Training TR5 – Managing Information Security Risk: Organization, Mission, and Information System View: NIST SP 800-39

Marshall Abrams, The MITRE Corporation

Friday, 8:30-10:00 & 10:30-12:00

Information technology is widely recognized as the engine that drives the U.S. economy, giving industry a competitive advantage in global markets, enabling the federal government to provide better services to its citizens, and facilitating greater productivity as a nation. Risk related to the operation and use of information systems is one of many components of organizational risk that senior leaders address as a routine part of their ongoing risk management responsibilities. Effective risk management requires that organizations operate in a highly complex and interconnected world using state-of-the-art and legacy information that organizations depend upon to accomplish critical missions and to conduct important business-related functions. Special Publication 800-39, published March 2011, is the flagship document in the series of FISMA publications and provides a structured, yet flexible approach for managing that portion of risk resulting from the operation and use of information systems to support the missions and mission/business processes of organizations. This session will examine Special Publication 800-39 guidelines for an integrated, enterprise-wide approach to managing risk to organizational operations and assets, individuals, other organizations, and the Nation resulting from the operation and use of information systems.



About the Instructor

Dr. Marshall D. Abrams is a Principal Scientist at the MITRE Corporation in McLean, Virginia. He holds two patents and has taught cyber security courses on six continents. He received the BSEE from Carnegie Institute of Technology and the MSEE and Ph.D. from the University of Pittsburgh. While at the National Bureau of Standards he received the Department of Commerce Silver Metal Award. Two awards were received from the Federal Aviation Administration for contributions to the Information Systems Security Program. He is a Senior Life Member of the IEEE and has been honored with the IEEE Computer Society Golden Core award. He is also a Senior Fellow of the Applied Computer Security Associates. Marshall has been involved with the NIST FISMA Implementation Project since its inception.