Supply Chain Assurance Focus Group

cyber resilience collaboration sessionPlease contact with interest in participating in the Supply Chain Assurance Focus Group. email-us

We will be sharing best practices and lessons learned regarding the use of Mission Driven IT Services enabled by Cyber Resilience to help with Supply Chain Assurance.  We will pay particular attention to small and mid size manufacturers at first in support of the NIST MEP program.

This Focus Group supports the NIST MEP program.

NIST MEP program

 

CRSMAP – DESMF Focus Group

Utilizing the DESMF

CRSMAP DESMF focus group collaborating
An international public and private break out groups at American University.

 

 

 

 

 

 

 

 

This focus group has been meeting weekly since November 2016 and collaborates on utilizing the IT Service Management as a foundation for Mission Driven IT Services enabled by Cyber Resilience. The Department of Defense Enterprise Service Management Framework (DESMF) is an example utilizing a basic lexicon.

The photo taken of one of the break out session groups at the inaugural event. The group is creating a Cyber Resilience Service Management Action Plan which contains a common lexicon of terms for cyber resilience, service management, risk management, and project management.  In the near future this will include considerations for DevOps and Agile.

To participate in this group please email-us.

 

Mission Driven Services Enabled by Cyber Resilience

Evidence of mission driven cyber resilient services– Board Room
– Workforce
– Cyber Insurance Companies
– Supply Chain Evaluation
– Procurement Evaluation

————————————-

People Cyber Resilience Experienced, Educated
Organizational Capacity
– Is the Right Person in the Right Role
– ID Skills Gaps Present and Future
– Ability of Organization to Close Gaps

————————————-

cyber resilience processes– Desired Outcomes being Delivered
– Respond, Recover, Minimize Impact of Events
– Measures show Trends, Impact of events
– Show Improvement Opportunities

————————————-

Cyber Security Technology– Why was this Technology Selected?
– Measure of Effectiveness (Performance/Availability)
–  Continual Improvement process associated with it?

 

————————————-

cyber security technology partners– Criteria established within the Supply Chain as a Partner of Others
– Requirements for Organizations who are Part of Products/Services Offered


 

Future Events

Future Events:

February

19th Global Forum Meeting, Washington, DC
29th DESMF Cyber Resilience Focus Group Virtual

March

National Council of ISACs,  Washington, DC
RSA, San Francisco CA
NIST workshop on Respond and Recover
Software and Supply Chain Assurance Forum Mclean, VA

April

Annual Meeting,  Nations Credit Unions Nashville, TN
PMI Southwest Ohio Mega Event
DHS Incident Response and Recovery Working Group, Crystal City, VA
NIST Cyber Security Framework Conference, Gathersburg, MD

May

DoD Enterprise Service Management Framework Working Group Meeting
Securing the Grid III: Operationalizing Resilience” McLean, VA

June

The Colloquium for Information Security Education Philadelphia, PA

October

itSMF-HDI FUSION Las Vegas, NV

November

NICE 2016 Annual Conference Kansas City, MO

Inaugural Forum Meeting

The Global Forum to Advance Cyber Resilience Held its Inaugural Forum Meeting  18 February, 2016

Critical infrastructure, government and academic leaders convened  on February 18 in Washington, DC at the Kogod Cybersecurity Governance Center at American University for our  inaugural forum meeting of the Global Forum to Advance Cyber Resilience.

inaugural forum meeting cybersecurity facilitation
Drew Jaehing of DISA Fred Hintermiser of NERC, Charlie Tupitza of the Global Forum, Mark Dillon of HP, Nadya Bartol of UTC, Bill Donohoe of Genedge, and others collaborating

Responding to a call-to-action to strengthen critical infrastructure cyber resilience, the Forum represents a trusted international collaborative partnership leading the advancement of operationalizing critical infrastructure cyber resilience through open dialogue, critical insight, thought exchange and collaborative innovation. Attendees included the U.S. Department of Defense, U.S. Department of Homeland Security, Federal agencies, academia, representatives from critical infrastructure sectors, and security and IT service management expert organizations.

The Forum’s goals are strategically focused on providing a “disciplined approach” to operationalize the delivery of cyber resilience “mission-driven” services through the integration of service management and cyber resilience; contributing with a defining voice to the evolution of best practice, standards and frameworks amidst the constantly changing and expanding cyber ecosystem; and enabling organizations to more easily adapt best practices for governance, compliance, controls and education.

To deliver on these goals, via the identification, adoption and adaption of best practices and lessons learned to optimize investment in people, process and technology, the Forum is developing organizational, sector and sub-sector specific operational guidance that integrates cyber resilience into the entire IT Service Management lifecycle, supported by a common lexicon, security controls guidance, and workforce roles and responsibilities. Private industry and government (taxpayer investments) in the following best practices, frameworks and standards are being leveraged in collaboration with the U.S. Deptartment of Defense, NIST, and private-sector organizations.

Charlie Tupitza, Forum Co-Chair said, “Technology is important, but we also need to focus on people and on how we can recover quickly from incidents that will occur while minimizing their effect. This includes cyber attacks and all types of incidents getting in the way of the organization to perform its mission. The Global Forum provides a sustainable platform to bring together experts from the public and private sectors to work together to define and implement solutions focused on using cyber resilience to enable their mission and services.”

Upcoming Global Forum regional sessions will be announced to engage international public and private sector leaders.

For further information about this event and future events please contact us at: resilient@nfppc.org

ARK Network Security Solutions

A Powerful Opportunity

“Cybersecurity standards represent the collective insight of thousands of cyber risk managers who know best the basic steps that every organization should take to protect itself from cyber harm.  What’s needed now are the specific cyber risk controls that clarify how to implement those standards to ensure maximum cybersecurity impact.  With its resilience focus, the Global Forum will offer participants a powerful opportunity to define and identify those controls – most especially for the “Respond” and “Recover” functions of the NIST Cybersecurity Framework.

Tom Finan ARK Network Security Solutions, Former Senior Cybersecurity Strategist and Counsel.

NERC

Assure Cyber Resilience

“To assure cyber resilience, everyone must have a seat at the table. Forums, like this, help bring together thought leaders to focus attention on the potential challenges we face in our industries.  I remain supportive and highly value the important work you do, as well as the distinctive and impactful way you do it. Thanks for your Service to Nation (and those nations depending on us) with the transformation you lead. ”

Fred Hintermister, Manager, Cross Sector, North American Electric Reliability Corporation’s (NERC) Electricity Information Sharing and Analysis Center. Vice Chair, National Council of ISACs (Information Sharing Analysis Centers)

Why Public & Private Organizations Participate

26 February 2016
C Level Interest.
The Global Forum approaches this from the business side of “Resilience” enabling the purpose of services offered and mission of the organization.

Taking advantage of Leadership for Authority: The Forum is in direct support of the Department of Defense Chief Information Officer’s 24 December Directive regarding the DoD Enterprise Service Management Framework (DESMF). The DESMF calls out a basic lexicon for IT Services and we help organizations take advantage of the lexicon in use in both public and private IT Services.

Current Investment Advantage: The Forum represents an approach taking advantage of existing taxpayer and public sector “in common” investments and builds on them. Our cyber resilient best practices are underpinned by this investment. There are over three million people certified and over eight million trained in the basic lexicon of ITIL.  A large portion of IT Service contracts in the federal government call out this lexicon.