C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

Transcription

1 CSCSS / ENTERPRISE TECHNOLOGY + SECURITY C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CENTRE FOR STRATEGIC CSCSS CYBERSPACE + SECURITY SCIENCE

2 CSCSS / ENTERPRISE TECHNOLOGY + SECURITY GROUP Information assurance, risk management, cyber resilience, cybersecurity programs, multi-layer cyber capabilities and technologies CSCSS delivers and leverages its expertise in a variety of ways to help organizations move in the right direction, make the right decisions on security investments, save budget resources, and show a solid return on investment. The changing factors in business, security, and cost effectiveness are vital, complex, constantly in play, and must be clear and concise to have any impact. These changes are leading the way for the critical evaluations and innovative thought leadership that will shape and steer your business SECURELY.

3 Why C/ETS? C/CETS is the IT security industry s foremost resource for addressing many of the cybersecurity, technology, and business risk issues faced today. As IT infrastructure, security, and operations (IS&O) begin to blend, organizations are looking to implement solutions that deliver agility, cost effectiveness, and benefits. CSCSS is a globally-positioned, non-profit cybersecurity and research group. We offer world-class credibility and are uniquely able to provide objective, independent insight on virtually any area of IT security and risk management. We deliver refined standards-based processes and proven methodologies that provide the foundation for unbiased, practical, and actionable insight. Information Assurance (IA) The CSCSS Enterprise Technology + Security Group (C/ETS) focuses on providing information systems assurance and information security engineering and architecture services to assist in the design and development of information services, technologies, communications, products, and systems that ensure the certification and accreditation requirements of relevant national security authorities are met. Trending the Future in IA Cyber Strategy CSCSS, working with its interagency and international partners, leverages the opportunities of cyberspace while working to mitigate the risks. We are focused on respecting and protecting the privacy, civil liberties, freedom of expression, and innovation that have made cyberspace an integral part of global prosperity and securitywhile managing the intrinsic uncertainties and vulnerabilities that directly and drastically impact information assurance, defensive readiness, and national security. In developing its strategy for cyberspace, CSCSS has focused primarily on a number of fundamental aspects of the cyber threat. These include external threat actors, insider threats, supply chain vulnerabilities, and threats to global internet operational and economic capabilities. Our Mission n Manage cyberspace risk through efforts such as increased training, information assurance, greater situational awareness, workforce education, and creating secure and resilient network environments n Drive information assurance and security through Confidentiality, Integrity, and Availability by engaging and leveraging our collaborative partnerships n Build resilient cyber frameworks and self defenses while maintaining an innovative approach to information security development n Work closely with collaborative partners, public-private industry, academia, and the security community to rapidly deliver innovative, resilient, and secure capabilities where they are needed the most We Deliver C/ETS delivers a multi-disciplinary, standards-based approach with focused, practical industry knowledge into the issues affecting your mission-critical decisions and, ultimately, your bottom line and return on investment. C/ETS provides services that go beyond simple technology to provide an innovative, strategic approach to the business of managing information security, information assurance, and essential business processes and assets. AREAS OF DELIVERY n Information assurance n Security strategic planning n Security: Executive situational awareness briefings n Defining security objectives n Industry best practices n Standards delivery n Security audit/information assurance testing n Security training n Security maturity/metrics programs n Baseline security program frameworks n Security GRC management n Security: Program review and recommendations n Security program presentations for senior/executive management n Documentation (GRC, audit, general security, and project management) n Custom research, benchmarks, and industry reports

4 Industry Focus Industry focus is fundamental to GICSR s approach. We provide multi-disciplinary teams of audit, business risk management, security, and technology advisory professionals focused on the needs of key industry sectors. Leveraging our global reach, our skills and talents, we deliver industry-specific services providing real value to our clients. To do this we invest continuously to build our knowledge base of the industries we serve. We bring value by having a systematic understanding of key industries. C/ETSFOCUSES EFFORTS WITHIN INDUSTRY ORGANIZATIONS THROUGH: n Evaluation of organizational security programs n Security research/security trend analysis n Alignment of security programs with business goals and objectives n Corporate profitability and security: ROSI (Return on Security Investment) n Development of "lean" security programs n Optimizing security programs n Security best practices and standards implementation n Enhancing security awareness and education n Developing meaningful security/ maturity metrics program n Creating integrated risk management programs n Discovering and effectively complying with GRC n Security vendor selection n Defining strategic security plans n Projecting emerging issues in security and security technology CSCSS Enterprise Technology + Security Group (C/ETS) We work closely with industry clients helping them mitigate risks and make the solid decisions required in lean operating environments while seizing opportunities for pragmatic change and return on security, service, and technology investment. Together with CSCSS Defence Intelligence Group, CSCSS Cybercrime Intelligence Service and C3i Group, we provide monitoring and analysis activity delivering threat warnings, attack alerts, and bulletins that focus on the prevention of IA security issues. IA Strategic Leadership C/ETS provides strategic guidance and leadership in information assurance. Our experience, expertise, and background in security makes it possible for us to deliver independentlyfocused tactical IA solutions and frameworks that help mitigate security threats and reduce security and business risk. IA Client and Partner Support The IA mission within C/ETS spans industry verticals and supports clients while leveraging the efforts of our collaborative partners across government and industry to provide guidance, ensure the availability of IA solutions, and broaden IA knowledge and skills. C/ETS Core Competencies C/ETS has extensive information security architecture and engineering knowledge and experience. We have developed strong relationships with national security authorities and standards groups through CSCSS s collaborative partnerships to assist in product certification and system accreditation. IN SUPPORT OF FORMAL CERTIFICATION AND ACCREDITATION ACTIVITIES, STIAC INFORMATION SECURITY ENGINEERS PROVIDE: n Security architecture design, implementation, and review n Security policy design, implementation, and review n Threat risk and vulnerability analysis n Input on security-related test procedures and performance of high-level penetration testing n Secure operating system configuration n Security-relevant documentation n Security accreditation plans and security impact analysis n Network and telecom security and cryptography n Security management/risk management n Security management practices n Security architecture and models n Development/planning aspects of operational and physical security n Access control systems and methodologies n Security-focused application and systems development n Security consultation services (focusing in all knowledge areas of operation as well as business continuity/disaster response planning, law intrusion investigation, and ethics)

5 CSCSS / ENTERPRISE TECHNOLOGY + SECURITY Business, Industry, and Academic Outreach Providing key leadership and balancing cybersecurity and information assurance while protecting and delivering cyber innovation, critical business entities, intellectual property, and National Security Systems demands close collaboration between public-private sector institutions, government, and academia to raise the information assurance bar. To do this we will leverage existing programs within CSCSS such as C3i Group and the CSCSS Defence Intelligence Group (C/DIG), CSCSS Cybercrime Intelligence Service and our collective resources. Through our collaborative partnerships with government agencies, academia, and the public- private sector, our focus and mission advocate improvements in IA education and training, as well as in cybersecurity awareness and workforce education. Outreach and inclusion benefits the whole spectrum of information technology. They represent and reflect major focus areas for information assurance and may also provide opportunities to industry for IA research and innovation, as well as cybersecurity awareness, education, and delivery. Strategic Vendor Partners Program Our faculty of analysts research hardware, software, and service providers, independently reviewing vendors that provide innovative technologies to build and manage security services, secure information environments, and risk management services. This research provides an unbiased, independent assessment of vendor products, service, and technology differentiators and challenges. CENTRE FOR STRATEGIC CSCSS CYBERSPACE + SECURITY SCIENCE About CSCSS The Centre for Strategic Cyberspace + Security Science / CSCSS is a multilateral, international not-for-profit organization that conducts independent cyber-centric research, development, analysis, and training in the areas of cyberspace, defence intelligence, cyber security, and science while addressing the threats, trends, and opportunities shaping international security policies and national cyberspace cyber security initiatives. CSCSS, as a strategic leader in cyberspace, works jointly with key partners to address, develop, and define cyber technologies, cyber defence force capabilities, information dominance, and concept operations. We deliver practical recommendations and innovative solutions and strategies to advance a secure cyberspace domain. Internationally, CSCSS operates in the United Kingdom, Europe, United States, South America, Australia, and Canada. CSCSS Collaborative Partners The Centre for Strategic Cyberspace + Security Science operates in a collaborative partnership with agencies and organizations that share our commitment to the advancement of Cybersecurity, National + International Security, Cyber Education and Awareness, and Cybersecurity Research and Initiatives. Contact Us For more information on the C3i Group, the Centre for Strategic Cyberspace + Security Science, its programmes or to find out how we can help you please contact us. CSCSS / Centre for Strategic Cyberspace + Security Washington D.C London, United Kingdom North America Middle East Australia cets@cscss.org CSCSS.org