go to NIST home page go to CSRC home page go to Focus Areas page go to Publications page go to Advisories page go to Events page go to Site Map page go to ITL home page CSRC home page link
header image with links

  ROSI Home page
 
  June 30, 2003
  IT Security Capital Investment
  Planning Workshop
 
  June 4, 2003
  IT Security Capital Investment
  Planning Workshop
 
  Submit ROSI Ideas
 

  CSRC Pages

  -  CSRC Homepage
  -  ICAT Vulnerability Database
  -  Vulnerability/Threat Advisories
  -  Site Map
  -  Virus Information

  Search CSRC

  Search:  


  Search Vulnerability
      Archive
     Enter vendor, software, or keyword
   
   
Return on Security Investment (ROSI) image
IT Security Capital Investment Planning

IT Security Capital Investment Planning (CPIC) Workshop: June 4, 2003

POSTED July 23, 2003:
Click here to go to page that contains links to view/download the workshop presentations, notes, and handouts. Available in .pdf format.

Workshop Description
 
Focus
 

Workshop Description
This workshop will focus on effectively integrating security into the capital planning process. It will also provide participants with information on how to best develop a comprehensive business case in support of IT security acquisitions and investments.

The seminar is designed to support those with key roles in the IT security planning process and personnel responsible for investment development and approval requests. This includes:

  • IT Managers and security professionals
  • Security Program Managers
  • Investment Review Board (IRB) participants

Objectives of the course are:

  • Identify why the IT Governance process is important in making sound IT Security investment decisions
  • Explain how current security requirements relate to and support IT capital planning.
  • Identify relevant OMB and other guidance that applies to governing Federal Government IT Security investment decisions.
  • Identify security roles and responsibilities in the IT capital planning process
  • Identify steps required to complete a sound business case in support of IT Security investments

Preliminary Agenda

8:30AM Registration
 
9:00AM Introduction
 
9:10AM FY03 FISMA Reporting Instructions and Plans of Action and Milestones Guidance
 
10:30AM Break
 
10:45AM Requirements Overview This section includes an overview and crosswalk of FISMA, OMB, and NIST requirements for integrating security into the IT Captial Planning process.
 
11:15AM Security Investment Life cycle Planning This section describes the process for security investment Life cycle planning that ensures integration of IT security into Capital Planning process. It also includes roles and responsibilities, organizational processes, and approximate activities time line that provide management structure to ensure integration of IT security into Capital Planning process.
 
12:15PM Lunch
 
1:45PM Security Investment Life cycle Planning (continued)
 
2:15PM Breakout Session 
 
3:00PM Break
 
3:15PM Out brief of Breakout Session
 
3:45PM Wrap Up

Focus
There are no special prerequisites beyond the expectation that those attending have a role in the IT security capital planning process. Suggested attendees are noted above.

Technical Information
Joan Hash
NIST
Telephone: (301) 975-3357
Fax: (301) 975-4007
Email:   joan.hash@nist.gov
 :
Last updated: October 25, 2005
Page created: April 16, 2002
Disclaimer Notice & Privacy Statement / Security Notice
Send comments or suggestions to webmaster-csrc@nist.rip
NIST is an Agency of the U.S. Commerce Department's Technology Administration