SYSTEMS SECURITY ENGINEERING
|
|
- Bathsheba Adams
- 8 years ago
- Views:
Transcription
1 SYSTEMS SECURITY ENGINEERING
2 Mission Statement Integrating Security into Every Solution We Deliver Reducing Risk and Providing Fully Reliable and Trusted Solutions Utilizing Best Practices and Rigorous Processes LM Employs a System Security Engineering Process that employs, Cyber security/ia, Anti-Tamper and Secure Supply Chain Integrated. Proactive. Resilient Lockheed Martin Corporation 2
3 Why SSE? Our customers demand secure solutions Our main areas of focus are in defense, space, intelligence, homeland security, and information technology, including cyber security Aeronautics Information Systems & Global Solutions Missiles & Fire Control Mission Systems & Training Space Systems We Never Forgot Who We Are Working For And Neither Do Our Adversaries 2014 Lockheed Martin Corporation 3
4 Anti-Tamper (Hardware Security) Cyber Security/Information Assurance Secure Supply Chain Secure Processing Privacy Advanced Research Security is an Enterprise-Wide Concern Lockheed Martin System Security Engineering Systems security engineering is comprised of the following sub disciplines: Operations Security Information Security Network Security Physical Security Personnel Security Administrative Security Communications Security Emanation Security Computer Security ISO/IEC LM has developed a strong, multi-disciplinary approach 2014 Lockheed Martin Corporation 4
5 Lockheed Martin Strategy System Security Engineering Anti-Tamper (Hardware Security) Information Assurance / Cyber Security Secure Supply Chain Secure Processing Privacy Advanced Research LM Strategy Next Gen Product Base DoD Funding (CRAD / Program) LM Investment (IRAD/ Other Funding) 2014 Lockheed Martin Corporation 5
6 LM SSE Timeline 2011 Establish SSE IPT for collaboration 2013 Identify technology that needs to be developed 2013 Implement SSE process across programs & captures 2014 Invest in developing the key technology and leverage into DoD Lab CRAD wins 2010 Reduce stove-pipe approach to solving System Security 2012 Create Process that can be used across the corporation Leverage CRAD wins into LM s Product Base Enterprise-Wide 2014 Lockheed Martin Corporation 6
7 Security Development Challenges Understaffed Unclear whose job security is Lack of domain expertise Lack of training & outdated training Heavyweight development approaches Buried in regulations & process compliance Outdated security practices Complexity of large system designs Lack of information sharing No situational awareness Lack of internal & external collaboration No lessons learned Challenge keeping up with new & changing technology Stove piped solutions Time to market 2014 Lockheed Martin Corporation 7 Lockheed Martin Corporation 2012
8 Security Engineering Procedure LM has implemented a Security Engineering Procedure for use across all lines of business Identifies the security engineering activities, milestones, and work products performed and created throughout the engineering lifecycle from concept to retirement Illustrates how security engineering work products integrate into systems engineering deliverables throughout the engineering lifecycle 2014 Lockheed Martin Corporation 8
9 Security Engineering Activities & Products throughout the Life Cycle Security Needs Assessment Security Cost Estimates Security RFI Security Technical Solution Security & Privacy Risk Analysis Proposal Security & Privacy Requirements System Security Policy Security Test Cases Security RTVM Requirements Secure Builds & Configuration Static Analysis Security Test Planning Development Approved Security Baseline Sustainment Incident Response Plan Deployment Security Retirement and Transition Plan Safeguard of System Data Retirement Planning Security Operational Concept Security Plan Secure Coding Standards Threat & Vulnerability Analysis C&A Planning POA&M Contingency and DR Planning Design Secure Component Design Secure System Design Attack Surface Analysis/Reduction Test Functional System Security Testing Dynamic Analysis Specialty Security Testing Attack Surface Review Security Test Results & Discrepancy Mitigation SRA Report C&A Package O&M Control Monitoring Secure Upgrades Security Metrics & Reporting Security Reviews, Testing & Scans Contingency & DR Incident Response Security Policy & Plan C&A SATE 2014 Lockheed Martin Corporation 9
10 Integration of SSE process into other domain s processes for success Business Development /Capture Process RS-BDEV-0009 Program Management Process PM SSE Process S-ENGP-0668 Proposal/Program Review Process (PPRP) representatives Risk Review Board 2014 Lockheed Martin Corporation 10
11 A model created to SEAM together people, process and tools across a system life cycle/organization to reduce cyber security risk to system/program Security Engineering best practices, processes, standards, and checklists/tools Integrates security throughout a systems life cycle Develops a culture of security responsibility within all program and engineering disciplines Rooted in community- and corporaterecognized standards and industry best practices Agile and constantly evolving process to respond to dynamic cyber-threat environment Constant feedback loop where operations provides information back into development as new threats are identified Policy RS-ENGP-0044, System Security Procedure SAT for PPRs & Tech Reviews S-ENGP-0668, Security Engineering Standards Secure Application Development Security Risk Assessment Threat Modeling Security Testing Checklists Checklist Checklist Checklist Checklist SEAM breaks down the Security Engineering policy & procedure into standards and checklists applicable to all program staff (eg. Business development, Program managers, Capture managers, software developers, system engineers) 2014 Lockheed Martin Corporation 11
12 Security Engineering Domain Advocates CIS SPACE AERO SECURITY ENGINEERING IPT ATL MST IS&GS MFC Security Engineering IPT in place to foster communication & collaboration across all business areas security focused SMEs IPT used to develop, review and communicate system security engineering efforts (eg. Security procedure, standards, SEAM tools) Various eforums, portals and groups for outreach LM Security Engineering Community of Practice Info-Assurance eforum Cyber Fellows Action Team(FACT) eforum AT COE Secure SW Engineering eforum Info System Security WG 2014 Lockheed Martin Corporation 12
13 What Can NDIA Do? Help Develop Risked-Based Candidate Measures Include leading indicators to help proactive insight Can be tailored for each program (case-by-case) Focus on specific program vulnerabilities Span the types of issues Build on previous measurement efforts (NIST, PSM, INCOSE, NDIA) Work with other industry associations (e.g., INCOSE) to integrate SSE into SE guidance and standards Work with SERC and others on research and pilots, providing industry insight and experience Work with DoD to help with Intelligence awareness of emerging threats Continue to reduce compartmentalization across activities, when appropriate 2014 Lockheed Martin Corporation
14 Describe what you think SSE needs to be in 5 years It needs to be a more Proactive organization with more agility. Recognized rigorous scientific discipline and supported as such Standard set of base requirements with advanced features implemented/tailorable on a program by program basis. Security Measurement framework developed to inform security engineering and risk management processes Actionable Threat model for risk management & sec engr Must be able to communicate, translate and integrate security engineering to non-technical workforce as well program managers, business development, etc. Foster a security mindset across all disciplines 2014 Lockheed Martin Corporation
15 Lockheed Martin is Proactive and Mission-Focused with Security Engineering LOCKHEED MARTIN and the STAR DESIGN are either registered marks in the U.S. Patent and Trademark Office and/or other countries throughout the world, or are trademarks and service marks of Lockheed Martin Corporation in the U.S. and/or other countries. All rights reserved Lockheed Martin Corporation VF01493_
16 Definitions Systems Security Engineering Systems Security Engineering is a specialty engineering field strongly related to systems engineering. It applies scientific, engineering, and cybersecurity/information assurance principles to deliver trustworthy security solutions that satisfy stakeholder requirements. Anti-Tamper Systems Engineering Activity intended to impede countermeasure development, unintended technology transfer, or alteration of a system Information Assurance / Cyber Security The measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. Supply Chain Risk Management The implementation of strategies to manage both everyday and exceptional risks along the supply chain based on continuous risk assessment with the objective of reducing vulnerability and ensuring continuity Secure Processing Design of components that grant a secure environment for processing of information Privacy Appropriate management (data protection) & use of personal information under the circumstances Advanced Research Development of Next Generation Solutions 2014 Lockheed Martin Corporation 16
17 Security Engineering CoP Portal 2014 Lockheed Martin Corporation 17
System Security Engineering
A Critical Discipline of SE Ms. Kristen Baldwin Director, Systems Analysis DDR&E/Systems Engineering 12th Annual NDIA Systems Engineering Conference 28 October 2009 10/28/09 Page-1 Defense Research & Engineering
More informationCyber Security Solutions Integrated. Proactive. Resilient.
Cyber Security Solutions Integrated. Proactive. Resilient. Between defending against cyber attacks and ensuring mission resilience, there is one important word: HOW Cyber attacks never stop coming. Intrusions
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication
More informationCYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS. Steve Mills Professor of Information Technology Steve.mills@dau.mil 256.922.
CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS 1 Steve Mills Professor of Information Technology Steve.mills@dau.mil 256.922.8761 Overview Cybersecurity Policy Overview Questions Challenge #1 -
More informationIntroduction to NICE Cybersecurity Workforce Framework
Introduction to NICE Cybersecurity Workforce Framework Jane Homeyer, Ph.D., Deputy ADNI/HC for Skills and Human Capital Data, ODNI Margaret Maxson, Director, National Cybersecurity Education Strategy,
More informationUNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 16 R-1 Line #145
Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Office of Secretary Of Defense Date: March 2014 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 6: RDT&E Management Support COST
More informationIT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies
IT Professional Standards Information Security Discipline Sub-discipline 605 Information Security Testing and Information Assurance Methodologies December 2012 Draft Version 0.6 DOCUMENT REVIEW Document
More informationNICE and Framework Overview
NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to
More informationDoD Software Assurance (SwA) Overview
DoD Software Assurance (SwA) Overview Tom Hurt Office of the Deputy Assistant Secretary of Defense for Systems Engineering NDIA Program Protection Summit / Workshop McLean, VA May 19, 2014 May 19, 2014
More informationCYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS. Steve Mills DAU-South
CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS Steve Mills DAU-South 1 Overview Questions Cybersecurity Owners and Stakeholders Cybersecurity Why It Matters to DoD Program Managers Defense Science
More informationImplementing Program Protection and Cybersecurity
Implementing Program Protection and Cybersecurity Melinda Reed Office of the Deputy Assistant Secretary of Defense for Systems Engineering Mark Godino Office of the Deputy Assistant Secretary of Defense
More informationGet Confidence in Mission Security with IV&V Information Assurance
Get Confidence in Mission Security with IV&V Information Assurance September 10, 2014 Threat Landscape Regulatory Framework Life-cycles IV&V Rigor and Independence Threat Landscape Continuously evolving
More informationMicrosoft s cybersecurity commitment
Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade
More informationEnterprise Security Tactical Plan
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
More informationRethinking Cybersecurity from the Inside Out
Rethinking Cybersecurity from the Inside Out An Engineering and Life Cycle-Based Approach for Building Trustworthy Resilient Systems Dr. Ron Ross Computer Security Division Information Technology Laboratory
More informationDoD Strategy for Defending Networks, Systems, and Data
DoD Strategy for Defending Networks, Systems, and Data November 13, 2013 Department DoDD of Defense Chief Information Officer DoD Strategy for Defending Networks, Systems, and Data Introduction In July
More informationIBM Internet Security Systems October 2007. FISMA Compliance A Holistic Approach to FISMA and Information Security
IBM Internet Security Systems October 2007 FISMA Compliance A Holistic Approach to FISMA and Information Security Page 1 Contents 1 Executive Summary 1 FISMA Overview 3 Agency Challenges 4 The IBM ISS
More informationOverview TECHIS60241. Carry out risk assessment and management activities
Overview Information in all its forms is a vital component of the digital environment in which we live and work. The protection of information in its physical form is well understood but the protection
More informationOverview. FedRAMP CONOPS
Concept of Operations (CONOPS) Version 1.0 February 7, 2012 Overview Cloud computing technology allows the Federal Government to address demand from citizens for better, faster services and to save resources,
More informationC ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY
CSCSS / ENTERPRISE TECHNOLOGY + SECURITY C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CENTRE FOR STRATEGIC CSCSS CYBERSPACE + SECURITY SCIENCE CSCSS / ENTERPRISE TECHNOLOGY + SECURITY GROUP Information
More informationSoftware Development: The Next Security Frontier
James E. Molini, CISSP, CSSLP Microsoft Member, (ISC)² Advisory Board of the Americas jmolini@microsoft.com http://www.codeguard.org/blog Software Development: The Next Security Frontier De-perimiterization
More informationOpening Up a Second Front for Cyber Security and Risk Management
Opening Up a Second Front for Cyber Security and Risk Management Annual Computer Security Applications Conference December 4, 2012 Dr. Ron Ross Computer Security Division Information Technology Laboratory
More informationStrategic Plan On-Demand Services April 2, 2015
Strategic Plan On-Demand Services April 2, 2015 1 GDCS eliminates the fears and delays that accompany trying to run an organization in an unsecured environment, and ensures that our customers focus on
More informationInformation in the Cloud: What s in the Future
Information in the Cloud: What s in the Future Cloud Computing: Opportunities, Advantages, Disadvantages for Federal Agencies Melvin Greer Chief Strategist, Author, Educator SOA / Cloud Computing / Cyber
More informationCyberSecurity Solutions. Delivering
CyberSecurity Solutions Delivering Confidence Staying One Step Ahead Cyber attacks pose a real and growing threat to nations, corporations and individuals globally. As a trusted leader in cyber solutions
More informationRaytheon Cybersecurity and Small Business Engagement. Raytheon Jeff Jacoby
Raytheon Cybersecurity and Small Business Engagement Raytheon Jeff Jacoby Raytheon Cybersecurity and Small Business Engagement DHS Cyber SBIR Workshop July 26, 2012 Jeff Jacoby Director, Cyber Enterprise
More informationCybersecurity Delivering Confidence in the Cyber Domain
Cybersecurity Delivering Confidence in the Cyber Domain With decades of intelligence and cyber expertise, Raytheon offers unmatched, full-spectrum, end-to-end cyber solutions that help you secure your
More informationCisco Unified Communications and Collaboration technology is changing the way we go about the business of the University.
Data Sheet Cisco Optimization s Optimize Your Solution using Cisco Expertise and Leading Practices Optimizing Your Business Architecture Today, enabling business innovation and agility is about being able
More informationThe Information Assurance Process: Charting a Path Towards Compliance
The Information Assurance Process: Charting a Path Towards Compliance A white paper on a collaborative approach to the process and activities necessary to attain compliance with information assurance standards.
More informationCyber R &D Research Roundtable
Cyber R &D Research Roundtable 2 May 2013 N A T I O N A L S E C U R I T Y E N E R G Y & E N V I R O N M E N T H E A L T H C Y B E R S E C U R I T Y Changing Environment Rapidly Evolving Threat Changes
More informationSecuring the Cloud Infrastructure
EXECUTIVE STRATEGY BRIEF Microsoft recognizes that security and privacy protections are essential to building the necessary customer trust for cloud computing to reach its full potential. This strategy
More informationCybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity
Cybersecurity Framework Executive Order 13636 Improving Critical Infrastructure Cybersecurity National Institute of Standards and Technology (NIST) Mission To promote U.S. innovation and industrial competitiveness
More informationU.S. Defense Priorities OSD PA&E
1 U.S. Defense Priorities Deter potential adversaries and defend America and American interests Counter asymmetric threats including terrorism, cyber attacks and ballistic and cruise missiles Fight and
More informationA Comprehensive Cyber Compliance Model for Tactical Systems
A Comprehensive Cyber Compliance Model for Tactical Systems Author Mark S. Edwards, CISSP/MSEE/MCSE Table of Contents July 28, 2015 Meeting Army cyber security goals with an IA advocate that supports tactical
More informationInformation Security for Managers
Fiscal Year 2015 Information Security for Managers Introduction Information Security Overview Enterprise Performance Life Cycle Enterprise Performance Life Cycle and the Risk Management Framework Categorize
More informationThe Comprehensive National Cybersecurity Initiative
The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we
More informationBusiness Continuity Position Description
Position Description February 9, 2015 Position Description February 9, 2015 Page i Table of Contents General Characteristics... 2 Career Path... 3 Explanation of Proficiency Level Definitions... 8 Summary
More informationNICE Cybersecurity Workforce Framework Tutorial
NICE Cybersecurity Workforce Framework Tutorial Jane Homeyer, Ph.D., Deputy ADNI/HC for Skills and Human Capital Data, ODNI Margaret Maxson, Director, National Cybersecurity Education Strategy, DHS Outline
More informationCapabilities for Cybersecurity Resilience
Capabilities for Cybersecurity Resilience In the Homeland Security Enterprise May 2012 DHS Cybersecurity Strategy A cyberspace that: Is Secure and Resilient Enables Innovation Protects Public Advances
More informationINCOSE System Security Engineering Working Group Charter
1 PURPOSE Recent data breach cases and industrial control system incidents call attention to the inadequacy of current approaches to systems security [1, 2]. Each case presents more compelling evidence
More informationSecurity Risk Management For Health IT Systems and Networks
Health IT Standards Committee Meeting Security Risk Management For Health IT Systems and Networks NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Setting the stage. NATIONAL INSTITUTE OF STANDARDS AND
More informationHow To Write A Cybersecurity Framework
NIST Cybersecurity Framework Overview Executive Order 13636 Improving Critical Infrastructure Cybersecurity 2nd ENISA International Conference on Cyber Crisis Cooperation and Exercises Executive Order
More informationSecurity Certification & Accreditation of Federal Information Systems A Tutorial
29 Jun 2009 Security Certification & Accreditation of Federal Information Systems A Tutorial An Introduction to NIST s 800-37 Dr. Vijay Madisetti Professor, Georgia Tech - ECE vkm@gatech.edu Tutorial Outline
More informationBellevue University Cybersecurity Programs & Courses
Undergraduate Course List Core Courses: CYBR 250 Introduction to Cyber Threats, Technologies and Security CIS 311 Network Security CIS 312 Securing Access Control CIS 411 Assessments and Audits CYBR 320
More informationAn Overview of Large US Military Cybersecurity Organizations
An Overview of Large US Military Cybersecurity Organizations Colonel Bruce D. Caulkins, Ph.D. Chief, Cyber Strategy, Plans, Policy, and Exercises Division United States Pacific Command 2 Agenda United
More informationCase Studies in Systems Engineering Central to the Success of Applied Systems Engineering Education Programs
Complexity Case Studies in Systems Engineering Central to the Success of Applied Systems Engineering Education Programs Carlee A. Bishop Principal Research Engineer, Georgia Tech Research Institute Georgia
More informationU.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems
U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)
More informationNational Security & Homeland Security Councils Review of National Cyber Security Policy. Submission of the Business Software Alliance March 19, 2009
National Security & Homeland Security Councils Review of National Cyber Security Policy Submission of the Business Software Alliance March 19, 2009 Question # 1: What is the federal government s role in
More informationPreventing and Defending Against Cyber Attacks November 2010
Preventing and Defending Against Cyber Attacks November 2010 The Nation s first ever Quadrennial Homeland Security Review (QHSR), delivered to Congress in February 2010, identified safeguarding and securing
More informationPreventing and Defending Against Cyber Attacks October 2011
Preventing and Defending Against Cyber Attacks October 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their
More informationRelease of the Draft Cybersecurity Procurement Language for Energy Delivery Systems
Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems Energy Sector Control Systems Working Group Supporting the Electricity Sector Coordinating Council, Oil & Natural Gas
More informationThe HIPAA Security Rule: Theory and Practice
Presentation for HIPAA Summit X Baltimore, MD April 7, 2005 The HIPAA Security Rule: Theory and Practice Sam Jenkins Privacy Officer TRICARE Management Activity (TMA) Dan Steinberg Senior Consultant Booz
More informationLogical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110
Logical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110 Exam Information Candidate Eligibility: The CyberSec First Responder: Threat Detection and Response (CFR) exam
More informationDoD CIO s 10-Point Plan for IT Modernization. Ms. Teri Takai DoD CIO
DoD CIO s 10-Point Plan for IT Modernization Ms. Teri Takai DoD CIO Executive Summary Proactive Partnerships for IT Modernization IT Modernization Strategy Consolidate Infrastructure Streamline Processes
More informationCybersecurity Throughout DoD Acquisition
Cybersecurity Throughout DoD Acquisition Tim Denman Cybersecurity Performance Learning Director DAU Learning Capabilities Integration Center Tim.Denman@dau.mil Acquisition.cybersecurity@dau.mil Cybersecurity
More informationCyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record
Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications
More informationIBM Internet Security Systems. The IBM Internet Security Systems approach for Health Insurance Portability and Accountability Act compliance overview
IBM Internet Security Systems The IBM Internet Security Systems approach for Health Insurance Portability and Accountability Act compliance overview Health Insurance Portability and Accountability Act
More informationCONSULTING IMAGE PLACEHOLDER
CONSULTING IMAGE PLACEHOLDER KUDELSKI SECURITY CONSULTING SERVICES CYBERCRIME MACHINE LEARNING ECOSYSTEM & INTRUSION DETECTION: CYBERCRIME OR REALITY? ECOSYSTEM COSTS BENEFITS BIG BOSS Criminal Organization
More informationBusiness Continuity for Cyber Threat
Business Continuity for Cyber Threat April 1, 2014 Workshop Session #3 3:00 5:30 PM Susan Rogers, MBCP, MBCI Cyberwise CP S2 What happens when a computer program can activate physical machinery? Between
More informationIntel Security Professional Services Leveraging NIST Cybersecurity Framework (CSF): Complexity is the enemy of security
Intel Security Professional Services Leveraging NIST Cybersecurity Framework (CSF): Complexity is the enemy of security David Brezinski, Professional Services, Enterprise Security Architect Agenda Overview
More informationA MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS
A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS CYBER ATTACKS INFILTRATE CRITICAL INFRASTRUCTURE SECTORS Government and enterprise critical infrastructure sectors such as energy, communications
More informationTriangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace
Triangle InfoSeCon Alternative Approaches for Secure Operations in Cyberspace Lt General Bob Elder, USAF (Retired) Research Professor, George Mason University Strategic Advisor, Georgia Tech Research Institute
More informationOperational security for online services overview
Operational security for online services overview Microsoft Trustworthy Computing October 21, 2013 Trustworthy Computing Operational security for online services overview Legal disclaimer This document
More informationState Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4
State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes
More informationCybersecurity: Mission integration to protect your assets
Cybersecurity: Mission integration to protect your assets C Y B E R S O L U T I O N S P O L I C Y O P E R AT I O N S P E O P L E T E C H N O L O G Y M A N A G E M E N T Ready for what s next Cyber solutions
More informationDeveloping Secure Software in the Age of Advanced Persistent Threats
Developing Secure Software in the Age of Advanced Persistent Threats ERIC BAIZE EMC Corporation DAVE MARTIN EMC Corporation Session ID: ASEC-201 Session Classification: Intermediate Our Job: Keep our Employer
More informationTHE drop cap white spread is the chartacter style to use for the drop cap. Use this masater
Headline White, Etc. Etc. Etc. Cybersecurity: Subhead Main White Byline White Program Managers Have Questions. Got Answers? THE drop cap white spread is the chartacter style to use for the drop cap. Use
More informationPreventing and Defending Against Cyber Attacks June 2011
Preventing and Defending Against Cyber Attacks June 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their unclassified
More informationCloud Computing Technologies Achieving Greater Trustworthiness and Resilience
Cloud Computing Technologies Achieving Greater Trustworthiness and Resilience Cloud Standards Customer Council Public Sector Cloud Summit March 24, 2014 Dr. Ron Ross Computer Security Division Information
More informationstate of south dakota Bureau of Information & Telecommunications Provide a Reliable, Secure & Modern Infrastructure services well-designed innovative
Strategic Plan 2015-2017 state of south dakota Bureau of Information & Telecommunications 1GOAL ONE: Provide a Reliable, Secure & Modern Infrastructure services security technology assets well-designed
More informationWritten Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.
Written Testimony of Dr. Andy Ozment Assistant Secretary for Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee on Oversight and Government
More informationBuilding Security In:
#CACyberSS2015 Building Security In: Intelligent Security Design, Development and Acquisition Steve Caimi Industry Solutions Specialist, US Public Sector Cybersecurity September 2015 A Little About Me
More informationNational Initiative for Cyber Security Education
2014/PPWE/SEM2/007 Agenda Item: 5 National Initiative for Cyber Security Education Submitted by: United States Women Business and Smart Technology Seminar Beijing, China 23 May 2014 NICE OVERVIEW Women
More informationFISMA Implementation Project
FISMA Implementation Project The Associated Security Standards and Guidelines Dr. Ron Ross Computer Security Division Information Technology Laboratory 1 Today s Climate Highly interactive environment
More informationHow small and medium-sized enterprises can formulate an information security management system
How small and medium-sized enterprises can formulate an information security management system Royal Holloway Information Security Thesis Series Information security for SMEs Vadim Gordas, MSc (RHUL) and
More informationHow To Write A National Cybersecurity Act
ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 March 17, 2010 BACKGROUND & WHY THIS LEGISLATION IS IMPORTANT: Our nation is at risk. The networks that American families and businesses
More informationIntegrating Project Management and Service Management
Integrating Project and Integrating Project and By Reg Lo with contributions from Michael Robinson. 1 Introduction Project has become a well recognized management discipline within IT. is also becoming
More informationApplying Framework to Mobile & BYOD
Applying Framework to Mobile & BYOD Framework for Improving Critical Infrastructure Cybersecurity National Association of Attorneys General Southern Region Meeting 13 March 2015 cyberframework@nist.gov
More informationCybersecurity Framework: Current Status and Next Steps
Cybersecurity Framework: Current Status and Next Steps Federal Advisory Committee on Insurance November 6, 2014 Adam Sedgewick Senior IT Policy Advisor Adam.Sedgewick@nist.gov National Institute of Standards
More informationRemarks for Admiral David Simpson WTA Advocates for Rural Broadband Spring Meeting Cybersecurity Panel
Remarks for Admiral David Simpson WTA Advocates for Rural Broadband Spring Meeting Cybersecurity Panel May 5th, 2015 10:00-11:30 a.m. Hyatt Regency, Indian Wells, CA Thank you all for welcoming me. It
More informationDHS IT Successes. Rationalizing Our IT Infrastructure
TESTIMONY OF Richard A. Spires Chief Information Officer U.S. Department of Homeland Security Before the House Committee on Oversight and Government Reform February 27, 2013 Chairman Issa, Ranking Member
More informationValue to the Mission. FEA Practice Guidance. Federal Enterprise Architecture Program Management Office, OMB
Value to the Mission FEA Practice Guidance Federal Enterprise Program Management Office, OMB November 2007 FEA Practice Guidance Table of Contents Section 1: Overview...1-1 About the FEA Practice Guidance...
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationClick to edit Master title style
Click to edit Master title style Fourth level» Fifth level Click Integrating to edit Master Cybersecurity title style Requirements into Source Selection and Contracts Breakout Session #F15 Alex Odeh, Third
More informationESKISP6056.01 Direct security testing
Direct security testing Overview This standard covers the competencies concerning with directing security testing activities. It includes setting the strategy and policies for security testing, and being
More informationSECTION A: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT
SECTION A: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT Article A.1 Introduction This contract is intended to provide IT solutions and services as defined in FAR 2.101(b) and further clarified in the Clinger-Cohen
More informationUNITED STATES AIR FORCE. Air Force Product Support Enterprise Vision
UNITED STATES AIR FORCE Air Force Product Support Enterprise Vision July 2013 Foreword Product Support is a set of functions and products that enables operational capability and readiness of systems, subsystems,
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationA Systems Approach to Protecting the U.S. Air Traffic Control System Against Cyber-Terrorism
A Systems Approach to Protecting the U.S. Air Traffic Control System Against Cyber-Terrorism Arthur Pyster Deputy Assistant Administrator for Information Services and Deputy Chief Information Officer arthur.pyster@faa.gov
More informationState of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013
State of Minnesota Enterprise Security Strategic Plan Fiscal Years 2009 2013 Jointly Prepared By: Office of Enterprise Technology - Enterprise Security Office Members of the Information Security Council
More informationSECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT Article C.1 Introduction This contract is intended to provide IT solutions and services as
SECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT Article C.1 Introduction This contract is intended to provide IT solutions and services as defined in FAR 2.101(b) and further clarified in the Clinger-Cohen
More informationCyber Governance Preparing for the Inevitable Perimeter Breach
SAP Brief SAP Extensions SAP Regulation Management by Greenlight, Cyber Governance Edition Objectives Cyber Governance Preparing for the Inevitable Perimeter Breach Augment your preventive cybersecurity
More informationConsolidated Afloat Networks and Enterprise Services (CANES)
Consolidated Afloat Networks and Enterprise Services (CANES) Re-architecting the Navy s s C4I Network Infrastructure Lockheed Martin SNA Media Brief 11 January 2010 Lockheed Martin Proprietary Information
More informationRisk Management Guide for Information Technology Systems. NIST SP800-30 Overview
Risk Management Guide for Information Technology Systems NIST SP800-30 Overview 1 Risk Management Process that allows IT managers to balance operational and economic costs of protective measures and achieve
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationState of South Carolina Policy Guidance and Training
DRAFT For Discussion Purposes Only State of South Carolina Policy Guidance and Training Policy Workshop All Agencies Information Systems (IS) Acquisitions, Development, and Maintenance Policy April/May
More informationSystem Security Engineering and Comprehensive Program Protection
System Security Engineering and Comprehensive Program Protection Melinda Reed Office of the Deputy Assistant Secretary of Defense for Systems Engineering 16th Annual NDIA Systems Engineering Conference
More informationCybersecurity Converged Resilience :
Cybersecurity Converged Resilience : The cybersecurity of critical infrastructure 2 AECOM Port Authority of New York and New Jersey (PANYNJ), New York, New York, United States. AECOM, working with the
More informationENTERPRISE RISK MANAGEMENT FRAMEWORK
ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...
More informationAchieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations
Achieving Control: The Four Critical Success Factors of Change Management Technology Concepts & Business Considerations T e c h n i c a l W H I T E P A P E R Table of Contents Executive Summary...........................................................
More information