SlideShare a Scribd company logo

Impacts of FITARA on IT Security & IT Spending

V-Project Management Consulting, LLC
V-Project Management Consulting, LLC

This FITARA presentation was made to USDA ISSC Meeting on 2017-10-03 to IT Security Experts. There were about 20 people in the room and over 100 on the phone.

Technology
1 of 13
Download to read offline
Impacts of FITARA on IT Security & IT Spending VARETTA HUGGINS, PMP, ITIL, CSM, PgMP Tuesday, October 3rd, 2017 1
AGENDA System of Systems Story FITARA Definition & Purpose Role of Chief Information Security Officer FITARA Objectives Impacting Security FITARA Objectives Impacting Security FITARA Scorecards GEOSS vs FITARA Questions 2
System of Systems Story GEOSS FOCUSED ON: 1. Single Internet Access Point 2. Standardization 3. Consolidation All assisted in reducing duplication & improving cost savings! 3
What is FITARA? Federal Information Technology Acquisition Reform Act • FITARA has been Federal Law for Acquiring and Managing IT Resources within Federal Agencies since December 19, 2014. • It strengthens the authority of Agency CIOs by specifying that Agencies may not submit an IT budget, enter into IT acquisitions, or hire bureau CIOs without the approval of the Agency CIO. • It enables Congress to monitor Agencies’ progress and hold them accountable for reducing duplication and achieving cost savings. Government Accountability Office High Risk List • Improving the Acquisition and Management of Federal IT Resources (FITARA) was added to the GAO’s High Risk List in February 2015. • In 2016, GAO added about 200 new recommendations to an existing list of 800 on ways to improve IT Acquisition & Management. 4
Role of CISO Chief Information Security Officer • Identify, Protect, Detect, Respond, and Recover Threats to Federal IT • Provide and implement risk-based approaches to improving Cybersecurity Policies • Manage and provide oversight of ITSC Investment • Align FISMA metrics with Agency-reported Cybersecurity spending 5
FITARA Objectives: CIO is Approver ➢Enable the CIO's role, with respect to the development, integration, delivery, and operations of any type of IT, IT service, or information product to enable integration with the capabilities they support wherever IT may affect functions, missions, or operations. ➢Strengthen the agency CIO's accountability for the agency's IT cost, schedule, performance, and security. Agency CIO is Approver for the whole IT Life Cycle – Acquisition, Development, Modernization, Enhancements, Operations, Maintenance, and Disposition. IT SECURITY IMPACT: Agency CIO is part of the process to approve Security IT Acquisitions so show how implementing innovative Cybersecurity solutions align to Agency strategic objectives and FITARA objectives too. 6
FITARA Objectives: Standardization ◦ Establish a "Common Baseline" for roles, responsibilities, and authorities of the agency CIO and the roles and responsibilities of other applicable Senior Agency Officials in managing IT as a strategic resource. ◦ Establish consistent governmentwide interpretation of FITARA terms and requirements. ◦ Assist agencies in establishing an inclusive governance process that will enable effective planning, programming, budgeting, and execution for IT resources. ◦ Assist agencies in establishing management practices that align IT resources with agency missions, goals, programmatic priorities, and statutory requirements. IT SECURITY & SPENDING IMPACT: The CISO now has to manage a Standard IT Security & Compliance Investment showing the IT Budgetary Resources, Personnel, Facility, Equipment, and Services Costs. The September 2017 ITSC submission mandated the addition of IT Tower Costs. Practice Standard for Earned Value Management, 2nd Edition (pg. 5) | OMB Circular A-11, The Capital Programming Guide V3.0 (pgs. 16 & 18) IT Resources refer to – IT Budgetary Resources, Personnel, Facility, Equipment, and Services. 7
ITSC IT Cost Pools & Towers Working to standardize Part 3: Investments for IT Infrastructure, IT Security and IT Management consistent with TBM IT Towers (IT view) and gradually providing more granularity in all IT Investment costs through IT Cost Pools (financial view) and IT Towers, begins to align the categorization of costs with policies around CIO Authorities, commodity IT management, category management, data center optimization, among others. 8
FITARA Objectives: Consolidation ◦ Provide transparency on IT resources across entire agencies and programs. ◦ Provide appropriate visibility and involvement of the agency CIO in the management and oversight of IT resources across the agency to support the successful implementation of cybersecurity policies to prevent interruption or exploitation of program services. Consolidation and Transparency of IT ensures that Agency CIOs are involved in management and oversight of IT resources at all stages of IT and can make informed decisions to replace outdated systems with modernized systems or cloud solutions. IT SECURITY & SPENDING IMPACT: Implementing Cybersecurity policies will require more Security IT and human resources. Justify the need for more Security resources using FITARA objective. “Federal agencies reported in 2016 that they spend 3% of their total IT expenditures on cloud services. That is significantly less than private sector peers, for which benchmarking shows 12%”, (Rick Holgate, Research Director, Gartner Inc.). TESTIMONY BEFORE THE HOUSE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM, SUBCOMMITTEES ON GOVERNMENT OPERATIONS AND INFORMATION TECHNOLOGY ON FITARA 4.0 9
FITARA Impacts on IT Security Manage IT Security and Compliance Standard Investment Increase in IT Security Workload ITSC Investment Manager Training Requirements (FAC-PPM Level 3) Higher Visibility for Cybersecurity Initiatives 10
FITARA 4.0 JUNE 2017 SCORECARD 11
GEOSS vs FITARA • Agency CIO is Approver of IT Budget • Agency CIO is Approver of IT Life Cycle • Agency CIO is Approver of IT Security Single Internet Access Point • IT Resources Consolidation • FITARA Roles, Responsibilities, Authorities, Terms, & Requirements • IT Terminology & Processes • ITSC Investment • Governance Processes & Management Practices Standardization 12
Any Questions? CONTACT INFO: • Varetta Huggins, PgMP, PMP, ITIL, CSM • Email: Varetta.Huggins@v-pmc.com • Phone: 240-499-2827 • V-Project Management Consulting LLC is an 8(a) and WOSB SBA certified firm located in Germantown Maryland. • Services include: • Project, Program, and Portfolio Management Support • Earned Value Management including Business Intelligence Reporting • Capital Planning and Investment Control (CPIC) Support • Enterprise Risk Management Support • Change Management Support • MS Project Server and SharePoint Administration Support • Federal Regulations Compliance Support (FITARA, FISMA, MEGABYTE, MGT, PMIAA) 13

Recommended

Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionPrecisely
 
Transformative Business Ideas post Covid -19
Transformative Business Ideas post Covid -19Transformative Business Ideas post Covid -19
Transformative Business Ideas post Covid -19ResearchFox
 
Broadening Your Cybersecurity Mindset
Broadening Your Cybersecurity MindsetBroadening Your Cybersecurity Mindset
Broadening Your Cybersecurity MindsetCSI Solutions
 
Ey Asia-Pacific Cyber Case Competition 2019
Ey Asia-Pacific Cyber Case Competition 2019Ey Asia-Pacific Cyber Case Competition 2019
Ey Asia-Pacific Cyber Case Competition 2019Pinzhang Chen 陈品璋
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementEryk Budi Pratama
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsEryk Budi Pratama
 
COBIT and IT Policy Presentation
COBIT and IT Policy PresentationCOBIT and IT Policy Presentation
COBIT and IT Policy PresentationSarah Cortes
 
Automated Compliance: How to Create an IG Program that Manages Itself
Automated Compliance: How to Create an IG Program that Manages ItselfAutomated Compliance: How to Create an IG Program that Manages Itself
Automated Compliance: How to Create an IG Program that Manages ItselfJim Merrifield, IGP, CIP
 

Recommended

Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionPrecisely
 
Transformative Business Ideas post Covid -19
Transformative Business Ideas post Covid -19Transformative Business Ideas post Covid -19
Transformative Business Ideas post Covid -19ResearchFox
 
Broadening Your Cybersecurity Mindset
Broadening Your Cybersecurity MindsetBroadening Your Cybersecurity Mindset
Broadening Your Cybersecurity MindsetCSI Solutions
 
Ey Asia-Pacific Cyber Case Competition 2019
Ey Asia-Pacific Cyber Case Competition 2019Ey Asia-Pacific Cyber Case Competition 2019
Ey Asia-Pacific Cyber Case Competition 2019Pinzhang Chen 陈品璋
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementEryk Budi Pratama
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsEryk Budi Pratama
 
COBIT and IT Policy Presentation
COBIT and IT Policy PresentationCOBIT and IT Policy Presentation
COBIT and IT Policy PresentationSarah Cortes
 
Automated Compliance: How to Create an IG Program that Manages Itself
Automated Compliance: How to Create an IG Program that Manages ItselfAutomated Compliance: How to Create an IG Program that Manages Itself
Automated Compliance: How to Create an IG Program that Manages ItselfJim Merrifield, IGP, CIP
 
Proactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital DisruptionProactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital DisruptionMike Wons
 
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...Directorate of Information Security | Ditjen Aptika
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
Master Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolMaster Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolHernan Huwyler, MBA CPA
 
Industry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT SkillsIndustry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT SkillsEryk Budi Pratama
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
Physical security information management market
Physical security information management marketPhysical security information management market
Physical security information management marketRishabhJain1113
 
Cisa 2013 ch0
Cisa 2013 ch0Cisa 2013 ch0
Cisa 2013 ch0Aladdin Dandis
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
Task 3
Task 3Task 3
Task 3BIBEKCHAUDHARYBScHon
 
IT Compliance and Security Solutions
IT Compliance and Security SolutionsIT Compliance and Security Solutions
IT Compliance and Security SolutionsAegify Inc.
 
Cissp notes
Cissp notesCissp notes
Cissp notesJagbir Singh
 
Task 2
Task 2Task 2
Task 2BIBEKCHAUDHARYBScHon
 
Don't Let Cybersecurity Trip You Up
Don't Let Cybersecurity Trip You UpDon't Let Cybersecurity Trip You Up
Don't Let Cybersecurity Trip You UpEAI Information Systems
 
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...DATUM LLC
 
IT_Governance iia uganda_presentation_ruyooka_2011
IT_Governance iia uganda_presentation_ruyooka_2011IT_Governance iia uganda_presentation_ruyooka_2011
IT_Governance iia uganda_presentation_ruyooka_2011Ambrose Ruyooka,PMP,CGEIT, CRISC
 
Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...IT-Toolkits.org
 
Cisa 2013 ch2
Cisa 2013 ch2Cisa 2013 ch2
Cisa 2013 ch2Aladdin Dandis
 
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...Taiye Lambo
 
It implement-it-asset-management-executive-brief
It implement-it-asset-management-executive-briefIt implement-it-asset-management-executive-brief
It implement-it-asset-management-executive-briefVisal Thach
 
TechniClick - GWEA & EA Governance
TechniClick - GWEA & EA GovernanceTechniClick - GWEA & EA Governance
TechniClick - GWEA & EA Governanceguestea68b0
 
IT Infrastructure - Importance of IT to Business
IT Infrastructure - Importance of IT to BusinessIT Infrastructure - Importance of IT to Business
IT Infrastructure - Importance of IT to BusinessWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 

More Related Content

What's hot

Proactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital DisruptionProactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital DisruptionMike Wons
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
Master Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolMaster Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolHernan Huwyler, MBA CPA
 
Industry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT SkillsIndustry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT SkillsEryk Budi Pratama
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
Physical security information management market
Physical security information management marketPhysical security information management market
Physical security information management marketRishabhJain1113
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
IT Compliance and Security Solutions
IT Compliance and Security SolutionsIT Compliance and Security Solutions
IT Compliance and Security SolutionsAegify Inc.
 
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...DATUM LLC
 
Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...IT-Toolkits.org
 
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...Taiye Lambo
 

What's hot (19)

Proactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital DisruptionProactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital Disruption
 
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
 
Master Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolMaster Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines School
 
Industry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT SkillsIndustry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT Skills
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
Physical security information management market
Physical security information management marketPhysical security information management market
Physical security information management market
 
Cisa 2013 ch0
Cisa 2013 ch0Cisa 2013 ch0
Cisa 2013 ch0
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
 
Task 3
Task 3Task 3
Task 3
 
IT Compliance and Security Solutions
IT Compliance and Security SolutionsIT Compliance and Security Solutions
IT Compliance and Security Solutions
 
Cissp notes
Cissp notesCissp notes
Cissp notes
 
Task 2
Task 2Task 2
Task 2
 
Don't Let Cybersecurity Trip You Up
Don't Let Cybersecurity Trip You UpDon't Let Cybersecurity Trip You Up
Don't Let Cybersecurity Trip You Up
 
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
 
IT_Governance iia uganda_presentation_ruyooka_2011
IT_Governance iia uganda_presentation_ruyooka_2011IT_Governance iia uganda_presentation_ruyooka_2011
IT_Governance iia uganda_presentation_ruyooka_2011
 
Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...
 
Cisa 2013 ch2
Cisa 2013 ch2Cisa 2013 ch2
Cisa 2013 ch2
 
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
 

Similar to Impacts of FITARA on IT Security & IT Spending

It implement-it-asset-management-executive-brief
It implement-it-asset-management-executive-briefIt implement-it-asset-management-executive-brief
It implement-it-asset-management-executive-briefVisal Thach
 
TechniClick - GWEA & EA Governance
TechniClick - GWEA & EA GovernanceTechniClick - GWEA & EA Governance
TechniClick - GWEA & EA Governanceguestea68b0
 
Discovery: The Backbone of Digital Enterprise Management
Discovery: The Backbone of Digital Enterprise ManagementDiscovery: The Backbone of Digital Enterprise Management
Discovery: The Backbone of Digital Enterprise ManagementMichelle Kerby
 
Securing and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherSecuring and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherEOTSS
 
RSM India publication - How Robust is your IT System
RSM India publication - How Robust is your IT SystemRSM India publication - How Robust is your IT System
RSM India publication - How Robust is your IT SystemRSM India
 
Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011subramanian K
 
Chapter 2Data Governance and IT Architecture Support Long-Term
Chapter 2Data Governance and IT Architecture Support Long-TermChapter 2Data Governance and IT Architecture Support Long-Term
Chapter 2Data Governance and IT Architecture Support Long-TermEstelaJeffery653
 
Chapter 2Data Governance and IT Architecture Support Long-Term.docx
Chapter 2Data Governance and IT Architecture Support Long-Term.docxChapter 2Data Governance and IT Architecture Support Long-Term.docx
Chapter 2Data Governance and IT Architecture Support Long-Term.docxcravennichole326
 
The DATA Act - IT Infrastructure Guidance - CT SIG 08-2015
The DATA Act - IT Infrastructure Guidance - CT SIG 08-2015The DATA Act - IT Infrastructure Guidance - CT SIG 08-2015
The DATA Act - IT Infrastructure Guidance - CT SIG 08-2015Subhasis Datta
 
Securing Cloud Computing Through IT Governance
Securing Cloud Computing Through IT GovernanceSecuring Cloud Computing Through IT Governance
Securing Cloud Computing Through IT GovernanceITIIIndustries
 
This domain reviews the diverse areas of knowledge needed to develop and man...
This domain reviews the diverse areas of knowledge needed to develop and man...This domain reviews the diverse areas of knowledge needed to develop and man...
This domain reviews the diverse areas of knowledge needed to develop and man...bikheet
 
8 Strategies for IT Transformation
8 Strategies for IT Transformation8 Strategies for IT Transformation
8 Strategies for IT Transformationkenaibarbosa
 
PwC Transforming Internal Audit to Drive Digital Value
PwC Transforming Internal Audit to Drive Digital ValuePwC Transforming Internal Audit to Drive Digital Value
PwC Transforming Internal Audit to Drive Digital ValueEileen Chan
 
rethinking marketing
rethinking marketingrethinking marketing
rethinking marketingNavneet Singh
 
[MU630] 002. IT Strategic Planning
[MU630] 002. IT Strategic Planning[MU630] 002. IT Strategic Planning
[MU630] 002. IT Strategic PlanningAriantoMuditomo
 

Similar to Impacts of FITARA on IT Security & IT Spending (20)

It implement-it-asset-management-executive-brief
It implement-it-asset-management-executive-briefIt implement-it-asset-management-executive-brief
It implement-it-asset-management-executive-brief
 
TechniClick - GWEA & EA Governance
TechniClick - GWEA & EA GovernanceTechniClick - GWEA & EA Governance
TechniClick - GWEA & EA Governance
 
IT Infrastructure - Importance of IT to Business
IT Infrastructure - Importance of IT to BusinessIT Infrastructure - Importance of IT to Business
IT Infrastructure - Importance of IT to Business
 
Discovery: The Backbone of Digital Enterprise Management
Discovery: The Backbone of Digital Enterprise ManagementDiscovery: The Backbone of Digital Enterprise Management
Discovery: The Backbone of Digital Enterprise Management
 
Securing and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherSecuring and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better Together
 
RSM India publication - How Robust is your IT System
RSM India publication - How Robust is your IT SystemRSM India publication - How Robust is your IT System
RSM India publication - How Robust is your IT System
 
Asset Management: Climbing the Asset Maturity Curve
Asset Management: Climbing the Asset Maturity CurveAsset Management: Climbing the Asset Maturity Curve
Asset Management: Climbing the Asset Maturity Curve
 
Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011
 
CGI Final
CGI FinalCGI Final
CGI Final
 
Chapter 2Data Governance and IT Architecture Support Long-Term
Chapter 2Data Governance and IT Architecture Support Long-TermChapter 2Data Governance and IT Architecture Support Long-Term
Chapter 2Data Governance and IT Architecture Support Long-Term
 
Chapter 2Data Governance and IT Architecture Support Long-Term.docx
Chapter 2Data Governance and IT Architecture Support Long-Term.docxChapter 2Data Governance and IT Architecture Support Long-Term.docx
Chapter 2Data Governance and IT Architecture Support Long-Term.docx
 
FederalTimes
FederalTimesFederalTimes
FederalTimes
 
The DATA Act - IT Infrastructure Guidance - CT SIG 08-2015
The DATA Act - IT Infrastructure Guidance - CT SIG 08-2015The DATA Act - IT Infrastructure Guidance - CT SIG 08-2015
The DATA Act - IT Infrastructure Guidance - CT SIG 08-2015
 
Securing Cloud Computing Through IT Governance
Securing Cloud Computing Through IT GovernanceSecuring Cloud Computing Through IT Governance
Securing Cloud Computing Through IT Governance
 
This domain reviews the diverse areas of knowledge needed to develop and man...
This domain reviews the diverse areas of knowledge needed to develop and man...This domain reviews the diverse areas of knowledge needed to develop and man...
This domain reviews the diverse areas of knowledge needed to develop and man...
 
8 Strategies for IT Transformation
8 Strategies for IT Transformation8 Strategies for IT Transformation
8 Strategies for IT Transformation
 
PwC Transforming Internal Audit to Drive Digital Value
PwC Transforming Internal Audit to Drive Digital ValuePwC Transforming Internal Audit to Drive Digital Value
PwC Transforming Internal Audit to Drive Digital Value
 
rethinking marketing
rethinking marketingrethinking marketing
rethinking marketing
 
[MU630] 002. IT Strategic Planning
[MU630] 002. IT Strategic Planning[MU630] 002. IT Strategic Planning
[MU630] 002. IT Strategic Planning
 
Conference Paper at International Conference on Enterprise Information System...
Conference Paper at International Conference on Enterprise Information System...Conference Paper at International Conference on Enterprise Information System...
Conference Paper at International Conference on Enterprise Information System...
 

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 

Recently uploaded (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 

Impacts of FITARA on IT Security & IT Spending

  • 1. Impacts of FITARA on IT Security & IT Spending VARETTA HUGGINS, PMP, ITIL, CSM, PgMP Tuesday, October 3rd, 2017 1
  • 2. AGENDA System of Systems Story FITARA Definition & Purpose Role of Chief Information Security Officer FITARA Objectives Impacting Security FITARA Objectives Impacting Security FITARA Scorecards GEOSS vs FITARA Questions 2
  • 3. System of Systems Story GEOSS FOCUSED ON: 1. Single Internet Access Point 2. Standardization 3. Consolidation All assisted in reducing duplication & improving cost savings! 3
  • 4. What is FITARA? Federal Information Technology Acquisition Reform Act • FITARA has been Federal Law for Acquiring and Managing IT Resources within Federal Agencies since December 19, 2014. • It strengthens the authority of Agency CIOs by specifying that Agencies may not submit an IT budget, enter into IT acquisitions, or hire bureau CIOs without the approval of the Agency CIO. • It enables Congress to monitor Agencies’ progress and hold them accountable for reducing duplication and achieving cost savings. Government Accountability Office High Risk List • Improving the Acquisition and Management of Federal IT Resources (FITARA) was added to the GAO’s High Risk List in February 2015. • In 2016, GAO added about 200 new recommendations to an existing list of 800 on ways to improve IT Acquisition & Management. 4
  • 5. Role of CISO Chief Information Security Officer • Identify, Protect, Detect, Respond, and Recover Threats to Federal IT • Provide and implement risk-based approaches to improving Cybersecurity Policies • Manage and provide oversight of ITSC Investment • Align FISMA metrics with Agency-reported Cybersecurity spending 5
  • 6. FITARA Objectives: CIO is Approver ➢Enable the CIO's role, with respect to the development, integration, delivery, and operations of any type of IT, IT service, or information product to enable integration with the capabilities they support wherever IT may affect functions, missions, or operations. ➢Strengthen the agency CIO's accountability for the agency's IT cost, schedule, performance, and security. Agency CIO is Approver for the whole IT Life Cycle – Acquisition, Development, Modernization, Enhancements, Operations, Maintenance, and Disposition. IT SECURITY IMPACT: Agency CIO is part of the process to approve Security IT Acquisitions so show how implementing innovative Cybersecurity solutions align to Agency strategic objectives and FITARA objectives too. 6
  • 7. FITARA Objectives: Standardization ◦ Establish a "Common Baseline" for roles, responsibilities, and authorities of the agency CIO and the roles and responsibilities of other applicable Senior Agency Officials in managing IT as a strategic resource. ◦ Establish consistent governmentwide interpretation of FITARA terms and requirements. ◦ Assist agencies in establishing an inclusive governance process that will enable effective planning, programming, budgeting, and execution for IT resources. ◦ Assist agencies in establishing management practices that align IT resources with agency missions, goals, programmatic priorities, and statutory requirements. IT SECURITY & SPENDING IMPACT: The CISO now has to manage a Standard IT Security & Compliance Investment showing the IT Budgetary Resources, Personnel, Facility, Equipment, and Services Costs. The September 2017 ITSC submission mandated the addition of IT Tower Costs. Practice Standard for Earned Value Management, 2nd Edition (pg. 5) | OMB Circular A-11, The Capital Programming Guide V3.0 (pgs. 16 & 18) IT Resources refer to – IT Budgetary Resources, Personnel, Facility, Equipment, and Services. 7
  • 8. ITSC IT Cost Pools & Towers Working to standardize Part 3: Investments for IT Infrastructure, IT Security and IT Management consistent with TBM IT Towers (IT view) and gradually providing more granularity in all IT Investment costs through IT Cost Pools (financial view) and IT Towers, begins to align the categorization of costs with policies around CIO Authorities, commodity IT management, category management, data center optimization, among others. 8
  • 9. FITARA Objectives: Consolidation ◦ Provide transparency on IT resources across entire agencies and programs. ◦ Provide appropriate visibility and involvement of the agency CIO in the management and oversight of IT resources across the agency to support the successful implementation of cybersecurity policies to prevent interruption or exploitation of program services. Consolidation and Transparency of IT ensures that Agency CIOs are involved in management and oversight of IT resources at all stages of IT and can make informed decisions to replace outdated systems with modernized systems or cloud solutions. IT SECURITY & SPENDING IMPACT: Implementing Cybersecurity policies will require more Security IT and human resources. Justify the need for more Security resources using FITARA objective. “Federal agencies reported in 2016 that they spend 3% of their total IT expenditures on cloud services. That is significantly less than private sector peers, for which benchmarking shows 12%”, (Rick Holgate, Research Director, Gartner Inc.). TESTIMONY BEFORE THE HOUSE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM, SUBCOMMITTEES ON GOVERNMENT OPERATIONS AND INFORMATION TECHNOLOGY ON FITARA 4.0 9
  • 10. FITARA Impacts on IT Security Manage IT Security and Compliance Standard Investment Increase in IT Security Workload ITSC Investment Manager Training Requirements (FAC-PPM Level 3) Higher Visibility for Cybersecurity Initiatives 10
  • 11. FITARA 4.0 JUNE 2017 SCORECARD 11
  • 12. GEOSS vs FITARA • Agency CIO is Approver of IT Budget • Agency CIO is Approver of IT Life Cycle • Agency CIO is Approver of IT Security Single Internet Access Point • IT Resources Consolidation • FITARA Roles, Responsibilities, Authorities, Terms, & Requirements • IT Terminology & Processes • ITSC Investment • Governance Processes & Management Practices Standardization 12
  • 13. Any Questions? CONTACT INFO: • Varetta Huggins, PgMP, PMP, ITIL, CSM • Email: Varetta.Huggins@v-pmc.com • Phone: 240-499-2827 • V-Project Management Consulting LLC is an 8(a) and WOSB SBA certified firm located in Germantown Maryland. • Services include: • Project, Program, and Portfolio Management Support • Earned Value Management including Business Intelligence Reporting • Capital Planning and Investment Control (CPIC) Support • Enterprise Risk Management Support • Change Management Support • MS Project Server and SharePoint Administration Support • Federal Regulations Compliance Support (FITARA, FISMA, MEGABYTE, MGT, PMIAA) 13