Information Assurance Branch (IAB) Cybersecurity Best Practice for Executive Level Managers
|
|
- Sophie Lane
- 8 years ago
- Views:
Transcription
1 U.S. Department of State Diplomatic Security Office of Training & Performance Standards Security Engineering & Computer Security Training Division (SECD) Information Assurance Branch (IAB) Cybersecurity Best Practice for Executive Level Managers Version Number 1.0
2 Introduction Welcome This class is interactive... feel free to ask questions! Housekeeping Cell Phones Breaks Restrooms Class materials Share your experiences Fire Alarm/Evacuation Plan Natural disaster Sign-In/Point of contact after class 2
3 Objective Information Assurance (IA) - The processes and procedures that protect information and information systems; a.k.a. cybersecurity. At the end of this course the student will be able to: Summarize how IA supports the local mission Summarize ways you can support your employees in securing the information and information systems 3
4 Cybersecurity for Executives Introduction Cybersecurity: Concepts and Challenges The IA Leadership Role & The IA Team Incident Handling 4
5 President s Cybersecurity Priorities 1. Protect the country s critical infrastructure 2. Improve our ability to identify and report cyber incidents 3. Promote internet freedom for an open, interoperable, secure, and reliable cyberspace 4. Secure federal networks 5. Shape a cyber-savvy workforce 5
6 Threats: US-CERT Cyber Incidents The total number of security incidents reported to US-CERT annually more than doubled from fiscal year 2009 to fiscal year
7 Threats: Malicious Code For the month of October 2014, the DOS Antivirus scanning tools detected and eradicated 15,669 viruses at the Desktop. VIRT members manually analyzed 6,678 messages received at Source: IRM Systems Integrity 7
8 Federal Laws: Historical Overview Computer Security Act of 1987 Government Paperwork Reduction Act of 1995 Clinger-Cohen Act of 1996 Privacy Act of s 1980s 1990s 2000s FISMA (2002) Computer Fraud and Abuse Act of amended 1994, 1996, and 2001 OMB Circular A- 130, Appendix III (2000) 8 PDD 63 (1998) and the Homeland Security Act of 2002 USA PATRIOT Act of 2001
9 FISMA Federal Information Security Management Act (FISMA) of Risk-based approach to IT security Continuous Automated and Diagnostics continuous and monitoring Mitigation (CDM) Annual report to Congress on agency compliance with security requirements Role-based training NIST guidance complementary to CNSS Privacy 9
10 Introduction Summary Where Are We Now? Unfavorable scores & reports Cyber threats are more aggressive and increasing Incidents that involve misuse of government resources or information continue Accessing and sharing of information is still the priority 10
11 Cybersecurity for Executives Introduction Cybersecurity: Concepts and Challenges The IA Leadership Role & The IA Team Incident Handling 11
12 IA: Concepts and Challenges 12
13 Vulnerability: Mobile Devices Why do we use these items? Why are they listed as a vulnerability? What are your organization s policies for their use? 13
14 Vulnerability: Social Networking Is your organization using any of these? Are there policies for their use? What about your employees and the personal use of social media? 14
15 The Risk Management Framework (RMF) 15
16 Risk Decisions Accept the Risk Reduce the Risk Avoid the Risk Transfer the Risk 16
17 What do you have? Is/are there: A risk policy An Assessment & Authorization (A&A) Process Continuous diagnostics and mitigation Individuals responsible for security Tools and role-based training for those individuals 17
18 Activity What is the most important information created and/or stored in my organization? What parts of the organization rely on this information? What would be the impact if this information is compromised or lost? What is the biggest threat to this information? What are we doing currently to protect this information? Is there anything else we can do to increase the protection level? If yes, what resourcing decisions will have to be made? 18
19 Concepts & Challenges Summary Our information is a valued commodity Biggest concern: insider threat RMF: Review your categorization and adequacy of the controls 19
20 Cybersecurity for Executives Introduction Information Assurance: Concepts and Challenges The IA Leadership Role & The IA Team Incident Handling 20
21 Your Mission 1. To what extent does meeting your mission depend on the information system/networks? 2. How are you supporting cybersecurity at your site? 3. If an unauthorized USB media device is used on a computer in your organization and a virus infects the network and takes it out of service, who is ultimately responsible? 4. What if there is a loss of PII? 21
22 IA As A Cultural Value Executive leadership is the key to a culture that values information security. What can you do to create an IA-based culture? Activity: Discussion Questions 22
23 Leadership Responsibilities You own the system You set the example for your employees You provide support for success You approve policies and procedures You make the resource decisions You hold your employees accountable for good security practices 23
24 Tools for Cybersecurity Leadership Policies A & A Rules of Behavior CDM Cybersecurity Office Employees discussed on the next slides Training Role-based User Contingency Planning 24
25 IA Executive Team Executive secretary, commissioner, CEO, etc. Chief Information Officer Chief Information Security Officer And their staffs ( Cybersecurity/IA Office) How are these people promoting cybersecurity? 25
26 The IA/Cybersecurity Team System Owner Information Owner Project Manager ISSO Developer System Manager Users 26
27 Class Activity Your IA Team What can you do to support your IA team? Who are your key employees with IA responsibilities? What are some of their security responsibilities. What more can you do now to support these employees in fulfilling their responsibilities? 27
28 Cybersecurity for Executives Introduction Information Assurance: Concepts and Challenges The IA Leadership Role & The IA Team Incident Handling 28
29 What do you do Personnel issues When do you get involved? What do you want communicated? Loss of PII Who gets contacted? What s the process? What if it happens? Are there backups? Is there a contingency plan? Is there an offsite/alternate location? 29
30 Incident Handling Incident What do you need to know? What will you do? 30
31 Key Points Information systems are: Tools to support the completion of the mission Information security, a.k.a. cybersecurity is a: Topic that affects everyone everywhere Leadership: Make risk-based decisions, following federal guidance Support the professionals that implement cybersecurity Set the example, live the example, enforce the example Create a culture of protecting information and systems 31
32 Action Items Activity Based on our discussions in this course what will you do to assess or improve security at your site?
33 Top Management Errors 7 Pretend the problem will go away if ignored 6 Authorize reactive, short-term fixes so problems re-emerge rapidly 5 Fail to realize how much money, information, and organizational reputations are worth 4 Rely primarily on a firewall Fail to deal with operational aspects of security: make a few fixes and then do not follow through to ensure the problems stay fixed Fail to understand the relationship of information security to the business problem. Understand physical security but not the consequences of poor information security Assign untrained people to maintain security and provide neither the training nor the time to make it possible to do the job 33
Information Technology Security Training Requirements APPENDIX A. Appendix A Learning Continuum A-1
APPENDIX A Appendix A Learning Continuum A-1 Appendix A Learning Continuum A-2 APPENDIX A LEARNING CONTINUUM E D U C A T I O N Information Technology Security Specialists and Professionals Education and
More informationAudit of the Department of State Information Security Program
UNITED STATES DEPARTMENT OF STATE AND THE BROADCASTING BOARD OF GOVERNORS OFFICE OF INSPECTOR GENERAL AUD-IT-15-17 Office of Audits October 2014 Audit of the Department of State Information Security Program
More informationThe DS Information Assurance and Cybersecurity Role-Based Training Program. Diplomatic Security Training Center (DSTC) Dunn Loring, VA
The DS Information Assurance and Cybersecurity Role-Based Training Program Diplomatic Security Training Center (DSTC) Dunn Loring, VA IAB Mission The Information Assurance Branch s (IAB s) mission is to
More informationU.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL
U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT: U.S. Election Assistance Commission Compliance with the Requirements of the Federal Information Security Management Act Fiscal
More informationSCAC Annual Conference. Cybersecurity Demystified
SCAC Annual Conference Cybersecurity Demystified Me Thomas Scott SC Deputy Chief Information Security Officer PMP, CISSP, CISA, GSLC, FEMA COOP Practitioner Tscott@admin.sc.gov 803-896-6395 What is Cyber
More informationINSPECTION U.S. DEPARTMENT OF THE INTERIOR WEB HOSTING SERVICES
INSPECTION U.S. DEPARTMENT OF THE INTERIOR WEB HOSTING SERVICES Report No.: ISD-IS-OCIO-0001-2014 June 2014 OFFICE OF INSPECTOR GENERAL U.S.DEPARTMENT OF THE INTERIOR Memorandum JUN 0 4 2014 To: From:
More informationInformation Security for IT Administrators
Fiscal Year 2015 Information Security for IT Administrators Introduction Safeguarding the HHS Mission Information Security Program Management Enterprise Performance Life Cycle Enterprise Performance Life
More informationEVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07
EVALUATION REPORT Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review March 13, 2015 REPORT NUMBER 15-07 EXECUTIVE SUMMARY Weaknesses Identified During the FY 2014
More informationDepartment of Homeland Security
Evaluation of DHS Information Security Program for Fiscal Year 2013 OIG-14-09 November 2013 Washington, DC 20528 / www.oig.dhs.gov November 21, 2013 MEMORANDUM FOR: FROM: SUBJECT: Jeffrey Eisensmith Chief
More informationEPA Classification No.: CIO-2150.3-P-02.1 CIO Approval Date: 08/06/2012 CIO Transmittal No.: 12-003 Review Date: 08/06/2015
Issued by the EPA Chief Information Officer, Pursuant to Delegation 1-19, dated 07/07/2005 INFORMATION SECURITY INTERIM AWARENESS AND TRAINING PROCEDURES V3.1 JULY 18, 2012 1. PURPOSE The purpose of this
More informationFISH AND WILDLIFE SERVICE INFORMATION RESOURCES MANAGEMENT. Chapter 7 Information Technology (IT) Security Program 270 FW 7 TABLE OF CONTENTS
TABLE OF CONTENTS General Topics Purpose and Authorities Roles and Responsibilities Policy and Program Waiver Process Contact Abbreviated Sections/Questions 7.1 What is the purpose of this chapter? 7.2
More informationIT SECURITY EDUCATION AWARENESS TRAINING POLICY OCIO-6009-09 TABLE OF CONTENTS
OFFICE OF THE CHIEF INFORMATION OFFICER Date of Issuance: May 22, 2009 Effective Date: May 22, 2009 Review Date: Section I. PURPOSE II. AUTHORITY III. SCOPE IV. DEFINITIONS V. POLICY VI. RESPONSIBILITIES
More informationCyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record
Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications
More informationINFORMATION PROCEDURE
INFORMATION PROCEDURE Information Security Incident Response Procedures Issued by the EPA Chief Information Officer, Pursuant to Delegation 1-19, dated 07/07/2005 INFORMATION SECURITY INCIDENT RESPONSE
More informationReview of the SEC s Systems Certification and Accreditation Process
Review of the SEC s Systems Certification and Accreditation Process March 27, 2013 Page i Should you have any questions regarding this report, please do not hesitate to contact me. We appreciate the courtesy
More informationFiscal Year 2014 Federal Information Security Management Act Report: Status of EPA s Computer Security Program
U.S. ENVIRONMENTAL PROTECTION AGENCY OFFICE OF INSPECTOR GENERAL Information Technology Fiscal Year 2014 Federal Information Security Management Act Report: Status of EPA s Computer Security Program Report.
More informationThe U.S. Department of Education s Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2014 FINAL AUDIT REPORT
The U.S. Department of Education s Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2014 FINAL AUDIT REPORT This report has been reviewed for public dissemination
More informationVA Office of Inspector General
VA Office of Inspector General OFFICE OF AUDITS & EVALUATIONS Department of Veterans Affairs Federal Information Security Management Act Audit for Fiscal Year 2014 May 19, 2015 14-01820-355 ACRONYMS CRISP
More informationAutomated Risk Management Using SCAP Vulnerability Scanners
Automated Risk Management Using SCAP Vulnerability Scanners The management of risks to the security and availability of private information is a key element of privacy legislation under the Federal Information
More informationNASA OFFICE OF INSPECTOR GENERAL
NASA OFFICE OF INSPECTOR GENERAL OFFICE OF AUDITS SUITE 8U71, 300 E ST SW WASHINGTON, D.C. 20546-0001 April 14, 2016 TO: SUBJECT: Renee P. Wynn Chief Information Officer Final Memorandum, Review of NASA
More informationInformation Security for Managers
Fiscal Year 2015 Information Security for Managers Introduction Information Security Overview Enterprise Performance Life Cycle Enterprise Performance Life Cycle and the Risk Management Framework Categorize
More informationThe U.S. Department of Education s Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2013 FINAL AUDIT REPORT
The U.S. Department of Education s Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2013 FINAL AUDIT REPORT ED-OIG/A11N0001 November 2013 Our mission is to promote
More informationVA Office of Inspector General
VA Office of Inspector General OFFICE OF AUDITS & EVALUATIONS Department of Veterans Affairs Federal Information Security Management Act Audit for Fiscal Year 2013 May 29, 2014 13-01391-72 ACRONYMS AND
More informationISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services
ISSUE BRIEF Cloud Security for Federal Agencies Achieving greater efficiency and better security through federally certified cloud services This paper is intended to help federal agency executives to better
More informationFEDERAL INFORMATION SECURITY. Mixed Progress in Implementing Program Components; Improved Metrics Needed to Measure Effectiveness
United States Government Accountability Office Report to Congressional Committees September 2013 FEDERAL INFORMATION SECURITY Mixed Progress in Implementing Program Components; Improved Metrics Needed
More informationUnited States Department of Agriculture. Office of Inspector General
United States Department of Agriculture Office of Inspector General U.S. Department of Agriculture, Office of the Chief Information Officer, Fiscal Year 2013 Federal Information Security Management Act
More informationEXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C. 20503
EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C. 20503 THE DIRECTOR August 6, 2003 M-03-19 MEMORANDUM FOR HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES FROM: SUBJECT: Joshua
More informationAudit Report. The Social Security Administration s Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2013
Audit Report The Social Security Administration s Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2013 A-14-13-13086 November 2013 MEMORANDUM Date: November 26,
More informationUS Cyber Marathon. David Ambrose, Chief Security Officer and Chief Privacy Officer Bureau of the Fiscal Service U.S. Department of the Treasury
US Cyber Marathon David Ambrose, Chief Security Officer and Chief Privacy Officer Bureau of the Fiscal Service U.S. Department of the Treasury Context: US Government Scope/Scale 320M US citizens 4.1M Government
More informationGAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement
GAO For Release on Delivery Expected at time 1:00 p.m. EDT Thursday, April 19, 2007 United States Government Accountability Office Testimony Before the Subcommittee on Emerging Threats, Cybersecurity,
More informationHow To Audit The Mint'S Information Technology
Audit Report OIG-05-040 INFORMATION TECHNOLOGY: Mint s Computer Security Incident Response Capability Needs Improvement July 13, 2005 Office of Inspector General Department of the Treasury Contents Audit
More informationIA/CYBERSECURITY IS CRITICAL TO OPERATE IN CYBERSPACE
IA/CYBERSECURITY IS CRITICAL TO OPERATE IN CYBERSPACE Commanders, leaders, and managers are responsible for ensuring that Information Assurance/Cybersecurity is part of all Army operations, missions and
More informationLegislative Language
Legislative Language SEC. 1. COORDINATION OF FEDERAL INFORMATION SECURITY POLICY. (a) IN GENERAL. Chapter 35 of title 44, United States Code, is amended by striking subchapters II and III and inserting
More informationVA Office of Inspector General
VA Office of Inspector General OFFICE OF AUDITS & EVALUATIONS Department of Veterans Affairs Federal Information Security Modernization Act Audit for Fiscal Year 2015 March 15, 2016 15-01957-100 ACRONYMS
More informationState Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4
State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes
More informationNATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL
NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL FY 2015 INDEPENDENT EVALUATION OF THE EFFECTIVENESS OF NCUA S INFORMATION SECURITY PROGRAM UNDER THE FEDERAL INFORMATION SECURITY MODERNIZATION
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationOctober Is National Cyber Security Awareness Month!
(0 West Virginia Executive Branch Privacy Tip October Is National Cyber Security Awareness Month! In recognition of National Cyber Security Month, we are supplying tips to keep you safe in your work life
More informationIndependent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015
Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015 OIG-16-A-03 November 12, 2015 All publicly available OIG reports (including
More informationINFORMATION PROCEDURE
INFORMATION PROCEDURE Information Security Awareness and Training Procedures Issued by the EPA Chief Information Officer, Pursuant to Delegation 1-19, dated 07/07/2005 INFORMATION SECURITY AWARENESS AND
More informationPublic Law 113 283 113th Congress An Act
PUBLIC LAW 113 283 DEC. 18, 2014 128 STAT. 3073 Public Law 113 283 113th Congress An Act To amend chapter 35 of title 44, United States Code, to provide for reform to Federal information security. Be it
More informationEvaluation of DHS' Information Security Program for Fiscal Year 2014
Evaluation of DHS' Information Security Program for Fiscal Year 2014 December 12, 2014 HIGHLIGHTS Evaluation of DHS Information Security Program for Fiscal Year 2014 December 12, 2014 Why We Did This We
More informationOFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION
OFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION CONTRACTOR SECURITY OF THE SOCIAL SECURITY ADMINISTRATION S HOMELAND SECURITY PRESIDENTIAL DIRECTIVE 12 CREDENTIALS June 2012 A-14-11-11106
More informationAUDIT REPORT. Cybersecurity Controls Over a Major National Nuclear Security Administration Information System
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT Cybersecurity Controls Over a Major National Nuclear Security Administration Information System DOE/IG-0938
More informationSecurity Control Standard
Department of the Interior Security Control Standard Security Assessment and Authorization January 2012 Version: 1.2 Signature Approval Page Designated Official Bernard J. Mazer, Department of the Interior,
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,
More informationWhat are you trying to secure against Cyber Attack?
Cybersecurity Legal Landscape Bonnie Harrington Executive Counsel EHS and Product Safety & Cybersecurity GE Energy Management Imagination at work. What are you trying to secure against Cyber Attack? Personally
More informationINTERNATIONAL TRADE ADMINISTRATION Improvements Are Needed to Strengthen ITA s Information Technology Security Program
INTERNATIONAL TRADE ADMINISTRATION Improvements Are Needed to Strengthen ITA s Information Technology Security Program FINAL REPORT NO. OIG-12-037-A SEPTEMBER 27, 2012 U.S. Department of Commerce Office
More informationIG ISCM MATURITY MODEL FOR FY 2015 FISMA FOR OFFICIAL USE ONLY
IG MATURITY MODEL FOR FY 2015 FISMA 1 Ad-hoc 1.1 program is not formalized and activities are performed in a reactive manner resulting in an adhoc program that does not meet 2 requirements for a defined
More informationREVIEW OF THE DEPARTMENT OF HEALTH AND HUMAN SERVICES COMPLIANCE WITH THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 FOR FISCAL YEAR 2015
Department of Health and Human Services OFFICE OF INSPECTOR GENERAL REVIEW OF THE DEPARTMENT OF HEALTH AND HUMAN SERVICES COMPLIANCE WITH THE FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 FOR
More informationNATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL
NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL INDEPENDENT EVALUATION OF THE NATIONAL CREDIT UNION ADMINISTRATION S COMPLIANCE WITH THE FEDERAL INFORMATION SECURITY MANAGEMENT ACT (FISMA)
More informationINFORMATION SECURITY. Additional Oversight Needed to Improve Programs at Small Agencies
United States Government Accountability Office Report to Congressional Requesters June 2014 INFORMATION SECURITY Additional Oversight Needed to Improve Programs at Small Agencies GAO-14-344 June 2014 INFORMATION
More informationReport of Evaluation OFFICE OF INSPECTOR GENERAL E-09-01. Tammy Rapp Auditor-in-Charge FARM CREDIT ADMINISTRATION
OFFICE OF INSPECTOR GENERAL Report of Evaluation OIG 2009 Evaluation of the Farm Credit Administration s Compliance with the Federal Information Security Management Act E-09-01 November 18, 2009 Tammy
More informationAudit Report. The Social Security Administration s Process to Identify and Monitor the Security of Hardware Devices Connected to its Network
Audit Report The Social Security Administration s Process to Identify and Monitor the Security of Hardware Devices Connected to its Network A-14-13-13050 October 2013 MEMORANDUM Date: October 1, 2013 Refer
More informationPrivacy Impact Assessment (PIA) for the. Certification & Accreditation (C&A) Web (SBU)
Privacy Impact Assessment (PIA) for the Cyber Security Assessment and Management (CSAM) Certification & Accreditation (C&A) Web (SBU) Department of Justice Information Technology Security Staff (ITSS)
More informationPreventing and Defending Against Cyber Attacks November 2010
Preventing and Defending Against Cyber Attacks November 2010 The Nation s first ever Quadrennial Homeland Security Review (QHSR), delivered to Congress in February 2010, identified safeguarding and securing
More informationStatement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education
Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education Before the U.S. House Oversight and Government Reform Committee Hearing on Agency Compliance with the Federal Information
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Improved Security Required for DHS Networks (Redacted) Notice: The Department of Homeland Security, Office of Inspector General, has redacted
More informationTREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION
TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Improvements Are Needed to the Information Security Program March 11, 2008 Reference Number: 2008-20-076 This report has cleared the Treasury Inspector
More informationAutomate Risk Management Framework
Automate Risk Management Framework Providing Dynamic Continuous Monitoring, Operationalizing Cybersecurity and Accountability for People, Process and Technology Computer Network Assurance Corporation (CNA)
More informationU.S. Department of Energy Office of Inspector General Office of Audit Services. Audit Report. Security Over Wireless Networking Technologies
U.S. Department of Energy Office of Inspector General Office of Audit Services Audit Report Security Over Wireless Networking Technologies DOE/IG-0617 August 2003 Department of Energy Washington, DC 20585
More informationSMALL BUSINESS PRESENTATION
STOP.THINK.CONNECT NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION ABOUT STOP.THINK.CONNECT. In 2009, President Obama issued the Cyberspace Policy Review, which tasked the Department
More informationSection 37.1 Purpose... 1. Section 37.2 Background... 3. Section 37.3 Scope and Applicability... 4. Section 37.4 Policy... 5
CIOP CHAPTER 37 Departmental Cybersecurity Policy TABLE OF CONTENTS Section 37.1 Purpose... 1 Section 37.2 Background... 3 Section 37.3 Scope and Applicability... 4 Section 37.4 Policy... 5 Section 37.5
More informationU.S. OFFICE OF PERSONNEL MANAGEMENT OFFICE OF THE INSPECTOR GENERAL OFFICE OF AUDITS. Final Audit Report
U.S. OFFICE OF PERSONNEL MANAGEMENT OFFICE OF THE INSPECTOR GENERAL OFFICE OF AUDITS Final Audit Report Audit of the Information Technology Security Controls of the U.S. Office of Personnel Management
More informationSTATEMENT OF SYLVIA BURNS CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF THE INTERIOR BEFORE THE
STATEMENT OF SYLVIA BURNS CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF THE INTERIOR BEFORE THE HOUSE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM SUBCOMMITTEE ON INFORMATION TECHNOLOGY AND SUBCOMMITTE
More informationWritten Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.
Written Testimony of Dr. Andy Ozment Assistant Secretary for Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee on Oversight and Government
More informationReport of Evaluation OFFICE OF INSPECTOR GENERAL. OIG 2014 Evaluation of the Farm Credit OIG 2014 Administration s. Management Act.
OFFICE OF INSPECTOR GENERAL Report of Evaluation OIG 2014 Evaluation of the Farm Credit OIG 2014 Administration s Evaluation of the Farm Compliance Credit Administration s with the Federal Information
More informationDepartment of Homeland Security Management Directive System MD Number: 4900 INDIVIDUAL USE AND OPERATION OF DHS INFORMATION SYSTEMS/ COMPUTERS
Department of Homeland Security Management Directive System MD Number: 4900 INDIVIDUAL USE AND OPERATION OF DHS INFORMATION SYSTEMS/ COMPUTERS 1. Purpose This directive establishes the Department of Homeland
More informationI N T E L L I G E N C E A S S E S S M E N T
I N T E L L I G E N C E A S S E S S M E N T (U//FOUO) Malicious Cyber Actors Target US Universities and Colleges 16 January 2015 Office of Intelligence and Analysis IA-0090-15 (U) Warning: This document
More information5 FAH-11 H-500 PERFORMANCE MEASURES FOR INFORMATION ASSURANCE
5 FAH-11 H-500 PERFORMANCE MEASURES FOR INFORMATION ASSURANCE 5 FAH-11 H-510 GENERAL (Office of Origin: IRM/IA) 5 FAH-11 H-511 INTRODUCTION 5 FAH-11 H-511.1 Purpose a. This subchapter implements the policy
More informationU.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems
U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)
More informationTHE INFORMATION TECHNOLOGY INFRASTRUCTURE
Department of Health and Human Services OFFICE OF INSPECTOR GENERAL THE INFORMATION TECHNOLOGY INFRASTRUCTURE AND OPERATIONS OFFICE HAD INADEQUATE INFORMATION SECURITY CONTROLS Inquires about this report
More information24x7 Incident Handling and Response Center
for the March 29, 2007 Contact Point Michael Witt Department of Homeland Security (703) 235-5160 Reviewing Official Hugo Teufel III Chief Privacy Officer Department of Homeland Security (571) 227-3813
More informationCloud Security for Federal Agencies
Experience the commitment ISSUE BRIEF Rev. April 2014 Cloud Security for Federal Agencies This paper helps federal agency executives evaluate security and privacy features when choosing a cloud service
More informationSMALL BUSINESS PRESENTATION
STOP.THINK.CONNECT NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION ABOUT STOP.THINK.CONNECT. In 2009, President Obama issued the Cyberspace Policy Review, which tasked the Department
More informationPRIVACY IMPACT ASSESSMENT
Name of System/Application: LAN/WAN PRIVACY IMPACT ASSESSMENT U. S. Small Business Administration LAN/WAN FY 2011 Program Office: Office of the Chief Information Officer A. CONTACT INFORMATION 1) Who is
More informationEPA Classification No.: CIO-2150.3-P-09.1 CIO Approval Date: 08/06/2012 CIO Transmittal No.: 12-003 Review Date: 08/06/2015
Issued by the EPA Chief Information Officer, Pursuant to Delegation 1-19, dated 07/07/2005 INFORMATION SECURITY INTERIM MAINTENANCE PROCEDURES V1.8 JULY 18, 2012 1. PURPOSE The purpose of this procedure
More informationAPHIS INTERNET USE AND SECURITY POLICY
United States Department of Agriculture Marketing and Regulatory Programs Animal and Plant Health Inspection Service Directive APHIS 3140.3 5/26/2000 APHIS INTERNET USE AND SECURITY POLICY 1. PURPOSE This
More informationPOSTAL REGULATORY COMMISSION
POSTAL REGULATORY COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT INFORMATION SECURITY MANAGEMENT AND ACCESS CONTROL POLICIES Audit Report December 17, 2010 Table of Contents INTRODUCTION... 1 Background...1
More informationCybersecurity Risk Management Activities Instructions Fiscal Year 2015
Cybersecurity Risk Management Activities Instructions Fiscal Year 2015 An effective risk management program and compliance with the Federal Information Security Management Act (FISMA) requires the U.S.
More informationMission Assurance and Security Services
Mission Assurance and Security Services Dan Galik, Chief Federation of Tax Administrators Computer Security Officer Conference March 2007 Security, privacy and emergency preparedness issues are front page
More informationMinimum Security Requirements for Federal Information and Information Systems
FIPS PUB 200 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION Minimum Security Requirements for Federal Information and Information Systems Computer Security Division Information Technology Laboratory
More informationHow To Check If Nasa Can Protect Itself From Hackers
SEPTEMBER 16, 2010 AUDIT REPORT OFFICE OF AUDITS REVIEW OF NASA S MANAGEMENT AND OVERSIGHT OF ITS INFORMATION TECHNOLOGY SECURITY PROGRAM OFFICE OF INSPECTOR GENERAL National Aeronautics and Space Administration
More informationAutomated Risk Management Using NIST Standards
Automated Risk Management Using NIST Standards The management of risks to the security and availability of private information is a key element of privacy legislation under the Federal Information Security
More informationU.S. Department of Energy Office of Inspector General Office of Audits and Inspections. Evaluation Report
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Evaluation Report The Department's Unclassified Cyber Security Program 2011 DOE/IG-0856 October 2011 Department of
More informationU.S. Department of Energy Office of Inspector General Office of Audits and Inspections
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Audit Report Management of Los Alamos National Laboratory's Cyber Security Program DOE/IG-0880 February 2013 Department
More informationCDM Hardware Asset Management (HWAM) Capability
CDM Hardware Asset Management (HWAM) Capability Department of Homeland Security Office of Cybersecurity and Communications Federal Network Resilience Table of Contents 1 PURPOSE AND SCOPE... 2 2 THREAT
More informationANNUAL REPORT TO CONGRESS: FEDERAL INFORMATION SECURITY MANAGEMENT ACT
ANNUAL REPORT TO CONGRESS: FEDERAL INFORMATION SECURITY MANAGEMENT ACT OFFICE OF MANAGEMENT AND BUDGET February 27, 2015 TABLE OF CONTENTS INTRODUCTION: FEDERAL CYBERSECURITY YEAR IN REVIEW... 6 SECTION
More informationTHE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY
THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY CYBER HYGIENE AND ORGANIZATIONAL PLANNING ARE AT LEAST AS INTEGRAL TO SECURING INFORMATION NETWORKS AS FIREWALLS AND ANTIVIRUS SOFTWARE Cybersecurity
More informationU.S. Department of Energy Office of Inspector General Office of Audits & Inspections. Evaluation Report
U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Evaluation Report The Department's Unclassified Cyber Security Program - 2012 DOE/IG-0877 November 2012 MEMORANDUM FOR
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication
More informationStandards for Security Categorization of Federal Information and Information Systems
FIPS PUB 199 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION Standards for Security Categorization of Federal Information and Information Systems Computer Security Division Information Technology
More informationDepartment of Veterans Affairs VA Directive 6004 CONFIGURATION, CHANGE, AND RELEASE MANAGEMENT PROGRAMS
Department of Veterans Affairs VA Directive 6004 Washington, DC 20420 Transmittal Sheet September 28, 2009 CONFIGURATION, CHANGE, AND RELEASE MANAGEMENT PROGRAMS 1. REASON FOR ISSUE: This Directive establishes
More informationU.S. Department of Energy Office of Inspector General Office of Audits and Inspections
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Audit Report The Department's Configuration Management of Non-Financial Systems OAS-M-12-02 February 2012 Department
More informationIdentity and Access Management Initiatives in the United States Government
Identity and Access Management Initiatives in the United States Government Executive Office of the President November 2008 Importance of Identity Management within the Federal Government "Trusted Identity"
More informationDepartment of Defense INSTRUCTION
Department of Defense INSTRUCTION NUMBER 8551.01 May 28, 2014 DoD CIO SUBJECT: Ports, Protocols, and Services Management (PPSM) References: See Enclosure 1 1. PURPOSE. In accordance with the authority
More informationU.S. DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT INFORMATION TECHNOLOGY SECURITY POLICY. HUD Handbook 2400.25 REV4.1
U.S. DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT INFORMATION TECHNOLOGY SECURITY POLICY HUD Handbook 2400.25 REV4.1 March 2016 Document Change History Version Number Date Description Author 2.0 November
More information2014 Audit of the Board s Information Security Program
O FFICE OF I NSPECTOR GENERAL Audit Report 2014-IT-B-019 2014 Audit of the Board s Information Security Program November 14, 2014 B OARD OF G OVERNORS OF THE F EDERAL R ESERVE S YSTEM C ONSUMER FINANCIAL
More informationDivision of Information Technology. Strategic Plan. July 3, 2007
Division of Information Technology Strategic Plan 2007 2010 July 3, 2007 i Mission of the Division of Information Technology The mission of the Division of Information Technology (IT) is to add value to
More informationAudit of NRC s Network Security Operations Center
Audit of NRC s Network Security Operations Center OIG-16-A-07 January 11, 2016 All publicly available OIG reports (including this report) are accessible through NRC s Web site at http://www.nrc.gov/reading-rm/doc-collections/insp-gen
More information