Speaker Profile
Joanna Patterson, Director
CACI
About
Dr. Patterson has more than 20 years’ experience as an Information Technology (IT) professional with strong expertise in IT Management, Risk Management, and IT Security. Demonstrated expertise in establishing and implementing information security compliance programs to include ISO/IEC 27001 and NIST 800-171 programs.
Extensive experience with ISO 9001:2015, ISO 20000:2011, CERT Resilience Management Model, CMMI for Services, and CMMI for Development. Successfully achieved CMMI ML 5 for Services and Development.
Doctor of Business Administration, Information Systems Management.
Masters of Business Administration, Information Security Management
SPEAKER PRESENTATION
Conference Track: Security
Learn how to leverage existing compliance with the CMMI model to comply with the DoD Cybersecurity Maturity Model Certification CMMC. The CMMC is one of the most progressive and aggressive industry requirements introduced in recent years. The need for a structured, policy driven cybersecurity program is paramount. This presentation will combine the perspectives of an industry leading expert in operational excellence methodologies and an expert in cybersecurity compliance. The presentation will highlight the similarities and differences in the CMMI and CMMC models. Additionally, guidance will be provided on how to engrain security into existing quality programs versus starting over.
Conference Track: Tutorial
Additional fee to attend: $250
Using existing models (CMMI, RMM), regulations (CFR, DFARS), and Standards (NIST, ISO) to help explain and obtain compliance to CMMC.
This tutorial will cover the requirements for compliance and understanding of the new CyberSecurity Maturity Model Certification. This includes the Taxonomy of Maturity Levels, Processes and Capabilities. We will be using the CMMI V2 to explain what CMMI Practice Areas Fully Correlate, Largely Correlate, Partially Correlate and where they Do Not Correlate to the 17 Domains in the CMMC requirements. Where is Partially or Does Not Correlate we will bring in other models and standards (CERT RMM and ISO 27001) that are in the listed in the CMMC Appendix within the Capabilities for each Domain and explain what they mean and how to meet thee requirements. The majority of the CMMC Domains originated from the Federal Information Processing Standards (FIPS) 200 security-related areas and the NIST SP 800-171 control families.