The NIST Framework for Improving Critical Infrastructure Cybersecurity - An Executive Guide

Size: px
Start display at page:

Download "The NIST Framework for Improving Critical Infrastructure Cybersecurity - An Executive Guide"

Transcription

1 SOLUTION BRIEF NIST FRAMEWORK FOR IMPROVING CRITICAL INFRASTRUCTURE CYBERSECURITY The NIST Framework for Improving Critical Infrastructure Cybersecurity - An Executive Guide

2 SOLUTION BRIEF CA DATABASE MANAGEMENT FOR DB2 FOR z/os DRAFT Every company is constantly under attack. If anybody tells you they re not, it just means they don t know. It is a threat that is broad-based. It s not just from one source... and it s just unceasing. 1. Wes Bush, Northrup Grumman, Chief Executive Healthcare Security Solutions: Protecting Your Organization, Patients, And Information

3 3 SOLUTION BRIEF: NIST FRAMEWORK FOR CYBERSECURITY FOR CRITICAL INFRASTRUCTURE ca.com The Increasing Threat to Critical Infrastructure Attacks on sensitive IT systems and data increased during 2013, many of which caused substantial financial and reputational damage to the companies involved. Still, a successful attack on the underpinnings of the nation s critical infrastructure would have far more catastrophic impacts than this. The NIST Framework for Cybersecurity for Critical Infrastructure was approved in Feb, 2014, and is intended to help establish guidelines and best practices for ensuring that our critical systems are adequately protected. Although it is a voluntary framework, it is expected that it will be adopted by many companies in order to strengthen their security posture. An emphasis on flexibility The NIST Framework was designed with a very high degree of flexibility for organizations that would like to follow its guidelines. It is also technology-neutral, and incorporates existing industry standards and best practices no re-inventing the wheel. Most importantly, it enables each organization to profile its own cybersecurity efforts, define a target profile, and then put in place a plan to reach that goal. In this regard, its guidelines should be considered not as requirements but as scorecards that are based on the unique business needs, risk appetite, and security demands for each environment and provide a guide for continuous improvement based on changing risk and threat dynamics. What is critical infrastructure? When one thinks about the nation s critical infrastructure, we usually think of the grid, water supplies, national defense, and the like. But, the Framework makes clear that critical infrastructure is an expansive concept that includes many systems that aren t generally thought of in this context, such as: commercial facilities; communications; critical manufacturing; dams; defense industrial; emergency services; energy; financial services; food and agriculture; government facilities; healthcare and public health; information technology; materials; and transportation systems. This makes it clear that a large number and wide variety of public and private organizations will be impacted by the Framework.

4 4 SOLUTION BRIEF: NIST FRAMEWORK FOR CYBERSECURITY FOR CRITICAL INFRASTRUCTURE ca.com Overview of the Framework The Framework consists of three major elements: Framework Core A set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors. The Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level. Framework implementation tiers Tiers describe the degree to which an organization s cybersecurity risk management practices exhibit the characteristics defined in the Framework. There are four tiers that can be used to identify the current state of your cybersecurity effort. These tiers and their brief characteristics include: Tier 1 (Partial): Informal cybersecurity risk management practices, ad hoc and reactive approach to risk management Tier 2 (Risk-Informed): Management-approved risk management processes, awareness of risk at organizational level, but lack of organization-wide approach Tier 3 (Repeatable): Risk management processes expressed as policy, organization-wide approach to manage cybersecurity risk, risk-informed policies, processes and procedures Tier 4 (Adaptive): Adaptable cybersecurity practices based on lessons learned and predictive indicators, continuous improvement incorporating advanced technologies and practices, active sharing of information with partners both before and after cybersecurity events Framework profile Describes outcomes based on the business need and risk assessment that the organization has selected from the Core. This information enables you to identify opportunities for improving cybersecurity by moving from current state to target state. To develop a Profile, an organization can review all the Categories and SubCategories and, based on business drivers and a risk assessment, determine which are most important. The Current Profile can then be used so support prioritization and measurement of progress towards the Target Profile. It can also be used to support communication within the organization. The Framework Core a little more detail The Core consists of functions, categories, sub-categories, and related industry standards. But, note that the Core does not represent a set of actions to perform - rather it defines outcomes that are helpful in improving cybersecurity. The functions included in the Core include: Identify develop the organizational understanding to manage cybersecurity risk to systems, applications, and data Protect implement safeguards to ensure the secure delivery of infrastructure services Detect implement the appropriate activities to identify a cybersecurity event Respond implement the appropriate activities to take action on a cybersecurity event Recover maintain plans for resilience and to restore any services impacted by a cybersecurity event. These Core functions serve to help the organization classify and evaluate their cybersecurity activities, enhance their risk management programs, and track progress of efforts to move from one level of security maturity to a higher level. In this regard, they are an excellent unifying model for your cybersecurity programs.

5 5 SOLUTION BRIEF: NIST FRAMEWORK FOR CYBERSECURITY FOR CRITICAL INFRASTRUCTURE ca.com How to Use the Framework to Improve Cybersecurity The Framework is not intended to replace your existing security processes. Rather, it is intended to complement them, and to help you develop a profile of your current security state, as well as identify your desired state of security, based on the guidelines in the Framework. This approach will enable you to develop an action plan for improving your cybersecurity profile, consistent with your business needs, risk appetite and available resources. A simplified approach to leveraging the Framework is as follows: Prioritize and scope Determine your business priorities and scope your critical business systems that support these priorities and objectives. Identify your regulatory requirements and risk appetite, and identify areas of vulnerabilities and threats. Create a current cybersecurity profile Using the Framework, identify areas where your processes meet your business needs, and those that need strengthening. Conduct a security risk assessment Determine the likelihood of a cybersecurity event, and the impact that it would have on your organization, as well as include your appetite for ongoing risk. Create a target profile Given your current profile and risk appetite, what areas need improvement? Determine where you would like to be in terms of the Framework profiles, and what your time frame is. Determine gaps What areas need strengthening for you to arrive at your desired target profile? Identify these areas, analyze them, and prioritize their implementation. Identity resources required to evolve each area of your profile to the desired state. Finalize an action plan Based on your priorities and required resources, lay out a path to reach your target profile. The top security threats of 2013 were social engineering, advanced persistent threats, and insider threat. 2

6 6 SOLUTION BRIEF: NIST FRAMEWORK FOR CYBERSECURITY FOR CRITICAL INFRASTRUCTURE ca.com CA Security and the NIST Framework Of the functions described above, the one most relevant to protection of systems and data is the Protect function. The Protect categories describe outcomes relating to protecting systems and data from a variety of threats, both internal and external. It also includes procedural topics such as awareness, training, and management of technology assets requirements that do not require a security solution. The categories of the Protect function, and the name of any CA Technologies security solution that can help with compliance for each category, is as follows: Function ID Category Primary Product Secondary Product Protect PR.AC Access Control CA Privileged Identity Manager PR.AT Awareness & Training Not relevant to CA Solutions PR.DS Data Security CA Privileged Identity Manager CA API Mgt & Security CA Data Protection PR.IP Info Protection Processes Not relevent to CA Solutions PR.MA Maintenance CA Privileged Identity Manager PR.PT Protective Technology CA Privileged Identity Manager CA SSO CA API Mgt & Security CA Identity Manager CA Identity Governance CA Advanced Authentication

7 7 SOLUTION BRIEF: NIST FRAMEWORK FOR CYBERSECURITY FOR CRITICAL INFRASTRUCTURE ca.com Let s look in more detail at how CA solutions can help an organization achieve outcomes that conform to these requirements. Critical capabilities for Framework compliance are bolded. Category: Access Control PR.AC-1: Identities and credentials are managed for authorized devices and users PR.AC-2: Physical access to assets is managed and protected PR.AC-3: Remote access is managed PR.AC-4: Access permissions are managed, incorporating the principles of least privilege and separation of duties PR.AC-5: Network integrity is protected, incorporating network segregation where appropriate CA Privileged Identity Manager manages and secures privileged identities. It can restrict access to systems and accounts (including shared accounts) to only authorized users. Access to accounts is managed by CA Shared Account Management. Not relevant to CA Security solutions CA Privileged Identity Manager manages remote connections to systems and devices. Host-based access controls can restrict remote connections according to criteria including IP address. It can also restrict remote connections to ensure they come from the proxy server. CA Privileged Identity Manager provides fine-grained access controls that can ensure separation of duties and least-privilege access. It does this at the OS kernel level, making it the most secure access control implementation. CA Shared Account Management provides both least privilege access and separation of duties by controlling who has access to shared, privileged accounts. The CA Identity Suite also help ensure proper access rights thru automation of access certifications and role-based provisioning processes. CA Privileged Identity Manager can restrict inbound and outbound connections to systems and devices to specific IP addresses, helping to preserve network integrity. Category: Data Security PR.DS-1: Data-at-rest is protected PR.DS-2: Data-in-transit is protected PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition PR.DS-4: Adequate capacity to ensure availability is maintained PR.DS-5: Protections against data leaks are implemented PR.DS-6: Integrity checking mechanisms are used to verify software, firmware, and information integrity PR.DS-7: The development and testing environment(s) are separate from the production environment The CA Solution can protect specific files and folders, so it can protect Data-atrest. Access to protected resources can be denied to even the superuser. CA API Management & Security secures data-in-transit through protocol-, message-, and field-level confidentiality, integrity operations, and availability protection. Not relevant to CA Security solutions Not relevant to CA Security solutions CA Data Protection can discover, classify, and protect sensitive info against disclosure, theft, improper actions ( , USB device, etc) The CA API Suite can protect against common data extraction threats, validate request/response data schemas, and filter message content in transit CA Privileged Identity Manager provides a Trusted Program Execution capability that can ensure that programs have not been modified before execution. Not relevant to CA Security solutions

8 8 SOLUTION BRIEF: NIST FRAMEWORK FOR CYBERSECURITY FOR CRITICAL INFRASTRUCTURE ca.com Category: Maintenance PR.MA-1: Maintenance and repair of organizational assets is performed and logged in a timely manner, with approved and controlled tools PR.MA-2: Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access CA Privileged Identity Manager can manage and monitor maintenance sessions on critical systems and devices. It can control access to the identities used to provide maintenance, restrict that access to follow the principle of least privilege, and log all user actions. Break Glass functionality can enable emergency maintenance. It can manage and also monitor remote maintenance of systems and devices. Category: Protective Technology PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy PR.PT-2: Removable media is protected and its use restricted according to policy PR.PT-3: Access to systems and assets is controlled, incorporating the principle of least functionality PR.PT-4: Communications and control networks are protected It can log all actions taken by users, including administrators. It can track actions performed using shared accounts to individuals. The CA Solution can prevent execution of any executable that is identified as non-essential. It also provides fine-grained access controls to systems and assets on them to protect against unauthorized access CA SSO centrally controls access to Web apps from all devices CA Identity Suite helps ensure correct access entitlements for all users. Role discovery, provisioning, and automated access certification help ensure correct access rights. CA API secures access to service interfaces from all devices and applications CA Advanced Authentication enables risk-based, strong authentication of users, to protect against stolen credentials, or brute force authentication attempts. Not relevant to CA Security solutions

9 9 SOLUTION BRIEF: NIST FRAMEWORK FOR CYBERSECURITY FOR CRITICAL INFRASTRUCTURE ca.com Summary of Key Security Capabilities In order to conform to the guidelines of the Protect function, the following capabilities are very important: Key Capability Description Benefit Shared Account Password Management Fine-Grained Access Controls User Activity Reporting / Video Session Recording End-to-End Encryption API Management & Security Strong, Risk-based Authentication Control access to privileged, administrative accounts with password storage and automatic login capabilities. Control what access privileged users have based on their individual identity, even when using a shared administrative account. Records all user actions, tracking all records by individual, even when a shared account is used. Protect all data-in-transit through data encryption. Control access to APIs based on identity and access rights. Combat data extraction and other attacks. Enable strong, multi-factor authentication, with risk analysis based on contextual factors. Reduces the risk of unauthorized users gaining access to privileged accounts. Prevents password sharing. Reduces risk by providing administrators with only the minimum privileges they need to do their jobs. Makes it simple to find out who did what in a forensic investigation Improved security and confidentiality of data Protect against external, targeted attacks and data leaks. Improve security for all users, combat identity theft and stolen credential attacks. Insider fraud is a common occurrence. On average, organizations have had approximately 55 employee-related incidents of fraud in the past 12 months. 3 The Ponemon Institute

10 10 SOLUTION BRIEF: NIST FRAMEWORK FOR CYBERSECURITY FOR CRITICAL INFRASTRUCTURE Taking the next step The NIST Framework could potentially have a substantial impact on the cybersecurity activities of a large number of organizations, both public and private, over the next year. Even if an organization does not attempt formal compliance with the entire Framework, many companies will attempt to evolve their cybersecurity capabilities to become more aligned with the guidelines included within it. And, this adoption is likely to be global in scope, due to the importance of protecting critical infrastructure, and the flexibility enabled by the Framework. Getting a head start on compliance with the Framework is also an important consideration. All it takes is one successful attack on critical infrastructure to have a profound impact not only on the organization, but also possibly on thousands or millions of unsuspecting users of that infrastructure. Avoiding a disastrous situation like this, and establishing a track record of protecting customer information from loss, will help to increase customer confidence in the security capabilities of your organization. Customer confidence creates loyalty. CA Technologies is proud to have played a consultative role in the creation of this Framework. CA Security solutions can be used effectively to strengthen your cybersecurity profile in order to help meet the requirements of this Framework. Connect with CA Technologies at ca.com CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables them to seize the opportunities of the application economy. Software is at the heart of every business, in every industry. From planning to development to management and security, CA is working with companies worldwide to change the way we live, transact and communicate across mobile, private and public cloud, distributed and mainframe environments. Learn more at ca.com. 1 Wes Bush, Northrup Grumman Chief Executive The Ponemon Institute, The Risk of Insider Fraud: Second Annual Study. February 2013 Copyright CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document as is without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or noninfringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill, or lost data, even if CA is expressly advised in advance of the possibility of such damages. CA does not provide legal advice. Neither this document nor any CA software product referenced herein shall serve as a substitute for your compliance with any laws (including but not limited to any act, statute, regulation, rule, directive, policy, standard, guideline, measure, requirement, administrative order, executive order, etc. (collectively, Laws )) referenced in this document. You should consult with competent legal counsel regarding any Laws referenced herein. CS _1014

SOLUTION BRIEF SEPTEMBER 2014. Healthcare Security Solutions: Protecting your Organization, Patients, and Information

SOLUTION BRIEF SEPTEMBER 2014. Healthcare Security Solutions: Protecting your Organization, Patients, and Information SOLUTION BRIEF SEPTEMBER 2014 Healthcare Security Solutions: Protecting your Organization, Patients, and Information SOLUTION BRIEF CA DATABASE MANAGEMENT FOR DB2 FOR z/os DRAFT 94% of healthcare organizations

More information

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a

More information

Authentication Strategy: Balancing Security and Convenience

Authentication Strategy: Balancing Security and Convenience Authentication Strategy: Balancing Security and Convenience Today s Identity and Access Security Strategies Are Being Driven by Two Critical Imperatives: Enable business growth by: Quickly deploying new

More information

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible IT transformation and evolving identities A number of technology trends, including cloud, mobility,

More information

A to Z Information Services stands out from the competition with CA Recovery Management solutions

A to Z Information Services stands out from the competition with CA Recovery Management solutions Customer success story October 2013 A to Z Information Services stands out from the competition with CA Recovery Management solutions Client Profile Industry: IT Company: A to Z Information Services Employees:

More information

CA Arcot RiskFort. Overview. Benefits

CA Arcot RiskFort. Overview. Benefits PRODUCT SHEET: CA Arcot RiskFort CA Arcot RiskFort CA Arcot RiskFort provides real-time protection against identity theft and online fraud via risk based, adaptive authentication. It evaluates the fraud

More information

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy? SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY How Can I Both Enable and Protect My Organization in the New Application Economy? CA Security solutions can help you enable and protect your business

More information

Closing the Biggest Security Hole in Web Application Delivery

Closing the Biggest Security Hole in Web Application Delivery WHITE PAPER DECEMBER 2014 Closing the Biggest Security Hole in Web Application Delivery Addressing Session Hijacking with CA Single Sign-On Enhanced Session Assurance with DeviceDNA Martin Yam CA Security

More information

CA Technologies Solutions for Criminal Justice Information Security Compliance

CA Technologies Solutions for Criminal Justice Information Security Compliance WHITE PAPER OCTOBER 2014 CA Technologies Solutions for Criminal Justice Information Security Compliance William Harrod Advisor, Public Sector Cyber-Security Strategy 2 WHITE PAPER: SOLUTIONS FOR CRIMINAL

More information

Cybersecurity Framework Security Policy Mapping Table

Cybersecurity Framework Security Policy Mapping Table Cybersecurity Framework Security Policy Mapping Table The following table illustrates how specific requirements of the US Cybersecurity Framework [1] are addressed by the ISO 27002 standard and covered

More information

Applying IBM Security solutions to the NIST Cybersecurity Framework

Applying IBM Security solutions to the NIST Cybersecurity Framework IBM Software Thought Leadership White Paper August 2014 Applying IBM Security solutions to the NIST Cybersecurity Framework Help avoid gaps in security and compliance coverage as threats and business requirements

More information

Identity Centric Security: Control Identity Sprawl to Remove a Growing Risk

Identity Centric Security: Control Identity Sprawl to Remove a Growing Risk Identity Centric Security: Control Identity Sprawl to Remove a Growing Risk John Hawley VP, Security CA Technologies September 2015 Today s Theme: Preparing for the Adversary How to Prepare Your Organization

More information

Can My Identity Management Solution Quickly Adapt to Changing Business Requirements and Processes?

Can My Identity Management Solution Quickly Adapt to Changing Business Requirements and Processes? SOLUTION BRIEF CONFIG XPRESS UTILITY IN CA IDENTITY MANAGER Can My Identity Management Solution Quickly Adapt to Changing Business Requirements and Processes? SOLUTION BRIEF CA DATABASE MANAGEMENT FOR

More information

how can I improve performance of my customer service level agreements while reducing cost?

how can I improve performance of my customer service level agreements while reducing cost? SOLUTION BRIEF CA Business Service Insight for Service Level Management how can I improve performance of my customer service level agreements while reducing cost? agility made possible By automating service

More information

CA Technologies Healthcare security solutions:

CA Technologies Healthcare security solutions: CA Technologies Healthcare security solutions: Protecting your organization, patients, and information agility made possible Healthcare industry imperatives Security, Privacy, and Compliance HITECH/HIPAA

More information

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

defending against advanced persistent threats: strategies for a new era of attacks agility made possible defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been

More information

Critical Manufacturing Cybersecurity Framework Implementation Guidance

Critical Manufacturing Cybersecurity Framework Implementation Guidance F Critical Manufacturing Cybersecurity Framework Implementation Guidance i Foreword The National Institute of Standards and Technology (NIST) released the 2014 Framework for Improving Critical Infrastructure

More information

Improving Critical Infrastructure Cybersecurity Executive Order 13636. Preliminary Cybersecurity Framework

Improving Critical Infrastructure Cybersecurity Executive Order 13636. Preliminary Cybersecurity Framework 1 Improving Critical Infrastructure Cybersecurity Executive Order 13636 Preliminary Cybersecurity Framework 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

More information

NIST Cybersecurity Framework & A Tale of Two Criticalities

NIST Cybersecurity Framework & A Tale of Two Criticalities NIST Cybersecurity Framework & A Tale of Two Criticalities Vendor Management & Incident Response Presented by: John H Rogers, CISSP Advisory Services Practice Manager john.rogers@sagedatasecurity.com Presented

More information

CA point of view: Content-Aware Identity & Access Management

CA point of view: Content-Aware Identity & Access Management TECHNOLOGY BRIEF CA Point of View: Content-Aware Identity and Access Management March 2011 CA point of view: Content-Aware Identity & Access Management table of contents EXECUTIVE SUMMARY SECTION 1 Challenge

More information

Security in the App Economy

Security in the App Economy SESSION ID: SPO1-W02 Security in the App Economy How to Ride the Wave Without Wiping Out! Michelle Waugh Vice President, Security Solutions CA Technologies Are you rolling out new apps & services to your

More information

ACCESS RIGHTS MANAGEMENT Securing Assets for the Financial Services Sector

ACCESS RIGHTS MANAGEMENT Securing Assets for the Financial Services Sector ACCESS RIGHTS MANAGEMENT Securing Assets for the Financial Services Sector V.2 Final Draft May 1, 2014 financial_nccoe@nist.gov This revision incorporates comments from the public. Page Use case 1 Comments

More information

CA SiteMinder SSO Agents for ERP Systems

CA SiteMinder SSO Agents for ERP Systems PRODUCT SHEET: CA SITEMINDER SSO AGENTS FOR ERP SYSTEMS CA SiteMinder SSO Agents for ERP Systems CA SiteMinder SSO Agents for ERP Systems help organizations minimize sign-on requirements and increase security

More information

Designing a CA Single Sign-On Architecture for Enhanced Security

Designing a CA Single Sign-On Architecture for Enhanced Security WHITE PAPER FEBRUARY 2015 Designing a CA Single Sign-On Architecture for Enhanced Security Using existing settings for a higher-security architecture 2 WHITE PAPER: DESIGNING A CA SSO ARCHITECTURE FOR

More information

1 CA SECURITY SAAS VALIDATION PROGRAM 2015 ca.com. CA Security SaaS Validation Program. Copyright 2015 CA. All Rights Reserved.

1 CA SECURITY SAAS VALIDATION PROGRAM 2015 ca.com. CA Security SaaS Validation Program. Copyright 2015 CA. All Rights Reserved. 1 CA SECURITY SAAS VALIDATION PROGRAM 2015 ca.com CA Security SaaS Validation Program 2 CA SECURITY SAAS VALIDATION PROGRAM 2015 ca.com At a Glance KEY BENEFITS/ RESULTS The CA Security SaaS Validation

More information

Happy First Anniversary NIST Cybersecurity Framework:

Happy First Anniversary NIST Cybersecurity Framework: Happy First Anniversary NIST Cybersecurity Framework: We ve Hardly Known Ya Chad Stowe, CISSP, CISA, MBA Who is your organization on Cybersecurity? Problem Statement Management has not been given the correct

More information

Appendix B: Mapping Cybersecurity Assessment Tool to NIST

Appendix B: Mapping Cybersecurity Assessment Tool to NIST Appendix B: to NIST Cybersecurity Framework In 2014, the National Institute of Standards and Technology (NIST) released a Cybersecurity Framework for all sectors. The following provides a mapping of the

More information

Building a Roadmap to Robust Identity and Access Management

Building a Roadmap to Robust Identity and Access Management Building a Roadmap to Robust Identity and Access Management Elevating IAM from Responsive to Proactive From cases involving private retailers to government agencies, instances of organizations failing

More information

CRR-NIST CSF Crosswalk 1

CRR-NIST CSF Crosswalk 1 IDENTIFY (ID) Asset Management (AM): The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative

More information

Strengthen security with intelligent identity and access management

Strengthen security with intelligent identity and access management Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers

More information

authentication in the internet banking environment:

authentication in the internet banking environment: SOLUTION BRIEF authentication in the internet banking environment: The solution for FFIEC compliance from CA Technologies agility made possible Introduction to FFIEC Compliance In October of 2005, the

More information

An Enterprise Architect s Guide to API Integration for ESB and SOA

An Enterprise Architect s Guide to API Integration for ESB and SOA An Enterprise Architect s Guide to API Integration for ESB and SOA The New Digital Imperative While some are still adjusting to the idea, you re well aware that we re living in an application economy.

More information

expanding web single sign-on to cloud and mobile environments agility made possible

expanding web single sign-on to cloud and mobile environments agility made possible expanding web single sign-on to cloud and mobile environments agility made possible the world of online business is rapidly evolving In years past, customers once tiptoed cautiously into the realm of online

More information

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity Version 1.0 National Institute of Standards and Technology February 12, 2014 Table of Contents Executive Summary...1 1.0 Framework Introduction...3

More information

Logica Sweden provides secure and compliant cloud services with CA IdentityMinder TM

Logica Sweden provides secure and compliant cloud services with CA IdentityMinder TM CUSTOMER SUCCESS STORY Logica Sweden provides secure and compliant cloud services with CA IdentityMinder TM CUSTOMER PROFILE Industry: IT services Company: Logica Sweden Employees: 5,200 (41,000 globally)

More information

SOLUTION BRIEF BIG DATA MANAGEMENT. How Can You Streamline Big Data Management?

SOLUTION BRIEF BIG DATA MANAGEMENT. How Can You Streamline Big Data Management? SOLUTION BRIEF BIG DATA MANAGEMENT How Can You Streamline Big Data Management? Today, organizations are capitalizing on the promises of big data analytics to innovate and solve problems faster. Big Data

More information

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite SOLUTION BRIEF Enterprise Mobility Management Critical Elements of an Enterprise Mobility Management Suite CA Technologies is unique in delivering Enterprise Mobility Management: the integration of the

More information

Securely Outsourcing to the Cloud: Five Key Questions to Ask

Securely Outsourcing to the Cloud: Five Key Questions to Ask WHITE PAPER JULY 2014 Securely Outsourcing to the Cloud: Five Key Questions to Ask Russell Miller Tyson Whitten CA Technologies, Security Management 2 WHITE PAPER: SECURELY OUTSOURCING TO THE CLOUD: FIVE

More information

Leveraging Privileged Identity Governance to Improve Security Posture

Leveraging Privileged Identity Governance to Improve Security Posture Leveraging Privileged Identity Governance to Improve Security Posture Understanding the Privileged Insider Threat It s no secret that attacks on IT systems and information breaches have increased in both

More information

CA Cloud Service Delivery Platform

CA Cloud Service Delivery Platform CA Cloud Service Delivery Platform Customer Onboarding Version 01.0.00 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the

More information

Broadcloud improves competitive advantage with efficient, flexible and scalable disaster recovery services

Broadcloud improves competitive advantage with efficient, flexible and scalable disaster recovery services CUSTOMER SUCCESS STORY Broadcloud improves competitive advantage with efficient, flexible and scalable disaster recovery services CLIENT PROFILE Industry: IT services Company: Broadcloud Staff: 40-plus BUSINESS

More information

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity Version 1.0 National Institute of Standards and Technology February 12, 2014 Table of Contents Executive Summary...1 1.0 Framework Introduction...3

More information

20 Critical Security Controls

20 Critical Security Controls WHITE PAPER June 2012 20 Critical Security Controls How CA Technologies can help federal agencies automate compliance processes Philip Kenney CA Security Management Table of Contents Executive Summary

More information

CA Workload Automation for SAP Software

CA Workload Automation for SAP Software CA Workload Automation for SAP Software 2 The Application Economy Spurs New SAP System Workload Challenges Business is being shaped more and more by what has become an application-based world. In this

More information

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. Identity-centric Security: The ca Securecenter Portfolio

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. Identity-centric Security: The ca Securecenter Portfolio SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY Identity-centric Security: The ca Securecenter Portfolio How can you leverage the benefits of cloud, mobile, and social media, while protecting

More information

Solving the Security Puzzle

Solving the Security Puzzle Solving the Security Puzzle How Government Agencies Can Mitigate Today s Threats Abstract The federal government is in the midst of a massive IT revolution. The rapid adoption of mobile, cloud and Big

More information

Cybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity

Cybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity Cybersecurity Framework Executive Order 13636 Improving Critical Infrastructure Cybersecurity National Institute of Standards and Technology (NIST) Mission To promote U.S. innovation and industrial competitiveness

More information

Enabling and Protecting the Open Enterprise

Enabling and Protecting the Open Enterprise Enabling and Protecting the Open Enterprise The Changing Role of Security A decade or so ago, security wasn t nearly as challenging as it is today. Users, data and applications were all centralized in

More information

TECHNOLOGY BRIEF: PREVENTING UNAUTHORISED ACCESS TO CRITICAL SYSTEMS AND DATA. Colruyt ensures data privacy with Identity & Access Management.

TECHNOLOGY BRIEF: PREVENTING UNAUTHORISED ACCESS TO CRITICAL SYSTEMS AND DATA. Colruyt ensures data privacy with Identity & Access Management. TECHNOLOGY BRIEF: PREVENTING UNAUTHORISED ACCESS TO CRITICAL SYSTEMS AND DATA Colruyt ensures data privacy with Identity & Access Management. Table of Contents Executive Summary SECTION 1: CHALLENGE 2

More information

IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector

IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector V.2 Final Draft May 1, 2014 financial_nccoe@nist.gov This revision incorporates comments from the public. Page Use case 1 Comments

More information

Leveraging Mobility to Drive Productivity and Provide a Superior IT Service Management Experience

Leveraging Mobility to Drive Productivity and Provide a Superior IT Service Management Experience Leveraging Mobility to Drive Productivity and Provide a Superior IT Service Management Experience Emerging Trends Create New Business and Consumer Expectations It s no secret that the enterprise IT landscape

More information

Happy First Anniversary NIST Cyber Security Framework:

Happy First Anniversary NIST Cyber Security Framework: Happy First Anniversary NIST Cyber Security Framework: We ve Hardly Known Ya Chad Stowe, CISSP, CISA, MBA Problem Statement Management has not been given the correct information to understand and act upon

More information

agility made possible

agility made possible SOLUTION BRIEF Mainframe Software Rationalization Program want to reduce costs and rationalize your mainframe software change management environment? agility made possible CA Endevor Software Change Manager

More information

How can Content Aware Identity and Access Management give me the control I need to confidently move my business forward?

How can Content Aware Identity and Access Management give me the control I need to confidently move my business forward? SOLUTION BRIEF Content Aware Identity and Access Management May 2010 How can Content Aware Identity and Access Management give me the control I need to confidently move my business forward? we can CA Content

More information

agility made possible

agility made possible SOLUTION BRIEF CA Technologies and NetApp Integrated Service Automation Across the Data Center can you automate the provisioning and management of both virtual and physical resources across your data center

More information

how can I comprehensively control sensitive content within Microsoft SharePoint?

how can I comprehensively control sensitive content within Microsoft SharePoint? SOLUTION BRIEF Information Lifecycle Control for Sharepoint how can I comprehensively control sensitive content within Microsoft SharePoint? agility made possible CA Information Lifecycle Control for SharePoint

More information

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service? solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service? provides identity and access management capabilities as a hosted cloud service. This allows you to quickly

More information

CA Spectrum and CA Embedded Entitlements Manager

CA Spectrum and CA Embedded Entitlements Manager CA Spectrum and CA Embedded Entitlements Manager Integration Guide CA Spectrum Release 9.4 - CA Embedded Entitlements Manager This Documentation, which includes embedded help systems and electronically

More information

Navigating the NIST Cybersecurity Framework

Navigating the NIST Cybersecurity Framework Navigating the NIST Cybersecurity Framework Explore the NIST Cybersecurity Framework and tools and processes needed for successful implementation. Abstract For federal agencies, addressing cybersecurity

More information

The President issued an Executive Order Improving Critical Infrastructure Cybersecurity, on February 2013.

The President issued an Executive Order Improving Critical Infrastructure Cybersecurity, on February 2013. The President issued an Executive Order Improving Critical Infrastructure Cybersecurity, on February 2013. The Executive Order calls for the development of a voluntary risk based Cybersecurity Framework

More information

Global Bank Achieves Significant Savings and Increased Transaction Volume with Zero-Touch Authentication

Global Bank Achieves Significant Savings and Increased Transaction Volume with Zero-Touch Authentication CUSTOMER SUCCESS STORY JULY 2015 Global Bank Achieves Significant Savings and Increased Transaction Volume with Zero-Touch Authentication CLIENT PROFILE Company: Global Bank Industry: Financial Services

More information

SOLUTION BRIEF Improving SAP Security With CA Identity and Access Management. improving SAP security with CA Identity and Access Management

SOLUTION BRIEF Improving SAP Security With CA Identity and Access Management. improving SAP security with CA Identity and Access Management SOLUTION BRIEF Improving SAP Security With CA Identity and Access Management improving SAP security with CA Identity and Access Management The CA Identity and Access Management (IAM) suite can help you

More information

America s New Cybersecurity Framework: Help or New Source of Exposure?

America s New Cybersecurity Framework: Help or New Source of Exposure? America s New Cybersecurity Framework: Help or New Source of Exposure? BY BEHNAM DAYANIM, RYAN NIER & ELIZABETH DORSI March 2014 Data theft is on the rise, and the federal government is concerned. In 2013

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

5 Pillars of API Management with CA Technologies

5 Pillars of API Management with CA Technologies 5 Pillars of API Management with CA Technologies Introduction: Managing the new open enterprise Realizing the Opportunities of the API Economy Across industry sectors, the boundaries of the traditional

More information

10 Steps to Establishing an Effective Email Retention Policy

10 Steps to Establishing an Effective Email Retention Policy WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 10 Steps to Establishing an Effective Email Retention Policy JANUARY 2009 Eric Lundgren INFORMATION GOVERNANCE Table of Contents Executive Summary SECTION

More information

WHITE PAPER AUGUST 2014. Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords

WHITE PAPER AUGUST 2014. Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords WHITE PAPER AUGUST 2014 Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords 2 WHITE PAPER: PREVENTING SECURITY BREACHES Table of Contents on t Become the Next Headline

More information

Automation Suite for NIST Cyber Security Framework

Automation Suite for NIST Cyber Security Framework WHITEPAPER NIST Cyber Security Framework Automation Suite for NIST Cyber Security Framework NOVEMBER 2014 Automation Suite for NIST Cyber Security Framework The National Institute of Standards and Technology

More information

Employing Best Practices for Mainframe Tape Encryption

Employing Best Practices for Mainframe Tape Encryption WHITE PAPER: DATA ENCRYPTION BEST PRACTICES FOR MAINFRAME TAPE Employing Best Practices for Mainframe Tape Encryption JUNE 2008 Stefan Kochishan CA MAINFRAME PRODUCT MARKETING John Hill CA MAINFRAME PRODUCT

More information

CA Service Desk Manager - Mobile Enabler 2.0

CA Service Desk Manager - Mobile Enabler 2.0 This Document is aimed at providing information about the (CA SDM) Mobile Enabler and mobile capabilities that is typically not available in the product documentation. This is a living document and will

More information

Achieve Your Business and IT Goals with Help from CA Services

Achieve Your Business and IT Goals with Help from CA Services Achieve Your Business and IT Goals with Help from CA Services How Does CA Services Approach an Engagement? Whether its planning, implementing or running our industry leading software, CA Services can help

More information

SOLUTION BRIEF THE CA TECHNOLOGIES SOLUTION FOR PCI COMPLIANCE. How Can the CA Security Solution Help Me With PCI Compliance?

SOLUTION BRIEF THE CA TECHNOLOGIES SOLUTION FOR PCI COMPLIANCE. How Can the CA Security Solution Help Me With PCI Compliance? SOLUTION BRIEF THE CA TECHNOLOGIES SOLUTION FOR PCI COMPLIANCE How Can the CA Security Solution Help Me With PCI Compliance? SOLUTION BRIEF CA DATABASE MANAGEMENT FOR DB2 FOR z/os DRAFT CA Technologies

More information

CA Vulnerability Manager r8.3

CA Vulnerability Manager r8.3 PRODUCT BRIEF: CA VULNERABILITY MANAGER CA Vulnerability Manager r8.3 CA VULNERABILITY MANAGER PROTECTS ENTERPRISE SYSTEMS AND BUSINESS OPERATIONS BY IDENTIFYING VULNERABILITIES, LINKING THEM TO CRITICAL

More information

CA ControlMinder for Virtual Environments May 2012

CA ControlMinder for Virtual Environments May 2012 FREQUENTLY ASKED QUESTIONS May 2012 Top Ten Questions 1. What is?... 2 2. What are the key benefits of?... 2 3. What are the key capabilities of?... 2 4. Does this release include anything from the recently

More information

TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management

TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management Table of Contents Executive Summary 1 SECTION 1: CHALLENGE 2 The Need for

More information

Can I customize my identity management deployment without extensive coding and services?

Can I customize my identity management deployment without extensive coding and services? SOLUTION BRIEF CONNECTOR XPRESS AND POLICY XPRESS UTILITIES IN CA IDENTITY MANAGER Can I customize my identity management deployment without extensive coding and services? SOLUTION BRIEF CA DATABASE MANAGEMENT

More information

Why you should adopt the NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive

More information

Voluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org. 2014 Utilities Telecom Council

Voluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org. 2014 Utilities Telecom Council Voluntary Cybersecurity Initiatives in Critical Infrastructure Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org 2014 Utilities Telecom Council Utility cybersecurity environment is full of collaborations

More information

The Future of Workload Automation in the Application Economy

The Future of Workload Automation in the Application Economy The Future of Workload Automation in the Application Economy Success Requires Agility in the Application Economy The link between data center operations and business agility has never been stronger. If

More information

Key Authentication Considerations for Your Mobile Strategy

Key Authentication Considerations for Your Mobile Strategy Key Authentication Considerations for Your Mobile Strategy The Need for Mobile Authentication Reaches Critical Mass According to an old adage, consumers speak through their pocketbooks. While that saying

More information

SOLUTION BRIEF IMPROVING CAPACITY PLANNING USING APPLICATION PERFORMANCE MANAGEMENT

SOLUTION BRIEF IMPROVING CAPACITY PLANNING USING APPLICATION PERFORMANCE MANAGEMENT SOLUTION BRIEF IMPROVING CAPACITY PLANNING USING APPLICATION PERFORMANCE MANAGEMENT How can I ensure an exceptional end-user experience for business-critical applications and help reduce risk without over

More information

Cybersecurity Framework: Current Status and Next Steps

Cybersecurity Framework: Current Status and Next Steps Cybersecurity Framework: Current Status and Next Steps Federal Advisory Committee on Insurance November 6, 2014 Adam Sedgewick Senior IT Policy Advisor Adam.Sedgewick@nist.gov National Institute of Standards

More information

How Can I Better Manage My Software Assets And Mitigate The Risk Of Compliance Audits?

How Can I Better Manage My Software Assets And Mitigate The Risk Of Compliance Audits? SOLUTION BRIEF CA SERVICE MANAGEMENT - SOFTWARE ASSET MANAGEMENT How Can I Better Manage My Software Assets And Mitigate The Risk Of Compliance Audits? SOLUTION BRIEF CA DATABASE MANAGEMENT FOR DB2 FOR

More information

Fujitsu Australia and New Zealand provides cost-effective and flexible cloud services with CA Technologies solutions

Fujitsu Australia and New Zealand provides cost-effective and flexible cloud services with CA Technologies solutions CUSTOMER SUCCESS STORY Fujitsu Australia and New Zealand provides cost-effective and flexible cloud services with CA Technologies solutions CLIENT PROFILE Industry: IT Services Company: Fujitsu Australia

More information

CA Technologies optimizes business systems worldwide with enterprise data model

CA Technologies optimizes business systems worldwide with enterprise data model CUSTOMER SUCCESS STORY CA Technologies optimizes business systems worldwide with enterprise data model CLIENT PROFILE Industry: IT Organization: CA Technologies Employees: 13,600 Revenue: $4.8 billion

More information

Addressing PCI Compliance

Addressing PCI Compliance WHITE PAPER DECEMBER 2015 Addressing PCI Compliance Through Privileged Access Management 2 WHITE PAPER: ADDRESSING PCI COMPLIANCE Executive Summary Challenge Organizations handling transactions involving

More information

Compliance series Guide to the NIST Cybersecurity Framework

Compliance series Guide to the NIST Cybersecurity Framework Compliance series Guide to the NIST Cybersecurity Framework avecto.com In this paper, Avecto looks at the role least privilege security and application control play in the National Institute of Standards

More information

Ativas enhances cloud services with CA Technologies solutions

Ativas enhances cloud services with CA Technologies solutions CUSTOMER SUCCESS STORY Ativas enhances cloud services with CA Technologies solutions CUSTOMER PROFILE Industry: IT managed services Company: Ativas Employees: 200+ Revenue (2011): R$ 30 million BUSINESS

More information

CA Chorus Helps Reduce Costs, Improve Productivity and Assist With Mainframe Skills Retention

CA Chorus Helps Reduce Costs, Improve Productivity and Assist With Mainframe Skills Retention ROI BUSINESS USE CASE FEBRUARY 2015 CA Chorus Helps Reduce Costs, Improve Productivity and Assist With Mainframe Skills Retention 95% of our customers recognized and confirmed the skills problem in their

More information

NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015

NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015 NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015 Overview The University of Pittsburgh NIST Cybersecurity Framework Pitt NIST Cybersecurity Framework Program Wrap Up Questions

More information

CA Top Secret r15 for z/os

CA Top Secret r15 for z/os PRODUCT SHEET: CA TOP SECRET FOR z/os we can CA Top Secret r15 for z/os CA Top Secret for z/os (CA Top Secret ) provides innovative, comprehensive security for your business transaction environments, including

More information

Addressing the United States CIO Office s Cybersecurity Sprint Directives

Addressing the United States CIO Office s Cybersecurity Sprint Directives RFP Response Addressing the United States CIO Office s Cybersecurity Sprint Directives How BeyondTrust Helps Government Agencies Address Privileged Account Management and Improve Security July 2015 Addressing

More information

Which cybersecurity standard is most relevant for a water utility?

Which cybersecurity standard is most relevant for a water utility? Which cybersecurity standard is most relevant for a water utility? Don Dickinson 1 * 1 Don Dickinson, Phoenix Contact USA, 586 Fulling Mill Road, Middletown, Pennsylvania, USA, 17057 (*correspondence:

More information

CONCEPTS IN CYBER SECURITY

CONCEPTS IN CYBER SECURITY CONCEPTS IN CYBER SECURITY GARY KNEELAND, CISSP SENIOR CONSULTANT CRITICAL INFRASTRUCTURE & SECURITY PRACTICE 1 OBJECTIVES FRAMEWORK FOR CYBERSECURITY CYBERSECURITY FUNCTIONS CYBERSECURITY CONTROLS COMPARATIVE

More information

agility made possible

agility made possible SOLUTION BRIEF ConfigXpress Utility in CA IdentityMinder can my identity management solution quickly adapt to changing business requirements and processes? agility made possible With the ConfigXpress tool

More information

October 2014. Four Best Practices for Passing Privileged Account Audits

October 2014. Four Best Practices for Passing Privileged Account Audits Four Best Practices for Passing Privileged Account Audits October 2014 1 Table of Contents... 4 1. Discover All Privileged Accounts in Your Environment... 4 2. Remove Privileged Access / Implement Least

More information

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities PRODUCT SHEET: CA SiteMinder CA SiteMinder we can CA SiteMinder provides a centralized security management foundation that enables the secure use of the web to deliver applications and cloud services to

More information

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes. TECHNOLOGY BRIEF: REDUCING COST AND COMPLEXITY WITH GLOBAL GOVERNANCE CONTROLS CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes. Table of Contents Executive

More information