Team Redstone Exhibition (TREx)
|
|
- Ferdinand Nathaniel Powers
- 7 years ago
- Views:
Transcription
1 Team Redstone Exhibition (TREx) 08 June 2016 Dr. Ken LeSueur, Redstone Test Center Approved for public release (SMDC Public Release #6084-1) Distribution A
2 Team Redstone Cyber Initiative Redstone Cyber Senior Executive Steering Group (ESG) Space & Missile Defense Command Aviation & Missile Research Development & Engineering Center PEO Missiles & Space PEO Aviation Redstone Test Center Others Synchronizing Cyber R&D Efforts Towards a Common Objective Coordinating Cyber Security R&D Road Maps Determining Effective & Efficient Contract Strategies ESG Directed the Cyber Working Group to have an exhibition of progress made to date Team Redstone Exhibition 2 Qtr 3 Qtr FY17 The Redstone ESG Convenes Regularly With Clear Goals & Objectives Approved for public release (SMDC Public Release #6084-1) Distribution A 2
3 Definitions and Participating Organizations IMPACT Integrated Mission Performance And Cybersecurity Testbed - A Persistent Distributed Environment of Redstone Cyber Stakeholder Facilities TREx Team Redstone Exhibition 2 nd or 3 rd Qtr 2017 Approved for public release (SMDC Public Release #6084-1) Distribution A 3
4 Initial Team Redstone Cyber Exhibition Requirements Target Date: 2 nd or 3 rd 2017 Establish a Persistent Reconfigurable Distributed Environment Linking Redstone Cyber Stakeholder Facilities Execute a Structured Integration, Data Collection, and Analysis Process Design in Growth Path to Link Team Redstone to Other Army, Joint, and Coalition Cyber Events and Resources Approved for public release (SMDC Public Release #6084-1) Distribution A 4
5 Organizational Objectives Demonstrate distributed connectivity via the JMN across multiple RSA organizations and facilities Demonstrate capabilities of tactical systems and Cyber investments Provide Army PMs with a persistent capability to Assess technologies and procedures necessary to defeat cyber threats Support the Development, Test and Evaluation of capabilities to reduce Cyber related risks and defeat Cyber threats Approved for public release (SMDC Public Release #6084-1) Distribution A 5
6 Concept Development Workshop (CDW) 11 APR 2016 Objectives/Exit Criteria Sites/Labs on the network Identified and Locked Working Group members defined Working Group interdependencies understood Calendar of events defined Organizational Objectives understood Content for Outbrief to ESG Approved for public release (SMDC Public Release #6084-1) Distribution A 6
7 TREx Facility/Network Infrastructure Tactical/Cyber Test Channels AMRDEC USASMDC/ARSTRAT AMRDEC TSMO Data Repository VoIP Chat Wiki Collaboration Tools VoIP Chat Wiki Collaboration Tools VoIP Chat Wiki Collaboration Tools VoIP Chat Wiki Collaboration Tools AMRDEC AMRDEC RTC Data Collection NW Monitor Constructive Sims Visual Systems VoIP Chat Wiki Collaboration Tools VoIP Chat Wiki Collaboration Tools Sanitized Data Xfer Infrastructure Servers Event Control/White Cell Channel Sites to add to Network Existing Sites Approved for public release (SMDC Public Release #6084-1) Distribution A 8
8 Previous Decisions/Assumptions Environment/Network/Event supporting appropriate classification levels JMN is the network to conduct IMPACT/T-REx WSMR terrain will be used for the event NIE/AWA 16.1 Operational Scenario will be used as practical Will have 5 sub working groups and leads for each Will have a minimum of 3 integration spirals leading up to the event Approved for public release (SMDC Public Release #6084-1) Distribution A 8
9 Cyber Blue/Red - DAU Lead Network - RTC Lead Sub Working Groups Operational Scenario - USASMDC/ARSTRAT Lead Technical Simulation Architecture - RTC Lead Tactical Architecture - AMRDEC Security USASMDC/ARSTRAT Lead Approved for public release (SMDC Public Release #6084-1) Distribution A 9
10 Cyber Threat Definitions Matrix Threat Outsider Near-Sider Insider Novice DoS Injection Zigbee/bluetooth Phishing Web Site Deface Cross Site Scripting Spoofing Media Drops (MitM) Physical Security Tools Intermediate Ransom Ware Supply Chain HW/SW Man-in-the-Middle (MitM) Attack 2 factor broken authentication Data Line Tap Privilage Escalation Advanced DoS AV Bypass Manipulate Air Picture Add/Mod/Del e.g. ADS-B (injection) Maint Port Injection Stolen Net-Enabled Mil Radio Industrial Cntl Sys (ICS) DoS Attacking Gaps Outside Intel Network Routing Exploit Approved for public release (SMDC Public Release #6084-1) Distribution A 11
11 TREx Network Infrastructure OSD funded Network Infrastructure TREx Network team working with Technical Working Group to establish logical range requirements Network approach allows expansion in security levels and connectivity to external organizations without major configuration changes Approved for public release (SMDC Public Release #6084-1) Distribution A 12
12 Security Sub Working Groups Expectations Security Identity Security Classification guides required from all PoRs in TREx Brief each WG on needs and limitations of event environment Work with Cyber WG to ensure no system vulnerability could be uncovered that would exceed the event security level Determine data/report dissemination process with stakeholder concurrence Support data classification downgrading as required EXIT CRITERIA List of program security POCs Approved for public release (SMDC Public Release #6084-1) Distribution A 12
13 CDW Objectives/Exit Criteria Results Sites/Labs on the network Identified and Locked Working Group members defined Working Group interdependencies understood Calendar of events defined Organizational Objectives understood Content for Outbrief to ESG Approved for public release (SMDC Public Release #6084-1) Distribution A 13
14 Integration Blocks for TREx Integration Spiral 4 Integration Spiral 3 Integration Spiral 2 Integration Spiral 1 Approved for public release (SMDC Public Release #6084-1) Distribution A 14
15 Key Dates & Decisions All Sites connected to the distributed network will be locked at close of the CDW All POTENTIAL Systems and Simulations identified by integration spiral 1 with the final subset locked at the Mid Planning Workshop All configurations, software, and hardware will be locked at the conclusion of Integration Spiral 4 activities Approved for public release (SMDC Public Release #6084-1) Distribution A 15
16 Questions Approved for public release (SMDC Public Release #6084-1) Distribution A 16
Cyber R &D Research Roundtable
Cyber R &D Research Roundtable 2 May 2013 N A T I O N A L S E C U R I T Y E N E R G Y & E N V I R O N M E N T H E A L T H C Y B E R S E C U R I T Y Changing Environment Rapidly Evolving Threat Changes
More informationCyber Community Highlights
Cyber Community Highlights March 13, 2015 Presented by: Rob Goldsmith, AMRDEC Cyber Lead Cyber Stakeholders S&T, RDT&E, Materiel Developers Academia (Local) Operational Units & Agencies (Sample) Federally
More informationPost-Access Cyber Defense
Post-Access Cyber Defense Dr. Vipin Swarup Chief Scientist, Cyber Security The MITRE Corporation November 2015 Approved for Public Release; Distribution Unlimited. 15-3647. 2 Cyber Security Technical Center
More informationOPTIMIZATION: PEOPLE, TECHNOLOGY, COST
OPTIMIZATION: PEOPLE, TECHNOLOGY, COST Corporate Capabilities Brief (22 October 2014) Corporate Address: 1806 University Drive NW, Huntsville, AL 35801 Corporate Office Phone (256) 763-0654 Huntsville
More informationBad Romance: Three Reasons Hackers <3 Your Web Apps & How to Break Them Up
Bad Romance: Three Reasons Hackers
More informationETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001
001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110
More informationStorage Cloud Infrastructures
Storage Cloud Infrastructures Detection and Mitigation of MITM Attacks Presenter: Jaqueline Carmilema CyberSecurity for the Next Generation South American Round, Quito 31 January 1 February, 2013 PAGE
More informationThe Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud
The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery
More informationReducing Application Vulnerabilities by Security Engineering
Reducing Application Vulnerabilities by Security Engineering - Subash Newton Manager Projects (Non Functional Testing, PT CoE Group) 2008, Cognizant Technology Solutions. All Rights Reserved. The information
More informationCybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity
Cybersecurity Framework Executive Order 13636 Improving Critical Infrastructure Cybersecurity National Institute of Standards and Technology (NIST) Mission To promote U.S. innovation and industrial competitiveness
More informationAppendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises
Appendix Key Areas of Concern i. Inadequate coverage of cybersecurity risk assessment exercises The scope coverage of cybersecurity risk assessment exercises, such as cybersecurity control gap analysis
More informationNational Initiative for Cybersecurity Education
THE NICE VISION National Initiative for Cybersecurity Education a national campaign to promote cybersecurity awareness and digital literacy from our boardrooms to our classrooms, and to build a digital
More informationHomeland Security Perspectives: Cyber Security Partnerships and Measurement Activities
16 Oct 2012 Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford Willke Cyber Security Advisor, Mid Atlantic Region National Cyber Security Division (NCSD) Office
More informationCYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS. Steve Mills Professor of Information Technology Steve.mills@dau.mil 256.922.
CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS 1 Steve Mills Professor of Information Technology Steve.mills@dau.mil 256.922.8761 Overview Cybersecurity Policy Overview Questions Challenge #1 -
More informationA Systems Engineering Approach to Developing Cyber Security Professionals
A Systems Engineering Approach to Developing Cyber Security Professionals D r. J e r r y H i l l Approved for Public Release; Distribution Unlimited. 13-3793 2013 The MITRE Corporation. All rights reserved.
More informationEnterprise Apps: Bypassing the Gatekeeper
Enterprise Apps: Bypassing the Gatekeeper By Avi Bashan and Ohad Bobrov Executive Summary The Apple App Store is a major part of the ios security paradigm, offering a central distribution process that
More informationInformation Technology Career Cluster Advanced Cybersecurity Course Number: 11.48200
Information Technology Career Cluster Advanced Cybersecurity Course Number: 11.48200 Course Description: Advanced Cybersecurity is designed to provide students the advanced concepts and terminology of
More informationSoftware & Supply Chain Assurance: Mitigating Risks Attributable to Exploitable ICT / Software Products and Processes
Software & Supply Chain Assurance: Mitigating Risks Attributable to Exploitable ICT / Software Products and Processes Joe Jarzombek, PMP, CSSLP Director for Software & Supply Chain Assurance Stakeholder
More informationPresentation to NDIA 16th Annual Systems Engineering Conference Hyatt Regency, Crystal City, VA 28-31 October 2013
ALWAYS ON-ON DEMAND": Supporting the Development, Test, and Training of Operational Networks & Net-Centric Systems Presentation to NDIA 16th Annual Systems Engineering Conference Hyatt Regency, Crystal
More informationMs. Sandy Veautour Chief Systems Engineer PSG
Ms. Sandy Veautour Chief Systems Engineer PSG SBIR Initiatives Phase I FY 07 3 Awards High Speed Wireless 3-D Video Transmission to Support Virtual Dismounted Training 2 Phase I contract awards Battlefield
More informationLooking at the SANS 20 Critical Security Controls
Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of
More informationOWASP Omaha. The Open Web Application Security Project Omaha Chapter
OWASP Omaha The Open Web Application Security Project Omaha Chapter What is OWASP? The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused
More informationTechNet Land Forces South Small Business Opportunities. Carey Webster Director, Federal Information Solutions Deltek
TechNet Land Forces South Small Business Opportunities Carey Webster Director, Federal Information Solutions Deltek Agenda Review of Upcoming Opportunities for Small Businesses Army 8 Small Business Navy
More informationDefense Security Service
Defense Security Service Defense Security Service Cybersecurity Operations Division Counterintelligence UNCLASSIFIED Defense Security Service DSS Mission DSS Supports national security and the warfighter,
More informationCybersecurity. Cybersecurity 331
Cybersecurity Summary DOT&E cybersecurity efforts in FY14 included 16 Combatant Command (CCMD) and Service assessments completed as part of the Cybersecurity Assessment Program, 21 cybersecurity operational
More informationSeven Strategies to Defend ICSs
INTRODUCTION Cyber intrusions into US Critical Infrastructure systems are happening with increased frequency. For many industrial control systems (ICSs), it s not a matter of if an intrusion will take
More informationTechnical Testing. Network Testing DATA SHEET
DATA SHEET Technical Testing Network Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance your security posture, reduce
More informationCyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants
Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants Sooill Lee a*, Yong Sik Kim a, Song Hae Ye a a Central Research Institute, Korea Hydro and
More informationPASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013
2013 PASTA Abstract Process for Attack S imulation & Threat Assessment Abstract VerSprite, LLC Copyright 2013 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
More informationThe Top Web Application Attacks: Are you vulnerable?
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding
More informationCYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS. Steve Mills DAU-South
CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS Steve Mills DAU-South 1 Overview Questions Cybersecurity Owners and Stakeholders Cybersecurity Why It Matters to DoD Program Managers Defense Science
More informationMagento Security and Vulnerabilities. Roman Stepanov
Magento Security and Vulnerabilities Roman Stepanov http://ice.eltrino.com/ Table of contents Introduction Open Web Application Security Project OWASP TOP 10 List Common issues in Magento A1 Injection
More informationThreat Modeling. Categorizing the nature and severity of system vulnerabilities. John B. Dickson, CISSP
Threat Modeling Categorizing the nature and severity of system vulnerabilities John B. Dickson, CISSP What is Threat Modeling? Structured approach to identifying, quantifying, and addressing threats. Threat
More informationRole and Skill Descriptions. For An ITIL Implementation Project
Role and Skill Descriptions For An ITIL Implementation Project The following skill traits were identified as fairly typical of those needed to execute many of the key activities identified: Customer Relationship
More informationCybersecurity Throughout DoD Acquisition
Cybersecurity Throughout DoD Acquisition Tim Denman Cybersecurity Performance Learning Director DAU Learning Capabilities Integration Center Tim.Denman@dau.mil Acquisition.cybersecurity@dau.mil Cybersecurity
More informationREQUEST FOR INFORMATION
Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services 3 September 2015 6506 Loisdale Rd, Ste 325
More informationSystems Engineering and Integration Efforts. 11 Dec 2013
Systems Engineering and Integration Efforts 11 Dec 2013 Mr. Leo Smith Director, PoR Engineering Support ASA(ALT) System of Systems Engineering & Integration Directorate (SOSE&I) Approved for Public Release;
More informationTechnical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments
DATA SHEET Technical Testing Application, Network and Red Team Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance
More informationCriteria for web application security check. Version 2015.1
Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-
More informationPenetration Testing. University of Sunderland CSEM02 Harry R Erwin, PhD
Penetration Testing University of Sunderland CSEM02 Harry R Erwin, PhD Resources Qinetiq Information Security Foundation Course (2002) Tittle, Stewart, and Chapple, 2004, CISSP: Certified Information Systems
More informationIndustrial Control Systems Security Guide
Industrial Control Systems Security Guide Keith Stouffer, Engineering Lab National Institute of Standards and Technology NIST SP 800-82, Rev 2 and ICS Cybersecurity Testbed Keith Stouffer Project Leader,
More informationCourse Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)
Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses
More informationIoT & SCADA Cyber Security Services
IoT & SCADA Cyber Security Services RIOT SOLUTIONS PTY LTD P.O. Box 10087, Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 4, 60 Edward St, Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au
More informationSecurity Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014
Security Testing Vulnerability Assessment vs Penetration Testing Gabriel Mihai Tanase, Director KPMG Romania 29 October 2014 Agenda What is? Vulnerability Assessment Penetration Testing Acting as Conclusion
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationInformation Technology Policy
Information Technology Policy Enterprise Web Application Firewall ITP Number ITP-SEC004 Category Recommended Policy Contact RA-ITCentral@pa.gov Effective Date January 15, 2010 Supersedes Scheduled Review
More informationUNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #50
Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Office of Secretary Of Defense Date: March 2014 0400:,, Test & Evaluation, Defense-Wide / BA 3: Advanced Technology (ATD) COST ($ in Millions) Prior
More informationCYBER TRENDS & INDUSTRY PENETRATION TESTING. Technology Risk Supervision Division Monetary Authority of Singapore
CYBER TRENDS & INDUSTRY PENETRATION TESTING Technology Risk Supervision Division Monetary Authority of Singapore A NEW DAWN New Services / Mobile Application, NFC, FAST Technology / Biometrics, Big Data,
More informationWeb Engineering Web Application Security Issues
Security Issues Dec 14 2009 Katharina Siorpaes Copyright 2009 STI - INNSBRUCK www.sti-innsbruck.at It is NOT Network Security It is securing: Custom Code that drives a web application Libraries Backend
More informationCovert Operations: Kill Chain Actions using Security Analytics
Covert Operations: Kill Chain Actions using Security Analytics Written by Aman Diwakar Twitter: https://twitter.com/ddos LinkedIn: http://www.linkedin.com/pub/aman-diwakar-ccie-cissp/5/217/4b7 In Special
More informationMobile Applications. Army s Direction and Our Challenges
Mobile Applications Army s Direction and Our Challenges AFCEA LUNCHEON 16 March 2011 Pete Marion APEO for Customer Support Purpose Who are the major players in the Army for Digital Applications? What are
More informationLocked Shields 2013. Kaur Kasak 24 Sept 2013
Locked Shields 2013 Kaur Kasak 24 Sept 2013 Disclaimer: This briefing is a product of the CCD COE. It does not represent the opinions or policies of NATO and is designed to provide an independent position.
More informationNAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives
NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives Center of excellence for secure integration, deployment and sustainment of Industrial Control Systems and Operational Technology
More informationEmerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA
Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering
More informationHow to Secure Your Environment
End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge
More informationNSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense
NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense Cyber Investigations Data Management Systems Security Data Security Analysis Digital Forensics Health Care Security Industrial
More informationIBM X-Force 2012 Cyber Security Threat Landscape
IBM X-Force 2012 Cyber Security Threat Landscape 1 2012 IBM Corporation Agenda Overview Marketing & Promotion Highlights from the 2011 IBM X-Force Trend and Risk Report New attack activity Progress in
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationHow to Build a Trusted Application. John Dickson, CISSP
How to Build a Trusted Application John Dickson, CISSP Overview What is Application Security? Examples of Potential Vulnerabilities Strategies to Build Secure Apps Questions and Answers Denim Group, Ltd.
More informationProject Manager Integrated
Project Manager Integrated Training Environment (PM ITE) COL Roland M. Gaddy Jr. PEO STRI Project Manager Integrated Training Environment (PM ITE) 18 June 2015 PM ITE Organization PM Integrated Training
More informationNorth Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing
North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing Introduction ManTech Project Manager Mark Shaw, Senior Executive Director Cyber Security Solutions Division
More informationStrategic Information Security. Attacking and Defending Web Services
Security PS Strategic Information Security. Attacking and Defending Web Services Presented By: David W. Green, CISSP dgreen@securityps.com Introduction About Security PS Application Security Assessments
More informationDefense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks
Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks A look at multi-vendor access strategies Joel Langill TÜV FSEng ID-1772/09, CEH, CPT, CCNA Security Consultant / Staff
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationAdvancing Cyber Security Using System Dynamics Simulation Modeling for System Resilience, Patching, and Software Development
Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity (IC) 3 12 February 2015 Advancing Cyber Security Using System Dynamics Simulation Modeling for System Resilience, Patching,
More informationOWASP Top Ten Tools and Tactics
OWASP Top Ten Tools and Tactics Russ McRee Copyright 2012 HolisticInfoSec.org SANSFIRE 2012 10 JULY Welcome Manager, Security Analytics for Microsoft Online Services Security & Compliance Writer (toolsmith),
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationDepartment of Homeland Security
Department of Homeland Security National Cybersecurity Assessments & Technical Services (NCATS) Service Overview, Success and Challenges 3/18/2016 1 Agenda Discussion about NCATS Current Programs and Services
More informationPATRIOTWATCHTM PATRIOTSHIELDTM PATRIOTSWORDTM
Overlook Systems Technologies, Inc. 1950 Old Gallows Road, Suite 400 Vienna, VA 22182 (703)-893-1411 PATRIOTWATCHTM PATRIOTSHIELDTM PATRIOTSWORDTM A PROPOSED SOLUTION TO ADDRESS RISK TO U.S. CRITICAL INFRASTRUCTURE
More informationA Comprehensive Cyber Compliance Model for Tactical Systems
A Comprehensive Cyber Compliance Model for Tactical Systems Author Mark S. Edwards, CISSP/MSEE/MCSE Table of Contents July 28, 2015 Meeting Army cyber security goals with an IA advocate that supports tactical
More informationWhat does it take to deliver the most technologically advanced Games ever?
What does it take to deliver the most technologically advanced Games ever? Enzo Sacco, Quang Tu October 20, 2015 Purpose of today s session To share our experiences and lessons learned in securing the
More informationCivil Aviation and CyberSecurity Dr. Daniel P. Johnson Honeywell Aerospace Advanced Technology
Civil Aviation and CyberSecurity Dr. Daniel P. Johnson Honeywell Aerospace Advanced Technology Outline Scope Civil aviation regulation History Cybersecurity threats Cybersecurity controls and technology
More informationU.S. Department of Energy Office of Inspector General Office of Audits & Inspections. Evaluation Report
U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Evaluation Report The Department's Unclassified Cyber Security Program - 2012 DOE/IG-0877 November 2012 MEMORANDUM FOR
More informationCYBERSPACE SECURITY CONTINUUM
CYBERSPACE SECURITY CONTINUUM A People, Processes, and Technology Approach to Meeting Cyber Security Challenges in the 21 st Century 1 InterAgency Board 1550 Crystal Drive Suite 601, Arlington VA 22202
More informationCybersecurity Awareness for Executives
SESSION ID: SOP-R04 Cybersecurity Awareness for Executives Rob Sloan Head of Cyber Content and Data Dow Jones @_rob_sloan Session Overview Aim: Provide a high level overview of an effective cybersecurity
More informationEnterprise Cybersecurity: Building an Effective Defense
: Building an Effective Defense Chris Williams Scott Donaldson Abdul Aslam 1 About the Presenters Co Authors of Enterprise Cybersecurity: How to Implement a Successful Cyberdefense Program Against Advanced
More informationNational Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2. Exit Conference...
NEA OIG Report No. R-13-03 Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning to detect vulnerabilities... 2 Area
More informationThreat Modelling for Web Application Deployment. Ivan Ristic ivanr@webkreator.com (Thinking Stone)
Threat Modelling for Web Application Deployment Ivan Ristic ivanr@webkreator.com (Thinking Stone) Talk Overview 1. Introducing Threat Modelling 2. Real-world Example 3. Questions Who Am I? Developer /
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationDHS ICSJWG Fall Conference 2011. Maintaining Necessary Information Paths Over Unidirectional Gateways
DHS ICSJWG Fall Conference 2011 Maintaining Necessary Information Paths Over Unidirectional Gateways Mohan Ramanathan Solutions Architect for Critical Infrastructure NitroSecurity Andrew Ginter Director
More informationSIEM Implementation Approach Discussion. April 2012
SIEM Implementation Approach Discussion April 2012 Agenda What are we trying to solve? Summary Observations from the Security Assessments related to Logging & Monitoring Problem Statement Solution Conceptual
More informationAFCEA Aberdeen Luncheon. Army Common Operating Environment (COE) Update. March 11, 2015
AFCEA Aberdeen Luncheon Army Common Operating Environment (COE) Update Mr. Phillip Minor, Deputy Director, COE Directorate Assistant Secretary of the Army for Acquisition, Logistics and Technology (ASA(ALT))
More informationEntire contents 2011 Praetorian. All rights reserved. Information Security Provider and Research Center www.praetorian.com
Entire contents 2011 Praetorian. All rights reserved. Information Security Provider and Research Center www.praetorian.com Threat Modeling "Threat modeling at the design phase is really the only way to
More information8/27/2015. Brad Schuette IT Manager City of Punta Gorda bschuette@pgorda.us (941) 575-3354. Don t Wait Another Day
Brad Schuette IT Manager City of Punta Gorda bschuette@pgorda.us (941) 575-3354 2015 FRWA Annual Conference Don t Wait Another Day 1 SCADA Subsystems Management Physical Connectivity Configuration Mgmt.
More informationWHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.
WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There
More informationADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief
ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS Adaptive Authentication in Juniper SSL VPN Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing
More information2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy
2015 Michigan NASCIO Award Nomination Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy Sponsor: David Behen, DTMB Director and Chief Information Officer Program Manager: Rod Davenport,
More informationMalicious Network Traffic Analysis
Malicious Network Traffic Analysis Uncover system intrusions by identifying malicious network activity. There are a tremendous amount of network based attacks to be aware of on the internet today and the
More informationNICE and Framework Overview
NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to
More informationTHREAT VISIBILITY & VULNERABILITY ASSESSMENT
THREAT VISIBILITY & VULNERABILITY ASSESSMENT Date: April 15, 2015 IKANOW Analysts: Casey Pence IKANOW Platform Build: 1.34 11921 Freedom Drive, Reston, VA 20190 IKANOW.com TABLE OF CONTENTS 1 Key Findings
More informationPenetration Testing Services. Demonstrate Real-World Risk
Penetration Testing Services Demonstrate Real-World Risk Penetration Testing Services The best way to know how intruders will actually approach your network is to simulate a real-world attack under controlled
More informationN-Dimension Solutions Cyber Security for Utilities
AGENDA ITEM NO.: 3.A. MEETING DATE; 08/18/2014 N-Dimension Solutions Cyber Security for Utilities Cyber Security Protection for Critical Infrastructure Assets The cyber threat is escalating - Confidential
More informationUNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 9 R-1 Line #139
Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Office of Secretary Of Defense Date: March 2014 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 6: RDT&E Management Support COST
More informationDynamic Cascade Vulnerability Checks in Real-World Networks
3 rd December 2012 Dynamic Cascade Vulnerability Checks in Real-World Networks Rachel Craddock, Adrian Waller, Noel Butler, Sarah Pennington Thales UK Research and Technology David Llewellyn-Jones, Madjid
More informationCyber Security Assessment of Enterprise-Wide Architectures
Cyber Security Assessment of Enterprise-Wide Architectures Mathias Ekstedt, Associate Prof. Industrial Information and Control Systems KTH Royal Institute of Technology Agenda Problem framing Management/design
More informationThe NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session
The NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session Robert Smith Systemwide IT Policy Director Compliance & Audit Educational Series 5/5/2016 1 Today s reality There are two kinds
More informationAttack Vector Detail Report Atlassian
Attack Vector Detail Report Atlassian Report As Of Tuesday, March 24, 2015 Prepared By Report Description Notes cdavies@atlassian.com The Attack Vector Details report provides details of vulnerability
More informationNIST Cybersecurity Framework Manufacturing Implementation
NIST Cybersecurity Framework Manufacturing Implementation Keith Stouffer Project Leader, Cybersecurity for Smart Manufacturing Systems Engineering Lab, NIST Manufacturing Cybersecurity Research at NIST
More informationCybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014
Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Victoria Yan Pillitteri Advisor for Information Systems Security
More informationProtecting critical infrastructure from Cyber-attack
Protecting critical infrastructure from Cyber-attack ACI-NA BIT Workshop, Session 6 (Cybersecurity) Long Beach, California October 4, 2015 Ben Trethowan Aviation Systems & Security Architect The scale
More information