AGENDA. CNDSP Program CNDSP is a Team Sport. Protect Respond CNDSP Contacts Questions



Similar documents
CHAIRMAN OF THE JOINT CHIEFS OF STAFF MANUAL

Operationally Focused CYBER Training Framework


How To Evaluate A Dod Cyber Red Team

DoD IA Training Products, Tools Integration, and Operationalization

DEPARTMENT OF THE NAVY OFFICE OF THE CHIEF OF NAVAL OPERATIONS 2000 NAVY PENTAGON WASHINGTON, DC

A Combat Support Agency

Joint Information Environment Single Security Architecture (JIE SSA)

An Overview of Large US Military Cybersecurity Organizations

ARF, ARCAT, and Summary Results. Lt Col Joseph L. Wolfkiel

CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION

Big Data Platform (BDP) and Cyber Situational Awareness Analytic Capabilities (CSAAC)

Independent Security Operations Oversight and Assessment. Captain Timothy Holland PM NGEN

Department of Defense INSTRUCTION

CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION

Keynote: FBI Wednesday, February 4 noon 1:10 p.m.

Subj: DEPARTMENT OF THE NAVY CYBERSECURITY/INFORMATION ASSURANCE WORKFORCE MANAGEMENT, OVERSIGHT, AND COMPLIANCE

Missouri Economic Impact Brief US Department of Defense Contract Spending

Department of Defense INSTRUCTION

Information Assurance Workforce (IAWF) Contracting Officer Representative (COR) & Project Manager (PM) Workshop

Cyber Situational Awareness - Big Data Solution

PDS (The Planetary Data System) Information Technology Security Plan for The Planetary Data System: [Node Name]

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

Department of Defense INSTRUCTION

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

DISA Testing Services for the Enterprise. Luanne Overstreet

Working with the FBI

Using Monitoring, Logging, and Alerting to Improve ICS Security ICSJWG 2015 Fall Meeting October 27, 2015

CALNET 3 Category 7 Network Based Management Security. Table of Contents

Department of Defense INSTRUCTION. SUBJECT: Communications Security (COMSEC) Monitoring and Information Assurance (IA) Readiness Testing

Department of Defense INSTRUCTION

How To Audit The Mint'S Information Technology

Department of Defense INSTRUCTION. Measurement and Signature Intelligence (MASINT)

Incident Handling. Applied Risk Management. September 2002

Department of Defense INSTRUCTION

Intelligence Driven Security

DoD ENTERPRISE CLOUD SERVICE BROKER CLOUD SECURITY MODEL

Triangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace

DOD Information Assurance Training & Awareness Products To order our products, please go to the following website:

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

Subj: DEPARTMENT OF THE NAVY INFORMATION ASSURANCE POLICY

The Importance of Cybersecurity Monitoring for Utilities

State of Vermont. Intrusion Detection and Prevention Policy. Date: Approved by: Tom Pelham Policy Number:

Security Policy JUNE 1, SalesNOW. Security Policy v v

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

NOTICE: This publication is available at:

Department of Defense DIRECTIVE

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS

Cyber Workforce Training

Report on CAP Cybersecurity November 5, 2015

Consolidated Afloat Networks and Enterprise Services (CANES)

Open Source Incident Management Tool for CSIRTs

DoD Cybersecurity Discipline Implementation Plan October 2015 Amended February 2016

Joint Training Enterprise Architecture

Session 9: 20 Questions You Should Answer About Your Cyber Security Readiness Jeff Thomas, Partner, KPMG Ivan Alcoforado, Senior Manager, KPMG

A Comprehensive Cyber Compliance Model for Tactical Systems

How To Protect A Network From Attack From A Hacker (Hbss)

IA Personnel Readiness: Training, Certification and Workforce Management

DoD Strategy for Defending Networks, Systems, and Data

Department of Defense DIRECTIVE

USING SECURITY METRICS TO ASSESS RISK MANAGEMENT CAPABILITIES

Cyber Watch. Written by Peter Buxbaum

SYSTEMS SECURITY ENGINEERING

Hunting for the Undefined Threat: Advanced Analytics & Visualization

Course Title: Penetration Testing: Network & Perimeter Testing

What Does a Cyber Secure Navy Look Like?

FedVTE Training Catalog SUMMER advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

Department of Defense INSTRUCTION

FREQUENTLY ASKED QUESTIONS

NERC CIP Compliance with Security Professional Services

Overview TECHIS Carry out risk assessment and management activities

The Comprehensive National Cybersecurity Initiative

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies:

Department of Defense DIRECTIVE. SUBJECT: National Security Agency/Central Security Service (NSA/CSS)

Oil & Gas Cybersecurity

APPENDIX J INFORMATION TECHNOLOGY MANAGEMENT GOALS

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Bellevue University Cybersecurity Programs & Courses

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Update On Smart Grid Cyber Security

OFFICE OF THE SECRETARY OF DEFENSE 1700 DEFENSE PENTAGON WASHINGTON, DC

Cyber Security Operations: Building or Outsourcing

The National Cybersecurity Workforce Framework Delaware Cyber Security Workshop September 29, 2015

CHAPTER 67 INFORMATION SYSTEMS TECHNICIAN (IT) NAVPERS H CH-63

Next Generation Enterprise Network: Network Operations (NetOps) Concept of Operations (CONOPS) 7 April 2008

ARL. Laboratory Overview ARCTIC SOF CAPABILITIES WORKSHOP. Penn State. Presented to: Presented by: Mr. Tom Goodall 20 November 2014

ForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002

WSECU Cyber Security Journey. David Luchtel VP IT Infrastructure & Opera:ons

Anatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow

Cyber Incident Annex. Federal Coordinating Agencies. Coordinating Agencies. ITS-Information Technology Systems

Obtaining Enterprise Cybersituational

Cybersecurity The role of Internal Audit

CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION

US-CERT Year in Review. United States Computer Emergency Readiness Team

Department of Defense DIRECTIVE

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

Department of Defense DIRECTIVE

Transcription:

DISA s Computer Network Defense Service Provider Program (CNDSP) 7 May 2012

AGENDA CNDSP Program CNDSP is a Team Sport DISA s CNDSP Program Detect Protect Respond CNDSP Contacts Questions

CNDSP Program DoDD O 8530.1 CND Directive Establishes policy, assigns responsibilities, and prescribes procedures for the implementation, provisioning, conduct, and sustainment of cyber defense and defensive cyber services for DoD information networks and information systems (ISs).

CNDSP is a Team Sport National Security Incident Response Center (NSIRC) USSTRATCOM USCYBERCOM IC Incident Response Center (ICIRC) Director National Intelligence (DNI) Policy Oversight Guidance Tier 1 DoD-Wide DCIO Law Enforcement & Counterintelligence Center Tier 2 Component Level CND Tier 3 Enclave Level CND General Service CNDS/CA (DISA) COCOM (CC) STRATCOM TRANSCOM SERVICE A2TOC AFNOC NCDOC MCNOSC USCG Spec Enclave GENSER Spec Enclave GENSER SUBORDINATES BASE/CAMP/ POST/STATION Special Enclave CNDS/CA (DIA) AGENCY/FIELD ACTIVITY ARL DTRA DARPA HPCOM DCMA ITA/PENTCIRT DeCA MDA DFAS (NIPR) NGA DIA NRO DISA NSA DLA SPAWAR (MHS) Spec Enclave GENSER COMPONENTS/CUSTOMERS AOR SA Dissemination Info Incident Reporting Supporting Tier 3 IA/CND Implementation Execution & Reporting

DISA s CNDSP Program

PROTECT Function DISA CNDSP Subscriber Vulnerability Analysis Assessment Conduct (2) perimeter scans annually Compliance Monitoring and tracking of findings Conduct monthly scans, upload results in VMS Resolve findings, update VMS External Assessment Establish and conduct external assessments Distribute reports to subscriber and DCC Compliance Monitoring and tracking of findings Schedule an annual external assessment Acknowledge receipt of report and resolved findings. Malware Protection Support Support & Training INFOCON CYBERCON Access to AV/AM software and signatures 24X7 assistance Report emerging viruses to USSTRATCOM Assist subscriber with CND training required Provide training, CBTs, VTE and 2 seats in IA classroom. Maintain subscriber configuration mgmt docs Provide INFOCON change support and assistance, as needed Ensure AV/AM/Signatures are loaded and updated. CND personnel trained, TTPs established Develop and maintain training records for all CND personnel Provide IT configuration mgmt docs to DISA CNDSP Ensure INFOCON levels and immediately notify DISA of conflicts INFOCON Levels IAVM Provide compliance tracking of all findings Review POAMs, VMS, and report Coordinate with subscriber non compliance Maintain VMS, POAMs, and request assistance from CNDSP.

DETECT Function DISA CNDSP Subscriber Network Security Monitoring Coordinate and install sensors on subscribers networks. Conduct Monitoring and analysis activities Report anomalous events detected by sensors following DoD guidance Develop TTPs for assessing baseline Provide audit/log files when requested Provide updated network topology diagrams semi annually Attack Sensing & Warning Develop and follow TTPs Provide subscriber with TIPPERS of suspicious/malicious traffic Provide lessons learned/best practices developed from analysis of suspicious/malicious traffic Disseminate AS&W information within organization Provide CNDSP with SA of current activities occurring at subscriber site (BT, LE/CI and/or Exercises) Share analysis of information or warnings developed Indications and Warning Develop and follow TTPs Coordinate with IC to share information Coordinate with subscriber to share IC information Acknowledge and maintain threat reports disseminated by the CNDSP Ensure threat reports are disseminated within the organization

RESPOND Function DISA CNDSP Subscriber Incident Reporting Identify and report events/incidents on DISANET Develop and follow TTPs Maintain an incident/event master log Develop TTPs to conduct incident handling Self report all incidents Verify and validate incidents and respond to DISA with timely feedback. Incident Response Develop and follow TTPs Provide timely responses Provide 24X7 analysis of incidents Maintain list of CND Technical Experts in DoD/Commercial Orgs Operate 24X7 basis Provide surge capabilities Acknowledge and provided feedback on all post incident analysis. Develop countermeasures and mitigation strategies Incident Analysis Provide an analysis of the incident to determine impact on subscribers networks. Provide results to subscribers, Tier 1 and other Tier 2 organizations Develop mitigation strategies and restoration capability Request technical advice as needed

DISA CNDSP Contacts Tier 2 Program DISA Command Center (DCC) CNDSP Net Assurance (NA) Tel: (301) 225 3553 GENSER PM DISA CNDSP Tel: (717) 267 9715 Special Enclave PM DIA CNDSP (Special Enclave PM) Tel: (719) 556 5453

QUESTIONS

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information