Supply Chain Risk Management For Modern Software Development
|
|
- Luke Marshall
- 8 years ago
- Views:
Transcription
1 Supply Chain Risk Management For Modern Software Development September 4, 2013 Maritime Institute & Conference Center Linthicum Heights, Maryland
2 Ron Ross PhD, National Institute of Standards and Technology (NIST) Ron Ross is a Fellow at the National Institute of Standards and Technology (NIST). His current areas of specialization include information security and risk management. Dr. Ross leads the Federal Information Security Management Act (FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical information infrastructure. His recent publications include Federal Information Processing Standards (FIPS) Publication 199 (security categorization standard), FIPS Publication 200 (security requirements standard), NIST Special Publication (SP) (security controls guideline), NIST SP A (security assessment guideline), NIST SP (security authorization guideline), NIST SP (risk management guideline), and NIST SP (risk assessment guideline).& Dr. Ross is the principal architect of the Risk Management Framework and multi-tiered approach that provides a disciplined and structured methodology for integrating the suite of FISMA standards and guidelines into a comprehensive enterprise-wide information security program. Dr. Ross also leads the Joint Task Force Transformation Initiative, a partnership with NIST, the Department of Defense, the Intelligence Community, the Office of the Director National Intelligence, and the Committee on National Security Systems to develop a unified information security framework for the federal government.
3 On The SCRM Horizon Implementation of NIST SP , Revision 4. Revision of OMB Circular A-130, Appendix III. OMB Continuous Monitoring Policy. Supply Chain Risk Guidance NIST SP Security Engineering Guidance NIST SP Build It Right, Continuously Monitor NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 3
4 Contact Information Project Leader 100 Bureau Drive Mailstop 8930 Gaithersburg, MD USA Administrative Support Dr. Ron Ross Peggy Himes (301) (301) Senior Information Security Researchers and Technical Support Pat Toth Kelley Dempsey (301) (301) Arnold Johnson (301) Web: csrc.nist.gov/sec-cert Comments: NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 4
5 Wayne Jackson Wayne Jackson currently serves as the CEO of Sonatype, Inc., the leaders in Component Lifecycle Management and creators of Maven and other technologies used by millions of software developers worldwide. Prior to joining Sonatype, Wayne served as the CEO of open source network security pioneer Sourcefire, Inc. (NASDAQ:FIRE), which he guided from fledgling start-up through an IPO in March of 2007, later acquired by Cisco for $2.7 billion. Before joining Sourcefire, Wayne co-founded Riverbed Technologies, a wireless infrastructure company, and served as its CEO until the sale of the company for more than $1 billion in March of Prior to Riverbed, Wayne built an emerging-technologies business unit for a large systems integrator and provided consulting services to organizations including General Electric, the World Bank and the Federal Reserve. Wayne holds a B.B.S in Finance from James Madison University, 1985, and has completed the Executive Education program for Corporate Governance at Harvard University. CEO Sonatype
6 DevOpsSec Supply chain management in modern software development
7 Industrial Evolution
8 Software Evolution Written Assembled 90%
9 The Central Repository The canonical exchange for open source binaries Virtually every mainstream project in the Java ecosystem Accelerating adoption by other languages Virtually every organization developing software >100,000 organizations, >10 million developers Unique visibility Component supply Component consumption
10 Open Source is Everywhere
11 Tremendous Advantages Open = Leveraged Innovation Modular = Accelerated Development Agile = Accelerated Delivery
12 But Some Drawbacks
13 For Example: CVE Network exploitable Medium access complexity No authentication required for exploit Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service
14 Widespread Compromise
15 Struts2 Downloads
16 An Ecosystem Phenomenon
17 Toyota and v4l Variety of products offered Velocity of product flow Variability of outcomes against forecast Visibility of processes to enable learning
18 Toyota and v4l Variety of software produced Velocity of software delivery Variability of outcomes against forecast Visibility of processes to enable learning
19 The L in v4l Create awareness Establish capability (empower) Make action protocols (govern) Generate system-level awareness (monitor)
20 Measurable Advantages Plant suppliers: 125 versus 800 Firm-wide suppliers: 224 versus 5,500 In-house production: 27% versus 54% Comparing the Volt and Prius $39,900 versus $24,200 1,788 units versus 23,294 units
21 Core Supply Chain Principles
22 Create Awareness
23 Create Awareness
24 Empower
25 Govern When left unaudited and unmanaged, opensource assets "seep" into and proliferate within an enterprise's software portfolio as hidden "time bombs" that can eventually result in catastrophic technical failures, security failures, audit compliance violations and intellectual property (IP) risks that create a significant loss of IT value and, subsequently, broader business value. A CIO s Perspective on Open Source Software Mark Driver, Research Vice President January 2011 January 2013 Sonatype survey of 2,500 software developers, team leads, and architects
26 Govern
27 Govern Effectively Humans define policy What component attributes violate policy What actions to take when a policy is violated Machines automate the implementation of policy Humans manage exceptions
28 Govern Effectively 2 8
29 Monitor
30 Monitor
31 Core Supply Chain Principles
32 Substantial, Measurable ROI Reduced surface area exposure, maintenance, expertise Reduced re-work Pro-active situational awareness Better suppliers and supplier relationships Go fast AND be secure!
33 Thank You! x Maple Lawn Drive, Suite 250 Fulton, Md 20759
Managing Security and Privacy Risk in Healthcare Applications
Managing Security and Privacy Risk in Healthcare Applications 5 th Annual OCR / NIST HIPAA Security Rule Conference June 6, 2012 Dr. Ron Ross Computer Security Division Information Technology Laboratory
More informationCyber Security Risk Management: A New and Holistic Approach
Cyber Security Risk Management: A New and Holistic Approach Understanding and Applying NIST SP 800-39 WebEx Hosted by: Business of Security and Federal InfoSec Forum April 12, 2011 Dr. Ron Ross Computer
More informationCloud Computing Technologies Achieving Greater Trustworthiness and Resilience
Cloud Computing Technologies Achieving Greater Trustworthiness and Resilience Cloud Standards Customer Council Public Sector Cloud Summit March 24, 2014 Dr. Ron Ross Computer Security Division Information
More informationManaging Security Risk In a World of Complex Systems and IT Infrastructures
Object Management Group Technical Meeting Managing Security Risk In a World of Complex Systems and IT Infrastructures NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Classes of Vulnerabilities A 2013
More informationSecurity Risk Management For Health IT Systems and Networks
Health IT Standards Committee Meeting Security Risk Management For Health IT Systems and Networks NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Setting the stage. NATIONAL INSTITUTE OF STANDARDS AND
More informationOpening Up a Second Front for Cyber Security and Risk Management
Opening Up a Second Front for Cyber Security and Risk Management Annual Computer Security Applications Conference December 4, 2012 Dr. Ron Ross Computer Security Division Information Technology Laboratory
More informationRethinking Cybersecurity from the Inside Out
Rethinking Cybersecurity from the Inside Out An Engineering and Life Cycle-Based Approach for Building Trustworthy Resilient Systems Dr. Ron Ross Computer Security Division Information Technology Laboratory
More informationFISMA Implementation Project
FISMA Implementation Project The Associated Security Standards and Guidelines Dr. Ron Ross Computer Security Division Information Technology Laboratory 1 Today s Climate Highly interactive environment
More informationThe Game of Hide and Seek, Hidden Risks in Modern Software Development
The Game of Hide and Seek, Hidden Risks in Modern Software Development SESSION ID: ASEC-R02 Ryan Berg CSO Sonatype @ryanberg00 Agenda The changing dynamics surrounding application security Why this is
More informationCon$nuous Accelera$on Accelera$ng Innova$on with So6ware Supply Chain Management Ilkka Turunen SOLUTIONS ARCHITECT EMEA / APJ
Con$nuous Accelera$on Accelera$ng Innova$on with So6ware Supply Chain Management Ilkka Turunen SOLUTIONS ARCHITECT EMEA / APJ Spoiler: We can learn from this Automa$on Integra$on Ecosystems A driving force:
More informationIT-CNP, Inc. Capability Statement
Securing America s Infrastructure Security Compliant IT Operations Hosting Cyber Security Information FISMA Cloud Management Hosting Security Compliant IT Logistics Hosting 1 IT-CNP, Inc. is a Government
More informationNeXUS REPOSITORY managers
PRODUCT OVERVIEW NeXUS REPOSITORY managers Nexus OSS, Nexus Pro and Nexus Pro+ Nexus repository managers help organizations build better software, faster. Like a supply chain, applications are built by
More informationGet Confidence in Mission Security with IV&V Information Assurance
Get Confidence in Mission Security with IV&V Information Assurance September 10, 2014 Threat Landscape Regulatory Framework Life-cycles IV&V Rigor and Independence Threat Landscape Continuously evolving
More informationStandards for Security Categorization of Federal Information and Information Systems
FIPS PUB 199 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION Standards for Security Categorization of Federal Information and Information Systems Computer Security Division Information Technology
More informationSupply Chain Risk Management Practices for Federal Information Systems and Organizations
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 (Second Draft) NIST Special Publication 800-161 Supply Chain Risk Management Practices for Federal Information Systems and Organizations Jon Boyens
More informationGuideline for Mapping Types of Information and Information Systems to Security Categorization Levels SP 800-60 AP-2/03-1
Guideline for Mapping Types of Information and Information Systems to Security Categorization Levels SP 800-60 FISMA Legislation Overview (Public Law 107-347) Framework for ensuring effectiveness of Federal
More informationCentralized Secure Vault with Serena Dimensions CM
Centralized Secure Vault with Serena Dimensions CM A single artifact repository for development, quality and operations SOLUTION BRIEF Why Security and Software engineering We re a bank not a startup,
More informationGuide for Security-Focused Configuration Management of Information Systems
NIST Special Publication 800-128 Guide for Security-Focused Configuration Management of Information Systems Arnold Johnson Kelley Dempsey Ron Ross Sarbari Gupta Dennis Bailey I N F O R M A T I O N S E
More informationData Virtualization Overview
Data Virtualization Overview Take Big Advantage of Your Data "Using a data virtualization technique is: number one, much quicker time to market; number two, much more cost effective; and three, gives us
More informationStart New Conversations, Open New Doors
@ulander Start New Conversations, Open New Doors Grow Your Business with Cisco Peder Ulander Vice President, Cloud and Managed Services Partner Organization, Cisco August 9, 2015 The World Is Changing
More informationRealizing business flexibility through integrated SOA policy management.
SOA policy management White paper April 2009 Realizing business flexibility through integrated How integrated management supports business flexibility, consistency and accountability John Falkl, distinguished
More informationInformation Security for Managers
Fiscal Year 2015 Information Security for Managers Introduction Information Security Overview Enterprise Performance Life Cycle Enterprise Performance Life Cycle and the Risk Management Framework Categorize
More informationsecurity standards and guidelines within one year of the publication date unless otherwise directed by OMB or NIST.2
NIST Special Publication 800-53 Revision 21 Recommended Security Controls for Federal Information Systems Ron Ross Stu Katzke Arnold Johnson Marianne Swanson Gary Stoneburner George Rogers I N F O R M
More informationINTERNATIONAL TRADE ADMINISTRATION Improvements Are Needed to Strengthen ITA s Information Technology Security Program
INTERNATIONAL TRADE ADMINISTRATION Improvements Are Needed to Strengthen ITA s Information Technology Security Program FINAL REPORT NO. OIG-12-037-A SEPTEMBER 27, 2012 U.S. Department of Commerce Office
More informationRecommended Security Controls for Federal Information Systems
NIST Special Publication 800-53 Recommended Security Controls for Federal Information Systems Ron Ross Stu Katzke Arnold Johnson Marianne Swanson Gary Stoneburner George Rogers Annabelle Lee I N F O R
More informationAddressing BYOD Challenges with ForeScout and Motorola Solutions
Solution Brief Addressing BYOD Challenges with ForeScout and Motorola Solutions Highlights Automated onboarding Full automation for discovering, profiling, and onboarding devices onto both wired and wireless
More informationMANAGING THE CONFIGURATION OF INFORMATION SYSTEMS WITH A FOCUS ON SECURITY
MANAGING THE CONFIGURATION OF INFORMATION SYSTEMS WITH A FOCUS ON SECURITY Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication
More informationGuide for the Security Certification and Accreditation of Federal Information Systems
NIST Special Publication 800-37 Guide for the Security Certification and Accreditation of Federal Information Systems Ron Ross Marianne Swanson Gary Stoneburner Stu Katzke Arnold Johnson I N F O R M A
More informationFederal Communications Commission Office of Inspector General
Federal Communications Commission Office of Inspector General Report on Government Information Security Reform Act Evaluation - Findings and Recommendations Report No. 01-AUD-11-43 November 29, 2001 Executive
More informationTable of contents. Best practices in open source governance. Managing the selection and proliferation of open source software across your enterprise
Best practices in open source governance Managing the selection and proliferation of open source software across your enterprise Table of contents The importance of open source governance... 2 Executive
More informationThe Corporate Counsel s Guide to Open Source Software Policy Implementation
The Corporate Counsel s Guide to Open Source Software Policy Implementation How to Protect the Enterprise from Risk while Helping Your Company More Efficiently Develop and Maintain Applications Black Duck
More informationISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services
ISSUE BRIEF Cloud Security for Federal Agencies Achieving greater efficiency and better security through federally certified cloud services This paper is intended to help federal agency executives to better
More informationNIST 800-53A: Guide for Assessing the Security Controls in Federal Information Systems. Samuel R. Ashmore Margarita Castillo Barry Gavrich
NIST 800-53A: Guide for Assessing the Security Controls in Federal Information Systems Samuel R. Ashmore Margarita Castillo Barry Gavrich CS589 Information & Risk Management New Mexico Tech Spring 2007
More informationSonatype Nexus Professional
DATASHEET Sonatype Nexus Professional Deployment Guidelines Many organizations have successfully deployed the Sonatype Nexus TM Professional (Nexus Pro) repository manager. While the system design and
More informationIronside Group Rational Solutions
Ironside Group Rational Solutions IBM Cloud Orchestrator Accelerate the pace of your business innovation Richard Thomas IBM Cloud Management Platforms thomas1@us.ibm.com IBM Cloud Orchestrator Business
More informationIT SECURITY EDUCATION AWARENESS TRAINING POLICY OCIO-6009-09 TABLE OF CONTENTS
OFFICE OF THE CHIEF INFORMATION OFFICER Date of Issuance: May 22, 2009 Effective Date: May 22, 2009 Review Date: Section I. PURPOSE II. AUTHORITY III. SCOPE IV. DEFINITIONS V. POLICY VI. RESPONSIBILITIES
More informationNon-Stop Manufacturing Excellence. Automotive. Answers for industry.
Non-Stop Manufacturing Excellence. Automotive Answers for industry. Answers to your challenges How can the potential of emerging markets be best economically tapped? What possibilities are there of reducing
More informationU.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL
U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT: U.S. Election Assistance Commission Compliance with the Requirements of the Federal Information Security Management Act Fiscal
More informationORDER 1370.108. National Policy. Effective Date 09/21/09. Voice Over Internet Protocol (VoIP) Security Policy SUBJ:
National Policy ORDER 1370.108 Effective Date 09/21/09 SUBJ: Voice Over Internet Protocol (VoIP) Security Policy 1. Purpose of This Order. This Order establishes the Federal Aviation Administration s (FAA)
More informationKevin Stine Rich Kissel William C. Barker Jim Fahlsing Jessica Gulick
NIST Special Publication 800-60 Volume I Revision 1 Volume I: Guide for Mapping Types of Information and Information Systems to Security Categories Kevin Stine Rich Kissel William C. Barker Jim Fahlsing
More informationNARA s Information Security Program. OIG Audit Report No. 15-01. October 27, 2014
NARA s Information Security Program OIG Audit Report No. 15-01 October 27, 2014 Table of Contents Executive Summary... 3 Background... 4 Objectives, Scope, Methodology... 7 Audit Results... 8 Appendix
More informationC O L L A B N E T W H I T E P A P E R
C O L L A B N E T W H I T E P A P E R www.collab.net COLLABNET WHITE PAPER Offshore development is a competitive imperative, yet there are many inherent risks. Web-based software development environments
More informationHealth Care Solutions
Health Care Solutions Increase Service Levels, Meet Expectations A Unified Approach to Health Care Automation Processes Hospitals, clinics, extended care facilities, and physician s offices are facing
More informationSAP White Paper Enterprise Mobility. Best Practices for a Mobility Center of Excellence Keeping Pace with Mobile Technology
SAP White Paper Enterprise Mobility Best Practices for a Mobility Center of Excellence Keeping Pace with Mobile Technology Table of Contents 5 Executive Summary 6 Exploring a Mobility Center of Excellence
More informationThe City of New York and CGI. A History of Success. A Foundation for Rapid Results.
The City of New York and CGI A History of Success. A Foundation for Rapid Results. For more than 35 years, CGI has worked side-by-side with the City of New York to solve business problems. As the City
More informationEPA Classification No.: CIO-2150.3-P-02.1 CIO Approval Date: 08/06/2012 CIO Transmittal No.: 12-003 Review Date: 08/06/2015
Issued by the EPA Chief Information Officer, Pursuant to Delegation 1-19, dated 07/07/2005 INFORMATION SECURITY INTERIM AWARENESS AND TRAINING PROCEDURES V3.1 JULY 18, 2012 1. PURPOSE The purpose of this
More informationIBM Enterprise Content Management Product Strategy
White Paper July 2007 IBM Information Management software IBM Enterprise Content Management Product Strategy 2 IBM Innovation Enterprise Content Management (ECM) IBM Investment in ECM IBM ECM Vision Contents
More informationSeptember 2005 Report No. 05-031. FDIC s Information Technology Configuration Management Controls Over Operating System Software
September 2005 Report No. 05-031 FDIC s Information Technology Configuration Management Controls Over Operating System Software Report No. 05-031 September 2005 FDIC s Information Technology Configuration
More informationI. U.S. Government Privacy Laws
I. U.S. Government Privacy Laws A. Privacy Definitions and Principles a. Privacy Definitions i. Privacy and personally identifiable information (PII) b. Privacy Basics Definition of PII 1. Office of Management
More informationDelivering Cloud Services Transformation : Plan > Build> Assure> Secure. Stephen Miles Vice President, Solution Sales, APJ
Delivering Cloud Services Transformation : Plan > Build> Assure> Secure Stephen Miles Vice President, Solution Sales, APJ Agenda Cloud is Great, Cloud is Good More Options, More Complexity From Outlier
More informationSOLUTION BRIEF. Increase Business Agility with the Right Information, When and Where It s Needed. SAP BusinessObjects Business Intelligence Platform
SOLUTION BRIEF SAP BusinessObjects Business Intelligence Platform Increase Business Agility with the Right Information, When and Where It s Needed Quick Facts Summary The SAP BusinessObjects Business Intelligence
More informationThe Holistic Guide to BYOD in Your Business Jazib Frahim
The Holistic Guide to BYOD in Your Business Jazib Frahim Technical Leader Security Services Practice Cisco Advanced Services May 8, 2012 We are in love with our devices Proliferation of Devices By 2020
More informationEPA Classification No.: CIO-2150.3-P-09.1 CIO Approval Date: 08/06/2012 CIO Transmittal No.: 12-003 Review Date: 08/06/2015
Issued by the EPA Chief Information Officer, Pursuant to Delegation 1-19, dated 07/07/2005 INFORMATION SECURITY INTERIM MAINTENANCE PROCEDURES V1.8 JULY 18, 2012 1. PURPOSE The purpose of this procedure
More informationMachine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense
Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense By: Daniel Harkness, Chris Strasburg, and Scott Pinkerton The Challenge The Internet is an integral part of daily
More informationDepartment of Veterans Affairs VA Directive 6004 CONFIGURATION, CHANGE, AND RELEASE MANAGEMENT PROGRAMS
Department of Veterans Affairs VA Directive 6004 Washington, DC 20420 Transmittal Sheet September 28, 2009 CONFIGURATION, CHANGE, AND RELEASE MANAGEMENT PROGRAMS 1. REASON FOR ISSUE: This Directive establishes
More informationCloud Computing on a Smarter Planet. Smarter Computing
Cloud Computing on a Smarter Planet Smarter Computing 2 Cloud Computing on a Smarter Planet As our planet gets smarter more instrumented, interconnected and intelligent the underlying infrastructure needs
More informationInfrastructure as a Service: Accelerating Time to Profitable New Revenue Streams
Infrastructure as a Service: Accelerating Time to Profitable New Revenue Streams Cisco Infrastructure as a Service Cisco has made a significant investment in understanding customer needs around data center
More informationServices the Next Level. How Industry Services from Siemens help you discover a new source of competitive advantage. siemens.com/industry-services
Services the Next Level How Industry Services from Siemens help you discover a new source of competitive advantage siemens.com/industry-services Digitization challenge or untapped opportunity? As the new
More informationThe Internet of Everything
The Internet of Everything The Next Evolution of the Internet is Changing Everything Todd Meister Vice President, Software and Solutions Innovation Americas Partner Organization, Cisco October 23, 2014
More informationCOMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING
COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY POLICY Name Of Policy: System and Information Integrity Policy Domain: Security Date Issued: 06/22/11
More informationSee what cloud can do for you.
See what cloud can do for you. Uncomplicating cloud business Table of contents Introduction 3 Why cloud is relevant for your business? 4 What is changing? 4 Why organizations are moving to cloud 5 What
More informationGuide for Security Authorization of Federal Information Systems
NIST Special Publication 800-37 Revision 1 Guide for Security Authorization of Federal Information Systems JOINT TASK FORCE TRANSFORMATION INITIATIVE I N F O R M A T I O N S E C U R I T Y INITIAL PUBLIC
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationIntroducing webmethods OneData for Master Data Management (MDM) Software AG
Introducing webmethods OneData for Master Data Management (MDM) Software AG What is Master Data? Core enterprise data used across business processes. Example Customer, Product, Vendor, Partner etc. Product
More informationSupporting FISMA and NIST SP 800-53 with Secure Managed File Transfer
IPSWITCH FILE TRANSFER WHITE PAPER Supporting FISMA and NIST SP 800-53 with Secure Managed File Transfer www.ipswitchft.com Adherence to United States government security standards can be complex to plan
More informationAsset Discovery with Symantec Control Compliance Suite
WHITE PAPER: ASSET DISCOVERY WITH SYMANTEC CONTROL COMPLIANCE............. SUITE........................... Asset Discovery with Symantec Control Compliance Suite Who should read this paper IT Operations
More informationAgile enterprise content management and the IBM Information Agenda.
Transforming your content into a trusted, strategic asset Agile enterprise content management and the IBM Information Agenda. Delivering a common information framework for uncommon business agility Highlights
More informationFor healthcare, change is in the air and in the cloud
IBM Software Healthcare Thought Leadership White Paper For healthcare, change is in the air and in the cloud Scalable and secure private cloud solutions can meet the challenges of healthcare transformation
More informationAn Application-Centric Infrastructure Will Enable Business Agility
An Application-Centric Infrastructure Will Enable Business Agility March 2014 Prepared by: Zeus Kerravala An Application-Centric Infrastructure Will Enable Business Agility by Zeus Kerravala March 2014
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,
More informationBig Data Integration: A Buyer's Guide
SEPTEMBER 2013 Buyer s Guide to Big Data Integration Sponsored by Contents Introduction 1 Challenges of Big Data Integration: New and Old 1 What You Need for Big Data Integration 3 Preferred Technology
More informationSecurity Control Standard
Department of the Interior Security Control Standard Risk Assessment January 2012 Version: 1.2 Signature Approval Page Designated Official Bernard J. Mazer, Department of the Interior, Chief Information
More informationThree Best Practices to Help Government Agencies Overcome BYOD Challenges
WHITE PAPER This paper discusses how IT managers in government can address the challenges of the new Bring-Your-Own-Device (BYOD) environment as well as best practices for ensuring security and productivity.
More informationMergers and Acquisitions: The Data Dimension
Global Excellence Mergers and Acquisitions: The Dimension A White Paper by Dr Walid el Abed CEO Trusted Intelligence Contents Preamble...............................................................3 The
More informationEnterprise Continuous Monitoring Bridging Shared Services, Clouds, and In-House Solutions
Enterprise Continuous Monitoring Bridging Shared Services, Clouds, and In-House Solutions Benjamin Bergersen Certified in the Governance of Enterprise IT - CGEIT Certified Information Systems Security
More informationThe Benefits of an Integrated Approach to Security in the Cloud
The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The
More informationBrochure. ECM without borders. HP Enterprise Content Management (ECM)
Brochure ECM without borders HP Enterprise Content Management (ECM) HP Enterprise Content Management (ECM) Without question, the volume, variety, and velocity of data across your enterprise create new
More informationA Strategic Approach to Meeting the Demand for Cloud
White Paper For Cloud Providers A Strategic Approach to Meeting the Demand for Cloud Introduction: New Customer Challenges Propel Cloud Adoption In a dynamic business environment, enterprise customers
More informationEmbarcadero Technologies, with contributions from Ron Lewis, Senior Security Analyst, CDO Technologies
White Paper Ensuring Personally Identifiable Information (PII) Security within U.S. Government Agencies Using Data Management Tools to Ensure FISMA and Privacy Act Compliance Embarcadero Technologies,
More informationBusiness Performance Management
Business Performance Management Beth T. Smith Vice President, IBM Business Performance Management Agenda Business performance management market Business performance management from IBM Why IBM for business
More informationTHREAT VISIBILITY & VULNERABILITY ASSESSMENT
THREAT VISIBILITY & VULNERABILITY ASSESSMENT Date: April 15, 2015 IKANOW Analysts: Casey Pence IKANOW Platform Build: 1.34 11921 Freedom Drive, Reston, VA 20190 IKANOW.com TABLE OF CONTENTS 1 Key Findings
More information2010 Project Management Report
2010 Project Management Report Standardized Best Practices and Technology Adoption in the AEC Industry January 2010 Cindy Jutras Page 2 Executive Summary A difficult economy and global competition leave
More informationInternet of Things. Opportunity Challenges Solutions
Internet of Things Opportunity Challenges Solutions Copyright 2014 Boeing. All rights reserved. GPDIS_2015.ppt 1 ANALYZING INTERNET OF THINGS USING BIG DATA ECOSYSTEM Internet of Things matter for... Industrial
More informationNext Generation Telecom Expense Management
IBM Software Industry Solutions Telecom Expense Management Next Generation Telecom Expense Management Expanding TEM Beyond Invoices to Generate Greater Value and Control for the Global Enterprise Next
More informationDriving Operations through Better, Faster Decision Making
Driving Operations through Better, Faster Decision Making Driving Operations through Better, Faster Decision Making Operations faces increasing pressure from all sides. Picky customers know that your competitors
More informationSoftware change and release management White paper June 2008. Extending open source tools for more effective software delivery.
Software change and release management White paper June 2008 Extending open source tools for more Page 2 Contents 2 Integrating and complementing open source tools 2 Trends in business shape software development
More informationNOTICE: This publication is available at: http://www.nws.noaa.gov/directives/.
Department of Commerce National Oceanic & Atmospheric Administration National Weather Service NATIONAL WEATHER SERVICE INSTRUCTION 30-1203 JANUARY 23, 2012 Maintenance, Logistics, and Facilities Configuration
More informationWestcon Presentation on Security Innovation, Opportunity, and Compromise
Westcon Presentation on Security Innovation, Opportunity, and Compromise Christian A. Christiansen Program Vice President IDC Security Products & Services What s Happening with Threats? 1.5B 80% 33% $1.3M
More informationTHE TELECOM MANAGEMENT ECOSYSTEM: A Progress Report on Vendor Value, Enterprise Efficiency Gains and Business Impact
THE TELECOM MANAGEMENT ECOSYSTEM: A Progress Report on Vendor Value, Enterprise Efficiency Gains and Business Impact Alliance Communication Management 2610-B Dauphin Street, Suite 103 Mobile, AL 36606
More informationIDC FutureScape: Worldwide Datacenter 2016 Predictions. IDC Web Conference November 2015
IDC FutureScape: Worldwide Datacenter 2016 Predictions IDC Web Conference November 2015 Logistics Today s Speakers Submit any questions to webconferences@idc.com You can download slides from the Resource
More informationNetIQ FISMA Compliance & Risk Management Solutions
N E T I Q C O M P L I A N C E S E R I E S NetIQ FISMA Compliance & Risk Management Solutions The Federal Information Security Management Act (FISMA) requires federal agencies to create and implement a
More informationIndustry Solutions Oil and Gas Engineering Document Control and Project Collaboration Solutions for Oil and Gas
Industry Solutions Oil and Gas Engineering Document Control and Project Collaboration Solutions for Oil and Gas Industry Solutions Managing the complexity of major capital projects in today s oil and gas
More informationBuilding the Business Case for Cloud: Real Ways Private Cloud Can Benefit Your Organization
: Real Ways Private Cloud Can Benefit Your Organization In This Paper Leveraging cloud technology can help drive down costs while enabling service-oriented IT. Private and hybrid cloud approaches improve
More informationUsing Cloud to Deliver Innovation and Efficiency
IBM Northeast Europe Using Cloud to Deliver Innovation and Efficiency Christian Klezl Vice President & Cloud Leader IBM Northeast Europe October 18th 2010 IBM Northeast Europe IBM Northeast Europe Cloud
More informationCisco Unified Workforce Optimization for Cisco Unified Contact Center Express
Cisco Unified Workforce Optimization for Cisco Unified Contact Center Express Cisco Unified Communications is a comprehensive IP communications system of voice, video, data, and mobility products and applications.
More informationMission Possible: securing the open source software supply chain with Sonatype
Mission Possible: securing the open source software supply chain with Sonatype Analyst: Wendy Nather 24 Apr, 2013 Everyone's a critic. In the world of application security, this is particularly so, with
More informationWireless Infusion Pumps: Securing Hospitals Most Ubiquitous Medical Device
Wireless Infusion Pumps: Securing Hospitals Most Ubiquitous Medical Device The Healthcare Sector at the NCCoE MARCH, 3 2016 THE NATIONAL CYBERSECURITY LAB HELPS SECURE HIT 1. About Us: The National Cybersecurity
More informationSECURING ENTERPRISE NETWORK 3 LAYER APPROACH FOR BYOD
SECURING ENTERPRISE NETWORK 3 LAYER APPROACH FOR BYOD www.wipro.com Table of Contents Executive Summary 03 Introduction 03 Challanges 04 Solution 05 Three Layered Approach to secure BYOD 06 Conclusion
More information