USDA PHYSICAL SECURITY PROGRAM



Similar documents
Supplier Security Assessment Questionnaire

Delphi Information 3 rd Party Security Requirements Summary. Classified: Public 5/17/2012. Page 1 of 11

HIPAA Compliance Evaluation Report

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07

Penetration Testing. I.T. Security Specialists. Penetration Testing 1

From the Lab to the Boardroom:

National Bio and Agro-Defense Facility Draft Environmental Impact Statement (NBAF Draft EIS) Public Meeting

Information Security Policy and Handbook Overview. ITSS Information Security June 2015

Cisco Advanced Services for Network Security

SRA International Managed Information Systems Internal Audit Report

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

APHIS INTERNET USE AND SECURITY POLICY

AUDIT REPORT FACILITIES INFORMATION MANAGEMENT SYSTEM DOE/IG-0468 APRIL 2000

Section VI Principles of Laboratory Biosecurity

UF IT Risk Assessment Standard

AUSTIN INDEPENDENT SCHOOL DISTRICT INTERNAL AUDIT DEPARTMENT TRANSPORTATION AUDIT PROGRAM

Utica College. Information Security Plan

Corporate Property Automated Information System CPAIS. Privacy Impact Assessment

Nine Steps to Smart Security for Small Businesses

How To Audit The Mint'S Information Technology

Web Time and Attendance

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Information Blue Valley Schools FEBRUARY 2015

Cornell University PREVENTION AND MITIGATION PLAN

U.S. Department of Energy Office of Inspector General Office of Audits & Inspections. Evaluation Report

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION

Data Security Incident Response Plan. [Insert Organization Name]

UTMB INFORMATION RESOURCES PRACTICE STANDARD

Audit Report. Natural Resources Conservation Service Water and Climate Information System Review of Application Controls Portland, Oregon

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

Office of Inspector General

HEALTH INSURANCE MARKETPLACES GENERALLY PROTECTED PERSONALLY IDENTIFIABLE INFORMATION BUT COULD IMPROVE CERTAIN INFORMATION SECURITY CONTROLS

Vulnerability Management Policy

In Brief. Smithsonian Institution Office of the Inspector General

Office of Laboratory Science and Safety

U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Office of Inspector General

C. Author(s): David Millar (ISC Information Security) and Lauren Steinfeld (Chief Privacy Officer)

AUDIT REPORT. The Energy Information Administration s Information Technology Program

Fear Not What Security Can Do to Your Firm; Instead, Imagine What Your Firm Can Do When Secured!

CIS 523/423 Disaster Recovery Business Continuity

Department of Homeland Security Office of Inspector General

El Camino College Homeland Security Spring 2016 Courses

Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education

State of Vermont. Intrusion Detection and Prevention Policy. Date: Approved by: Tom Pelham Policy Number:

Information Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services

BUSINESS CONTINUITY PLANNING

BUDGET LETTER PEER-TO-PEER FILE SHARING , , EXECUTIVE ORDER S-16-04

HIPAA Security Alert

Memorandum. ACTION: Report on Computer Security Controls of Financial Management System, FTA FE May 23, 2000.

Click to edit Master title style

Threats to Local Governments and What You Can Do to Mitigate the Risks

COUNTERINTELLIGENCE VULNERABILITY ASSESSMENT FOR CORPORATE AMERICA

Security for NG9-1-1 SYSTEMS

UF Risk IT Assessment Guidelines

Evaluation Report. Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review. April 30, 2014 Report Number 14-12

BALTIMORE CITY COMMUNITY COLLEGE INFORMATION TECHNOLOGY SECURITY PLAN

University Information Technology Security Program Standard

Security Management. Keeping the IT Security Administrator Busy

CMS Operational Policy for Firewall Administration

INFORMATION SECURITY California Maritime Academy

Science/Safeguards and Security. Funding Profile by Subprogram

I. EXECUTIVE SUMMARY. Date: June 30, Sabina Sitaru, Chief Innovation Officer, Metro Hartford Innovation Services

HIPAA Security Compliance Reviews

Get Confidence in Mission Security with IV&V Information Assurance

Office of Inspector General

Logging In: Auditing Cybersecurity in an Unsecure World

Cybersecurity Health Check At A Glance

Computer Security Incident Reporting and Response Policy

Audit of NRC s Network Security Operations Center

EMS Environmental Emergency Response Plan EXAMPLE

Evaluation Report. Office of Inspector General

Solutions and IT services for Oil-Gas & Energy markets

EOC Assessment Checklist

Transcription:

USDA PHYSICAL SECURITY PROGRAM Joe Reale Physical Security Specialist Phone: 202-690-0230 Email: Josephd.Reale@usda.gov Discussion Level: Unclassified

OUTLINE Purpose Organizational Structure Responsibilities Mission Statement Methodology Security Assessments History & Examples Questions

PURPOSE To Explain: Who is responsible for the security of USDA assets and personnel What are the assets USDA needs to protect How are those assets protected (Methodology) Why is it important for USDA to secure these assets

ORGANIZATIONAL CHART Secretary of Agriculture Assistant Secretary Administration Director OPPM Chief Property Management Chief Physical Security

MISSION STATEMENT Develop, implement, coordinate, maintain, and monitor USDA-wide physical security policies, procedures, statements, and guidelines for the protection of USDA critical assets and personnel

RESPONSIBILITIES Develop USDA Physical Security Policy and Procedures Conduct Site Assessments Provide Physical security oversight and compliance Provide guidance Protect USDA personnel, assets, and facilities

WHAT Over 675,000 pieces of personal property worth over $3.2 billion Over 192 million acres of land (Texas & South Carolina combined) Approximately 51 million square feet of space (owned & leased) Over 25,000 facilities Over 100,000 employees

MISSION CRITICAL ASSETS / ESSENTIAL INFRASTRUCTURE IT Systems Hardware Research Data / Information Lab Equipment CBR Material (precursors for WMD) Research Material (plants, animals, insects, seeds, toxins, pathogens, GMOs, etc) Personnel (Institutional Knowledge) Buildings

HOW: RISK MANAGEMENT APPROACH It is the policy of USDA to efficiently and effectively manage the risk. Greater management control and accountability at all levels for intellectual, personal, and real property assets, as well as a secure work environment for USDA personnel and its contractors. Mitigate the consequences of an attack.

PROCEDURES Asset Identification Critical, Expensive, Mission Essential Criticality Assessment How critical and when its most critical (growing season) Threat Assessment Vulnerability Assessment Gap Analysis List of Recommendations / Security Countermeasures (common sense approach)

SECURITY ASSESSMENTS Based on the Risk Management Approach Tailor the correct Assessment Team Initial Notification In-Brief Site Tour / Assessment Out-Brief Written Report

WHY Presidential Decision Directives September 11, 2001 Tragedy USDA OIG Audit Report Regulatory Requirements Current Events USDA s long term goal in protecting USDA assets

ASSESSMENT HISTORY 120 sites in the last year offices and BSL 1 & 2 Labs Agencies including: ARS, NRCS, FS, APHIS, and AMS Approximately 30 sites have been on University / College Campuses

EXAMPLE OF VULNERABILITIES IT Exploitable Web Content (too much personal data and pictures on the web) Background checks on students and contractors Privacy Act information left unsecured Centralized backup and recovery procedures Screen saver and BIOS passwords should be utilized Protect server and communications rooms Penetration tests and vulnerability scans Students utilizing systems without signing nondisclosure statements

EXAMPLE OF VULNERABILITIES CBR Unauthorized access into labs by students Unauthorized sharing of lab equipment and instruments Freezers, refrigerators, and growth chambers not secured in the evenings No backup generators or UPS on critical systems and/or freezers Chemical / Hazardous Waste not being properly secured Rooms with pathogens and radio isotopes need to be secured Protect water and utility supply to include purification system and wells Protect controlled substances

EXAMPLE OF VULNERABILITIES Physical Control Access to prevent unauthorized access into buildings Mail handling and non-centralized package deliveries Protecting mechanical and utility rooms and equipment Key control ID badges Air intakes Harden buildings and rooms for after hours Good working relationship with campus and/or local police Parking

Questions?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information