Welcome to the Security Catalyst Program – bringing you the ideas, insights and tools necessary to change the way people protect information. I am Michael Santarcangelo, your personal catalyst on this journey. Thanks for listening!
A few quick notes
1. Into the Breach is available as an eBook and signed Hardcover from www.intothebreach.com Learn more about how to engage users, restore responsibility and hold people to account. In fact, this book lays out how to reduce costs without increasing risk, turn insiders into allies and manage people, information and risk better.
2. For 2009, I am excited to announce the expansion of the Security Catalyst Blog – with the awesome Catalyst Contributors. Visit the blog each day to get a fresh perspective
3. I’m in the process of revamping the podcast series for 2009. I know a lot of people are struggling – and in addition to being a voice of optimism, I’m building a team to share information and strategies necessary for making a difference this year. If you want to contribute, or if you are facing a challenge and need some help – shoot me an email: firstname.lastname@example.org
Stay tuned for more information.
For today’s program, I am joined by Mike Smith, Graydon McKee and Joe Faraone to discuss C&A.
Links at a glance
The presentation that started the idea for this episode: http://www.slideshare.net/rybolov/why-care-about-government-security?src=embed
Graydon, Joe, and Mike teach 2-day C&A workshop and a 5-Fridays NIST Framework for FISMA workshop for the Potomac Forum. http://www.potomacforum.org/
Graydonâ€™s blog: http://www.ascensionriskmanagement.com/BlogOne/
Papers and presentations: http://www.ascensionriskmanagement.com/BlogOne/paperspresentations/
Papers and presentations: http://www.guerilla-ciso.com/papers-and-presentations
The most relevant NIST publications are special publications 800-37 and 800-53, available here: http://csrc.nist.gov/publications/PubsSPs.html
About the Experts
Michael Smith is a Manager in the Audit and Enterprise Risk Services organization of Deloitte & Touche LLP, where he leads engagements to provide security services to both commercial enterprises and government agencies. Prior to Joining Deloitte, Michael served as the Chief Information Security Officer with the Unisys Federal Service Delivery Center based in Reston, Virginia.Â His scope of responsibility included both providing governance and managing risk for several data centers, Security Operations Center, Network Operations Center, and Server Management Team.
Graydon McKee is the Vice President and Chief Operating Officer of Ascension Risk Management LLC.Â Graydon is an accomplished Risk Management/Information Security professional with extensive experience in developing and implementing Information Risk Management and Information Security Programs to clients in both the public and private sector.Â He is a recognized leader in government regulatory compliance (Federal Information Security Management Act and the Defense Information Technology Security Certification and Accreditation Process compliance) and has taught the process to over 2,000 individuals representing over 600 federal government agencies and offices.Â
Joe Faraone is a Senior Information Security Architect with GCI Corporation, based in Reston, Virginia with over 20 yearsâ€™ experience in Information Security. Joe has delivered services for numerous Federal customers including Certification and Accreditation support, Security Governance Gap Analysis and Independent Validation and Verification (IV&V).Â Over his career, he has served as Lead Independent Security Engineer, Manager and Architect of a managed security center for an Intelligence Community Agency, and has performed Certification and Accreditation services for several high-assurance systems.