Abstract Details

<< Back to Schedule

9/28/2017  |   9:20 AM - 10:05 AM   |  

Can’t we just get along: Engineering Trade Decisions and the RMF at the System Level

Cybersecurity is often perceived as a compliance effort. The Risk Management Framework (RMF) provides a risk based process for making cybersecurity decisions. Cybersecurity decisions are increasingly moving from compliance based to reducing the risk to the mission and enterprise. In programs implementing a risk based approach to cybersecurity the focus is on reducing the risk of data compromise and interruptions to the most critical mission functions. As part of these programs, the assurance needs are understood and properly addressed early in the lifecycle through integration at the right stages by the relevant stakeholders. When engineering teams work together to integrate layered cybersecurity security that complement the engineering disciplines, the mission and functional requirements of the system are met, while increasing the repeatability and transparency that enterprises need as the first layer of effectively mitigating cyber risks. Transforming from a compliance to risk based approach is fundamentally not a technical problem – it is people- or process-based. This presentation will share resources to assist with the people and process challenges of shifting to a risk based approach to cybersecurity that balance the demands of cost, schedule, and performance.

This presentation has not yet been uploaded.

No handouts have been uploaded.

Michele Moss (Primary Presenter), X, Moss_Michele@bah.com;
Ms. Michele Moss has over 15 years of experience in implementing the assurance processes and practices in a variety of project lifecycles. Ms. Moss is an industry recognized expert in application security processes and practices, Information and Telecommunication Technology (ICT) supply chain risk management (SCRM), process improvement, and software assurance measurement. She is one of the few in the lifecycle management/quality & assurance/cyber security communities that can speak both languages & provide a critical bridge between these communities critical to addressing the challenge of ICT Supply Chain Risk Management. Ms. Moss is providing senior subject matter expert and strategic planning support to the DoD CIO in the areas of ICT SCRM and assurance, commercial global sourcing, and standardization and industry best practices.

2017 Sponsors: IEEE and IEEE Computer Society