls and Enhancementsbull NIST Frequently Asked Questions - Continuous Monitoring (Response to NASA Reinterpretation of Guidance) bull Updated NIST SP 800-53 Revision 3 to reflect Errata 05-01-2010 bull Comparisons between US ICE Act and FISA Act drafts based on differences in Content US Code and Sectionsbull M-10-15 FY 2010 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Managementbull NIST SP 800-37r1 Guide for Applying the Risk Management Framework to Federal Information Systems A Security Life Cycle Approachbull Guidelines for Secure Use of Social Media by Federal Departments and Agencies 10bull 2863 acronyms and abbreviations added with 7271 definitions from 97 documents published by NIST DoD CNSS GAO and other Federal agenciesbull 4235 term definitions added using 7997 definitions from 142 documents published by NIST DoD CNSS GAO and other Federal agenciesbull TIC OMB Memos and Einstein 2 Legal Analysisbull Granular Comparison of NIST SP 800-53r2 and NIST SP 800-53r3 Control and Enhancements Changes
bull FISMA Arts bull FISMApedia is proud to host the FISMA Arts project (also know as FISMArts) FISMArts is a project to provide educational material to those seeking to learn about the Federal IT security Its initial focus is on the
production of Mnemosyne Project media from NIST SP-800 series documents bull Retrieved from httpfismapediaorgindexphptitle=Main_Pagebull Viewsbull Slashdotbull This page was last modified on 1 July 2010 at 0558bull Content is available under Creative Commons Attribution-Share Alike 30 United States Licensebull Privacy policybull About FISMApediabull Disclaimers
httpfismapediaorgindexphptitle=Main_Page
27 September 2010
Includinghellip
bull 2863 acronyms and abbreviations added with 7271 definitions from 97 documents published by NIST DoD CNSS GAO and other Federal agencies
bull 4235 term definitions added using 7997 definitions from 142 documents published by NIST DoD CNSS GAO and other Federal agencies
27 September 2010
Back to Human Capital Investment
bull Of course you could always become a CSCIPhellip
bull Or CSCIP-G
bull Or attend Smart Cards in Governmenthellip
bull Including the education program on PIV-Ihellip
(Obligatory Smart Card Alliance Education Pitch)
27 September 2010
Standards
bull Need to find ways to consolidate
bull Time frames are an issue due to number and length
bull Economics assurance is an investment
bull Incentives for investment in products that meet high assurance levels
27 September 2010
Curriculum = Requirements
bull Overall complexity has an impact on the ability to teach and learn
bull Specialization is contrary to system knowledge
ndash Hardware Software People and Operations
bull PIV-I has real benefits as template
27 September 2010
Roles Donrsquot Align wJob Titles
bull Registrarbull Enrollment Officerbull Adjudicatorbull Issuance Officerbull Key CustodianVs CISO SVP HR Corporate Security Directorbull System Administrator(s)
ndash ADndash Oraclendash SAPndash PACSndash Hypervisor
27 September 2010
Role Alignment with Education
bull Access to resources is different from the control of them
bull Owner
bull Administrator
bull Service
bull User
bull All of these can use PIV-I to help define curriculum
27 September 2010
Scale = Distributed Education
bull Everyone teacheshellip
bull Everyone learnshellip
bull Everyone understands whyhellip
bull Everyone is rewarded
ndash Faster
ndash Safer
ndash More Cost Effective
27 September 2010
And identity and security as a service
bull What is the impact on human capital investment
bull GSA MSO did not reduce requirement for cyber literacy or PIV-I competence
bull Data center consolidation does not change the requirement for an investment in human capital
27 September 2010
Human Capital
bull Experiencendash Is an asset
bull Human Capital has a Cap Ex componentndash Getting to baseline skill setndash Investing in a team
bull It has a Op Ex componentndash Developing competencyndash Gaining proficiencyndash Maintaining a team
bull It provides a return on the investment
27 September 2010
Questions
bull Thankshellip
bull salIDmachinescom email
bull httpIDmachinesblogspotcom blog
bull httpwwwIDmachinescom web
bull httptwittercomIDmachines IDmachines
bull httpwwwfacebookcomref=homeIDmachines
bull httpwwwlinkedincominidmachines
27 September 2010
Security System Architect 684 jobs found
bull Categoryndash Information Technology (575)ndash Design (333)ndash Engineering (283)ndash Management (107)ndash Professional Services (84)ndash Sales (43)ndash Consultant (43)ndash Other (24)ndash Health Care (21)ndash Finance (18)ndash Construction (17)ndash Skilled Labor - Trades (16)ndash Strategy - Planning (16)ndash Telecommunications (13)ndash Accounting (11)ndash General Business (10)ndash Business Development (10)ndash QA - Quality Control (10)ndash Government (10)ndash Banking (9)
ndash Government - Federal (9)ndash Executive (7)ndash Manufacturing (7)ndash Real Estate (7)ndash Admin - Clerical (6)ndash Human Resources (6)ndash Facilities (6)ndash Inventory (5)ndash Retail (5)ndash Installation - Maint - (5)ndash Marketing (4)ndash Education (4)ndash Business Opportunity (4)ndash Supply Chain (3)ndash Insurance (3)ndash Customer Service (2)ndash Science (2)ndash Purchasing - Procurement (2)ndash Entry Level (2)ndash Research (2)
27 September 2010
Identity Management 1766 jobs found
bull Categoryndash Management (575)ndash Sales (417)ndash Information Technology (409)ndash Health Care (343)ndash Finance (267)ndash Business Development (248)ndash Accounting (198)ndash Engineering (165)ndash Marketing (161)ndash Consultant (156)ndash Nurse (150)ndash Professional Services (115)ndash Design (112)ndash Other (105)ndash Customer Service (101)ndash Insurance (87)ndash Strategy - Planning (84)ndash Retail (64)ndash Banking (63)ndash General Business (62)
ndash Admin - Clerical (60)ndash QA - Quality Control (44)ndash Pharmaceutical (39)ndash Education (38)ndash Manufacturing (37)ndash Training (36)ndash Research (33)ndash Telecommunications (32)ndash Skilled Labor - Trades (31)ndash Executive (29)ndash Nonprofit - Social (28)ndash Restaurant - Food (26)ndash Business Opportunity (26)ndash Human Resources (22)ndash Science (19)ndash Facilities (19)ndash Legal (19)ndash Transportation (19)ndash Media - Journalism - (18)ndash Hospitality - Hotel (16)
27 September 2010
And even if you ldquoknowrdquo IAM
bull There are likely 100000(s) + openings so this gap will remain for now
bull Donrsquotrsquo assume that a vendorrsquos FIPS 201 product or HSPD 12 roadmap actually hits the needs
bull And product knowledge is not ICAM and it doesnrsquot mean ldquoknowledgerdquo of the requirements and the hellip
27 September 2010
Standards (plural -)
bull FIPSndash 140ndash 197-201ndash Related SPs
bull ISObull GSA APL PIV-Ibull Common Criteriabull TWIC ICEbull ULLife Safety bull ietf Open IDOAuth UMAbull TPM Veracodebull helliphellip
bull Compliance - Industryndash HIPAAndash SOXndash CFATSndash PCIndash NRCFERCNERC-CIPndash hellip
bull Compliance ndash Government ndash And yes you need ahellip
27 September 2010
FISMAPEDIAbull Main Pagebull From FISMApediabull Jump to navigation searchbull Navigation Topic Clusters FIPS 200 Families Legal Requirements Annual Reports Access Control E-Government Act Audit and Accountability Audit and Accountability FISMA Authentication Awareness and Training
HSPD-12 Awareness and Training Certification Accreditation and Security Assessments HSPD-7 Biometrics Configuration Management HIPAA Certification and Accreditation Contingency Planning OMB Circular A-11 Communications and Wireless Identification and Authentication OMB Circular A-130 Contingency Planning Incident Response Cryptography Maintenance
bull Document Series Digital Signatures Media Protection Forensics Personnel Security NIST Special Publication 800 Series General IT Security Physical and Environmental Protection NIST FIPS Series Historical ArchivesPlanning NIST Interagency Reports Incident Response Risk Assessment NIST Security Bulletins Maintenance System and Communication Protection OMB Circulars PKI System and Information Integrity OMB Memorandum Personal Identity Verification System and Services Acquisition Presidential Directives Planning Laws Regulations Directives and Policy Research Committee for National Security Systems Risk Assessment DoD Directives Services and Acquisitions DoD Instructions Smart Cards DoD Memos Viruses and Malware DoD Administrative Instructions DoD Publications
bull What is FISMApediabull FISMApedia is a collection of documents and discussions focused on Federal IT security This site is a database of current guidance laws and directives on how the Federal government secures its IT assets We
focus on civilian sector sector security including bull Federal Information Security Management Act (FISMA) bull Federal Desktop Core Configuration (FDCC) bull Security Content Automation Protocol (SCAP) bull Homeland Security Presidential Directive 12 (HSPD-12) bull Federal Identity Credentialing Committee (FICC) bull For further information on FISMApedia please see our about page
bull Just Added bull Enhanced NIST SP 800-53Ar1 Assessment Procedures combined with associated NIST SP 800-53r3 Security Controls and Enhancementsbull NIST Frequently Asked Questions - Continuous Monitoring (Response to NASA Reinterpretation of Guidance) bull Updated NIST SP 800-53 Revision 3 to reflect Errata 05-01-2010 bull Comparisons between US ICE Act and FISA Act drafts based on differences in Content US Code and Sectionsbull M-10-15 FY 2010 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Managementbull NIST SP 800-37r1 Guide for Applying the Risk Management Framework to Federal Information Systems A Security Life Cycle Approachbull Guidelines for Secure Use of Social Media by Federal Departments and Agencies 10bull 2863 acronyms and abbreviations added with 7271 definitions from 97 documents published by NIST DoD CNSS GAO and other Federal agenciesbull 4235 term definitions added using 7997 definitions from 142 documents published by NIST DoD CNSS GAO and other Federal agenciesbull TIC OMB Memos and Einstein 2 Legal Analysisbull Granular Comparison of NIST SP 800-53r2 and NIST SP 800-53r3 Control and Enhancements Changes
bull FISMA Arts bull FISMApedia is proud to host the FISMA Arts project (also know as FISMArts) FISMArts is a project to provide educational material to those seeking to learn about the Federal IT security Its initial focus is on the
production of Mnemosyne Project media from NIST SP-800 series documents bull Retrieved from httpfismapediaorgindexphptitle=Main_Pagebull Viewsbull Slashdotbull This page was last modified on 1 July 2010 at 0558bull Content is available under Creative Commons Attribution-Share Alike 30 United States Licensebull Privacy policybull About FISMApediabull Disclaimers
httpfismapediaorgindexphptitle=Main_Page
27 September 2010
Includinghellip
bull 2863 acronyms and abbreviations added with 7271 definitions from 97 documents published by NIST DoD CNSS GAO and other Federal agencies
bull 4235 term definitions added using 7997 definitions from 142 documents published by NIST DoD CNSS GAO and other Federal agencies
27 September 2010
Back to Human Capital Investment
bull Of course you could always become a CSCIPhellip
bull Or CSCIP-G
bull Or attend Smart Cards in Governmenthellip
bull Including the education program on PIV-Ihellip
(Obligatory Smart Card Alliance Education Pitch)
27 September 2010
Standards
bull Need to find ways to consolidate
bull Time frames are an issue due to number and length
bull Economics assurance is an investment
bull Incentives for investment in products that meet high assurance levels
27 September 2010
Curriculum = Requirements
bull Overall complexity has an impact on the ability to teach and learn
bull Specialization is contrary to system knowledge
ndash Hardware Software People and Operations
bull PIV-I has real benefits as template
27 September 2010
Roles Donrsquot Align wJob Titles
bull Registrarbull Enrollment Officerbull Adjudicatorbull Issuance Officerbull Key CustodianVs CISO SVP HR Corporate Security Directorbull System Administrator(s)
ndash ADndash Oraclendash SAPndash PACSndash Hypervisor
27 September 2010
Role Alignment with Education
bull Access to resources is different from the control of them
bull Owner
bull Administrator
bull Service
bull User
bull All of these can use PIV-I to help define curriculum
27 September 2010
Scale = Distributed Education
bull Everyone teacheshellip
bull Everyone learnshellip
bull Everyone understands whyhellip
bull Everyone is rewarded
ndash Faster
ndash Safer
ndash More Cost Effective
27 September 2010
And identity and security as a service
bull What is the impact on human capital investment
bull GSA MSO did not reduce requirement for cyber literacy or PIV-I competence
bull Data center consolidation does not change the requirement for an investment in human capital
27 September 2010
Human Capital
bull Experiencendash Is an asset
bull Human Capital has a Cap Ex componentndash Getting to baseline skill setndash Investing in a team
bull It has a Op Ex componentndash Developing competencyndash Gaining proficiencyndash Maintaining a team
bull It provides a return on the investment
27 September 2010
Questions
bull Thankshellip
bull salIDmachinescom email
bull httpIDmachinesblogspotcom blog
bull httpwwwIDmachinescom web
bull httptwittercomIDmachines IDmachines
bull httpwwwfacebookcomref=homeIDmachines
bull httpwwwlinkedincominidmachines
27 September 2010
Identity Management 1766 jobs found
bull Categoryndash Management (575)ndash Sales (417)ndash Information Technology (409)ndash Health Care (343)ndash Finance (267)ndash Business Development (248)ndash Accounting (198)ndash Engineering (165)ndash Marketing (161)ndash Consultant (156)ndash Nurse (150)ndash Professional Services (115)ndash Design (112)ndash Other (105)ndash Customer Service (101)ndash Insurance (87)ndash Strategy - Planning (84)ndash Retail (64)ndash Banking (63)ndash General Business (62)
ndash Admin - Clerical (60)ndash QA - Quality Control (44)ndash Pharmaceutical (39)ndash Education (38)ndash Manufacturing (37)ndash Training (36)ndash Research (33)ndash Telecommunications (32)ndash Skilled Labor - Trades (31)ndash Executive (29)ndash Nonprofit - Social (28)ndash Restaurant - Food (26)ndash Business Opportunity (26)ndash Human Resources (22)ndash Science (19)ndash Facilities (19)ndash Legal (19)ndash Transportation (19)ndash Media - Journalism - (18)ndash Hospitality - Hotel (16)
27 September 2010
And even if you ldquoknowrdquo IAM
bull There are likely 100000(s) + openings so this gap will remain for now
bull Donrsquotrsquo assume that a vendorrsquos FIPS 201 product or HSPD 12 roadmap actually hits the needs
bull And product knowledge is not ICAM and it doesnrsquot mean ldquoknowledgerdquo of the requirements and the hellip
27 September 2010
Standards (plural -)
bull FIPSndash 140ndash 197-201ndash Related SPs
bull ISObull GSA APL PIV-Ibull Common Criteriabull TWIC ICEbull ULLife Safety bull ietf Open IDOAuth UMAbull TPM Veracodebull helliphellip
bull Compliance - Industryndash HIPAAndash SOXndash CFATSndash PCIndash NRCFERCNERC-CIPndash hellip
bull Compliance ndash Government ndash And yes you need ahellip
27 September 2010
FISMAPEDIAbull Main Pagebull From FISMApediabull Jump to navigation searchbull Navigation Topic Clusters FIPS 200 Families Legal Requirements Annual Reports Access Control E-Government Act Audit and Accountability Audit and Accountability FISMA Authentication Awareness and Training
HSPD-12 Awareness and Training Certification Accreditation and Security Assessments HSPD-7 Biometrics Configuration Management HIPAA Certification and Accreditation Contingency Planning OMB Circular A-11 Communications and Wireless Identification and Authentication OMB Circular A-130 Contingency Planning Incident Response Cryptography Maintenance
bull Document Series Digital Signatures Media Protection Forensics Personnel Security NIST Special Publication 800 Series General IT Security Physical and Environmental Protection NIST FIPS Series Historical ArchivesPlanning NIST Interagency Reports Incident Response Risk Assessment NIST Security Bulletins Maintenance System and Communication Protection OMB Circulars PKI System and Information Integrity OMB Memorandum Personal Identity Verification System and Services Acquisition Presidential Directives Planning Laws Regulations Directives and Policy Research Committee for National Security Systems Risk Assessment DoD Directives Services and Acquisitions DoD Instructions Smart Cards DoD Memos Viruses and Malware DoD Administrative Instructions DoD Publications
bull What is FISMApediabull FISMApedia is a collection of documents and discussions focused on Federal IT security This site is a database of current guidance laws and directives on how the Federal government secures its IT assets We
focus on civilian sector sector security including bull Federal Information Security Management Act (FISMA) bull Federal Desktop Core Configuration (FDCC) bull Security Content Automation Protocol (SCAP) bull Homeland Security Presidential Directive 12 (HSPD-12) bull Federal Identity Credentialing Committee (FICC) bull For further information on FISMApedia please see our about page
bull Just Added bull Enhanced NIST SP 800-53Ar1 Assessment Procedures combined with associated NIST SP 800-53r3 Security Controls and Enhancementsbull NIST Frequently Asked Questions - Continuous Monitoring (Response to NASA Reinterpretation of Guidance) bull Updated NIST SP 800-53 Revision 3 to reflect Errata 05-01-2010 bull Comparisons between US ICE Act and FISA Act drafts based on differences in Content US Code and Sectionsbull M-10-15 FY 2010 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Managementbull NIST SP 800-37r1 Guide for Applying the Risk Management Framework to Federal Information Systems A Security Life Cycle Approachbull Guidelines for Secure Use of Social Media by Federal Departments and Agencies 10bull 2863 acronyms and abbreviations added with 7271 definitions from 97 documents published by NIST DoD CNSS GAO and other Federal agenciesbull 4235 term definitions added using 7997 definitions from 142 documents published by NIST DoD CNSS GAO and other Federal agenciesbull TIC OMB Memos and Einstein 2 Legal Analysisbull Granular Comparison of NIST SP 800-53r2 and NIST SP 800-53r3 Control and Enhancements Changes
bull FISMA Arts bull FISMApedia is proud to host the FISMA Arts project (also know as FISMArts) FISMArts is a project to provide educational material to those seeking to learn about the Federal IT security Its initial focus is on the
production of Mnemosyne Project media from NIST SP-800 series documents bull Retrieved from httpfismapediaorgindexphptitle=Main_Pagebull Viewsbull Slashdotbull This page was last modified on 1 July 2010 at 0558bull Content is available under Creative Commons Attribution-Share Alike 30 United States Licensebull Privacy policybull About FISMApediabull Disclaimers
httpfismapediaorgindexphptitle=Main_Page
27 September 2010
Includinghellip
bull 2863 acronyms and abbreviations added with 7271 definitions from 97 documents published by NIST DoD CNSS GAO and other Federal agencies
bull 4235 term definitions added using 7997 definitions from 142 documents published by NIST DoD CNSS GAO and other Federal agencies
27 September 2010
Back to Human Capital Investment
bull Of course you could always become a CSCIPhellip
bull Or CSCIP-G
bull Or attend Smart Cards in Governmenthellip
bull Including the education program on PIV-Ihellip
(Obligatory Smart Card Alliance Education Pitch)
27 September 2010
Standards
bull Need to find ways to consolidate
bull Time frames are an issue due to number and length
bull Economics assurance is an investment
bull Incentives for investment in products that meet high assurance levels
27 September 2010
Curriculum = Requirements
bull Overall complexity has an impact on the ability to teach and learn
bull Specialization is contrary to system knowledge
ndash Hardware Software People and Operations
bull PIV-I has real benefits as template
27 September 2010
Roles Donrsquot Align wJob Titles
bull Registrarbull Enrollment Officerbull Adjudicatorbull Issuance Officerbull Key CustodianVs CISO SVP HR Corporate Security Directorbull System Administrator(s)
ndash ADndash Oraclendash SAPndash PACSndash Hypervisor
27 September 2010
Role Alignment with Education
bull Access to resources is different from the control of them
bull Owner
bull Administrator
bull Service
bull User
bull All of these can use PIV-I to help define curriculum
27 September 2010
Scale = Distributed Education
bull Everyone teacheshellip
bull Everyone learnshellip
bull Everyone understands whyhellip
bull Everyone is rewarded
ndash Faster
ndash Safer
ndash More Cost Effective
27 September 2010
And identity and security as a service
bull What is the impact on human capital investment
bull GSA MSO did not reduce requirement for cyber literacy or PIV-I competence
bull Data center consolidation does not change the requirement for an investment in human capital
27 September 2010
Human Capital
bull Experiencendash Is an asset
bull Human Capital has a Cap Ex componentndash Getting to baseline skill setndash Investing in a team
bull It has a Op Ex componentndash Developing competencyndash Gaining proficiencyndash Maintaining a team
bull It provides a return on the investment
27 September 2010
Questions
bull Thankshellip
bull salIDmachinescom email
bull httpIDmachinesblogspotcom blog
bull httpwwwIDmachinescom web
bull httptwittercomIDmachines IDmachines
bull httpwwwfacebookcomref=homeIDmachines
bull httpwwwlinkedincominidmachines
27 September 2010
And even if you ldquoknowrdquo IAM
bull There are likely 100000(s) + openings so this gap will remain for now
bull Donrsquotrsquo assume that a vendorrsquos FIPS 201 product or HSPD 12 roadmap actually hits the needs
bull And product knowledge is not ICAM and it doesnrsquot mean ldquoknowledgerdquo of the requirements and the hellip
27 September 2010
Standards (plural -)
bull FIPSndash 140ndash 197-201ndash Related SPs
bull ISObull GSA APL PIV-Ibull Common Criteriabull TWIC ICEbull ULLife Safety bull ietf Open IDOAuth UMAbull TPM Veracodebull helliphellip
bull Compliance - Industryndash HIPAAndash SOXndash CFATSndash PCIndash NRCFERCNERC-CIPndash hellip
bull Compliance ndash Government ndash And yes you need ahellip
27 September 2010
FISMAPEDIAbull Main Pagebull From FISMApediabull Jump to navigation searchbull Navigation Topic Clusters FIPS 200 Families Legal Requirements Annual Reports Access Control E-Government Act Audit and Accountability Audit and Accountability FISMA Authentication Awareness and Training
HSPD-12 Awareness and Training Certification Accreditation and Security Assessments HSPD-7 Biometrics Configuration Management HIPAA Certification and Accreditation Contingency Planning OMB Circular A-11 Communications and Wireless Identification and Authentication OMB Circular A-130 Contingency Planning Incident Response Cryptography Maintenance
bull Document Series Digital Signatures Media Protection Forensics Personnel Security NIST Special Publication 800 Series General IT Security Physical and Environmental Protection NIST FIPS Series Historical ArchivesPlanning NIST Interagency Reports Incident Response Risk Assessment NIST Security Bulletins Maintenance System and Communication Protection OMB Circulars PKI System and Information Integrity OMB Memorandum Personal Identity Verification System and Services Acquisition Presidential Directives Planning Laws Regulations Directives and Policy Research Committee for National Security Systems Risk Assessment DoD Directives Services and Acquisitions DoD Instructions Smart Cards DoD Memos Viruses and Malware DoD Administrative Instructions DoD Publications
bull What is FISMApediabull FISMApedia is a collection of documents and discussions focused on Federal IT security This site is a database of current guidance laws and directives on how the Federal government secures its IT assets We
focus on civilian sector sector security including bull Federal Information Security Management Act (FISMA) bull Federal Desktop Core Configuration (FDCC) bull Security Content Automation Protocol (SCAP) bull Homeland Security Presidential Directive 12 (HSPD-12) bull Federal Identity Credentialing Committee (FICC) bull For further information on FISMApedia please see our about page
bull Just Added bull Enhanced NIST SP 800-53Ar1 Assessment Procedures combined with associated NIST SP 800-53r3 Security Controls and Enhancementsbull NIST Frequently Asked Questions - Continuous Monitoring (Response to NASA Reinterpretation of Guidance) bull Updated NIST SP 800-53 Revision 3 to reflect Errata 05-01-2010 bull Comparisons between US ICE Act and FISA Act drafts based on differences in Content US Code and Sectionsbull M-10-15 FY 2010 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Managementbull NIST SP 800-37r1 Guide for Applying the Risk Management Framework to Federal Information Systems A Security Life Cycle Approachbull Guidelines for Secure Use of Social Media by Federal Departments and Agencies 10bull 2863 acronyms and abbreviations added with 7271 definitions from 97 documents published by NIST DoD CNSS GAO and other Federal agenciesbull 4235 term definitions added using 7997 definitions from 142 documents published by NIST DoD CNSS GAO and other Federal agenciesbull TIC OMB Memos and Einstein 2 Legal Analysisbull Granular Comparison of NIST SP 800-53r2 and NIST SP 800-53r3 Control and Enhancements Changes
bull FISMA Arts bull FISMApedia is proud to host the FISMA Arts project (also know as FISMArts) FISMArts is a project to provide educational material to those seeking to learn about the Federal IT security Its initial focus is on the
production of Mnemosyne Project media from NIST SP-800 series documents bull Retrieved from httpfismapediaorgindexphptitle=Main_Pagebull Viewsbull Slashdotbull This page was last modified on 1 July 2010 at 0558bull Content is available under Creative Commons Attribution-Share Alike 30 United States Licensebull Privacy policybull About FISMApediabull Disclaimers
httpfismapediaorgindexphptitle=Main_Page
27 September 2010
Includinghellip
bull 2863 acronyms and abbreviations added with 7271 definitions from 97 documents published by NIST DoD CNSS GAO and other Federal agencies
bull 4235 term definitions added using 7997 definitions from 142 documents published by NIST DoD CNSS GAO and other Federal agencies
27 September 2010
Back to Human Capital Investment
bull Of course you could always become a CSCIPhellip
bull Or CSCIP-G
bull Or attend Smart Cards in Governmenthellip
bull Including the education program on PIV-Ihellip
(Obligatory Smart Card Alliance Education Pitch)
27 September 2010
Standards
bull Need to find ways to consolidate
bull Time frames are an issue due to number and length
bull Economics assurance is an investment
bull Incentives for investment in products that meet high assurance levels
27 September 2010
Curriculum = Requirements
bull Overall complexity has an impact on the ability to teach and learn
bull Specialization is contrary to system knowledge
ndash Hardware Software People and Operations
bull PIV-I has real benefits as template
27 September 2010
Roles Donrsquot Align wJob Titles
bull Registrarbull Enrollment Officerbull Adjudicatorbull Issuance Officerbull Key CustodianVs CISO SVP HR Corporate Security Directorbull System Administrator(s)
ndash ADndash Oraclendash SAPndash PACSndash Hypervisor
27 September 2010
Role Alignment with Education
bull Access to resources is different from the control of them
bull Owner
bull Administrator
bull Service
bull User
bull All of these can use PIV-I to help define curriculum
27 September 2010
Scale = Distributed Education
bull Everyone teacheshellip
bull Everyone learnshellip
bull Everyone understands whyhellip
bull Everyone is rewarded
ndash Faster
ndash Safer
ndash More Cost Effective
27 September 2010
And identity and security as a service
bull What is the impact on human capital investment
bull GSA MSO did not reduce requirement for cyber literacy or PIV-I competence
bull Data center consolidation does not change the requirement for an investment in human capital
27 September 2010
Human Capital
bull Experiencendash Is an asset
bull Human Capital has a Cap Ex componentndash Getting to baseline skill setndash Investing in a team
bull It has a Op Ex componentndash Developing competencyndash Gaining proficiencyndash Maintaining a team
bull It provides a return on the investment
27 September 2010
Questions
bull Thankshellip
bull salIDmachinescom email
bull httpIDmachinesblogspotcom blog
bull httpwwwIDmachinescom web
bull httptwittercomIDmachines IDmachines
bull httpwwwfacebookcomref=homeIDmachines
bull httpwwwlinkedincominidmachines
27 September 2010
Standards (plural -)
bull FIPSndash 140ndash 197-201ndash Related SPs
bull ISObull GSA APL PIV-Ibull Common Criteriabull TWIC ICEbull ULLife Safety bull ietf Open IDOAuth UMAbull TPM Veracodebull helliphellip
bull Compliance - Industryndash HIPAAndash SOXndash CFATSndash PCIndash NRCFERCNERC-CIPndash hellip
bull Compliance ndash Government ndash And yes you need ahellip
27 September 2010
FISMAPEDIAbull Main Pagebull From FISMApediabull Jump to navigation searchbull Navigation Topic Clusters FIPS 200 Families Legal Requirements Annual Reports Access Control E-Government Act Audit and Accountability Audit and Accountability FISMA Authentication Awareness and Training
HSPD-12 Awareness and Training Certification Accreditation and Security Assessments HSPD-7 Biometrics Configuration Management HIPAA Certification and Accreditation Contingency Planning OMB Circular A-11 Communications and Wireless Identification and Authentication OMB Circular A-130 Contingency Planning Incident Response Cryptography Maintenance
bull Document Series Digital Signatures Media Protection Forensics Personnel Security NIST Special Publication 800 Series General IT Security Physical and Environmental Protection NIST FIPS Series Historical ArchivesPlanning NIST Interagency Reports Incident Response Risk Assessment NIST Security Bulletins Maintenance System and Communication Protection OMB Circulars PKI System and Information Integrity OMB Memorandum Personal Identity Verification System and Services Acquisition Presidential Directives Planning Laws Regulations Directives and Policy Research Committee for National Security Systems Risk Assessment DoD Directives Services and Acquisitions DoD Instructions Smart Cards DoD Memos Viruses and Malware DoD Administrative Instructions DoD Publications
bull What is FISMApediabull FISMApedia is a collection of documents and discussions focused on Federal IT security This site is a database of current guidance laws and directives on how the Federal government secures its IT assets We
focus on civilian sector sector security including bull Federal Information Security Management Act (FISMA) bull Federal Desktop Core Configuration (FDCC) bull Security Content Automation Protocol (SCAP) bull Homeland Security Presidential Directive 12 (HSPD-12) bull Federal Identity Credentialing Committee (FICC) bull For further information on FISMApedia please see our about page
bull Just Added bull Enhanced NIST SP 800-53Ar1 Assessment Procedures combined with associated NIST SP 800-53r3 Security Controls and Enhancementsbull NIST Frequently Asked Questions - Continuous Monitoring (Response to NASA Reinterpretation of Guidance) bull Updated NIST SP 800-53 Revision 3 to reflect Errata 05-01-2010 bull Comparisons between US ICE Act and FISA Act drafts based on differences in Content US Code and Sectionsbull M-10-15 FY 2010 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Managementbull NIST SP 800-37r1 Guide for Applying the Risk Management Framework to Federal Information Systems A Security Life Cycle Approachbull Guidelines for Secure Use of Social Media by Federal Departments and Agencies 10bull 2863 acronyms and abbreviations added with 7271 definitions from 97 documents published by NIST DoD CNSS GAO and other Federal agenciesbull 4235 term definitions added using 7997 definitions from 142 documents published by NIST DoD CNSS GAO and other Federal agenciesbull TIC OMB Memos and Einstein 2 Legal Analysisbull Granular Comparison of NIST SP 800-53r2 and NIST SP 800-53r3 Control and Enhancements Changes
bull FISMA Arts bull FISMApedia is proud to host the FISMA Arts project (also know as FISMArts) FISMArts is a project to provide educational material to those seeking to learn about the Federal IT security Its initial focus is on the
production of Mnemosyne Project media from NIST SP-800 series documents bull Retrieved from httpfismapediaorgindexphptitle=Main_Pagebull Viewsbull Slashdotbull This page was last modified on 1 July 2010 at 0558bull Content is available under Creative Commons Attribution-Share Alike 30 United States Licensebull Privacy policybull About FISMApediabull Disclaimers
httpfismapediaorgindexphptitle=Main_Page
27 September 2010
Includinghellip
bull 2863 acronyms and abbreviations added with 7271 definitions from 97 documents published by NIST DoD CNSS GAO and other Federal agencies
bull 4235 term definitions added using 7997 definitions from 142 documents published by NIST DoD CNSS GAO and other Federal agencies
27 September 2010
Back to Human Capital Investment
bull Of course you could always become a CSCIPhellip
bull Or CSCIP-G
bull Or attend Smart Cards in Governmenthellip
bull Including the education program on PIV-Ihellip
(Obligatory Smart Card Alliance Education Pitch)
27 September 2010
Standards
bull Need to find ways to consolidate
bull Time frames are an issue due to number and length
bull Economics assurance is an investment
bull Incentives for investment in products that meet high assurance levels
27 September 2010
Curriculum = Requirements
bull Overall complexity has an impact on the ability to teach and learn
bull Specialization is contrary to system knowledge
ndash Hardware Software People and Operations
bull PIV-I has real benefits as template
27 September 2010
Roles Donrsquot Align wJob Titles
bull Registrarbull Enrollment Officerbull Adjudicatorbull Issuance Officerbull Key CustodianVs CISO SVP HR Corporate Security Directorbull System Administrator(s)
ndash ADndash Oraclendash SAPndash PACSndash Hypervisor
27 September 2010
Role Alignment with Education
bull Access to resources is different from the control of them
bull Owner
bull Administrator
bull Service
bull User
bull All of these can use PIV-I to help define curriculum
27 September 2010
Scale = Distributed Education
bull Everyone teacheshellip
bull Everyone learnshellip
bull Everyone understands whyhellip
bull Everyone is rewarded
ndash Faster
ndash Safer
ndash More Cost Effective
27 September 2010
And identity and security as a service
bull What is the impact on human capital investment
bull GSA MSO did not reduce requirement for cyber literacy or PIV-I competence
bull Data center consolidation does not change the requirement for an investment in human capital
27 September 2010
Human Capital
bull Experiencendash Is an asset
bull Human Capital has a Cap Ex componentndash Getting to baseline skill setndash Investing in a team
bull It has a Op Ex componentndash Developing competencyndash Gaining proficiencyndash Maintaining a team
bull It provides a return on the investment
27 September 2010
Questions
bull Thankshellip
bull salIDmachinescom email
bull httpIDmachinesblogspotcom blog
bull httpwwwIDmachinescom web
bull httptwittercomIDmachines IDmachines
bull httpwwwfacebookcomref=homeIDmachines
bull httpwwwlinkedincominidmachines
27 September 2010
FISMAPEDIAbull Main Pagebull From FISMApediabull Jump to navigation searchbull Navigation Topic Clusters FIPS 200 Families Legal Requirements Annual Reports Access Control E-Government Act Audit and Accountability Audit and Accountability FISMA Authentication Awareness and Training
HSPD-12 Awareness and Training Certification Accreditation and Security Assessments HSPD-7 Biometrics Configuration Management HIPAA Certification and Accreditation Contingency Planning OMB Circular A-11 Communications and Wireless Identification and Authentication OMB Circular A-130 Contingency Planning Incident Response Cryptography Maintenance
bull Document Series Digital Signatures Media Protection Forensics Personnel Security NIST Special Publication 800 Series General IT Security Physical and Environmental Protection NIST FIPS Series Historical ArchivesPlanning NIST Interagency Reports Incident Response Risk Assessment NIST Security Bulletins Maintenance System and Communication Protection OMB Circulars PKI System and Information Integrity OMB Memorandum Personal Identity Verification System and Services Acquisition Presidential Directives Planning Laws Regulations Directives and Policy Research Committee for National Security Systems Risk Assessment DoD Directives Services and Acquisitions DoD Instructions Smart Cards DoD Memos Viruses and Malware DoD Administrative Instructions DoD Publications
bull What is FISMApediabull FISMApedia is a collection of documents and discussions focused on Federal IT security This site is a database of current guidance laws and directives on how the Federal government secures its IT assets We
focus on civilian sector sector security including bull Federal Information Security Management Act (FISMA) bull Federal Desktop Core Configuration (FDCC) bull Security Content Automation Protocol (SCAP) bull Homeland Security Presidential Directive 12 (HSPD-12) bull Federal Identity Credentialing Committee (FICC) bull For further information on FISMApedia please see our about page
bull Just Added bull Enhanced NIST SP 800-53Ar1 Assessment Procedures combined with associated NIST SP 800-53r3 Security Controls and Enhancementsbull NIST Frequently Asked Questions - Continuous Monitoring (Response to NASA Reinterpretation of Guidance) bull Updated NIST SP 800-53 Revision 3 to reflect Errata 05-01-2010 bull Comparisons between US ICE Act and FISA Act drafts based on differences in Content US Code and Sectionsbull M-10-15 FY 2010 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Managementbull NIST SP 800-37r1 Guide for Applying the Risk Management Framework to Federal Information Systems A Security Life Cycle Approachbull Guidelines for Secure Use of Social Media by Federal Departments and Agencies 10bull 2863 acronyms and abbreviations added with 7271 definitions from 97 documents published by NIST DoD CNSS GAO and other Federal agenciesbull 4235 term definitions added using 7997 definitions from 142 documents published by NIST DoD CNSS GAO and other Federal agenciesbull TIC OMB Memos and Einstein 2 Legal Analysisbull Granular Comparison of NIST SP 800-53r2 and NIST SP 800-53r3 Control and Enhancements Changes
bull FISMA Arts bull FISMApedia is proud to host the FISMA Arts project (also know as FISMArts) FISMArts is a project to provide educational material to those seeking to learn about the Federal IT security Its initial focus is on the
production of Mnemosyne Project media from NIST SP-800 series documents bull Retrieved from httpfismapediaorgindexphptitle=Main_Pagebull Viewsbull Slashdotbull This page was last modified on 1 July 2010 at 0558bull Content is available under Creative Commons Attribution-Share Alike 30 United States Licensebull Privacy policybull About FISMApediabull Disclaimers
httpfismapediaorgindexphptitle=Main_Page
27 September 2010
Includinghellip
bull 2863 acronyms and abbreviations added with 7271 definitions from 97 documents published by NIST DoD CNSS GAO and other Federal agencies
bull 4235 term definitions added using 7997 definitions from 142 documents published by NIST DoD CNSS GAO and other Federal agencies
27 September 2010
Back to Human Capital Investment
bull Of course you could always become a CSCIPhellip
bull Or CSCIP-G
bull Or attend Smart Cards in Governmenthellip
bull Including the education program on PIV-Ihellip
(Obligatory Smart Card Alliance Education Pitch)
27 September 2010
Standards
bull Need to find ways to consolidate
bull Time frames are an issue due to number and length
bull Economics assurance is an investment
bull Incentives for investment in products that meet high assurance levels
27 September 2010
Curriculum = Requirements
bull Overall complexity has an impact on the ability to teach and learn
bull Specialization is contrary to system knowledge
ndash Hardware Software People and Operations
bull PIV-I has real benefits as template
27 September 2010
Roles Donrsquot Align wJob Titles
bull Registrarbull Enrollment Officerbull Adjudicatorbull Issuance Officerbull Key CustodianVs CISO SVP HR Corporate Security Directorbull System Administrator(s)
ndash ADndash Oraclendash SAPndash PACSndash Hypervisor
27 September 2010
Role Alignment with Education
bull Access to resources is different from the control of them
bull Owner
bull Administrator
bull Service
bull User
bull All of these can use PIV-I to help define curriculum
27 September 2010
Scale = Distributed Education
bull Everyone teacheshellip
bull Everyone learnshellip
bull Everyone understands whyhellip
bull Everyone is rewarded
ndash Faster
ndash Safer
ndash More Cost Effective
27 September 2010
And identity and security as a service
bull What is the impact on human capital investment
bull GSA MSO did not reduce requirement for cyber literacy or PIV-I competence
bull Data center consolidation does not change the requirement for an investment in human capital
27 September 2010
Human Capital
bull Experiencendash Is an asset
bull Human Capital has a Cap Ex componentndash Getting to baseline skill setndash Investing in a team
bull It has a Op Ex componentndash Developing competencyndash Gaining proficiencyndash Maintaining a team
bull It provides a return on the investment
27 September 2010
Questions
bull Thankshellip
bull salIDmachinescom email
bull httpIDmachinesblogspotcom blog
bull httpwwwIDmachinescom web
bull httptwittercomIDmachines IDmachines
bull httpwwwfacebookcomref=homeIDmachines
bull httpwwwlinkedincominidmachines
27 September 2010
Includinghellip
bull 2863 acronyms and abbreviations added with 7271 definitions from 97 documents published by NIST DoD CNSS GAO and other Federal agencies
bull 4235 term definitions added using 7997 definitions from 142 documents published by NIST DoD CNSS GAO and other Federal agencies
27 September 2010
Back to Human Capital Investment
bull Of course you could always become a CSCIPhellip
bull Or CSCIP-G
bull Or attend Smart Cards in Governmenthellip
bull Including the education program on PIV-Ihellip
(Obligatory Smart Card Alliance Education Pitch)
27 September 2010
Standards
bull Need to find ways to consolidate
bull Time frames are an issue due to number and length
bull Economics assurance is an investment
bull Incentives for investment in products that meet high assurance levels
27 September 2010
Curriculum = Requirements
bull Overall complexity has an impact on the ability to teach and learn
bull Specialization is contrary to system knowledge
ndash Hardware Software People and Operations
bull PIV-I has real benefits as template
27 September 2010
Roles Donrsquot Align wJob Titles
bull Registrarbull Enrollment Officerbull Adjudicatorbull Issuance Officerbull Key CustodianVs CISO SVP HR Corporate Security Directorbull System Administrator(s)
ndash ADndash Oraclendash SAPndash PACSndash Hypervisor
27 September 2010
Role Alignment with Education
bull Access to resources is different from the control of them
bull Owner
bull Administrator
bull Service
bull User
bull All of these can use PIV-I to help define curriculum
27 September 2010
Scale = Distributed Education
bull Everyone teacheshellip
bull Everyone learnshellip
bull Everyone understands whyhellip
bull Everyone is rewarded
ndash Faster
ndash Safer
ndash More Cost Effective
27 September 2010
And identity and security as a service
bull What is the impact on human capital investment
bull GSA MSO did not reduce requirement for cyber literacy or PIV-I competence
bull Data center consolidation does not change the requirement for an investment in human capital
27 September 2010
Human Capital
bull Experiencendash Is an asset
bull Human Capital has a Cap Ex componentndash Getting to baseline skill setndash Investing in a team
bull It has a Op Ex componentndash Developing competencyndash Gaining proficiencyndash Maintaining a team
bull It provides a return on the investment
27 September 2010
Questions
bull Thankshellip
bull salIDmachinescom email
bull httpIDmachinesblogspotcom blog
bull httpwwwIDmachinescom web
bull httptwittercomIDmachines IDmachines
bull httpwwwfacebookcomref=homeIDmachines
bull httpwwwlinkedincominidmachines
27 September 2010
Back to Human Capital Investment
bull Of course you could always become a CSCIPhellip
bull Or CSCIP-G
bull Or attend Smart Cards in Governmenthellip
bull Including the education program on PIV-Ihellip
(Obligatory Smart Card Alliance Education Pitch)
27 September 2010
Standards
bull Need to find ways to consolidate
bull Time frames are an issue due to number and length
bull Economics assurance is an investment
bull Incentives for investment in products that meet high assurance levels
27 September 2010
Curriculum = Requirements
bull Overall complexity has an impact on the ability to teach and learn
bull Specialization is contrary to system knowledge
ndash Hardware Software People and Operations
bull PIV-I has real benefits as template
27 September 2010
Roles Donrsquot Align wJob Titles
bull Registrarbull Enrollment Officerbull Adjudicatorbull Issuance Officerbull Key CustodianVs CISO SVP HR Corporate Security Directorbull System Administrator(s)
ndash ADndash Oraclendash SAPndash PACSndash Hypervisor
27 September 2010
Role Alignment with Education
bull Access to resources is different from the control of them
bull Owner
bull Administrator
bull Service
bull User
bull All of these can use PIV-I to help define curriculum
27 September 2010
Scale = Distributed Education
bull Everyone teacheshellip
bull Everyone learnshellip
bull Everyone understands whyhellip
bull Everyone is rewarded
ndash Faster
ndash Safer
ndash More Cost Effective
27 September 2010
And identity and security as a service
bull What is the impact on human capital investment
bull GSA MSO did not reduce requirement for cyber literacy or PIV-I competence
bull Data center consolidation does not change the requirement for an investment in human capital
27 September 2010
Human Capital
bull Experiencendash Is an asset
bull Human Capital has a Cap Ex componentndash Getting to baseline skill setndash Investing in a team
bull It has a Op Ex componentndash Developing competencyndash Gaining proficiencyndash Maintaining a team
bull It provides a return on the investment
27 September 2010
Questions
bull Thankshellip
bull salIDmachinescom email
bull httpIDmachinesblogspotcom blog
bull httpwwwIDmachinescom web
bull httptwittercomIDmachines IDmachines
bull httpwwwfacebookcomref=homeIDmachines
bull httpwwwlinkedincominidmachines
27 September 2010
Standards
bull Need to find ways to consolidate
bull Time frames are an issue due to number and length
bull Economics assurance is an investment
bull Incentives for investment in products that meet high assurance levels
27 September 2010
Curriculum = Requirements
bull Overall complexity has an impact on the ability to teach and learn
bull Specialization is contrary to system knowledge
ndash Hardware Software People and Operations
bull PIV-I has real benefits as template
27 September 2010
Roles Donrsquot Align wJob Titles
bull Registrarbull Enrollment Officerbull Adjudicatorbull Issuance Officerbull Key CustodianVs CISO SVP HR Corporate Security Directorbull System Administrator(s)
ndash ADndash Oraclendash SAPndash PACSndash Hypervisor
27 September 2010
Role Alignment with Education
bull Access to resources is different from the control of them
bull Owner
bull Administrator
bull Service
bull User
bull All of these can use PIV-I to help define curriculum
27 September 2010
Scale = Distributed Education
bull Everyone teacheshellip
bull Everyone learnshellip
bull Everyone understands whyhellip
bull Everyone is rewarded
ndash Faster
ndash Safer
ndash More Cost Effective
27 September 2010
And identity and security as a service
bull What is the impact on human capital investment
bull GSA MSO did not reduce requirement for cyber literacy or PIV-I competence
bull Data center consolidation does not change the requirement for an investment in human capital
27 September 2010
Human Capital
bull Experiencendash Is an asset
bull Human Capital has a Cap Ex componentndash Getting to baseline skill setndash Investing in a team
bull It has a Op Ex componentndash Developing competencyndash Gaining proficiencyndash Maintaining a team
bull It provides a return on the investment
27 September 2010
Questions
bull Thankshellip
bull salIDmachinescom email
bull httpIDmachinesblogspotcom blog
bull httpwwwIDmachinescom web
bull httptwittercomIDmachines IDmachines
bull httpwwwfacebookcomref=homeIDmachines
bull httpwwwlinkedincominidmachines
27 September 2010
Curriculum = Requirements
bull Overall complexity has an impact on the ability to teach and learn
bull Specialization is contrary to system knowledge
ndash Hardware Software People and Operations
bull PIV-I has real benefits as template
27 September 2010
Roles Donrsquot Align wJob Titles
bull Registrarbull Enrollment Officerbull Adjudicatorbull Issuance Officerbull Key CustodianVs CISO SVP HR Corporate Security Directorbull System Administrator(s)
ndash ADndash Oraclendash SAPndash PACSndash Hypervisor
27 September 2010
Role Alignment with Education
bull Access to resources is different from the control of them
bull Owner
bull Administrator
bull Service
bull User
bull All of these can use PIV-I to help define curriculum
27 September 2010
Scale = Distributed Education
bull Everyone teacheshellip
bull Everyone learnshellip
bull Everyone understands whyhellip
bull Everyone is rewarded
ndash Faster
ndash Safer
ndash More Cost Effective
27 September 2010
And identity and security as a service
bull What is the impact on human capital investment
bull GSA MSO did not reduce requirement for cyber literacy or PIV-I competence
bull Data center consolidation does not change the requirement for an investment in human capital
27 September 2010
Human Capital
bull Experiencendash Is an asset
bull Human Capital has a Cap Ex componentndash Getting to baseline skill setndash Investing in a team
bull It has a Op Ex componentndash Developing competencyndash Gaining proficiencyndash Maintaining a team
bull It provides a return on the investment
27 September 2010
Questions
bull Thankshellip
bull salIDmachinescom email
bull httpIDmachinesblogspotcom blog
bull httpwwwIDmachinescom web
bull httptwittercomIDmachines IDmachines
bull httpwwwfacebookcomref=homeIDmachines
bull httpwwwlinkedincominidmachines
27 September 2010
Roles Donrsquot Align wJob Titles
bull Registrarbull Enrollment Officerbull Adjudicatorbull Issuance Officerbull Key CustodianVs CISO SVP HR Corporate Security Directorbull System Administrator(s)
ndash ADndash Oraclendash SAPndash PACSndash Hypervisor
27 September 2010
Role Alignment with Education
bull Access to resources is different from the control of them
bull Owner
bull Administrator
bull Service
bull User
bull All of these can use PIV-I to help define curriculum
27 September 2010
Scale = Distributed Education
bull Everyone teacheshellip
bull Everyone learnshellip
bull Everyone understands whyhellip
bull Everyone is rewarded
ndash Faster
ndash Safer
ndash More Cost Effective
27 September 2010
And identity and security as a service
bull What is the impact on human capital investment
bull GSA MSO did not reduce requirement for cyber literacy or PIV-I competence
bull Data center consolidation does not change the requirement for an investment in human capital
27 September 2010
Human Capital
bull Experiencendash Is an asset
bull Human Capital has a Cap Ex componentndash Getting to baseline skill setndash Investing in a team
bull It has a Op Ex componentndash Developing competencyndash Gaining proficiencyndash Maintaining a team
bull It provides a return on the investment
27 September 2010
Questions
bull Thankshellip
bull salIDmachinescom email
bull httpIDmachinesblogspotcom blog
bull httpwwwIDmachinescom web
bull httptwittercomIDmachines IDmachines
bull httpwwwfacebookcomref=homeIDmachines
bull httpwwwlinkedincominidmachines
27 September 2010
Role Alignment with Education
bull Access to resources is different from the control of them
bull Owner
bull Administrator
bull Service
bull User
bull All of these can use PIV-I to help define curriculum
27 September 2010
Scale = Distributed Education
bull Everyone teacheshellip
bull Everyone learnshellip
bull Everyone understands whyhellip
bull Everyone is rewarded
ndash Faster
ndash Safer
ndash More Cost Effective
27 September 2010
And identity and security as a service
bull What is the impact on human capital investment
bull GSA MSO did not reduce requirement for cyber literacy or PIV-I competence
bull Data center consolidation does not change the requirement for an investment in human capital
27 September 2010
Human Capital
bull Experiencendash Is an asset
bull Human Capital has a Cap Ex componentndash Getting to baseline skill setndash Investing in a team
bull It has a Op Ex componentndash Developing competencyndash Gaining proficiencyndash Maintaining a team
bull It provides a return on the investment
27 September 2010
Questions
bull Thankshellip
bull salIDmachinescom email
bull httpIDmachinesblogspotcom blog
bull httpwwwIDmachinescom web
bull httptwittercomIDmachines IDmachines
bull httpwwwfacebookcomref=homeIDmachines
bull httpwwwlinkedincominidmachines
27 September 2010
Scale = Distributed Education
bull Everyone teacheshellip
bull Everyone learnshellip
bull Everyone understands whyhellip
bull Everyone is rewarded
ndash Faster
ndash Safer
ndash More Cost Effective
27 September 2010
And identity and security as a service
bull What is the impact on human capital investment
bull GSA MSO did not reduce requirement for cyber literacy or PIV-I competence
bull Data center consolidation does not change the requirement for an investment in human capital
27 September 2010
Human Capital
bull Experiencendash Is an asset
bull Human Capital has a Cap Ex componentndash Getting to baseline skill setndash Investing in a team
bull It has a Op Ex componentndash Developing competencyndash Gaining proficiencyndash Maintaining a team
bull It provides a return on the investment
27 September 2010
Questions
bull Thankshellip
bull salIDmachinescom email
bull httpIDmachinesblogspotcom blog
bull httpwwwIDmachinescom web
bull httptwittercomIDmachines IDmachines
bull httpwwwfacebookcomref=homeIDmachines
bull httpwwwlinkedincominidmachines
27 September 2010
And identity and security as a service
bull What is the impact on human capital investment
bull GSA MSO did not reduce requirement for cyber literacy or PIV-I competence
bull Data center consolidation does not change the requirement for an investment in human capital
27 September 2010
Human Capital
bull Experiencendash Is an asset
bull Human Capital has a Cap Ex componentndash Getting to baseline skill setndash Investing in a team
bull It has a Op Ex componentndash Developing competencyndash Gaining proficiencyndash Maintaining a team
bull It provides a return on the investment
27 September 2010
Questions
bull Thankshellip
bull salIDmachinescom email
bull httpIDmachinesblogspotcom blog
bull httpwwwIDmachinescom web
bull httptwittercomIDmachines IDmachines
bull httpwwwfacebookcomref=homeIDmachines
bull httpwwwlinkedincominidmachines
27 September 2010
Human Capital
bull Experiencendash Is an asset
bull Human Capital has a Cap Ex componentndash Getting to baseline skill setndash Investing in a team
bull It has a Op Ex componentndash Developing competencyndash Gaining proficiencyndash Maintaining a team
bull It provides a return on the investment
27 September 2010
Questions
bull Thankshellip
bull salIDmachinescom email
bull httpIDmachinesblogspotcom blog
bull httpwwwIDmachinescom web
bull httptwittercomIDmachines IDmachines
bull httpwwwfacebookcomref=homeIDmachines
bull httpwwwlinkedincominidmachines
27 September 2010
Questions
bull Thankshellip
bull salIDmachinescom email
bull httpIDmachinesblogspotcom blog
bull httpwwwIDmachinescom web
bull httptwittercomIDmachines IDmachines
bull httpwwwfacebookcomref=homeIDmachines
bull httpwwwlinkedincominidmachines
27 September 2010