[August 2017] NIST Creates the OSCAL Standard for Synchronizing Security Controls Between Cloud Organizations by Dr. Michaela Iorga, Program Director at NIST

Thursday, August 17, 2017

5:30 PM – Networking & Dinner

6:00 PM – ISSA-NOVA Program

Michaela Iorga, PhD

Director of ITL SURG Program at NIST

Co-Chair at both Security & Forensic Science NIST Cloud Working Groups

MichaelaIorgaDr. Michaela Iorga at the National Institute of Standards and Technology (NIST) has created the Open Security Controls Assessment Language (OSCAL). XML-based OSCAL is expected to enable communication and even synchronization of security and privacy controls between various organizations. This “Reciprocity” would broadly encourage coordination for adoption of local, regional, and international cloud standards.

Security and privacy controls in a cloud ecosystem are distinct parts of a complex risk assessment equation that cloud consumers need to resolve despite the lack of visibility into the implementation of the cloud offerings. Currently, risk management for the cloud is complicated by different organizations requiring their own set of security controls, some with similar or overlapping definitions compared to other organizations. NIST proposes a standard framework that provides cloud consumers with a multidisciplinary, risk-based approach to building trustworthy cloud-based systems by facilitating transparency and traceability.

— Bio —

Dr. Michaela Iorga earned her PhD in Engineering at Duke University and is in the Computer Security Division (CSD) at NIST. She serves as co-chair of the agency’s Cloud Computing Forensic Science Working Group and also as co-chair at their Cloud Computing Security Working Group. In addition, she is the senior security technical lead for cloud computing for CSD as well as the Director for the Information Technology Laboratory (ITL) for NIST’s Summer Undergraduate Research Fellowship (SURF) Program.

Dr. Iorga works with government, academic and industrial organizations to develop cybersecurity guidelines and standards as well as to promote innovation and competition.

She has held consulting roles in both public and private sectors and holds experience in information security and assurance, risk assessment, cloud and mobile ad hoc networks, identity and credential management, security architecture development and cyberspace privacy protection. Her current research work focuses on cloud computing security, privacy and forensic issues.

Location:

Noblis, Inc.

2002 Edmund Halley Drive, Reston, VA 20191

Parking:     You can park for free in front of the building.

Registration:

http://tinyurl.com/issa-nova-2017aug17

Actual Registration URL is: https://app.smartsheet.com/b/form/9ffa6292eaac464d8d7c8a36da7abe10

For registration info contact Saravanan Ramachari at: vp_programs@issa-nova.org

ISSA-NOVA Officers

President: John von Ruden

Vice Presidents: Houda Abdelghani, Constantinos Doskas, Karen Frederick, Raja Medicherla, Saravanan Ramachari, Bud Roth, Raymond Stamps

Sponsored By: The ISSA Northern Virginia (ISSA-NOVA) Chapter of ISSA International