February 23rd Event

February 23, 2012- CSA NY Metro Chapter

Date February 23, 2012
Event Start Time – End Time 6:30PM – 9PM
Overall Event Title Understanding FedRAMP and the Federal Cloud Space
Event abstract The CSA has invited leading authorities and consumers of the Federal Risk and Authorization Management Program (FedRAMP) to discuss the program itself, how it ties into 3rd Party Assessments and the private sector companies that work within its framework. We will present an overview of FedRAMP including the recently released baseline controls, a discussion around the 3rd Party Assessment Organizations and their relationship to FedRAMP, and we’ll also hear from a private sector company who works in the cloud space and how they are approaching FedRAMP in their business.
Venue Microsoft Corporation
1290 Avenue of the Americas (between 51st and 52nd Streets)
6th FL, Tavern on The Green Conference Room
New York, NY
Dress Code Business Causal
Pre-meeting networking 6:30 – 6:45
Session Title An overview of the FedRAMP Program and Controls
Start Time – End Time 6:45-7:30pm
Session Description This session will provide an overview of the FedRAMP program, the recently released controls, and important information around how CSPs can work with the FedRAMP program.
Speakers Larry Hale, Director, Office of Infrastructure Optimization/Office of Integrated Technology Services, US General Services Administration
Bio Lawrence Hale is Director of the Center for Strategic Solutions and Security Services in GSA’s Federal Acquisition Service (FAS).  His current programs include SmartBUY, the HSPD-12 Managed Services Office, the Security Services Division, and Cloud Computing acquisition programs. Prior to returning to GSA in 2008, he served as Acting Director, National Communications System in the Department of Homeland Security (DHS).  He spent more than two years as Chief Information Security Officer of Affiliated Computer Services, a Fortune 500 Information Technology company. Previously, as Director of the Federal Computer Incident Response Center, Hale led the transition of that organization from GSA into DHS, and served as Deputy Director of the National Cyber Security Division’s Computer Emergency Readiness Team (US-CERT).
While an officer in the United States Navy, Hale served as an information assurance action officer in the Joint Staff’s Command, Control, Communications and Computer Systems Directorate (J-6). While at the Pentagon, he was a member of the Joint Staff Information Operations Response Cell during a number of cyber events and exercises which helped shape the U.S. Government’s cybersecurity policy.
In January 1999, he became the first military officer assigned to the National Infrastructure Protection Center (NIPC). While at the NIPC, Hale worked to improve the process of issuing warnings about cyber-related events and served on the Year 2000 (Y2K) task force in the Federal Bureau of Investigation.
Hale retired from the U.S. Navy as a commander in May 2001. He has a master’s degree in National Security and Strategic Studies from the Naval War College, and a master’s in Aeronautical Science from Embry-Riddle Aeronautical University. He was a Federal Computer Week, Federal 100 Award winner in 2003.
Panel Discussion The role of Third Party Assessment Organizations with Federal Cloud services
Start Time – End Time 7:30 – 8:00 PM
Session Description With the release of the FedRAMP program and controls, comes a large set of work for Third Party Assessment Organizations in their assessment of cloud service providers and their ability to meet the FedRAMP controls. This session will focus on what Third Party Assessment Organizations are doing to meet this new program and demands.
Speaker Allen Lum, Information Technology Director, Control Solutions International
Bio (s) Allen Lum possesses 25 years of Information Technology Audit, Compliance & Security expertise and is the current Information Technology Director for Control Solutions International.
Currently, Allen has been responsible for executing Security Risk Assessments and performing external and internal vulnerability reviews for clients in varying industries. He has recently completed a major security engagement with a major government agency in Washington DC. In addition, he has worked closely with management in working to strengthen existing I.T Policies and Standards for the adoption of cloud computing initiatives. He has also led a number of engagement teams across the country in a wide variety of specific I.T. security reviews.
Prior to joining Control Solutions, Allen led ACS Solutions Inc. / eDelta Consulting, which provided a wide range of technology and information technology consulting services to Fortune 500 firms and other private and public companies. He was responsible for helping clients develop risk assessments, developing Section 404 plans, led and executed a wide range of security reviews, operating system audits (UNIX, Windows NT/2000) and network audits, among other areas. He developed and implemented IT disaster recovery plans including equipment and storage requirements, audited networking solutions at recovery sites, and provided consulting services surrounding media backup and recovery requirements. He also developed and implemented network security standards covering firewall and networking architecture, intrusion detection, evaluation of incident response plans and the use of various security, forensic and network scanning tools.
Previously, Allen was a Principal at Ernst & Young LLP in New York, where he managed a staff of professionals within the Information Technology practice. He built strong client relationships and led several high profile client engagements during his tenure. Throughout the many internal audit outsourcing projects he led while at Ernst & Young, he also conducted numerous risk assessments. For management infrastructure and security consulting engagements, he developed and implemented overall data integrity programs as a prelude to the implementation of major ERP and demand planning software packages. Allen led teams to create and implement enterprise-wide data integrity, network security architecture and security solutions. As a business continuity and disaster recovery plan project manager, he developed and implemented plans for major retailing and financial institutions. In addition, he led a team that designed and implemented a technology disaster recovery plan for a major retailer’s data center.
Previously, Allen held positions at several corporations, including Security Pacific Corporation, EF Hutton and Avon Products. His responsibilities ranged from review and evaluation of general and application controls in various business areas, to development and use of audit software in data analysis and review
Session Title FedRAMP and the Federal Cloud: A Private Sector Point of View
Start Time – End Time 8:00-8:30PM
Session Description The Federal space always brings unique challenges from a security and compliance point of view and the Cloud space is no exception. In this session, a discussion around how a private entity is dealing with the unique challenges of the adoption of a cloud model in this space.
Speakers Dean Weber, VP of Cyber Technology & Services Global Security Solutions (GSS), CSC
Session Title Wrap Up
Start Time – End Time 8:30- 8:45pm
Session Description
  • Quick overview of emerging working group efforts and how to get involved
  • Quick intro of any board members present and their functions with CSA
  • Encouragement to invite others to join, speak, etc.
  • Call for volunteering of meeting venue for upcoming meetings
  • Quick overview of future topics for the next 3 meetings
Speakers Board member