The NIST Framework for Improving Critical Infrastructure Cybersecurity - An Executive Guide
|
|
- Arabella Holmes
- 8 years ago
- Views:
Transcription
1 SOLUTION BRIEF NIST FRAMEWORK FOR IMPROVING CRITICAL INFRASTRUCTURE CYBERSECURITY The NIST Framework for Improving Critical Infrastructure Cybersecurity - An Executive Guide
2 SOLUTION BRIEF CA DATABASE MANAGEMENT FOR DB2 FOR z/os DRAFT Every company is constantly under attack. If anybody tells you they re not, it just means they don t know. It is a threat that is broad-based. It s not just from one source... and it s just unceasing. 1. Wes Bush, Northrup Grumman, Chief Executive Healthcare Security Solutions: Protecting Your Organization, Patients, And Information
3 3 SOLUTION BRIEF: NIST FRAMEWORK FOR CYBERSECURITY FOR CRITICAL INFRASTRUCTURE ca.com The Increasing Threat to Critical Infrastructure Attacks on sensitive IT systems and data increased during 2013, many of which caused substantial financial and reputational damage to the companies involved. Still, a successful attack on the underpinnings of the nation s critical infrastructure would have far more catastrophic impacts than this. The NIST Framework for Cybersecurity for Critical Infrastructure was approved in Feb, 2014, and is intended to help establish guidelines and best practices for ensuring that our critical systems are adequately protected. Although it is a voluntary framework, it is expected that it will be adopted by many companies in order to strengthen their security posture. An emphasis on flexibility The NIST Framework was designed with a very high degree of flexibility for organizations that would like to follow its guidelines. It is also technology-neutral, and incorporates existing industry standards and best practices no re-inventing the wheel. Most importantly, it enables each organization to profile its own cybersecurity efforts, define a target profile, and then put in place a plan to reach that goal. In this regard, its guidelines should be considered not as requirements but as scorecards that are based on the unique business needs, risk appetite, and security demands for each environment and provide a guide for continuous improvement based on changing risk and threat dynamics. What is critical infrastructure? When one thinks about the nation s critical infrastructure, we usually think of the grid, water supplies, national defense, and the like. But, the Framework makes clear that critical infrastructure is an expansive concept that includes many systems that aren t generally thought of in this context, such as: commercial facilities; communications; critical manufacturing; dams; defense industrial; emergency services; energy; financial services; food and agriculture; government facilities; healthcare and public health; information technology; materials; and transportation systems. This makes it clear that a large number and wide variety of public and private organizations will be impacted by the Framework.
4 4 SOLUTION BRIEF: NIST FRAMEWORK FOR CYBERSECURITY FOR CRITICAL INFRASTRUCTURE ca.com Overview of the Framework The Framework consists of three major elements: Framework Core A set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors. The Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level. Framework implementation tiers Tiers describe the degree to which an organization s cybersecurity risk management practices exhibit the characteristics defined in the Framework. There are four tiers that can be used to identify the current state of your cybersecurity effort. These tiers and their brief characteristics include: Tier 1 (Partial): Informal cybersecurity risk management practices, ad hoc and reactive approach to risk management Tier 2 (Risk-Informed): Management-approved risk management processes, awareness of risk at organizational level, but lack of organization-wide approach Tier 3 (Repeatable): Risk management processes expressed as policy, organization-wide approach to manage cybersecurity risk, risk-informed policies, processes and procedures Tier 4 (Adaptive): Adaptable cybersecurity practices based on lessons learned and predictive indicators, continuous improvement incorporating advanced technologies and practices, active sharing of information with partners both before and after cybersecurity events Framework profile Describes outcomes based on the business need and risk assessment that the organization has selected from the Core. This information enables you to identify opportunities for improving cybersecurity by moving from current state to target state. To develop a Profile, an organization can review all the Categories and SubCategories and, based on business drivers and a risk assessment, determine which are most important. The Current Profile can then be used so support prioritization and measurement of progress towards the Target Profile. It can also be used to support communication within the organization. The Framework Core a little more detail The Core consists of functions, categories, sub-categories, and related industry standards. But, note that the Core does not represent a set of actions to perform - rather it defines outcomes that are helpful in improving cybersecurity. The functions included in the Core include: Identify develop the organizational understanding to manage cybersecurity risk to systems, applications, and data Protect implement safeguards to ensure the secure delivery of infrastructure services Detect implement the appropriate activities to identify a cybersecurity event Respond implement the appropriate activities to take action on a cybersecurity event Recover maintain plans for resilience and to restore any services impacted by a cybersecurity event. These Core functions serve to help the organization classify and evaluate their cybersecurity activities, enhance their risk management programs, and track progress of efforts to move from one level of security maturity to a higher level. In this regard, they are an excellent unifying model for your cybersecurity programs.
5 5 SOLUTION BRIEF: NIST FRAMEWORK FOR CYBERSECURITY FOR CRITICAL INFRASTRUCTURE ca.com How to Use the Framework to Improve Cybersecurity The Framework is not intended to replace your existing security processes. Rather, it is intended to complement them, and to help you develop a profile of your current security state, as well as identify your desired state of security, based on the guidelines in the Framework. This approach will enable you to develop an action plan for improving your cybersecurity profile, consistent with your business needs, risk appetite and available resources. A simplified approach to leveraging the Framework is as follows: Prioritize and scope Determine your business priorities and scope your critical business systems that support these priorities and objectives. Identify your regulatory requirements and risk appetite, and identify areas of vulnerabilities and threats. Create a current cybersecurity profile Using the Framework, identify areas where your processes meet your business needs, and those that need strengthening. Conduct a security risk assessment Determine the likelihood of a cybersecurity event, and the impact that it would have on your organization, as well as include your appetite for ongoing risk. Create a target profile Given your current profile and risk appetite, what areas need improvement? Determine where you would like to be in terms of the Framework profiles, and what your time frame is. Determine gaps What areas need strengthening for you to arrive at your desired target profile? Identify these areas, analyze them, and prioritize their implementation. Identity resources required to evolve each area of your profile to the desired state. Finalize an action plan Based on your priorities and required resources, lay out a path to reach your target profile. The top security threats of 2013 were social engineering, advanced persistent threats, and insider threat. 2
6 6 SOLUTION BRIEF: NIST FRAMEWORK FOR CYBERSECURITY FOR CRITICAL INFRASTRUCTURE ca.com CA Security and the NIST Framework Of the functions described above, the one most relevant to protection of systems and data is the Protect function. The Protect categories describe outcomes relating to protecting systems and data from a variety of threats, both internal and external. It also includes procedural topics such as awareness, training, and management of technology assets requirements that do not require a security solution. The categories of the Protect function, and the name of any CA Technologies security solution that can help with compliance for each category, is as follows: Function ID Category Primary Product Secondary Product Protect PR.AC Access Control CA Privileged Identity Manager PR.AT Awareness & Training Not relevant to CA Solutions PR.DS Data Security CA Privileged Identity Manager CA API Mgt & Security CA Data Protection PR.IP Info Protection Processes Not relevent to CA Solutions PR.MA Maintenance CA Privileged Identity Manager PR.PT Protective Technology CA Privileged Identity Manager CA SSO CA API Mgt & Security CA Identity Manager CA Identity Governance CA Advanced Authentication
7 7 SOLUTION BRIEF: NIST FRAMEWORK FOR CYBERSECURITY FOR CRITICAL INFRASTRUCTURE ca.com Let s look in more detail at how CA solutions can help an organization achieve outcomes that conform to these requirements. Critical capabilities for Framework compliance are bolded. Category: Access Control PR.AC-1: Identities and credentials are managed for authorized devices and users PR.AC-2: Physical access to assets is managed and protected PR.AC-3: Remote access is managed PR.AC-4: Access permissions are managed, incorporating the principles of least privilege and separation of duties PR.AC-5: Network integrity is protected, incorporating network segregation where appropriate CA Privileged Identity Manager manages and secures privileged identities. It can restrict access to systems and accounts (including shared accounts) to only authorized users. Access to accounts is managed by CA Shared Account Management. Not relevant to CA Security solutions CA Privileged Identity Manager manages remote connections to systems and devices. Host-based access controls can restrict remote connections according to criteria including IP address. It can also restrict remote connections to ensure they come from the proxy server. CA Privileged Identity Manager provides fine-grained access controls that can ensure separation of duties and least-privilege access. It does this at the OS kernel level, making it the most secure access control implementation. CA Shared Account Management provides both least privilege access and separation of duties by controlling who has access to shared, privileged accounts. The CA Identity Suite also help ensure proper access rights thru automation of access certifications and role-based provisioning processes. CA Privileged Identity Manager can restrict inbound and outbound connections to systems and devices to specific IP addresses, helping to preserve network integrity. Category: Data Security PR.DS-1: Data-at-rest is protected PR.DS-2: Data-in-transit is protected PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition PR.DS-4: Adequate capacity to ensure availability is maintained PR.DS-5: Protections against data leaks are implemented PR.DS-6: Integrity checking mechanisms are used to verify software, firmware, and information integrity PR.DS-7: The development and testing environment(s) are separate from the production environment The CA Solution can protect specific files and folders, so it can protect Data-atrest. Access to protected resources can be denied to even the superuser. CA API Management & Security secures data-in-transit through protocol-, message-, and field-level confidentiality, integrity operations, and availability protection. Not relevant to CA Security solutions Not relevant to CA Security solutions CA Data Protection can discover, classify, and protect sensitive info against disclosure, theft, improper actions ( , USB device, etc) The CA API Suite can protect against common data extraction threats, validate request/response data schemas, and filter message content in transit CA Privileged Identity Manager provides a Trusted Program Execution capability that can ensure that programs have not been modified before execution. Not relevant to CA Security solutions
8 8 SOLUTION BRIEF: NIST FRAMEWORK FOR CYBERSECURITY FOR CRITICAL INFRASTRUCTURE ca.com Category: Maintenance PR.MA-1: Maintenance and repair of organizational assets is performed and logged in a timely manner, with approved and controlled tools PR.MA-2: Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access CA Privileged Identity Manager can manage and monitor maintenance sessions on critical systems and devices. It can control access to the identities used to provide maintenance, restrict that access to follow the principle of least privilege, and log all user actions. Break Glass functionality can enable emergency maintenance. It can manage and also monitor remote maintenance of systems and devices. Category: Protective Technology PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy PR.PT-2: Removable media is protected and its use restricted according to policy PR.PT-3: Access to systems and assets is controlled, incorporating the principle of least functionality PR.PT-4: Communications and control networks are protected It can log all actions taken by users, including administrators. It can track actions performed using shared accounts to individuals. The CA Solution can prevent execution of any executable that is identified as non-essential. It also provides fine-grained access controls to systems and assets on them to protect against unauthorized access CA SSO centrally controls access to Web apps from all devices CA Identity Suite helps ensure correct access entitlements for all users. Role discovery, provisioning, and automated access certification help ensure correct access rights. CA API secures access to service interfaces from all devices and applications CA Advanced Authentication enables risk-based, strong authentication of users, to protect against stolen credentials, or brute force authentication attempts. Not relevant to CA Security solutions
9 9 SOLUTION BRIEF: NIST FRAMEWORK FOR CYBERSECURITY FOR CRITICAL INFRASTRUCTURE ca.com Summary of Key Security Capabilities In order to conform to the guidelines of the Protect function, the following capabilities are very important: Key Capability Description Benefit Shared Account Password Management Fine-Grained Access Controls User Activity Reporting / Video Session Recording End-to-End Encryption API Management & Security Strong, Risk-based Authentication Control access to privileged, administrative accounts with password storage and automatic login capabilities. Control what access privileged users have based on their individual identity, even when using a shared administrative account. Records all user actions, tracking all records by individual, even when a shared account is used. Protect all data-in-transit through data encryption. Control access to APIs based on identity and access rights. Combat data extraction and other attacks. Enable strong, multi-factor authentication, with risk analysis based on contextual factors. Reduces the risk of unauthorized users gaining access to privileged accounts. Prevents password sharing. Reduces risk by providing administrators with only the minimum privileges they need to do their jobs. Makes it simple to find out who did what in a forensic investigation Improved security and confidentiality of data Protect against external, targeted attacks and data leaks. Improve security for all users, combat identity theft and stolen credential attacks. Insider fraud is a common occurrence. On average, organizations have had approximately 55 employee-related incidents of fraud in the past 12 months. 3 The Ponemon Institute
10 10 SOLUTION BRIEF: NIST FRAMEWORK FOR CYBERSECURITY FOR CRITICAL INFRASTRUCTURE Taking the next step The NIST Framework could potentially have a substantial impact on the cybersecurity activities of a large number of organizations, both public and private, over the next year. Even if an organization does not attempt formal compliance with the entire Framework, many companies will attempt to evolve their cybersecurity capabilities to become more aligned with the guidelines included within it. And, this adoption is likely to be global in scope, due to the importance of protecting critical infrastructure, and the flexibility enabled by the Framework. Getting a head start on compliance with the Framework is also an important consideration. All it takes is one successful attack on critical infrastructure to have a profound impact not only on the organization, but also possibly on thousands or millions of unsuspecting users of that infrastructure. Avoiding a disastrous situation like this, and establishing a track record of protecting customer information from loss, will help to increase customer confidence in the security capabilities of your organization. Customer confidence creates loyalty. CA Technologies is proud to have played a consultative role in the creation of this Framework. CA Security solutions can be used effectively to strengthen your cybersecurity profile in order to help meet the requirements of this Framework. Connect with CA Technologies at ca.com CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables them to seize the opportunities of the application economy. Software is at the heart of every business, in every industry. From planning to development to management and security, CA is working with companies worldwide to change the way we live, transact and communicate across mobile, private and public cloud, distributed and mainframe environments. Learn more at ca.com. 1 Wes Bush, Northrup Grumman Chief Executive The Ponemon Institute, The Risk of Insider Fraud: Second Annual Study. February 2013 Copyright CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document as is without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or noninfringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill, or lost data, even if CA is expressly advised in advance of the possibility of such damages. CA does not provide legal advice. Neither this document nor any CA software product referenced herein shall serve as a substitute for your compliance with any laws (including but not limited to any act, statute, regulation, rule, directive, policy, standard, guideline, measure, requirement, administrative order, executive order, etc. (collectively, Laws )) referenced in this document. You should consult with competent legal counsel regarding any Laws referenced herein. CS _1014
SOLUTION BRIEF SEPTEMBER 2014. Healthcare Security Solutions: Protecting your Organization, Patients, and Information
SOLUTION BRIEF SEPTEMBER 2014 Healthcare Security Solutions: Protecting your Organization, Patients, and Information SOLUTION BRIEF CA DATABASE MANAGEMENT FOR DB2 FOR z/os DRAFT 94% of healthcare organizations
More informationAuthentication Strategy: Balancing Security and Convenience
Authentication Strategy: Balancing Security and Convenience Today s Identity and Access Security Strategies Are Being Driven by Two Critical Imperatives: Enable business growth by: Quickly deploying new
More informationNIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT
NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a
More informationidentity as the new perimeter: securely embracing cloud, mobile and social media agility made possible
identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible IT transformation and evolving identities A number of technology trends, including cloud, mobility,
More informationA to Z Information Services stands out from the competition with CA Recovery Management solutions
Customer success story October 2013 A to Z Information Services stands out from the competition with CA Recovery Management solutions Client Profile Industry: IT Company: A to Z Information Services Employees:
More informationClosing the Biggest Security Hole in Web Application Delivery
WHITE PAPER DECEMBER 2014 Closing the Biggest Security Hole in Web Application Delivery Addressing Session Hijacking with CA Single Sign-On Enhanced Session Assurance with DeviceDNA Martin Yam CA Security
More informationCA Technologies Solutions for Criminal Justice Information Security Compliance
WHITE PAPER OCTOBER 2014 CA Technologies Solutions for Criminal Justice Information Security Compliance William Harrod Advisor, Public Sector Cyber-Security Strategy 2 WHITE PAPER: SOLUTIONS FOR CRIMINAL
More informationSOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?
SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY How Can I Both Enable and Protect My Organization in the New Application Economy? CA Security solutions can help you enable and protect your business
More informationCA Arcot RiskFort. Overview. Benefits
PRODUCT SHEET: CA Arcot RiskFort CA Arcot RiskFort CA Arcot RiskFort provides real-time protection against identity theft and online fraud via risk based, adaptive authentication. It evaluates the fraud
More informationApplying IBM Security solutions to the NIST Cybersecurity Framework
IBM Software Thought Leadership White Paper August 2014 Applying IBM Security solutions to the NIST Cybersecurity Framework Help avoid gaps in security and compliance coverage as threats and business requirements
More informationCan My Identity Management Solution Quickly Adapt to Changing Business Requirements and Processes?
SOLUTION BRIEF CONFIG XPRESS UTILITY IN CA IDENTITY MANAGER Can My Identity Management Solution Quickly Adapt to Changing Business Requirements and Processes? SOLUTION BRIEF CA DATABASE MANAGEMENT FOR
More informationCA Technologies Healthcare security solutions:
CA Technologies Healthcare security solutions: Protecting your organization, patients, and information agility made possible Healthcare industry imperatives Security, Privacy, and Compliance HITECH/HIPAA
More informationCybersecurity Framework Security Policy Mapping Table
Cybersecurity Framework Security Policy Mapping Table The following table illustrates how specific requirements of the US Cybersecurity Framework [1] are addressed by the ISO 27002 standard and covered
More informationhow can I improve performance of my customer service level agreements while reducing cost?
SOLUTION BRIEF CA Business Service Insight for Service Level Management how can I improve performance of my customer service level agreements while reducing cost? agility made possible By automating service
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationImproving Critical Infrastructure Cybersecurity Executive Order 13636. Preliminary Cybersecurity Framework
1 Improving Critical Infrastructure Cybersecurity Executive Order 13636 Preliminary Cybersecurity Framework 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
More informationIdentity Centric Security: Control Identity Sprawl to Remove a Growing Risk
Identity Centric Security: Control Identity Sprawl to Remove a Growing Risk John Hawley VP, Security CA Technologies September 2015 Today s Theme: Preparing for the Adversary How to Prepare Your Organization
More informationCA point of view: Content-Aware Identity & Access Management
TECHNOLOGY BRIEF CA Point of View: Content-Aware Identity and Access Management March 2011 CA point of view: Content-Aware Identity & Access Management table of contents EXECUTIVE SUMMARY SECTION 1 Challenge
More informationDesigning a CA Single Sign-On Architecture for Enhanced Security
WHITE PAPER FEBRUARY 2015 Designing a CA Single Sign-On Architecture for Enhanced Security Using existing settings for a higher-security architecture 2 WHITE PAPER: DESIGNING A CA SSO ARCHITECTURE FOR
More informationCritical Manufacturing Cybersecurity Framework Implementation Guidance
F Critical Manufacturing Cybersecurity Framework Implementation Guidance i Foreword The National Institute of Standards and Technology (NIST) released the 2014 Framework for Improving Critical Infrastructure
More informationSecurity in the App Economy
SESSION ID: SPO1-W02 Security in the App Economy How to Ride the Wave Without Wiping Out! Michelle Waugh Vice President, Security Solutions CA Technologies Are you rolling out new apps & services to your
More informationNIST Cybersecurity Framework & A Tale of Two Criticalities
NIST Cybersecurity Framework & A Tale of Two Criticalities Vendor Management & Incident Response Presented by: John H Rogers, CISSP Advisory Services Practice Manager john.rogers@sagedatasecurity.com Presented
More information1 CA SECURITY SAAS VALIDATION PROGRAM 2015 ca.com. CA Security SaaS Validation Program. Copyright 2015 CA. All Rights Reserved.
1 CA SECURITY SAAS VALIDATION PROGRAM 2015 ca.com CA Security SaaS Validation Program 2 CA SECURITY SAAS VALIDATION PROGRAM 2015 ca.com At a Glance KEY BENEFITS/ RESULTS The CA Security SaaS Validation
More informationHappy First Anniversary NIST Cybersecurity Framework:
Happy First Anniversary NIST Cybersecurity Framework: We ve Hardly Known Ya Chad Stowe, CISSP, CISA, MBA Who is your organization on Cybersecurity? Problem Statement Management has not been given the correct
More informationAppendix B: Mapping Cybersecurity Assessment Tool to NIST
Appendix B: to NIST Cybersecurity Framework In 2014, the National Institute of Standards and Technology (NIST) released a Cybersecurity Framework for all sectors. The following provides a mapping of the
More informationBuilding a Roadmap to Robust Identity and Access Management
Building a Roadmap to Robust Identity and Access Management Elevating IAM from Responsive to Proactive From cases involving private retailers to government agencies, instances of organizations failing
More informationCA SiteMinder SSO Agents for ERP Systems
PRODUCT SHEET: CA SITEMINDER SSO AGENTS FOR ERP SYSTEMS CA SiteMinder SSO Agents for ERP Systems CA SiteMinder SSO Agents for ERP Systems help organizations minimize sign-on requirements and increase security
More informationHow To Comply With Ffiec
SOLUTION BRIEF authentication in the internet banking environment: The solution for FFIEC compliance from CA Technologies agility made possible Introduction to FFIEC Compliance In October of 2005, the
More informationAn Enterprise Architect s Guide to API Integration for ESB and SOA
An Enterprise Architect s Guide to API Integration for ESB and SOA The New Digital Imperative While some are still adjusting to the idea, you re well aware that we re living in an application economy.
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity Version 1.0 National Institute of Standards and Technology February 12, 2014 Table of Contents Executive Summary...1 1.0 Framework Introduction...3
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More informationSOLUTION BRIEF BIG DATA MANAGEMENT. How Can You Streamline Big Data Management?
SOLUTION BRIEF BIG DATA MANAGEMENT How Can You Streamline Big Data Management? Today, organizations are capitalizing on the promises of big data analytics to innovate and solve problems faster. Big Data
More informationACCESS RIGHTS MANAGEMENT Securing Assets for the Financial Services Sector
ACCESS RIGHTS MANAGEMENT Securing Assets for the Financial Services Sector V.2 Final Draft May 1, 2014 financial_nccoe@nist.gov This revision incorporates comments from the public. Page Use case 1 Comments
More informationexpanding web single sign-on to cloud and mobile environments agility made possible
expanding web single sign-on to cloud and mobile environments agility made possible the world of online business is rapidly evolving In years past, customers once tiptoed cautiously into the realm of online
More informationSOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite
SOLUTION BRIEF Enterprise Mobility Management Critical Elements of an Enterprise Mobility Management Suite CA Technologies is unique in delivering Enterprise Mobility Management: the integration of the
More informationSecurely Outsourcing to the Cloud: Five Key Questions to Ask
WHITE PAPER JULY 2014 Securely Outsourcing to the Cloud: Five Key Questions to Ask Russell Miller Tyson Whitten CA Technologies, Security Management 2 WHITE PAPER: SECURELY OUTSOURCING TO THE CLOUD: FIVE
More informationBroadcloud improves competitive advantage with efficient, flexible and scalable disaster recovery services
CUSTOMER SUCCESS STORY Broadcloud improves competitive advantage with efficient, flexible and scalable disaster recovery services CLIENT PROFILE Industry: IT services Company: Broadcloud Staff: 40-plus BUSINESS
More informationCRR-NIST CSF Crosswalk 1
IDENTIFY (ID) Asset Management (AM): The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity Version 1.0 National Institute of Standards and Technology February 12, 2014 Table of Contents Executive Summary...1 1.0 Framework Introduction...3
More informationCA Cloud Service Delivery Platform
CA Cloud Service Delivery Platform Customer Onboarding Version 01.0.00 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the
More informationLogica Sweden provides secure and compliant cloud services with CA IdentityMinder TM
CUSTOMER SUCCESS STORY Logica Sweden provides secure and compliant cloud services with CA IdentityMinder TM CUSTOMER PROFILE Industry: IT services Company: Logica Sweden Employees: 5,200 (41,000 globally)
More information20 Critical Security Controls
WHITE PAPER June 2012 20 Critical Security Controls How CA Technologies can help federal agencies automate compliance processes Philip Kenney CA Security Management Table of Contents Executive Summary
More informationEnabling and Protecting the Open Enterprise
Enabling and Protecting the Open Enterprise The Changing Role of Security A decade or so ago, security wasn t nearly as challenging as it is today. Users, data and applications were all centralized in
More informationCybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity
Cybersecurity Framework Executive Order 13636 Improving Critical Infrastructure Cybersecurity National Institute of Standards and Technology (NIST) Mission To promote U.S. innovation and industrial competitiveness
More informationLeveraging Privileged Identity Governance to Improve Security Posture
Leveraging Privileged Identity Governance to Improve Security Posture Understanding the Privileged Insider Threat It s no secret that attacks on IT systems and information breaches have increased in both
More informationSOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. Identity-centric Security: The ca Securecenter Portfolio
SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY Identity-centric Security: The ca Securecenter Portfolio How can you leverage the benefits of cloud, mobile, and social media, while protecting
More informationHappy First Anniversary NIST Cyber Security Framework:
Happy First Anniversary NIST Cyber Security Framework: We ve Hardly Known Ya Chad Stowe, CISSP, CISA, MBA Problem Statement Management has not been given the correct information to understand and act upon
More informationagility made possible
SOLUTION BRIEF Mainframe Software Rationalization Program want to reduce costs and rationalize your mainframe software change management environment? agility made possible CA Endevor Software Change Manager
More informationhow can I comprehensively control sensitive content within Microsoft SharePoint?
SOLUTION BRIEF Information Lifecycle Control for Sharepoint how can I comprehensively control sensitive content within Microsoft SharePoint? agility made possible CA Information Lifecycle Control for SharePoint
More informationagility made possible
SOLUTION BRIEF CA Technologies and NetApp Integrated Service Automation Across the Data Center can you automate the provisioning and management of both virtual and physical resources across your data center
More informationSolving the Security Puzzle
Solving the Security Puzzle How Government Agencies Can Mitigate Today s Threats Abstract The federal government is in the midst of a massive IT revolution. The rapid adoption of mobile, cloud and Big
More informationCA Workload Automation for SAP Software
CA Workload Automation for SAP Software 2 The Application Economy Spurs New SAP System Workload Challenges Business is being shaped more and more by what has become an application-based world. In this
More informationsolution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?
solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service? provides identity and access management capabilities as a hosted cloud service. This allows you to quickly
More informationLeveraging Mobility to Drive Productivity and Provide a Superior IT Service Management Experience
Leveraging Mobility to Drive Productivity and Provide a Superior IT Service Management Experience Emerging Trends Create New Business and Consumer Expectations It s no secret that the enterprise IT landscape
More informationIT ASSET MANAGEMENT Securing Assets for the Financial Services Sector
IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector V.2 Final Draft May 1, 2014 financial_nccoe@nist.gov This revision incorporates comments from the public. Page Use case 1 Comments
More informationThe President issued an Executive Order Improving Critical Infrastructure Cybersecurity, on February 2013.
The President issued an Executive Order Improving Critical Infrastructure Cybersecurity, on February 2013. The Executive Order calls for the development of a voluntary risk based Cybersecurity Framework
More informationAmerica s New Cybersecurity Framework: Help or New Source of Exposure?
America s New Cybersecurity Framework: Help or New Source of Exposure? BY BEHNAM DAYANIM, RYAN NIER & ELIZABETH DORSI March 2014 Data theft is on the rise, and the federal government is concerned. In 2013
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationSOLUTION BRIEF Improving SAP Security With CA Identity and Access Management. improving SAP security with CA Identity and Access Management
SOLUTION BRIEF Improving SAP Security With CA Identity and Access Management improving SAP security with CA Identity and Access Management The CA Identity and Access Management (IAM) suite can help you
More information10 Steps to Establishing an Effective Email Retention Policy
WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 10 Steps to Establishing an Effective Email Retention Policy JANUARY 2009 Eric Lundgren INFORMATION GOVERNANCE Table of Contents Executive Summary SECTION
More informationEmploying Best Practices for Mainframe Tape Encryption
WHITE PAPER: DATA ENCRYPTION BEST PRACTICES FOR MAINFRAME TAPE Employing Best Practices for Mainframe Tape Encryption JUNE 2008 Stefan Kochishan CA MAINFRAME PRODUCT MARKETING John Hill CA MAINFRAME PRODUCT
More informationWHITE PAPER AUGUST 2014. Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords
WHITE PAPER AUGUST 2014 Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords 2 WHITE PAPER: PREVENTING SECURITY BREACHES Table of Contents on t Become the Next Headline
More informationTECHNOLOGY BRIEF: PREVENTING UNAUTHORISED ACCESS TO CRITICAL SYSTEMS AND DATA. Colruyt ensures data privacy with Identity & Access Management.
TECHNOLOGY BRIEF: PREVENTING UNAUTHORISED ACCESS TO CRITICAL SYSTEMS AND DATA Colruyt ensures data privacy with Identity & Access Management. Table of Contents Executive Summary SECTION 1: CHALLENGE 2
More informationGlobal Bank Achieves Significant Savings and Increased Transaction Volume with Zero-Touch Authentication
CUSTOMER SUCCESS STORY JULY 2015 Global Bank Achieves Significant Savings and Increased Transaction Volume with Zero-Touch Authentication CLIENT PROFILE Company: Global Bank Industry: Financial Services
More informationNavigating the NIST Cybersecurity Framework
Navigating the NIST Cybersecurity Framework Explore the NIST Cybersecurity Framework and tools and processes needed for successful implementation. Abstract For federal agencies, addressing cybersecurity
More informationCA Spectrum and CA Embedded Entitlements Manager
CA Spectrum and CA Embedded Entitlements Manager Integration Guide CA Spectrum Release 9.4 - CA Embedded Entitlements Manager This Documentation, which includes embedded help systems and electronically
More informationAchieve Your Business and IT Goals with Help from CA Services
Achieve Your Business and IT Goals with Help from CA Services How Does CA Services Approach an Engagement? Whether its planning, implementing or running our industry leading software, CA Services can help
More information5 Pillars of API Management with CA Technologies
5 Pillars of API Management with CA Technologies Introduction: Managing the new open enterprise Realizing the Opportunities of the API Economy Across industry sectors, the boundaries of the traditional
More informationVoluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org. 2014 Utilities Telecom Council
Voluntary Cybersecurity Initiatives in Critical Infrastructure Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org 2014 Utilities Telecom Council Utility cybersecurity environment is full of collaborations
More informationHow To Improve Your It Performance
SOLUTION BRIEF IMPROVING CAPACITY PLANNING USING APPLICATION PERFORMANCE MANAGEMENT How can I ensure an exceptional end-user experience for business-critical applications and help reduce risk without over
More informationFujitsu Australia and New Zealand provides cost-effective and flexible cloud services with CA Technologies solutions
CUSTOMER SUCCESS STORY Fujitsu Australia and New Zealand provides cost-effective and flexible cloud services with CA Technologies solutions CLIENT PROFILE Industry: IT Services Company: Fujitsu Australia
More informationProduct overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities
PRODUCT SHEET: CA SiteMinder CA SiteMinder we can CA SiteMinder provides a centralized security management foundation that enables the secure use of the web to deliver applications and cloud services to
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationHow Can I Better Manage My Software Assets And Mitigate The Risk Of Compliance Audits?
SOLUTION BRIEF CA SERVICE MANAGEMENT - SOFTWARE ASSET MANAGEMENT How Can I Better Manage My Software Assets And Mitigate The Risk Of Compliance Audits? SOLUTION BRIEF CA DATABASE MANAGEMENT FOR DB2 FOR
More informationSOLUTION BRIEF THE CA TECHNOLOGIES SOLUTION FOR PCI COMPLIANCE. How Can the CA Security Solution Help Me With PCI Compliance?
SOLUTION BRIEF THE CA TECHNOLOGIES SOLUTION FOR PCI COMPLIANCE How Can the CA Security Solution Help Me With PCI Compliance? SOLUTION BRIEF CA DATABASE MANAGEMENT FOR DB2 FOR z/os DRAFT CA Technologies
More informationAutomation Suite for NIST Cyber Security Framework
WHITEPAPER NIST Cyber Security Framework Automation Suite for NIST Cyber Security Framework NOVEMBER 2014 Automation Suite for NIST Cyber Security Framework The National Institute of Standards and Technology
More informationKey Authentication Considerations for Your Mobile Strategy
Key Authentication Considerations for Your Mobile Strategy The Need for Mobile Authentication Reaches Critical Mass According to an old adage, consumers speak through their pocketbooks. While that saying
More informationCybersecurity Framework: Current Status and Next Steps
Cybersecurity Framework: Current Status and Next Steps Federal Advisory Committee on Insurance November 6, 2014 Adam Sedgewick Senior IT Policy Advisor Adam.Sedgewick@nist.gov National Institute of Standards
More informationCA Service Desk Manager - Mobile Enabler 2.0
This Document is aimed at providing information about the (CA SDM) Mobile Enabler and mobile capabilities that is typically not available in the product documentation. This is a living document and will
More informationHow can Content Aware Identity and Access Management give me the control I need to confidently move my business forward?
SOLUTION BRIEF Content Aware Identity and Access Management May 2010 How can Content Aware Identity and Access Management give me the control I need to confidently move my business forward? we can CA Content
More informationHow To Be A World Class Data Center
CUSTOMER SUCCESS STORY Ativas enhances cloud services with CA Technologies solutions CUSTOMER PROFILE Industry: IT managed services Company: Ativas Employees: 200+ Revenue (2011): R$ 30 million BUSINESS
More informationBusiness Agility SURVIVAL GUIDE
Business Agility SURVIVAL GUIDE 1 Every industry is subject to disruption. Only a truly agile business is equipped to respond.* Agile firms grow revenue 37% faster. Agile firms generate 30% higher profits.**
More informationCan I customize my identity management deployment without extensive coding and services?
SOLUTION BRIEF CONNECTOR XPRESS AND POLICY XPRESS UTILITIES IN CA IDENTITY MANAGER Can I customize my identity management deployment without extensive coding and services? SOLUTION BRIEF CA DATABASE MANAGEMENT
More informationNIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015
NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015 Overview The University of Pittsburgh NIST Cybersecurity Framework Pitt NIST Cybersecurity Framework Program Wrap Up Questions
More informationCA ControlMinder for Virtual Environments May 2012
FREQUENTLY ASKED QUESTIONS May 2012 Top Ten Questions 1. What is?... 2 2. What are the key benefits of?... 2 3. What are the key capabilities of?... 2 4. Does this release include anything from the recently
More informationCONCEPTS IN CYBER SECURITY
CONCEPTS IN CYBER SECURITY GARY KNEELAND, CISSP SENIOR CONSULTANT CRITICAL INFRASTRUCTURE & SECURITY PRACTICE 1 OBJECTIVES FRAMEWORK FOR CYBERSECURITY CYBERSECURITY FUNCTIONS CYBERSECURITY CONTROLS COMPARATIVE
More informationCA Explore Performance Management for z/vm
PRODUCT SHEET CA Explore Performance Management for z/vm CA Explore Performance Management for z/vm CA Explore Performance Management for z/vm (CA Explore for z/vm) is a comprehensive performance management
More informationThe Future of Workload Automation in the Application Economy
The Future of Workload Automation in the Application Economy Success Requires Agility in the Application Economy The link between data center operations and business agility has never been stronger. If
More informationCA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.
TECHNOLOGY BRIEF: REDUCING COST AND COMPLEXITY WITH GLOBAL GOVERNANCE CONTROLS CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes. Table of Contents Executive
More informationPicis improves the delivery of client projects worth $50 million with CA Clarity PPM
CUSTOMER SUCCESS STORY Picis improves the delivery of client projects worth $50 million with CA Clarity PPM CUSTOMER PROFILE Industry: Healthcare Informatics Company: Picis, Inc., a part of OptumInsight
More informationcontent-aware identity & access management in a virtual environment
WHITE PAPER Content-Aware Identity & Access Management in a Virtual Environment June 2010 content-aware identity & access management in a virtual environment Chris Wraight CA Security Management we can
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationCA Technologies optimizes business systems worldwide with enterprise data model
CUSTOMER SUCCESS STORY CA Technologies optimizes business systems worldwide with enterprise data model CLIENT PROFILE Industry: IT Organization: CA Technologies Employees: 13,600 Revenue: $4.8 billion
More informationAddressing PCI Compliance
WHITE PAPER DECEMBER 2015 Addressing PCI Compliance Through Privileged Access Management 2 WHITE PAPER: ADDRESSING PCI COMPLIANCE Executive Summary Challenge Organizations handling transactions involving
More informationCA Chorus Helps Reduce Costs, Improve Productivity and Assist With Mainframe Skills Retention
ROI BUSINESS USE CASE FEBRUARY 2015 CA Chorus Helps Reduce Costs, Improve Productivity and Assist With Mainframe Skills Retention 95% of our customers recognized and confirmed the skills problem in their
More informationTransforming IT Processes and Culture to Assure Service Quality and Improve IT Operational Efficiency
EXECUTIVE BRIEF Service Operations Management November 2011 Transforming IT Processes and Culture to Assure Service Quality and Improve IT Operational Efficiency agility made possible David Hayward Sr.
More informationCA Viewpoint. Meeting the European Banking Authority Guidelines and EU Payment Security Directive for Secure Authentication
EXECUTIVE BRIEF AUGUST 2015 CA Viewpoint Summary of European Banking Authority Guidelines and How CA Can Help Meeting the European Banking Authority Guidelines and EU Payment Security Directive for Secure
More informationAVTech provides customers with end-to-end recovery management service with CA ARCserve solutions
CUSTOMER SUCCESS STORY AVTech provides customers with end-to-end recovery management service with CA ARCserve solutions CLIENT PROFILE Industry: ICT Company: Advanced Vision Technology (AVTech) Employees:
More informationWhich cybersecurity standard is most relevant for a water utility?
Which cybersecurity standard is most relevant for a water utility? Don Dickinson 1 * 1 Don Dickinson, Phoenix Contact USA, 586 Fulling Mill Road, Middletown, Pennsylvania, USA, 17057 (*correspondence:
More information