CDSE Workshop. CDS Concepts and Definitions. Elaine M. Caddick Principal Cybersecurity Engineer 19 July 2016
|
|
- Eleanore Marshall
- 6 years ago
- Views:
Transcription
1 CDSE Workshop CDS Concepts and Definitions Elaine M. Caddick Principal Cybersecurity Engineer 19 July 2016 Approved for Public Release; Distribution Unlimited. Case Number The MITRE Corporation. ALL RIGHTS RESERVED The MITRE Corporation. All rights reserved.
2 CDS Concepts and Definitions 2016 The MITRE Corporation. All rights reserved.
3 3 First, Some Definitions Information Security Policy Aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information (CNSSI No. 4009) Security Domain A collection of entities to which applies a single security policy executed by a single authority. (FIPS 188) Source: FIPS PUB 188, Standard Security Label for Information Transfer, 6 September 1994 Source: CNSSI No. 4009, Committee on National Security Systems (CNSS) Glossary, 6 April 2015
4 4 What is a Cross Domain Solution (CDS)? Controlled Interface A boundary with a set of mechanisms that enforces the security policies and controls the flow of information between interconnected information systems. (CNSSI No. 4009) Cross Domain Solution (CDS) A form of controlled interface that provides the ability to manually and/or automatically access and/or transfer information between different security domains. (CNSSI No. 4009) Controlled Interface Firewall CDS Transfer Access Multilevel Source: CNSSI No. 4009, Committee on National Security Systems (CNSS) Glossary, 6 April 2015
5 Wide Range of Controlled Interfaces 5
6 6 Types of CDSs Data Transfer Solutions A Transfer CDS facilitates the movement of data between information systems operating in different security domains Examples: Information Support Server Environment (ISSE) Guard, Radiant Mercury (RM) Guard, Raytheon High Speed Guard (HSG) Access Solutions A cross domain solution that provides access to a computing platform, application, or data residing on different security domains from a single device without any data transfer between the various domains Examples: Raytheon Trusted Thin Client (TTC), AFRL SecureView (SV) Multi-Level Solutions A Multi-level CDS uses trusted labeling to store data at different classifications and allows users to access the data based upon their security domain and credentials Examples: Oracle Cross Domain Security Express (CDSE), General Dynamics Trusted Network Environment (TNE) Source: UCDSMO definitions and CNSSI No. 4009, Committee on National Security Systems (CNSS) Glossary, 6 April 2015
7 7 CDS Functionality Provides the ability to access and/or transfer electronic data between two or more differing security domains User and service functionality Extend mission functions to operate across domains Provide protection Prevents leakage of data from the high side to the low side Defends against attacks from the low side Maintains separation of the security domains Mitigate risk Loss of confidentiality, integrity and availability Components of Larger Functional Architecture
8 Other CDS Capabilities 8 Capabilities may include: Filtering - eliminate data based on pre-defined criteria (e.g., data type, classification) Keyword Search - search for dirty words ; clean word capabilities emerging Integrity Checks - verify that data has not been modified Transliteration - reformat data Sanitization - remove or edit sensitive data so that resulting data is less sensitive Regrading - changes to sensitivity labels (i.e., classification and caveats) Malicious Code Checks - check for presence of viruses Cleaning - remove background data, remove active content, remove malicious content
9 9 CDS versus Firewall CDS Generally implemented on trusted platform Connects domains at different levels Opens doors that are normally closed Prevents data leakage Filters data at application level Few services allowed through (e.g., , messages, file transfer) Often no IP forwarding Performs downgrading Firewall Not generally implemented on trusted platform Connects domains at same level Closes doors that are normally open Controls network services Filters packets at protocol level; may proxy packets at application level More services allowed through (e.g., file transfer, E- mail, TELNET, HTTP) Some types offer IP forwarding No downgrading performed, because none is required
10 Controlled Interface Comparison 10 Feature Stateful Firewalls Next Generation Firewalls Proxy Firewalls Cross Domain Solutions (Transfer) Shallow Packet Inspection Yes Yes Yes Yes Protocol Anomaly Detection Partially Yes Yes Yes Stream Based Scanning Yes Yes Yes Deep Packet Inspection Yes Yes Yes File Based Scanning Yes Yes Deep Content Inspection Yes Yes Deep Content Sanitization Trusted Platform Mandatory Access Controls Role Based Access Controls Yes Yes Yes Yes Increasing Assurance, Specialization, and Cost Decreasing Performance Source: Potential Foundational Graphics for XBIS, Scott Hall, 24 October 2012
11 What does it mean to be Trusted? 11 A Combination of Functionality & Assurance Functional Capabilities Mandatory Access Controls Labels Type enforcement Separation Kernel Integrity Assurance Measures Functional and penetration testing Requirements, design and code analysis Special Analysis (e.g., covert channel analysis) Configuration management/trusted distribution Objective: Establish confidence that behavior is predictable, reliable and appropriate Completeness Correctness Resistance to attack Strength of implementation
12 Why is CDS so hard to do? 12 A CDS is a high value target Features and high level of assurance needed for CDS not typically found in mainstream COTS products It requires a specialty skill-set that crosses many engineering disciplines It opens up high risk communication flows not previously available Due to risk of domain connections, policies create extra steps, impose restrictions, and add requirements Limited technology available - Market not large enough for COTS vendors The special requirements, restrictive policies, trusted technologies, unique threats, and high risk of cross domain connections demand extraordinary knowledge, skill and focus on the part of the CDS engineering and testing community
13 13 Who Do I Talk To About CDS? Unified Cross Domain Services Management Office (UCDSMO) NIPRNet: info-ucdsmo@nsa.gov SIPRNet: info-ucdsmo@nsa.smil.mil JWICS: info-ucdsmo@nsa.ic.gov Telephone: Unclassified: Secure: Web Sites: Intelink-U: SIPRNet: JWICS:
14 14 Questions
INFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Network Boundary Network Boundary Protection is the Capability to protect and control access to Enterprise resources
More informationPresentation Title 11/13/2013
Enable Secure Information Sharing Right Data-Right People-Right Time MILCIS 2013 George Kamis RTCS Chief Technology Officer Kamis@TrustedCS.com +1 703-537-4310 EXIM Approval #IIS2013-268 Copyright 2013
More informationSECURE INFORMATION EXCHANGE: REFERENCE ARCHITECTURE
SECURE INFORMATION EXCHANGE: REFERENCE ARCHITECTURE MAY 2017 A NEXOR WHITE PAPER NEXOR 2017 ALL RIGHTS RESERVED CONTENTS 3 4 5 6 8 9 10 11 12 14 15 16 INTRODUCTION THREATS RISK MITIGATION REFERENCE ARCHITECTURE
More informationCybersecurity Test and Evaluation Achievable and Defensible Architectures
Cybersecurity Test and Evaluation Achievable and Defensible Architectures October 2015, ITEA Francis Scott Key Chapter Mr. Robert L. Laughman for COL Scott D. Brooks, Director, Survivability Evaluation
More informationThis is to certify that. Chris FitzGerald. has completed the course. Systems Security Engineering _eng 2/10/08
This is to certify that Chris FitzGerald has completed the course Systems Security Engineering - 206760_eng on 2/10/08 Systems Security Engineering About This Course Overview/Description To define the
More informationCNSS Advisory Memorandum Information Assurance December 2010 Advisory Memorandum
December 2010 Advisory Memorandum Reducing the Risk of Removable Media in National Security Systems NATIONAL MANAGER FOREWORD 1. Using removable media presents serious risks to the security of National
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Risk Monitoring Risk Monitoring assesses the effectiveness of the risk decisions that are made by the Enterprise.
More informationSTUDENT GUIDE Risk Management Framework Step 1: Categorization of the Information System
Slide 1 RMF Overview RMF Module 1 RMF takes into account the organization as a whole, including strategic goals and objectives and relationships between mission/business processes, the supporting information
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Network Boundary and The Network Boundary and for an Enterprise is essential; it provides for an understanding of
More informationSimplifying Information Sharing Across Security Boundaries. Deep-Secure Overview 12 th November 2013, Prague. Presentation to.
Simplifying Information Sharing Across Security Boundaries Presentation to Deep-Secure Overview 12 th November 2013, Prague 10 October 2011 1 What we do Deep-Secure offer solutions that help organisations
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Signature Repository A Signature Repository provides a group of signatures for use by network security tools such
More informationSecurity Secure Information Sharing
ASD Convention Workshop 6 e-standards: a Strategic Asset across the Value Chain Security Secure Information Sharing Steve SHEPHERD Executive Director UK CeB Istanbul, 6 October 2011 1 Information security
More informationAdvanced Security Tester Course Outline
Advanced Security Tester Course Outline General Description This course provides test engineers with advanced skills in security test analysis, design, and execution. In a hands-on, interactive fashion,
More informationGo mobile. Stay in control.
Go mobile. Stay in control. Enterprise Mobility + Security Jeff Alexander Sr. Technical Evangelist http://about.me/jeffa36 Mobile-first, cloud-first reality 63% 80% 0.6% Data breaches Shadow IT IT Budget
More informationEMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security
EMERGING THREATS & STRATEGIES FOR DEFENSE Paul Fletcher Cyber Security Evangelist @_PaulFletcher Threats by Customer Environment Cloud Environment On Premise Environment 1.96% 0.13% 0.02% application-attack
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Host Intrusion The Host Intrusion employs a response to a perceived incident of interference on a host-based system
More informationINFORMATION EXCHANGE GATEWAYS: REFERENCE ARCHITECTURE
INFORMATION EXCHANGE GATEWAYS: REFERENCE ARCHITECTURE MAY 2017 A NEXOR WHITE PAPER NEXOR 2017 ALL RIGHTS RESERVED CONTENTS 3 4 5 6 7 8 11 12 13 14 15 INTRODUCTION IEG SCENARIOS REFERENCE ARCHITECTURE ARCHITECTURE
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Port Security Port Security helps to control access to logical and physical ports, protocols, and services. This
More informationCIS Top 20 #13 Data Protection. Lisa Niles: CISSP, Director of Solutions Integration
CIS Top 20 #13 Data Protection Lisa Niles: CISSP, Director of Solutions Integration CSC # 13 - The processes and tools used to prevent data exfiltration, mitigate the effects of exfiltrated data, and ensure
More informationDistributed Systems. Lecture 14: Security. Distributed Systems 1
06-06798 Distributed Systems Lecture 14: Security Distributed Systems 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationDistributed Systems. Lecture 14: Security. 5 March,
06-06798 Distributed Systems Lecture 14: Security 5 March, 2002 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationDistributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 29. Firewalls Paul Krzyzanowski Rutgers University Fall 2015 2013-2015 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive data & systems not accessible Integrity:
More informationSystems Engineering and System Security Engineering Requirements Analysis and Trade-Off Roles and Responsibilities
Systems Engineering and System Security Engineering Requirements Analysis and Trade-Off Roles and Responsibilities Melinda Reed Office of the Deputy Assistant Secretary of Defense for Systems Engineering
More informationMIS Week 9 Host Hardening
MIS 5214 Week 9 Host Hardening Agenda NIST Risk Management Framework A quick review Implementing controls Host hardening Security configuration checklist (w/disa STIG Viewer) NIST 800-53Ar4 How Controls
More informationIBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights
IBM Secure Proxy Advanced edge security for your multienterprise data exchanges Highlights Enables trusted businessto-business transactions and data exchange Protects your brand reputation by reducing
More informationCybersecurity in Acquisition
Kristen J. Baldwin Acting Deputy Assistant Secretary of Defense for Systems Engineering (DASD(SE)) Federal Cybersecurity Summit September 15, 2016 Sep 15, 2016 Page-1 Acquisition program activities must
More informationSystem Security Administration
UNCLASSIFIED System Security Administration Duties of the Security System Administrator (SSA) The SSA must be extremely knowledgeable about the configuration of the system, the inherent security weaknesses
More informationComputing Accreditation Commission Version 2.0 CRITERIA FOR ACCREDITING COMPUTING PROGRAMS
Computing Accreditation Commission Version 2.0 CRITERIA FOR ACCREDITING COMPUTING PROGRAMS Optional for Reviews During the 2018-2019 Accreditation Cycle Mandatory for Reviews During the 2019-2020 Accreditation
More informationAchilles System Certification (ASC) from GE Digital
Achilles System Certification (ASC) from GE Digital Frequently Asked Questions GE Digital Achilles System Certification FAQ Sheet 1 Safeguard your devices and meet industry benchmarks for industrial cyber
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationCommittee on National Security Systems. CNSS Policy No. 14 November 2002
Committee on National Security Systems CNSS Policy No. 14 November 2002 National Policy Governing the Release of Information Assurance (IA) Products and Services to Authorized U.S. Persons or Activities
More informationInternet Security: Firewall
Internet Security: Firewall What is a Firewall firewall = wall to protect against fire propagation More like a moat around a medieval castle restricts entry to carefully controlled points restricts exits
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS IA Policies, Procedures, The Information Assurance (IA) Policies, Procedures, encompasses existing policies, procedures,
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Network Intrusion The Network Intrusion helps to detect malicious activity incoming to, outgoing from, and on the
More informationthe SWIFT Customer Security
TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationThe Overlooked Costs and Risks of Firewalls
The Overlooked Costs and Risks of Firewalls INTRODUCTION In 2016, almost 3,000,000 new firewalls were sold. Firewalls are a given component in every network. The firewall is a system deployed to protect
More informationSecure Development Lifecycle
Secure Development Lifecycle Strengthening Cisco Products The Cisco Secure Development Lifecycle (SDL) is a repeatable and measurable process designed to increase Cisco product resiliency and trustworthiness.
More informationWHO AM I? Been working in IT Security since 1992
(C) MARCHANY 2011 1 WHO AM I? Been working in IT Security since 1992 CISO at VA Tech 35+K node network. dual stack IPV4, IPV6 network since 2006 Multi-national Main campus (Blacksburg, VA), Remote campuses
More informationBeOn Security Cybersecurity for Critical Communications Systems
WHITEPAPER BeOn Security Cybersecurity for Critical Communications Systems Peter Monnes System Design Engineer Harris Corporation harris.com #harriscorp TABLE OF CONTENTS BeOn Security... 3 Summary...
More informationSecure Cloud Computing Architecture (SCCA)
Secure Cloud Computing Architecture (SCCA) Program Overview Susan Casson PM, SCCA May 15, 2018 UNITED IN IN SERVICE TO OUR NATION 1 Service Overview: Why SCCA? SCCA connects the DoD to Infrastructure and
More informationU.S. FLEET CYBER COMMAND U.S. TENTH FLEET Managing Cybersecurity Risk
U.S. FLEET CYBER COMMAND U.S. TENTH FLEET Managing Cybersecurity Risk Neal Miller, Navy Authorizing Official December 13, 2016 UNCLASSIFIED 1 Some Inconvenient Truths The bad guys and gals still only work
More informationCyber Security Solutions Mitigating risk and enhancing plant reliability
P OW E R G E N E R AT I O N Cyber Security Solutions Mitigating risk and enhancing plant reliability 2 CYBER SECURITY SOLUTIONS MITIGATING RISK AND ENHANCING PLANT RELIABILITY Providing a roadmap to achieve
More informationMarch 6, Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices
March 6, 2019 Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices On July 21, 2016, the Federal Energy Regulatory Commission (FERC) directed the North American Electric Reliability
More informationCertification Report
Certification Report EAL 4+ Evaluation of Firewall Enterprise v8.2.0 and Firewall Enterprise Control Center v5.2.0 Issued by: Communications Security Establishment Canada Certification Body Canadian Common
More informationDoDD DoDI
DoDD 8500.1 DoDI 8500.2 Tutorial Lecture for students pursuing NSTISSI 4011 INFOSEC Professional 1 Scope of DoDD 8500.1 Information Classes: Unclassified Sensitive information Classified All ISs to include:
More informationInformation Technology Security Guideline. Network Security Zoning
Information Technology Security Guideline Network Security Zoning Design Considerations for Placement of s within Zones ITSG-38 This page intentionally left blank. Foreword The Network Security Zoning
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationIndicate whether the statement is true or false.
Indicate whether the statement is true or false. 1. Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall s database or violations of those rules. 2.
More informationNational Information Assurance (IA) Policy on Wireless Capabilities
Committee on National Security Systems CNSS Policy No. 17 National Information Assurance (IA) Policy on Wireless Capabilities This document prescribes minimum standards. Your department or agency may require
More informationDepartment of Defense INSTRUCTION
Department of Defense INSTRUCTION NUMBER 8551.1 August 13, 2004 ASD(NII)/DoD CIO SUBJECT: Ports, Protocols, and Services Management (PPSM) References: (a) DoD Directive 8500.1, "Information Assurance (IA),"
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationSupply Chain Integrity and Security Assurance for ICT. Mats Nilsson
Supply Chain Integrity and Security Assurance for ICT Mats Nilsson The starting point 2 B Internet users 85% Population coverage 5+ B Mobile subscriptions 10 years of Daily upload E-Books surpassing Print
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Network Mapping The Network Mapping helps visualize the network and understand relationships and connectivity between
More informationIntrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks
Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks So we are proposing a network intrusion detection system (IDS) which uses a Keywords: DDoS (Distributed Denial
More informationCybersecurity: Incident Response Short
Cybersecurity: Incident Response Short August 2017 Center for Development of Security Excellence Contents Lesson 1: Incident Response 1-1 Introduction 1-1 Incident Definition 1-1 Incident Response Capability
More informationCatalog of Control Systems Security: Recommendations for Standards Developers. September 2009
Catalog of Control Systems Security: Recommendations for Standards Developers September 2009 2.7.11.2 Supplemental Guidance Electronic signatures are acceptable for use in acknowledging rules of behavior
More informationCybersecurity Risk Mitigation: Protect Your Member Data. Introduction
Cybersecurity Risk Mitigation: Protect Your Member Data Presented by Matt Mitchell, CISSP Knowledge Consulting Group Introduction Matt Mitchell- Director Risk Assurance 17 years information security experience
More informationSystem and Practice of Information Security Certification for IT products in China
System and Practice of Information Security Certification for IT products in China Catalogue 01 Introduction to IT product information security certification 02 Practice of industrial control security
More informationSecurity. Protect your business from security threats with Pearl Technology. The Connection That Matters Most
Security Protect your business from security threats with Pearl Technology The Connection That Matters Most Committed to Your Future When it comes to your business, security can mean many things. But to
More informationReal-time Communications Security and SDN
Real-time Communications Security and SDN 2016 [Type here] Securing the new generation of communications applications, those delivering real-time services including voice, video and Instant Messaging,
More information1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010
Standard CIP 011 1 Cyber Security Protection Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes
More informationCertification Report
Certification Report EAL 4+ Evaluation of WatchGuard and Fireware XTM Operating System v11.5.1 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation
More informationInternet Security Firewalls
Overview Internet Security Firewalls Ozalp Babaoglu Cryptographic technologies Secure Sockets Layer IPSec Exo-structures Firewalls Virtual Private Networks ALMA MATER STUDIORUM UNIVERSITA DI BOLOGNA 2
More informationCertification Report
Certification Report Lancope Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications Security
More informationData Sources for Cyber Security Research
Data Sources for Cyber Security Research Melissa Turcotte mturcotte@lanl.gov Advanced Research in Cyber Systems, Los Alamos National Laboratory 14 June 2018 Background Advanced Research in Cyber Systems,
More informationCourses. X E - Verify that system acquisitions policies and procedures include assessment of risk management policies X X
4016 Points * = Can include a summary justification for that section. FUNCTION 1 - INFORMATION SYSTEM LIFE CYCLE ACTIVITIES Life Cycle Duties No Subsection 2. System Disposition/Reutilization *E - Discuss
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Host Intrusion Detection The Host Intrusion Detection helps to detect malicious activity by monitoring for anomalies
More informationThe Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks
The Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks Mark Nicolett Notes accompany this presentation. Please select Notes Page view. These materials
More informationDoD ANNEX FOR PROTECTION PROFILE FOR APPLICATION SOFTWARE V1.2. Version 1, Release February Developed by DISA for the DoD
DoD ANNEX FOR PROTECTION PROFILE FOR APPLICATION SOFTWARE V1.2 Version 1, Release 1 21 February 2018 Developed by for the DoD 21 February 2018 Developed by for the DoD Trademark Information Names, products,
More informationFirewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003
Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 A system or combination of systems that enforces a boundary between two or more networks - NCSA
More informationFunction Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments
Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments 1 ID.AM-1: Physical devices and systems within the organization are inventoried Asset Management (ID.AM): The
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationMICROSOFT (MS) WINDOWS DEFENDER ANTIVIRUS SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) OVERVIEW. Version 1, Release 4 27 APRIL 2018
MICROSOFT (MS) WINDOWS DEFENDER ANTIVIRUS SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) OVERVIEW Version 1, Release 4 27 APRIL 2018 Developed by for the DoD Trademark Information Names, products, and
More informationFundamentals of Information Systems Security Lesson 8 Mitigation of Risk and Threats to Networks from Attacks and Malicious Code
Fundamentals of Information Systems Security Lesson 8 Mitigation of Risk and Threats to Networks from Attacks and Malicious Code Learning Objective Explain the importance of network principles and architecture
More informationCyber Security Advisory
1KHW028570 2015-11-20 English 2.00 1/5 SSL 3.0 Protocol Vulnerability and POODLE Attack in FOX660 series ABB-VU-PSAC- 1KHW028570 Notice The information in this document is subject to change without notice,
More informationVerizon Software Defined Perimeter (SDP).
Verizon Software Defined Perimeter (). 1 Introduction. For the past decade, perimeter security was built on a foundation of Firewall, network access control (NAC) and virtual private network (VPN) appliances.
More information113 BSIMM Activities at a Glance
113 BSIMM Activities at a Glance (Red indicates most observed BSIMM activity in that practice) Level 1 Activities Governance Strategy & Metrics (SM) Publish process (roles, responsibilities, plan), evolve
More informationWhy the cloud matters?
Why the cloud matters? Speed and Business Impact Expertise and Performance Cost Reduction Trend Micro Datacenter & Cloud Security Vision Enable enterprises to use private and public cloud computing with
More informationNEN The Education Network
NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected
More informationDr. Stephanie Carter CISM, CISSP, CISA
Dr. Stephanie Carter CISM, CISSP, CISA Learning Objectives (LO) LO1 Will learn the theological and practitioner definition of cybersecurity LO2 Will learn the dependency between physical and cyber security
More informationInformation Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC
Information Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/protect/ndcbf_
More informationConsideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015
Federal Energy Regulatory Commission Order No. 791 January 23, 2015 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently
More informationCOMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN
COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN 24-27 July 2016 1 CONTENT INTRODUCTION POLICY OBJECTIVES POLICY AND LEGISLATIVE PRINCIPLES CYBER SECURITY STRATEGY CHALLENGES AND OPPORTUNITIES CAPACITY BUILDING
More informationDistributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013
Distributed Systems 27. Firewalls and Virtual Private Networks Paul Krzyzanowski Rutgers University Fall 2013 November 25, 2013 2013 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive
More informationNational Policy On Classified Information Spillage
June 2006 National Policy On Classified Information Spillage This document prescribes minimum standards. Your department or agency may require further implementation. CHAIR FOREWORD 1. The handling of
More informationGUIDE. MetaDefender Kiosk Deployment Guide
GUIDE MetaDefender Kiosk Deployment Guide 1 SECTION 1.0 Recommended Deployment of MetaDefender Kiosk(s) OPSWAT s MetaDefender Kiosk product is deployed by organizations to scan portable media and detect
More informationBILLING CODE P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission. [Docket No. RM ] Cyber Systems in Control Centers
This document is scheduled to be published in the Federal Register on 07/28/2016 and available online at http://federalregister.gov/a/2016-17854, and on FDsys.gov BILLING CODE 6717-01-P DEPARTMENT OF ENERGY
More informationCyber Security Technologies
1 / Cyber Security Technologies International Seminar on Cyber Security: An Action to Establish the National Cyber Security Center Lisbon, 12 th September 2013 23 / Key highlights - Thales Group Thales
More informationWhite Paper February McAfee Network Protection Solutions. Encrypted Threat Protection Network IPS for SSL Encrypted Traffic.
White Paper February 2005 McAfee Network Protection Solutions Encrypted Threat Protection Network IPS for SSL Encrypted Traffic Network IPS for SSL Encrypted Traffic 2 Introduction SSL Encryption Overview
More informationCIRT: Requirements and implementation
CIRT: Requirements and implementation By : Muataz Elsadig Sudan CERT Joint ITU-ATU Workshop on Cyber-security Strategy in African Countries Khartoum, Republic of Sudan, 24 26 July 2016 There is no globally
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Physical Enterprise Physical Enterprise Monitoring is the monitoring of the physical and environmental controls that
More informationAlternatives to Patching for more Secure and Reliable Control Systems
Alternatives to Patching for more Secure and Reliable Control Systems Eric Byres, P.Eng., ISA Fellow Chief Technology Officer Tofino Security, a Belden Brand The New World of Security For the past 30 years,
More informationINFORMATION SUPPLEMENT. Use of SSL/Early TLS for POS POI Terminal Connections. Date: June 2018 Author: PCI Security Standards Council
Use of SSL/Early TLS for POS POI Terminal Connections Date: Author: PCI Security Standards Council Table of Contents Introduction...1 Executive Summary...1 What is the risk?...1 What is meant by Early
More informationCYSE 411/AIT 681 Secure Software Engineering Topic #3. Risk Management
CYSE 411/AIT 681 Secure Software Engineering Topic #3. Risk Management Instructor: Dr. Kun Sun Outline 1. Risk management 2. Standards on Evaluating Secure System 3. Security Analysis using Security Metrics
More informationDiscover threats quickly, remediate immediately, and mitigate the impact of malware and breaches
Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches Introduction No matter how hard you work to educate your employees about the constant and evolving threats
More informationTable of Content Security Trend
Table of Content Security Trend New Business, New Challenges Difficulties of O&M for Network Security New Security Model SANGFOR Security Concept NGAF Your Security Guard to the Future Cyber Risks: The
More information68 Insider Threat Red Flags
68 Insider Threat Red Flags Are you prepared to stop the insider threat? Enterprises of all shapes and sizes are taking a fresh look at their insider threat programs. As a company that s been in the insider
More informationSECURITY+ COMPETITIVE ANALYSIS 1. GIAC GSEC 2. (ISC)2 SSCP 3. EC-COUNCIL CEH
SECURITY+ COMPETITIVE ANALYSIS 1. GIAC GSEC 2. (ISC)2 SSCP 3. EC-COUNCIL CEH 1 SECURITY+ VS GIAC GSEC Where does GSEC fit? 3 CompTIA Security+ and GIAC Security Essentials (GSEC) Feature CompTIA Security+
More information