The conference agenda is attached.



Similar documents
WIRELESS LOCAL AREA NETWORK (WLAN) IMPLEMENTATION

Things I can do to protect my network from getting Hacked!!!!!! Jazib Frahim, Technical Leader

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

IT Security Incident Management Policies and Practices

Data Security: Fight Insider Threats & Protect Your Sensitive Data

HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS

Pacific Islands Telecommunications Association

The Hidden Dangers of Public WiFi

2012 NCSA / Symantec. National Small Business Study

How To Manage Security On A Networked Computer System

Welcome Back Roberto Casetta, Snr. Vice President International. The Story Behind The Crystal Pete Daw, Cities Urban Developer Siemens Plc

Risk Management Guide for Information Technology Systems. NIST SP Overview

Four Top Emagined Security Services

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

VA Office of Inspector General

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

Protecting productivity with Plant Security Services

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Information Security Services

Information Security Awareness Training and Phishing

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

The Future Is SECURITY THAT MAKES A DIFFERENCE. Overview of the 20 Critical Controls. Dr. Eric Cole

Symantec Client Management Suite 8.0

Cyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology

Report of Evaluation OFFICE OF INSPECTOR GENERAL. OIG 2014 Evaluation of the Farm Credit OIG 2014 Administration s. Management Act.

Introducing our Chair for the Forum...

Keynote: FBI Wednesday, February 4 noon 1:10 p.m.

Wireless Local Area Network Deployment and Security Practices

Yas Island Rotana. Abu Dhabi United Arab Emirates. November 21-22

CDW-G Federal Cybersecurity Report: Danger on the Front Lines. November CDW Government, Inc.

Attachment A. Identification of Risks/Cybersecurity Governance

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

VA Office of Inspector General

Office of Inspector General

How To Audit The Mint'S Information Technology

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System

Cybersecurity Workshop

AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN Siskiyou Boulevard Ashland OR 97520

Protecting critical infrastructure from Cyber-attack

CYBERSECURITY EXAMINATION SWEEP SUMMARY

Defending Against Data Beaches: Internal Controls for Cybersecurity

Symantec DLP Overview. Jonathan Jesse ITS Partners

End-user Security Analytics Strengthens Protection with ArcSight

Security Incident Response Process. Category: Information Security and Privacy. The Commonwealth of Pennsylvania

Defensible Strategy To. Cyber Incident Response

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013

Cisco Security Optimization Service

Check Point and Security Best Practices. December 2013 Presented by David Rawle

Qualification Specification. Level 4 Certificate in Cyber Security and Intrusion For Business

Preliminary Agenda As of Friday, April 15, 2016

THE BUSINESS CASE FOR NETWORK SECURITY: ADVOCACY, GOVERNANCE, AND ROI

10 best practice suggestions for common smartphone threats

Attachment F. Incident Response

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Redefining SIEM to Real Time Security Intelligence

Michigan Cyber Summit 2013 Hosted by Michigan Governor Rick Snyder

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

OCIE CYBERSECURITY INITIATIVE

OCR LEVEL 3 CAMBRIDGE TECHNICAL

2015 WEMA Conference. Best Western Premier Waterfront 1 N. Main St. Oshkosh, WI October 14 WEMA CONFERENCE

Into the cybersecurity breach

A Case for Managed Security

Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs

UNCLASSIFIED (U) U.S. Department of State Foreign Affairs Manual Volume 5 Information Management 5 FAM 870 NETWORKS

Welcome RADM Frederick Lewis, USN (Ret) President, National Training and Simulation Association (NTSA)

The Importance of Cybersecurity Monitoring for Utilities

NASCIO 2015 State IT Recognition Awards

Fiscal Year 2014 Federal Information Security Management Act Report: Status of EPA s Computer Security Program

Transcription:

Greetings to all, You are all invited to the 2nd ANNUAL INDIAN HEALTH SERVICE (IHS) CYBER SECURITY CONFERENCE to be held at the Mystic Lake Casino Hotel, Prior Lake, MN during 12-14 July 2010. Additionally, all your respective Tribes/Natives within your service areas are also invited to attend, so please extend the invitation accordingly. The conference agenda is attached. Sincerely, RAYMOND A WILLIE TRIBAL LIAISON (ACTING) OFFICE OF INFORMATION TECHNOLOGY INDIAN HEALTH SERVICE OFFICE: 505-248-4411 CELL: 505-559-0114

2 ND ANNUAL INDIAN HEALTH SERVICE (IHS) CYBER SECURITY CONFERENCE JOINT CONFERENCE WITH THE IHS NORTHERN REGION TECHNOLOGY CONFERENCE Agenda (v6) Mystic Lake Casino Hotel July 12 14, 2010 Monday July 12, 2010 8:00 am 8:15 am Welcome, Introductions, and Overview of Conference Timothy Defoggi, IHS Chief Information Security Officer (CISO) IHS Security Program 8:15 am 8:45 am 8:45 am 9:30 am The IHS DIS is responsible for ensuring the security of IHS information systems and resources, as well as the integrity and confidentiality of protected health information and personally identifiable information. This session will give an overview of the Program and its priorities, as well as discuss current challenges facing IHS. Status of 3-Year Plan Projects Juan Torrez, Management Analyst and Security Team This presentation will provide an overview of the IHS 3-Year Cyber Security Plan, its challenges, and current progress. VPN/Citrix Project Kathryn Lewis, Enterprise Technology Services (ETS) Federal Lead 9:30 am 10:00 am IHS is implementing a new and secure VPN solution which will significantly improve the IHS security posture and strengthen operational reliability of the IHS enterprise network. This presentation will provide an overview of the new VPN solution. (Meaningful Use Element) 10:00 am 10:15 am BREAK Symantec Risk Automation Suite (SecureFusion) Timothy Bowe, Vulnerability Analyst 10:15 am 11:15 am Symantec Risk Automation Suite, formerly Gideon SecureFusion, is an IHS-wide computer vulnerability and configuration assessment tool available to sites connected to the IHS network, including Tribal and Urban facilities. This will be an indepth discussion and demonstration of the Risk Automation Suite discovery, compliance, reporting, and vulnerability capabilities. (Meaningful Use Element)

11:15 am 12:00 pm Reorganization of Information System Security Officers (ISSOs)* Juan Torrez, Management Analyst One idea to improve the security posture of Area Offices and Service Units is to realign the Area ISSOs so they report directly to DIS and the CISO. Realigning Area ISSOs into the DIS infrastructure would enable a greater focus on security, effectively reducing the overall risk to IHS resources. This realignment would enable security staff to move from a reactive posture to a more proactive approach. 12:00 pm 1:15 pm LUNCH 1:15 pm 1:45 pm 1:45 pm 2:45 pm Event Logging* Ed Stover, Logging Analyst Proactive log analysis helps identify security incidents, policy violations, fraudulent activity, and operational anomalies. In addition, federal laws and regulations require IHS to store computer security logs in sufficient detail for an appropriate period of time. This presentation will cover potential problems and possible solutions for implementing centralized logging at IHS. (Meaningful Use Element) Intrusion Prevention* David Patterson, Incident Response Team (IRT) Federal Lead and Shad Malloy, Security Specialist External threats to IHS pose significant risk to IHS data. This presentation will discuss current threats and proactive steps to intrusion prevention. 2:45 pm 3:00 pm BREAK 3:00 pm 5:00 pm Group Breakout Sessions (Daily Topics) Group breakout sessions will be held in small groups to discuss an issue that has been presented earlier in the day and find solutions that will best work for IHS. These think tank discussions will provide direction for updating the 3-Year Cyber Security Plan. Topic Moderator Location Intrusion Prevention David Patterson and Shad Ballroom Malloy Event Logging Ed Stover Room A Reorganization of the ISSOs Juan Torrez Room B 5:00 pm ADJOURN * Group Break Out Session Topic

Tuesday July 13, 2010 8:00 am 8:15 am 8:15 am 9:15 am 9:15 am 10:00 am Introductions/Announcements Keynote Speaker, Cyber Security at the FDA Joe Albaugh, FDA CISO Mr. Albaugh will discuss the unique challenges that face the FDA information security program and what new and innovate solutions are being implemented to secure FDA data. Hacking Humans Chris Hurley, Terrance Gareau, and Rob Collins Hacking Humans is a live demonstration of the techniques and methods attackers use to compromise government laptops if they are used at public hotspots, such as hotels, coffee shops, and airports. Each step of the attack is detailed and includes both demonstrations and techniques that can be used to protect you and your organization from these attacks. 10:00 am 10:15 am BREAK 10:15 am 11:30 am 11:30 am 12:00 pm Panel on Medical Devices* Moderator Samantha Hellmann, RPMS ISSO Non-IT managed medical devices continue to be an issue throughout the IHS; fortunately, IHS is not the only agency facing this problem. Ms. Hellmann will lead a panel of distinguished guests from the Department of Veterans Affairs (VA) and IHS Biomedical division. Panel discussion will be held on the security risks associated with medical devices and proposed solutions. There will be a presentation on the VA's medical device isolation guide and an update will be provided on the current status of IHS medical device inventory and future tasks associated with this project. Meaningful Use (MU)* There are multiple security requirements that need to be met for IHS to achieve MU. This presentation will cover the two different types of requirements: 1) Agency-wide and 2) facility-specific. Mr. Defoggi will discuss how IHS is working toward meeting these requirements and what facilities will need to do to be prepared to meet MU. 12:00 pm 1:15 pm LUNCH 1:15 pm 2:00 pm HSPD-12* Timothy Bowe, IAM@HHS Logical Access Control System (LACS) Lead Mr. Bowe will be presenting a current status on HSPD-12, IAM@HHS, and 2-factor authentication. He will also discuss recent developments, including DEA decisions and their impact on MU and OMB data calls. (Meaningful Use Element)

2:00 pm 2:45 pm Network Security* Patrick Gormley, CCIE, IHS Network Federal Lead There are several new network projects and initiatives that will greatly improve the Agency security posture. This presentation will cover several topics, including WAN encryption, network redesign, and the DMZ. (Meaningful Use Element) 2:45 pm 3:00 pm BREAK 3:00 pm 5:00 pm Group Breakout Sessions (Daily Topics) Group breakout sessions will be held in small groups to discuss an issue that has been presented earlier in the day and find solutions that will best work for IHS. These think tank discussions will provide direction for updating the 3-Year Cyber Security Plan. Topic Moderator Location Medical Devices Samantha Hellman Ballroom Network Security Patrick Gormley Ballroom HSPD-12 Timothy Bowe Room A Meaningful Use Timothy Defoggi Room A 5:00 pm ADJOURN

Wednesday July 14, 2010 8:00 am 8:05 am 8:05 am 8:20 am 8:20 am 8:45 am 8:45 am 10:00 am Introductions/Announcements Overview of the Computer Security Incident Response Center (CSIRC) Michael Cox, Director, CSIRC This presentation will provide a brief overview of the CSIRC, a project history, and current status. IHS Tools Workshop Shad Malloy, Security Specialist and Rudy Martinez, IRT This workshop will discuss the functionality and use of new IHS tools, VisiWave and CoreImpact. (Meaningful Use Element) CSIRC Tool Workshop This workshop will cover the tools that will be deployed HHS-wide and the best way to deploy these tools at IHS to ensure there will be no impact on patient care. There will be several speakers including a representative from ArcSight and the HHS engineer dedicated to NetWitness. (Meaningful use Element) 10:00 am 10:15 am BREAK 10:15 am 12:00 pm CSIRC Tool Workshop, Continued 12:00 pm 1:15 pm LUNCH 1:15 pm 2:00 pm CSIRC Tool Workshop Wrap-up 2:00 pm 2:20 pm 2:20 pm 2:30 pm OIG Tools and Techniques for Identifying Malware Special Agent (SA) Bill Tydeman SA Tydeman will demonstrate OIG tools used and designed for finding viruses, Trojans, and other evidence of intrusions. Closing Remarks Timothy Defoggi, CISO 2:30 pm ADJOURN IHS Contact Information Tim Defoggi (505) 248-4166 timothy.defoggi@ihs.gov Mike Ginn (505) 248-4787 arnold.ginn@ihs.gov Juan Torrez (505) 248-4446 juan.torrez@ihs.gov Tim Bowe (505) 248-4097 tim.bowe@ihs.gov David Patterson (505) 248-4464 david.patterson@ihs.gov Patrick Gormley (505) 248-4112 patrick.gormley@ihs.gov Kathryn Lewis (505) 248-4254 kathryn.lewis@ihs.gov

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information