Practical Paranoia: Drupal Security and the Federal Risk Management Framework (RMF)
Code and DevOps
This track is focused on developers and the back-end technologies to deal with today’s and future challenges. With the coming release of Drupal 8, as well as emerging Web technologies, preparation is essential. These sessions will help you learn how to deliver effective solutions to meet these needs.
Federal IT security standards and requirements have evolved significantly in recent years, with growing emphasis on areas such as continuous monitoring, identity management, and privacy. More consistent has been the emphasis on taking a risk- based approach to managing security, with the Risk Management Framework (RMF) emerging as the universal foundation across the Government for the IT security process lifecycle and philosophy. With new and expanding requirements, technologies, and threats to manage under budgetary constraints, it becomes more important than ever to be ever to focus your paranoia and IT security program on protecting the most valuable and sensitive resources. This session will examine how Drupal fits in with and supports a risk-based approach, specifically assessing how roles and permissions, entities and content types, rules, workflow, and logging can be best used in the major RMF activities, including the categorization of information systems; the selection, implementation, and assessment of controls, the authorization of systems, and monitoring.