Hackers  Are Ready.  Are You?
 
September 20 - 25, 2009 Miami, Florida
   
Kellep A. Charles | SecurityOrb.com

Kellep is completing his Ph.D. in Computer Information Systems at Nova Southeastern University ( www.scis.nova.edu) concentrating in Information Security and Human Computer Interaction (HCI). He also holds a Master of Science in Telecommunication Management from the University of Maryland University College and a Bachelor of Science in Computer Science from North Carolina Agriculture and Technical State University.
 
Kellep work as a government contractor in the Washington, DC area as an Information Security Analyst and is an Adjunct Professor at Capitol College in Laurel, MD where he teaches in the Computer Science department and holds the CISSP, CCNA, CISA, NSA-IAM and CCE certifications. Kellep also created and maintains www.securityorb.com, an information security knowledge-based website and is a co-host on a DC based radio technology talk show.
 
Topic:
 
Federal Security Assessment Methodology: The Road to FISMA Compliance

The Federal Information Security Management Act of 2002 (FISMA) was meant to bolster computer and network security within the Federal Government by mandating information security controls and periodic audits.  Conducting regular security assessments on the organizational network and computer systems has become a vital part of protecting federal information-computing assets.  Security assessments are a proactive and offensive posture towards information security as compared to the traditional reactive and defensive stance normally implemented with the use of Access Control-Lists (ACLs) and firewalls.  Too effectively conduct a security assessment so it is beneficial to an organization, a proven methodology must be followed so the assessors and assesses are on the same page.  In conjunction, the NIST Special Publications (SP) 800-series combined with FIPS 199 and FIPS 200 create the risk-based framework which federal agencies use to assess, select, monitor and document security controls for their information systems.  Using a proven security assessment methodology supplies a blueprint of events from start-to-finish that can be examined, tracked and replicated. In addition, reports that are constructed from the security assessments are used to provide a snap shot view of information system deficiencies for short-term analysis as well as trending data for long-term evaluation, thus allowing the organization to understand their vulnerabilities so they can better protect themselves from current and future threats