An Integrative Framework for Secure and Resilient Mission Assurance
|
|
- Godfrey Hunt
- 5 years ago
- Views:
Transcription
1 Sentar Inc 315 Wynn Dr Huntsville, AL An Integrative Framework for Secure and Resilient Mission Assurance 10/18/2010 1
2 What is^ Mission Assurance? DoD Definition: Mission Assurance is a process to ensure that assigned tasks or duties can be performed in accordance with the intended purpose or plan. When an attack evades detection and defeat and disrupts US systems and networks, the defensive priority turns to survival and mission assurance. In this context, MA seeks to ensure that critical MEFs [Mission Essential Functions] fight through and recover from attacks against the underlying cyber infrastructure. (Jabbour, 2010) 10/18/2010 2
3 Understanding Mission Dependencies is Key to MA Mission awareness lies at the heart of situational awareness. Understanding the dependence of missions on specific assets, the interdependence of assets, and the interdependence of missions drives the requirements for SA. (Jabbour, 2010) 10/18/2010 3
4 VIDEO 10/18/2010 4
5 Cyber Mission Resilience (CMR): An achievable objective Current security approaches to protect information systems have focused on preventing attacks from being successful by hardening defenses with authentication, encryption, and a variety of layer violating network devices (i.e., firewalls, network address translators, intrusion detection systems). What is not being captured is the survivability of an entire system to failures or attack. (Yurcik et al, 2000) Achieving high performance requires consistency in results, which necessitates consistency in operations One way to respond well in a crisis is to become more resilient to excel at anticipating and managing disruptions Mission resilience, by improving an agency s ability to operate during routine disruptions, also improves the agency s overall mission effectiveness even if no disaster occurs. (Accenture, 2008) 10/18/2010 5
6 Cyber Mission Resilience Framework Cyber Mission Awareness CMR Conceptual Baseline CMR Engineering Process Objective measure of Cyber Mission Resilience Operational Readiness Operational Assurance Security Quality Assurance of Mission CMR Metrics 10/18/2010 6
7 CMR ENGINEERING 10/18/2010 7
8 Engineering Process / Methodology Systems Engineering V process model ends at transition Truly resilient cyber architectures will anticipate, adapt and respond to threats occurring during operations DAU Systems Engineering Process Integration of operational concerns through iterative development is difficult at best. 10/18/2010 8
9 Cyber Mission Resiliency V System Concept CONOPS Mission Dependency Analysis IA/CND Architecture Critical Component/function Identification / Dependency Determinations Rapid Feedback Loop APT Response System Validation Operations and Sustainment Support Resilience as achieved Metrics Resilience Sustained Metrics System IA / CND Rqmts IA S/W Quality Plan Cyber Resiliency Dependency Mitigations IA /CND Verification Plan IA/CND Allocations HW/SW/ Procedural System Security Requirements and Verification Plan System Security Requirements Allocation E.g. new variant of Malicious Code System Integration Support System Test Support System Verification IA/CND Policies IA/CND Training IA/CND Exit Criteria IA/CND Critical Dependencies Mitigation Verification IA/CND HW/SW Testing Software Integrity (Quality) Testing Model & Simulation V V&A (if applicable)
10 CMR METRICS 10/18/
11 Metrics: Key to the V&V of Resilience The purpose of a metric is to assist with organizationallevel analysis and assessment and are used to facilitate decision making, improve performance/accountability, and determine effectiveness of controls/processes/policies (Bryant, 2007) Confidence and trust can be built through demonstration of reduced variation, improved dependability, consistent performance, and stable reliability Demonstrating these qualities is a matter of repetition and statistical measurement 10/18/
12 Measuring CMR through Metrics 10/18/
13 Achieving CMR: FAA & NORAD MTBF NORAD conducts persistent aerospace warning, aerospace control and maritime warning in the defense of North America. MTBDE MM FI MTBCF/ MTTRF 10/18/
14 Summary Achieving Cyber Mission Resilience requires a new way of structuring our system engineering processes and Cybersecurity Cyber Mission Resilience will be sustained through» An Integrated framework (baseline)» Greater Engineering emphasis on critical dependencies & Operational integration (methodology)» Meaningful Metrics (measures) 10/18/
15 QUESTIONS? /18/
UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #18
Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Office of Secretary Of Defense Date: March 2014 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 2: Applied Research COST ($ in Millions)
More informationUNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2013 Office of Secretary Of Defense DATE: February 2012 COST ($ in Millions) FY 2011 FY 2012 Base OCO Total FY 2014 FY 2015 FY 2016 FY 2017 Cost To Complete
More informationUNCLASSIFIED FY 2016 OCO. FY 2016 Base
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense Date: February 2015 0400:,, Test & Evaluation, Defense-Wide / BA 3: Advanced Technology (ATD) COST ($ in Millions)
More informationUNCLASSIFIED R-1 ITEM NOMENCLATURE. FY 2014 FY 2014 OCO ## Total FY 2015 FY 2016 FY 2017 FY 2018
Exhibit R-2, RDT&E Budget Item Justification: PB 2014 Office of Secretary Of Defense DATE: April 2013 BA 3: Advanced (ATD) COST ($ in Millions) All Prior Years FY 2012 FY 2013 # Base OCO ## Total FY 2015
More informationCyber Challenges and Acquisition One Corporate View
Sentar Inc 315 Wynn Dr Huntsville, AL 35805 256-430-0860 www.sentar.com Cyber Challenges and Acquisition One Corporate View Defense Acquisition University Conference Huntsville, AL February 22-23, 2011
More informationUNCLASSIFIED. FY 2016 Base FY 2016 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense Date: February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 2: Applied Research COST ($
More informationSpace Cyber: An Aerospace Perspective
Space Cyber: An Aerospace Perspective USAF Cyber Vision 2025 AFSPC 19-21 March 2012 Frank Belz and Joe Betser The Aerospace Corporation Computers and Software Division 20 March 2012 frank.belz@aero.org
More informationHeavy Vehicle Cyber Security Bulletin
Heavy Vehicle Cyber Security Update National Motor Freight Traffic Association, Inc. 1001 North Fairfax Street, Suite 600 Alexandria, VA 22314 (703) 838-1810 Heavy Vehicle Cyber Security Bulletin Bulletin
More informationUNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2013 Office of Secretary Of Defense DATE: February 2012 0400: Research,, Test & Evaluation, Defense-Wide BA 3: Advanced Technology (ATD) COST ($ in Millions)
More informationNATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium
NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium Securing Cyber Space & America s Cyber Assets: Threats, Strategies & Opportunities September 10, 2009, Crystal Gateway Marriott, Arlington,
More informationDepartment of Defense. Installation Energy Resilience
Department of Defense Installation Energy Resilience Lisa A. Jung DASD (Installation Energy) OASD(Energy, Installations and Environment) 19 June 2018 Installation Energy is Energy that Powers Our Military
More informationCYSE 411/AIT 681 Secure Software Engineering Topic #3. Risk Management
CYSE 411/AIT 681 Secure Software Engineering Topic #3. Risk Management Instructor: Dr. Kun Sun Outline 1. Risk management 2. Standards on Evaluating Secure System 3. Security Analysis using Security Metrics
More informationThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework U.S. German Standards Panel 2018 April 10, 2018 Adam.Sedgewick@nist.gov National Institute of Standards and Technology About NIST Agency of U.S. Department of Commerce
More informationCND Exam Blueprint v2.0
EC-Council C ND Certified Network Defende r CND Exam Blueprint v2.0 CND Exam Blueprint v2.0 1 Domains Objectives Weightage Number of Questions 1. Computer Network and Defense Fundamentals Understanding
More informationalign security instill confidence
align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed
More informationCybersecurity Survey Results
Cybersecurity Survey Results 4 November 2015 DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS.
More informationResilient Architectures
Resilient Architectures Jeffrey Picciotto 2 nd Annual Secure and Resilient Cyber Architectures Workshop Transformation of Thought CONOPS Use Cases End to End Flows Cyber Threats & Intelligence Prioritize
More informationPanelists. Moderator: Dr. John H. Saunders, MITRE Corporation
SCADA/IOT Panel This panel will focus on innovative & emerging solutions and remaining challenges in the cybersecurity of industrial control systems ICS/SCADA. Representatives from government and infrastructure
More informationAmerican Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment
American Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment July 20, 2017 DECIDEPLATFORM.COM The new Reality of Cyber Security
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationIllinois Cyber Navigator Program
Illinois Cyber Navigator Program Illinois State Board of Elections PA 100-0587 (10 ILCS 5/1A-55) Sec. 1A-55. Cyber security efforts. The State Board of Elections shall provide by rule, after at least 2
More informationSOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE
SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE SECURE AIRBORNE CONNECTIVITY: OVERVIEW Gogo Business Aviation realizes the ever-pressing need to be vigilant in staying ahead of potential
More informationAdvanced Security Tester Course Outline
Advanced Security Tester Course Outline General Description This course provides test engineers with advanced skills in security test analysis, design, and execution. In a hands-on, interactive fashion,
More informationCyber Hygiene: A Baseline Set of Practices
[DISTRIBUTION STATEMENT A] Approved for public Cyber Hygiene: A Baseline Set of Practices Matt Trevors Charles M. Wallen Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Copyright
More informationCybersecurity in Acquisition
Kristen J. Baldwin Acting Deputy Assistant Secretary of Defense for Systems Engineering (DASD(SE)) Federal Cybersecurity Summit September 15, 2016 Sep 15, 2016 Page-1 Acquisition program activities must
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More informationBusiness Continuity: How to Keep City Departments in Business after a Disaster
Business Continuity: How to Keep City Departments in Business after a Disaster Shannon Spence, PE Red Oak Consulting, an ARCADIS group Agenda Security, Resilience and All Hazards The Hazards Cycle and
More informationCyberspace: New Frontiers in Technology Insertion
Cyberspace: New Frontiers in Technology Insertion Dr. John S. Bay, ST Chief Scientist, Air Force Research Laboratory, Information Directorate AFRL Structure AFRL Maj Gen C Bedke Staff XP Air Vehicles Space
More informationWORKSHARE SECURITY OVERVIEW
WORKSHARE SECURITY OVERVIEW April 2016 COMPANY INFORMATION Workshare Security Overview Workshare Ltd. (UK) 20 Fashion Street London E1 6PX UK Workshare Website: www.workshare.com Workshare Inc. (USA) 625
More informationScience & Technology Directorate: R&D Overview
Science & Technology Directorate: R&D Overview August 6 th, 2012 UNCLASSIFIED//FOUO DHS S&T Mission Strengthen America s security and resiliency by providing knowledge products and innovative technology
More informationSecurity Management Models And Practices Feb 5, 2008
TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related
More informationNational Policy and Guiding Principles
National Policy and Guiding Principles National Policy, Principles, and Organization This section describes the national policy that shapes the National Strategy to Secure Cyberspace and the basic framework
More informationBusiness Continuity Management
Business Continuity Management Cyber Security importance by Ashraf Hasanov Business Continuity Expert BCMS BS25999 Lead Auditor Regional Disaster Response Team Member of IFRC What could stop your business?
More informationInformation Warfare Industry Day
Information Warfare Industry Day 20180510 RDML Barrett, OPNAV N2N6G TRANSPORT COMMERCIAL INTERNET DISN SCI Coalition Networks ADNS TELEPORT NMCI & ONE-NET JRSS MOC GNOC NCDOC USMC ISNS / CANES / SUBLAN
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationUNCLASSIFIED. FY 2016 Base FY 2016 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense Date: February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 2: COST ($ in Millions) Prior
More informationTable of Contents. Sample
TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION... 4 1.1 GOALS AND OBJECTIVES... 5 1.2 REQUIRED REVIEW... 5 1.3 APPLICABILITY... 5 1.4 ROLES AND RESPONSIBILITIES SENIOR MANAGEMENT AND BOARD OF DIRECTORS...
More informationSecurity Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:
Position: Reports to: Location: Security Monitoring Engineer / (NY or NC) Director, Information Security New York, NY or Winston-Salem, NC Position Summary: The Clearing House (TCH) Information Security
More informationControl System Security for Social Infrastructure
277 Hitachi Review Vol. 63 (201), No. 5 Featured Articles Control System Security for Social Infrastructure Toshihiko Nakano, Ph.D. Katsuhito Shimizu Tsutomu Yamada Tadashi Kaji, Dr. Info. OVERVIEW: The
More informationThe Perfect Storm Cyber RDT&E
The Perfect Storm Cyber RDT&E NAVAIR Public Release 2015-87 Approved for public release; distribution unlimited Presented to: ITEA Cyber Workshop 25 February 2015 Presented by: John Ross NAVAIR 5.4H Cyberwarfare
More informationFeatured Articles II Security Research and Development Research and Development of Advanced Security Technology
364 Hitachi Review Vol. 65 (2016), No. 8 Featured Articles II Security Research and Development Research and Development of Advanced Security Technology Tadashi Kaji, Ph.D. OVERVIEW: The damage done by
More informationSecurity by Default: Enabling Transformation Through Cyber Resilience
Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,
More informationRisk-Based Cyber Security for the 21 st Century
Risk-Based Cyber Security for the 21 st Century 7 th Securing the E-Campus Dartmouth College July 16, 2013 Dr. Ron Ross Computer Security Division Information Technology Laboratory NATIONAL INSTITUTE OF
More informationTRAINING WEEK COURSE OUTLINE May RADISSON HOTEL TRINIDAD Port of Spain, Trinidad, W.I.
TRAINING WEEK COURSE OUTLINE May 9-13 2016 RADISSON HOTEL TRINIDAD Port of Spain, Trinidad, W.I. Page2 FACILITATOR S BIOGRAPHY John Tannahill, CA, CISM, CGEIT, CRISC is a management consultant specializing
More informationNIST Special Publication
DATASHEET NIST Special Publication 800-53 Security and Privacy Controls for Federal Information Systems and Organizations Mapping for Carbon Black BACKGROUND The National Institute of Standards and Technology
More informationSeagate Supply Chain Standards and Operational Systems
DATA IS POTENTIAL Seagate Supply Chain Standards and Operational Systems Government Solutions Henry Newman May 9 2018 Supply Chain Standards and Results Agenda 1. 2. SUPPLY CHAIN REQUIREMENTS AND STANDARDS
More informationOverview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 PPD-21: CI Security and Resilience On February 12, 2013, President Obama signed Presidential Policy Directive
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Protective Security Advisors and Special Event Domestic Incident Tracker Overview Federal
More informationSecure Development Lifecycle
Secure Development Lifecycle Strengthening Cisco Products The Cisco Secure Development Lifecycle (SDL) is a repeatable and measurable process designed to increase Cisco product resiliency and trustworthiness.
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationCourses. X E - Verify that system acquisitions policies and procedures include assessment of risk management policies X X
4016 Points * = Can include a summary justification for that section. FUNCTION 1 - INFORMATION SYSTEM LIFE CYCLE ACTIVITIES Life Cycle Duties No Subsection 2. System Disposition/Reutilization *E - Discuss
More informationBalancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld
Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice
More informationAdversary Playbooks. An Approach to Disrupting Malicious Actors and Activity
Adversary Playbooks An Approach to Disrupting Malicious Actors and Activity Overview Applying consistent principles to Adversary Playbooks in order to disrupt malicious actors more systematically. Behind
More informationA Better Space Mission Systems threat assessment by leveraging the National Cyber Range
A Better Space Mission Systems threat assessment by leveraging the National Cyber Range Chuck Allen (CISSP) & Jonathon Doubleday CORD Presented to GSAW, Feb-March 2018 2018 The Aerospace Corporation Abstract
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Network Hunting The Network Hunting is employed to proactively look for indicators of an active threat or exploitation
More informationCYBERSECURITY MATURITY ASSESSMENT
CYBERSECURITY MATURITY ASSESSMENT ANTICIPATE. IMPROVE. PREPARE. The CrowdStrike Cybersecurity Maturity Assessment (CSMA) is unique in the security assessment arena. Rather than focusing solely on compliance
More informationAppendix 3 Disaster Recovery Plan
Appendix 3 Disaster Recovery Plan DRAFT March 5, 2007 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A3-i RFP: TQC-JTB-05-0002 March 5, 2007 REVISION HISTORY Revision
More informationForecast to Industry Program Executive Office Mission Assurance/NetOps
Defense Information Systems Agency A Combat Support Agency Forecast to Industry Program Executive Office Mission Assurance/NetOps Mark Orndorff Director, PEO MA/NetOps 29 July 2010 What We Do We develop,
More informationTop 10 ICS Cybersecurity Problems Observed in Critical Infrastructure
SESSION ID: SBX1-R07 Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure Bryan Hatton Cyber Security Researcher Idaho National Laboratory In support of DHS ICS-CERT @phaktor 16 Critical
More informationEmergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:
ESF Coordinator: Homeland Security/National Protection and Programs/Cybersecurity and Communications Primary Agencies: Homeland Security/National Protection and Programs/Cybersecurity and Communications
More informationDEFENSE LOGISTICS AGENCY
DEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY Cyber Resilience Integration Mr. Linus Baker DLA Information Operations Director, Cybersecurity 1 Mission Assurance/Cybersecurity Concern
More informationContingency Planning
Contingency Planning Introduction Planning for the unexpected event, when the use of technology is disrupted and business operations come close to a standstill Procedures are required that will permit
More informationNEN The Education Network
NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected
More informationInformation Security Continuous Monitoring (ISCM) Program Evaluation
Information Security Continuous Monitoring (ISCM) Program Evaluation Cybersecurity Assurance Branch Federal Network Resilience Division Chad J. Baer FNR Program Manager Chief Operational Assurance Agenda
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationEPRO. Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS
EPRO Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS The Role of Systems Engineering in Addressing Black Sky Hazards
More informationEnterprise Risk Management (ERM) and Cybersecurity. Na9onal Science Founda9on March 14, 2018
Enterprise Risk Management (ERM) and Cybersecurity Na9onal Science Founda9on March 14, 2018 Agenda Guiding Principles for Implementing ERM at NSF (Based on COSO) NSF s ERM Framework ERM Cybersecurity Risk
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity May 2017 cyberframework@nist.gov Why Cybersecurity Framework? Cybersecurity Framework Uses Identify mission or business cybersecurity dependencies
More informationSecuring Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection
Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection Azure Active Directory 3 rd Party IaaS IaaS Rights Management Services
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationStephanie Zierten Associate Counsel Federal Reserve Bank of Boston
Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Cybersecurity Landscape Major Data Breaches (e.g., OPM, IRS) Data Breach Notification Laws Directors Derivative Suits Federal Legislation
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationRetrofitting Ground Systems to improve Cyber Security
Retrofitting Ground Systems to improve Cyber Security Michael Worden Security Engineer 25 February 2014 Copyright 2014 Raytheon Company. Published by The Aerospace Corporation with permission.. Customer
More informationSTRATEGIC PLAN. USF Emergency Management
2016-2020 STRATEGIC PLAN USF Emergency Management This page intentionally left blank. Organization Overview The Department of Emergency Management (EM) is a USF System-wide function based out of the Tampa
More informationRegional Resilience: Prerequisite for Defense Industry Base Resilience
Regional Resilience: Prerequisite for Defense Industry Base Resilience Paula Scalingi, Director Pacific Northwest Center for Regional Disaster Resilience Vice Chair, The Infrastructure Security Partnership
More informationSC27 WG4 Mission. Security controls and services
copyright ISO/IEC JTC 1/SC 27, 2012. This is an SC27 public document and is distributed as is for the sole purpose of awareness and promotion of SC 27 standards and so the text is not to be used for commercial
More informationSAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts
SAP Cybersecurity Solution Brief Objectives Solution Benefits Quick Facts Secure your SAP landscapes from cyber attack Identify and remove cyber risks in SAP landscapes Perform gap analysis against compliance
More information2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager
2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager NIST Cybersecurity Framework (CSF) Executive Order 13636 Improving Critical Infrastructure Cybersecurity tasked the National
More informationAppendix 12 Risk Assessment Plan
Appendix 12 Risk Assessment Plan DRAFT December 13, 2006 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A12-1 RFP: TQC-JTB-05-0001 December 13, 2006 REVISION HISTORY
More informationISA 201 Intermediate Information Systems Acquisition
ISA 201 Intermediate Information Systems Acquisition 1 Lesson 8 (Part A) 2 Learning Objectives Today we will learn to: Overall: Apply cybersecurity analysis throughout acquisition lifecycle phases. Analyze
More informationCyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation
Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation COL Michael R. Corpening Deputy Chief, Operations Division (CCJ6-O) 1 December 2014 The overall classification of this brief is UNCLASSIFIED
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationBUSINESS CONTINUITY MANAGEMENT
BUSINESS CONTINUITY MANAGEMENT 64 th RBAP National Convention & General Membership Meeting 29 30 May 2017 PRESENTATION OUTLINE 2015 Disasters in Numbers 2016 & 2017 Top Business Risks What is BCM? Supervisory
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationSoftware & Supply Chain Assurance: Enabling Enterprise Resilience through Security Automation, Software Assurance and Supply Chain Risk Management
Software & Supply Chain Assurance: Enabling Enterprise Resilience through Security Automation, Software Assurance and Supply Chain Risk Management Joe Jarzombek, PMP, CSSLP Director for Software & Supply
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationCSD Project Overview DHS SCIENCE AND TECHNOLOGY. Dr. Ann Cox. March 13, 2018
DHS SCIENCE AND TECHNOLOGY CSD Project Overview March 13, 2018 Dr. Ann Cox Program Manager Cyber Security Division Science and Technology Directorate CSD Mission & Strategy REQUIREMENTS CSD MISSION Develop
More informationFunction Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments
Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments 1 ID.AM-1: Physical devices and systems within the organization are inventoried Asset Management (ID.AM): The
More informationU.S. FLEET CYBER COMMAND U.S. TENTH FLEET Managing Cybersecurity Risk
U.S. FLEET CYBER COMMAND U.S. TENTH FLEET Managing Cybersecurity Risk Neal Miller, Navy Authorizing Official December 13, 2016 UNCLASSIFIED 1 Some Inconvenient Truths The bad guys and gals still only work
More informationAppendix 12 Risk Assessment Plan
Appendix 12 Risk Assessment Plan DRAFT March 5, 2007 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A12-i RFP: TQC-JTB-05-0002 March 5, 2007 REVISION HISTORY Revision
More informationFISMA Cybersecurity Performance Metrics and Scoring
DOT Cybersecurity Summit FISMA Cybersecurity Performance Metrics and Scoring Office of the Federal Chief Information Officer, OMB OMB Cyber and National Security Unit, OMBCyber@omb.eop.gov 2. Cybersecurity
More informationUNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO
COST ($ in Millions) FY 2011 FY 2012 Base OCO Total FY 2014 FY 2015 FY 2016 FY 2017 Cost To Complete Total Cost Total Program Element 8.306 7.299 10.429-10.429 11.464 12.492 12.840 13.010 Continuing Continuing
More informationTHE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS
THE WHITE HOUSE Office of the Press Secretary EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical
More informationBusiness Services Resilience and Restoration. Financial Services Sector Preparation for an Extreme Event
Business Services Resilience and Restoration Financial Services Sector Preparation for an Extreme Event Draft as Draft of March as of March 13, 2019 13, 2019 Overview As the financial lives, interests,
More informationCisco Connected Factory Accelerator Bundles
Data Sheet Cisco Connected Factory Accelerator Bundles Many manufacturers are pursuing the immense business benefits available from digitizing and connecting their factories. Major gains in overall equipment
More informationCompTIA CASP (Advanced Security Practitioner)
CompTIA CASP (Advanced Security Practitioner) Course Length: 5 days (virtual) Click here to view the current class schedule! Overview: The CompTIA Advanced Security Practitioner (CASP) Certification is
More informationRBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH
RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH CONTEXT RBI has provided guidelines on Cyber Security Framework circular DBS. CO/CSITE/BC.11/33.01.001/2015-16
More informationPosition Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED
Position Description Computer Network Defence (CND) Analyst Position purpose: Directorate overview: The CND Analyst seeks to discover, analyse and report on sophisticated computer network exploitation
More informationCybersecurity for Health Care Providers
Cybersecurity for Health Care Providers Montgomery County Medical Society Provider Meeting February 28, 2017 T h e MARYLAND HEALTH CARE COMMISSION Overview Cybersecurity defined Cyber-Threats Today Impact
More information