FedRAMP, IT security, and the cloud

Monday - 7/8/2013, 6:47pm EDT

Alex Grohmann & John Dyson, ISSA NOVA

Download mp3

July 9, 2013 -- Security standards for federal information technology professionals can be difficult to understand.

In other words, you are not the only one confused with a 457 page document on federal security.

Associations have sprouted up that have local chapters to help.

One well know group is the Information Systems Security Association, commonly known as the ISSA.

In the studio today are Alex Grohmann, senior manager at Morgan Franklin, and John Dyson, manager at Deloitte.

They are representing the Information Systems Security Association, Northern Virginia Chapter ... or I-S-S-A NOVA.

Grohmann and Dyson give an overview of how the federal government has evolved in its strategy to be more secure.

Initially, they had to do on inventory of systems to see what was in place.

Only after a system has been defined can you make the next step called continuous monitoring.

Both security professionals explain how one should approach NIST 800.53 rev 4 as well as giving suggestions on where to get more information.