Q48: I noticed an amendment to the ASED BAA, what has changed? Q48: The due date for proposals has been extended from November 9 to November 28.
|
|
- Lisa West
- 6 years ago
- Views:
Transcription
1 HR001117S0050 Active Social Engineering Defense (ASED) Frequently Asked Questions As of October 20, 2017 Q50: We would like to know if there is interest in, or if our bid would be considered compliant, if we include in our bid a fully functional virtual test environment to be used for interim evaluation and testing. A50: The purpose of the test range is to supply real people and real people s responses to measure human in the loop system performance for TA1+TA2 and for TA3. If a proposed test range facilitates ASED testing, it would be considered. Q49: TA3 states, "TA3 systems and teams will be required to deploy on a U.S. Governmentprovided test range for continuous evaluation as described below in Section I.C. TA3 teams must work with the U.S. Government team to manage the deployment of their systems and the evaluation of bi annual improvements of TA1 TA2 systems throughout the program. Is the government test range the only range the ASED program will use or is the government open to additional testing resources? A49: The Government provided range is the only deployment option for TA3 proposals. Q48: I noticed an amendment to the ASED BAA, what has changed? Q48: The due date for proposals has been extended from November 9 to November 28. Q47: Per page 7 of the BAA, TA1 teams will support multiple purpose driven communication channels. The BAA states To make using multiple channels practical, TA1 systems must automatically route communications appropriately. Will TA1 teams be provided with programmatic access to an existing system in use at the government provided testbed? Q47: Yes, access will be given to system accounts of volunteers. Q46: Will the users ( senders) select the proper channel, or is TA1 routing supposed to be automatic? A45: TA1 routing should be automatic when possible. TA1 systems can make use of the human to help route but this should be rare. Q44: Will the purpose driven channels integrate SMS and , or be single mechanism? A44: The purpose driven channels integrate SMS and .
2 Q43: One way of detecting a link/attachment based phishing attack is to pre test the payload. Is the government providing testing capabilities as one of the limited resources described on p9 of the BAA (e.g. sandboxed virtual machines )? A43: No, it is up to performers to create such resources. Q42: Is research in this type of payload testing in scope for the program? Or will all teams be provided with a standard suite? A42: No, but usage of existing payload testing tools is within scope to help perform late stage detection. Q41: If a performer has pre existing capabilities in this domain, can they be deployed in the government testbed? A41: Yes, but it is subject to IT verification. Q40: On page 5, the BAA mentions that the test range may include an organization s phone system. Is the program covering voice communications in addition to text? A40: No, but it will cover SMS. Q39: Figure 4, page 11, shows evaluations/integrations at months 6 and 12, though month 18 shows the first integrated toolkit or preliminary system. Are the evaluations that start at month 6 and 12 of the individual TA1 (or TA2) components in isolation? Or is integration of TA1 and TA2 components happening as early as month 6? A39: Integration starts early, but targets only apply at the end of each phase. Q38: Regarding data generated in the test range, is that to be made available for training learning algorithms? If so, is any available before month 6? When do you expect such data to be available? A38: Data generated in the test range will be made available between evaluations and after each evaluation event. Q37: Will data from the test range always remain in the test range, or can it be made available to participants outside of the test range for development? A37: It will be available for participants under an NDA and after cleaning. Q36: Will the test range allow continual monitoring by TA1 and TA2 performers remotely? Or only at the test range? A36: In general, only on site or after export procedures. Subsets of the test range data, namely social media, may be available from outside the range. Q35: What is the CONOPs for ASED participant systems during evaluations? A35: To detect potential attacks and generate as much identifying information about attackers as possible.
3 Q34: Is the input to TA1 and TA2 systems limited solely to what is accessible to the accounts and alter egos created for performers on the test range, or will performers be able to run additional services and appliances? A34: Solely the data and metadata from the range. Outside data (outside of attached metadata) won t be available. Q33: Will performers have control over the systems that run the bots, including access to network traffic? In promiscuous mode? A33: Performers may configure systems prior evaluation exercises. Access will not be authorized during the exercise. Q32: Will accounts created for performers include administrative level privileges that will allow bots to create, delete, and control multiple user accounts? A32: Admin privileges will be available to setup bots and infrastructure. Q31: Some information that will be relevant to defending social engineering attacks are already captured with existing network and system monitoring tools (geolocation, timestamped netflows, spam filters, etc.). Will these services be running within the test bed and will performers have access to them? A31: Logs from commercial firewalls and internal spam filters will be available. Outside of enterprise" data will not be available. Q30: Can TA1/TA2 performers install and integrate network security monitoring tools? A30: Not beyond what already exists. Q29: Can TA1/TA2 performers install software on user endpoint systems and impact the user interface for the witting and savvy subjects? A29: Yes. Q28: Will the volunteer subject pool also create traffic in and amongst themselves that will be needed to be distinguished from attack traffic, or does the non attack traffic come from a different source? A28: The volunteer subject pool will create traffic that performers will have access to. Q27: Will consumable resources such as honeypots and bitcoin wallets be provided as part of the testbed or are performers responsible for their creation and management? If they are provided, will performers also be able to create additional and novel consumable resources accessible to agents outside the enterprise network as well as domain names resolvable through DNS? A27: It is the responsibility of the TA1/TA2 teams to procure these.
4 Q26: How much access would teams have to the testbed between the evaluations, e.g., for development, training, and assessment purposes? A26: Data will be collected during this time, but performers won t have access to these systems. Q25: Can an applicant institution submit more than one proposal under a given technical area? A25: Yes. Q24: What is the anticipated start date for the Active Social Engineering Defense (ASED) program? A24: We anticipate a program start date of May Q23: In addition to , text messaging was mentioned as a media type of interest. Is it necessary to have SMS (or imessage) traffic in the testbed? A23: The desired end result will encompass more communication channels than just . Q22: Would the testbed need to host software (e.g., bots) written by people who are not from the test bed creator? A22: Yes, the testbed needs to host other performer software. Q21: Is there a set of required information about the users that the systems are trying to protect, or do we get to decide that? A21: Specific information will be defined during the evaluations but in general privileged system information, PII, etc. will be the class of information that we ask TA1/TA2 systems to protect. Q20: What are desirable levels of scale for the number of users in the testbed? A20: The testbed will operate on hundreds thousands of users. The ultimate goal is to be able to deploy the defenses on a large DISA scale network. Q19: Can an applicant institution submit more than one proposal under a given technical area? A19: Yes. Q18: Is there any exclusion to performance across technical areas? A18: Yes, teams that perform TA3 may not perform on TA1 or TA2. However, teams can perform on both TA1 and TA2. Q17: Can different groups within the same company perform on TA1/2 and TA3. A17: No. As stated in the BAA, while proposers may submit proposals for all three technical areas, proposers selected for TA3 cannot be selected for any portion of the other two technical areas, whether as a prime, subcontractor, or in any other capacity from an organizational to an individual level. This is to avoid OCI situations between the
5 technical areas and to ensure objective test and evaluation results. The decision as to which proposal to consider for award is at the discretion of the Government. Q16: Will bots have information about human targets they are protecting? A16: Possibility, but they would protect this information and have human in the loop access. Q15: Is there interest in non digital communications? A15: Yes. Q14: Will the government provide a corpus of attacks for detection? A14: The government will provide attacks for training purposes and in TA3. Q13: What is the temporal length of attacks? A13: It will vary on the attack, but it may be days and/or weeks. Q12: What is the frequency of attacks? A12: The frequency of attack will vary. Q11: Will DARPA provide the IRB? A11: DARPA does not provide an IRB. The range provider will have IRB certifications for conducting program level experiments. Internal experimentation involving human subjects by performers outside of program sponsored events will require additional IRB approvals by the performer. Q10: What will be the application/deployment scenarios? Will it be centralized or distributed? A10: A large scale, centralized, synthetic testing environment will be used on the scale of DISA. Q9: What are the target communications channels? A9: , text, social media and others. Q8: Is securing PII part of the research objective? A8: Yes. Q7: Will TA3 provide training data for machine learning in TA1 and TA2? A7: Yes. Q6: Do wireless communications and cybersecurity issues apply? A6: No. Q5: Are models of trust within scope? A5: Yes.
6 Q4: What are the elements required to identify an attacker for TA2? How will they be measured? A4: The goal is to discover the identity of the attacker. During experiments, attackers will have known dossiers. Performers will be measured based on how much of the dossier they can discover. Q3: Is it in scope for TA1 bots to elicit information from users? A3: Yes. Q2: Can I build my bots as browser based extensions? A2: No. Q1: Is fundamental R&D on algorithms for human in the loop machine assisted investigations within scope? A1: Yes.
Active Social Engineering Defense (ASED)
Active Social Engineering Defense (ASED) Wade Shen/I2O Approved for Public Release, Distribution Unlimited 1 ASED Goal Automatically identify, disrupt and investigate spear-phishing and social engineering
More informationConfiguration Security (ConSec) Proposers Day
Configuration Security (ConSec) Mr. Jacob I. Torrey Proposers Day November 17, 2017 1 ConSec objective statement Develop a system to automatically generate, deploy, and enforce secure configurations of
More informationMicrosoft SharePoint Server 2013 Plan, Configure & Manage
Microsoft SharePoint Server 2013 Plan, Configure & Manage Course 20331-20332B 5 Days Instructor-led, Hands on Course Information This five day instructor-led course omits the overlap and redundancy that
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationTestBraindump. Latest test braindump, braindump actual test
TestBraindump http://www.testbraindump.com Latest test braindump, braindump actual test Exam : CS0-001 Title : CompTIA Cybersecurity Analyst (CySA+) Exam Vendor : CompTIA Version : DEMO Get Latest & Valid
More informationDHS Automated Information Sharing (AIS) Program
DHS Automated Information Sharing (AIS) Program 2018 Infoblox Inc. All rights reserved. Page 1 of 5 2018 Infoblox Inc. All rights reserved. DHS Automated Information Sharing (AIS) Program Infoblox AIS
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationAdvanced Solutions of Microsoft SharePoint Server 2013 Course Contact Hours
Advanced Solutions of Microsoft SharePoint Server 2013 Course 20332 36 Contact Hours Course Overview This course examines how to plan, configure, and manage a Microsoft SharePoint Server 2013 environment.
More informationAdvanced Solutions of Microsoft SharePoint 2013
Course 20332A :Advanced Solutions of Microsoft SharePoint 2013 Page 1 of 9 Advanced Solutions of Microsoft SharePoint 2013 Course 20332A: 4 days; Instructor-Led About the Course This four-day course examines
More informationPRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICE (CCS)) CUSTOM APN ATTACHMENT
PRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICE (CCS)) CUSTOM APN ATTACHMENT Last Revised: 2/1/2017 1. Private Mobile Connection - Custom APN. Pursuant to the terms and conditions of
More informationPRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICE (CCS)) CUSTOM APN ATTACHMENT
PRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICE (CCS)) CUSTOM APN ATTACHMENT Last Revised: 12/20/17 1. Private Mobile Connection - Custom APN. Pursuant to the terms and conditions of
More informationQuestion No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output:
Volume: 75 Questions Question No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output: Which of the following is occurring? A. A ping sweep B. A port scan
More informationAdvanced Threat Defense Certification Testing Report. Trend Micro Incorporated Trend Micro Deep Discovery Inspector
Advanced Threat Defense Certification Testing Report Trend Micro Deep Discovery Inspector ICSA Labs Advanced Threat Defense July 12, 2016 Prepared by ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg,
More informationGet Started with Cisco DNA Center
About Cisco DNA Center, on page 1 Log In, on page 1 Log In for the First Time as a Network Administrator, on page 2 Default Home Page, on page 3 Use Global Search, on page 5 Where to Start, on page 6 About
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More information9 Steps to Protect Against Ransomware
9 Steps to Protect Against Ransomware IT Support Analyst Task Overview Security Manager Security Dashboard Self Service log Secur Devices With Vulnerabilities Critical Important/High Moderate/Medium 40
More informationAdvanced Threat Defense Certification Testing Report. Symantec Corporation Symantec Advanced Threat Protection
Advanced Threat Defense Certification Testing Report Symantec Advanced Threat Protection ICSA Labs Advanced Threat Defense December 8, 2015 Prepared by ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg,
More informationAdvanced Solutions of Microsoft SharePoint Server 2013
Course Duration: 4 Days + 1 day Self Study Course Pre-requisites: Before attending this course, students must have: Completed Course 20331: Core Solutions of Microsoft SharePoint Server 2013, successful
More informationSurprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS
Surprisingly Successful: What Really Works in Cyber Defense John Pescatore, SANS 1 Largest Breach Ever 2 The Business Impact Equation All CEOs know stuff happens in business and in security The goal is
More informationA Measurement Companion to the CIS Critical Security Controls (Version 6) October
A Measurement Companion to the CIS Critical Security Controls (Version 6) October 2015 1 A Measurement Companion to the CIS Critical Security Controls (Version 6) Introduction... 3 Description... 4 CIS
More informationFIREWALL BEST PRACTICES TO BLOCK
Brought to you by Enterprie Control Systems FIREWALL BEST PRACTICES TO BLOCK Recent ransomware attacks like Wanna and Petya have spread largely unchecked through corporate networks in recent months, extorting
More informationAutomated Firewall Change Management Securing change management workflow to ensure continuous compliance and reduce risk
Automated Firewall Change Management Securing change management workflow to ensure continuous compliance and reduce risk Skybox Security Whitepaper January 2015 Executive Summary Firewall management has
More informationJOINT MISSION ENVIRONMENT TEST CAPABILITY (JMETC)
JOINT MISSION ENVIRONMENT TEST CAPABILITY (JMETC) Cyber T&E Initiatives AJ Pathmanathan JMETC Deputy PM for Engineering NCR Technical Director November 14, 2013 GET CONNECTED to LEARN, SHARE, and ADVANCE
More informationIntroduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview
IBM Watson on the IBM Cloud Security Overview Introduction IBM Watson on the IBM Cloud helps to transform businesses, enhancing competitive advantage and disrupting industries by unlocking the potential
More informationPCI DSS. Compliance and Validation Guide VERSION PCI DSS. Compliance and Validation Guide
PCI DSS VERSION 1.1 1 PCI DSS Table of contents 1. Understanding the Payment Card Industry Data Security Standard... 3 1.1. What is PCI DSS?... 3 2. Merchant Levels and Validation Requirements... 3 2.1.
More informationAligning Agency Cybersecurity Practices with the Cybersecurity Framework
POINT OF VIEW Aligning Agency Cybersecurity Practices with the Cybersecurity Framework Leveraging Gigamon to Align Cybersecurity Budgets with Desired Business Outcomes 2013-2017 Gigamon. All rights reserved.
More informationMicrosoft Core Solutions of Microsoft SharePoint Server 2013
1800 ULEARN (853 276) www.ddls.com.au Microsoft 20331 - Core Solutions of Microsoft SharePoint Server 2013 Length 5 days Price $4290.00 (inc GST) Version B Overview This course will provide you with the
More informationProgress Report National Information Assurance Partnership
Progress Report 2012-2015 National Information Assurance Partnership Executive Summary The National Information Assurance Partnership (NIAP) has made significant progress in three primary mission areas:
More informationWHAT NETWORK VIRTUALIZATION TECHNOLOGY CAN DO FOR YOUR NETWORK TODAY
E-Guide WHAT NETWORK VIRTUALIZATION TECHNOLOGY CAN DO FOR YOUR NETWORK TODAY SearchSDN : S oftware-defined networking (SDN) and network technologies are being combined to fundamentally change our approach
More informationNovetta Cyber Analytics
Know your network. Arm your analysts. Introduction Novetta Cyber Analytics is an advanced network traffic analytics solution that empowers analysts with comprehensive, near real time cyber security visibility
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Network Mapping The Network Mapping helps visualize the network and understand relationships and connectivity between
More informationSecurity Awareness, Training, And Education Plan
Security Awareness, Training, And Education Plan Version 2.0 December 2016 TABLE OF CONTENTS 1.1 SCOPE 2 1.2 PRINCIPLES 2 1.3 REVISIONS 3 2.1 OBJECTIVE 4 3.1 PLAN DETAILS 4 3.2 WORKFORCE DESIGNATION 4
More informationHow-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018
How-to Guide: Tenable.io for Microsoft Azure Last Updated: November 16, 2018 Table of Contents How-to Guide: Tenable.io for Microsoft Azure 1 Introduction 3 Auditing the Microsoft Azure Cloud Environment
More informationFederal Mobility: A Year in Review
Federal Mobility: A Year in Review Link: https://www.dhs.gov/csd-mobile Link: https://www.dhs.gov/publication/csd-mobile-device-security-study Vincent Sritapan Cyber Security Division Science and Technology
More informationfor businesses with more than 25 seats
for businesses with more than 25 seats ESET Business Solutions 1/6 Whether your business is just starting out or is established, there are a few things that you should expect from the software you use
More information20331B: Core Solutions of Microsoft SharePoint Server 2013
20331B: Core Solutions of Microsoft SharePoint Server 2013 Course Details Course Code: Duration: Notes: 20331B 5 days This course syllabus should be used to determine whether the course is appropriate
More informationSECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS
WHITE PAPER SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS The Challenges Of Securing AWS Access and How To Address Them In The Modern Enterprise Executive Summary When operating in Amazon Web Services
More informationResolution: Advancing the National Preparedness for Cyber Security
Government Resolution No. 2444 of February 15, 2015 33 rd Government of Israel Benjamin Netanyahu Resolution: Advancing the National Preparedness for Cyber Security It is hereby resolved: Further to Government
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationAutomated Threat Management - in Real Time. Vectra Networks
Automated Threat Management - in Real Time Security investment has traditionally been in two areas Prevention Phase Active Phase Clean-up Phase Initial Infection Key assets found in the wild $$$$ $$$ $$
More informationAppPulse Point of Presence (POP)
AppPulse Point of Presence Micro Focus AppPulse POP service is a remotely delivered solution that provides a managed environment of Application Performance Management. AppPulse POP service supplies real-time
More informationIndustrial Defender ASM. for Automation Systems Management
Industrial Defender ASM for Automation Systems Management INDUSTRIAL DEFENDER ASM FOR AUTOMATION SYSTEMS MANAGEMENT Industrial Defender ASM is a management platform designed to address the overlapping
More informationMicrosoft SharePoint End User level 1 course content (3-day)
http://www.multimediacentre.co.za Cape Town: 021 790 3684 Johannesburg: 011 083 8384 Microsoft SharePoint End User level 1 course content (3-day) Course Description SharePoint End User Level 1 teaches
More informationSecurity Governance and Management Scorecard
Security Governance and Management Scorecard Risk Analysis 1 - Please indicate the status of your risk analysis process. 6 - Documented, enforced, reviewed, and 2 - Are all (Network, Data, Apps, IAM, End
More informationClient Computing Security Standard (CCSS)
Client Computing Security Standard (CCSS) 1. Background The purpose of the Client Computing Security Standard (CCSS) is to (a) help protect each user s device from harm, (b) to protect other users devices
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationSecurity Compliance and Data Governance: Dual problems, single solution CON8015
Security Compliance and Data Governance: Dual problems, single solution CON8015 David Wolf Director of Product Management Oracle Development, Enterprise Manager Steve Ries Senior Systems Architect Technology
More informationKey Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.
Key Technologies for Security Operations 2 Traditional Security Is Not Working 97% of breaches led to compromise within days or less with 72% leading to data exfiltration in the same time Source: Verizon
More informationBuilding a Resilient Security Posture for Effective Breach Prevention
SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.
More informationAKAMAI CLOUD SECURITY SOLUTIONS
AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your
More informationCIS Controls Measures and Metrics for Version 7
Level One Level Two Level Three Level Four Level Five Level Six 1.1 Utilize an Active Discovery Tool Utilize an active discovery tool to identify devices connected to the organization's network and update
More informationFortinet, Inc. Advanced Threat Protection Solution
Q4 2017 Advanced Threat Defense Certification Testing Report Advanced Threat Protection Solution Tested against these standards ICSA Labs Advanced Threat Defense ICSA Labs Advanced Threat Defense - Email
More informationA VO-friendly, Community-based Authorization Framework
A VO-friendly, Community-based Authorization Framework Part 1: Use Cases, Requirements, and Approach Ray Plante and Bruce Loftis NCSA Version 0.1 (February 11, 2005) Abstract The era of massive surveys
More informationCIS Controls Measures and Metrics for Version 7
Level 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.3 Use DHCP Logging to Update Asset Inventory 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information
More informationF5 DDoS Hybrid Defender : Setup. Version
F5 DDoS Hybrid Defender : Setup Version 13.1.0.3 Table of Contents Table of Contents Introducing DDoS Hybrid Defender... 5 Introduction to DDoS Hybrid Defender...5 DDoS deployments... 5 Example DDoS Hybrid
More informationPhishing Discussion. Pete Scheidt Lead Information Security Analyst California ISO
Phishing Discussion Pete Scheidt Lead Information Security Analyst California ISO 2 Phish What is Phishing Types of Phish 3 Phish What is Phishing Attackers (Phishers) would email (cast their nets) far
More informationCIM Certification Program. Deborah May The Open Group
CIM Certification Program Deborah May The Open Group d.may@opengroup.org Agenda Certification Program Overview of program Test Suite Overview of Test Suite Beta Release DMTF 2002 Developers' Conference
More informationCyber Security Program
Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by
More informationQ: Are power supply attacks in scope for SSITH? A: The hacker team will not have physical access to the power supply.
SSITH FAQ Questions about the Scope of SSITH Q: Is securitization of external memory in the scope for SSITH? A: Yes. Please refer to BAA section I-B, page 6. Q: Is reverse engineering research of integrated
More informationUnderstanding Cisco Cybersecurity Fundamentals
210-250 Understanding Cisco Cybersecurity Fundamentals NWExam.com SUCCESS GUIDE TO CISCO CERTIFICATION Exam Summary Syllabus Questions Table of Contents Introduction to 210-250 Exam on Understanding Cisco
More informationCampus Network Design
Design Principles Campus Network Design 2003, Cisco Systems, Inc. All rights reserved. 2-1 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0 2-2 Design Principles Task in Network Design Plan phase
More informationIBM SmartCloud Notes Security
IBM Software White Paper September 2014 IBM SmartCloud Notes Security 2 IBM SmartCloud Notes Security Contents 3 Introduction 3 Service Access 4 People, Processes, and Compliance 5 Service Security IBM
More informationCommunications Transformations 2: Steps to Integrate SIP Trunk into the Enterprise
Communications Transformations 2: Steps to Integrate SIP Trunk into the Enterprise The Changing Landscape IP-based unified communications is widely deployed in enterprise networks, both for internal calling
More informationTop Reasons To Audit An IAM Program. Bryan Cook Focal Point Data Risk
Top Reasons To Audit An IAM Program Bryan Cook Focal Point Data Risk Focal Point Data Risk A New Type of Risk Management Firm THE FACTS Born from the merger of three leading security & risk management
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationForeScout CounterACT. Configuration Guide. Version 1.4
ForeScout CounterACT Core Extensions Module: Flow Analyzer Plugin Version 1.4 Table of Contents About the Flow Analyzer... 3 How It Works... 3 CounterACT Software Requirements... 4 Configure the Sharing
More informationIBM Managed Security Services for Security
Service Description 1. Scope of Services IBM Managed Security Services for E-mail Security IBM Managed Security Services for E-mail Security (called MSS for E-mail Security ) may include: a. E-mail Antivirus
More informationNYU Cayuse IRB Manual
IRB NYU Cayuse IRB Manual prepared by the NYU UCAIHS (University Committee on Activities Involving Human Subjects) What is Cayuse? The Cayuse Research Suite is NYU s system to support the submission of
More informationUNCONTROLLED IF PRINTED
161Thorn Hill Road Warrendale, PA 15086-7527 1. Scope 2. Definitions PROGRAM DOCUMENT PD 1000 Issue Date: 19-Apr-2015 Revision Date: 26-May-2015 INDUSTRY MANAGED ACCREDITATION PROGRAM DOCUMENT Table of
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationPRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICES (CCS)) PERMANENT VIRTUAL CIRCUIT ATTACHMENT
PRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICES (CCS)) PERMANENT VIRTUAL CIRCUIT ATTACHMENT Last Revised 12/20/17 1. Private Mobile Connection Permanent Virtual Circuit. Pursuant to
More informationSTATE OF ALASKA RFP NUMBER 2516H009 AMENDMENT NUMBER ONE (1)
STATE OF ALASKA RFP NUMBER 2516H009 AMENDMENT NUMBER ONE (1) AMENDMENT ISSUING OFFICE: Department of Transportation & Public Facilities Statewide Contracting & Procurement P.O. Box 112500 (3132 Channel
More informationHow NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity
How NSFOCUS Protected the G20 Summit Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity SPONSORED BY Rosefelt is responsible for developing NSFOCUS threat intelligence and web
More informationIBM Security AppScan Enterprise v9.0.1 Importing Issues from Third Party Scanners
IBM Security AppScan Enterprise v9.0.1 Importing Issues from Third Party Scanners Anton Barua antonba@ca.ibm.com October 14, 2014 Abstract: To manage the challenge of addressing application security at
More informationContinuous auditing certification
State of the Art in cloud service certification Cloud computing has emerged as the de-facto-standard when it comes to IT delivery. It comes with many benefits, such as flexibility, cost-efficiency and
More informationData Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement
Simplified endpoint enforcement Overview makes it easy to begin implementing a network access control solution. It offers a subset of Symantec Network Access Control functionality that can be completely
More informationDARPA-BAA Hierarchical Identify Verify Exploit (HIVE) Frequently Asked Questions (FAQ) August 18, 2016
DARPA-BAA-16-52 Hierarchical Identify Verify Exploit (HIVE) Frequently Asked Questions (FAQ) August 18, 2016 DARPA-BAA-16-52 Hierarchical Identify Verify Exploit (HIVE) Frequently Asked Questions (FAQ)
More informationSecurity Architecture
Security Architecture RDX s top priority is to safeguard our customers sensitive information. Introduction RDX understands that our customers have turned over the keys to their sensitive data stores to
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationNetworking for a smarter data center: Getting it right
IBM Global Technology Services October 2011 Networking for a smarter data center: Getting it right Planning the network needed for a dynamic infrastructure 2 Networking for a smarter data center: Getting
More informationDATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI
DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI EXECUTIVE SUMMARY The shortage of cybersecurity skills Organizations continue to face a shortage of IT skill
More informationPRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICES (CCS)) -- IP ENABLED PVC ATTACHMENT Last Revised 2/1/2017
PRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICES (CCS)) -- IP ENABLED PVC ATTACHMENT Last Revised 2/1/2017 1. Private Mobile Connection IP Enabled PVC. Pursuant to the terms and conditions
More informationPRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICES (CCS)) AT&T VPN ACCESS ATTACHMENT
PRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICES (CCS)) AT&T VPN ACCESS ATTACHMENT Last Revised: 12/20/17 1. Private Mobile Connection AT&T VPN Access. Pursuant to the terms and conditions
More informationPRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICES (CCS)) AT&T VPN ACCESS ATTACHMENT
PRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICES (CCS)) AT&T VPN ACCESS ATTACHMENT Last Revised: 2/1/2017 1. Private Mobile Connection AT&T VPN Access. Pursuant to the terms and conditions
More informationfor businesses with more than 25 seats
for businesses with more than 25 seats ESET Business Solutions 1/6 Whether your business is just starting out or is established, there are a few things that you should expect from the software you use
More informationT22 - Industrial Control System Security
T22 - Industrial Control System Security PUBLIC Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 1 Holistic Approach A secure application depends on multiple layers of protection and industrial
More informationSymantec Industrial Control System Protection (ICSP) Support for DeltaV Systems
Symantec Industrial Control System Protection (ICSP) Support for DeltaV Systems This document describes the use cases and tested environment for using Symantec Industrial Control Systems Protection on
More informationIntroduction NOTE IF THE REQUEST IS APPROVED, BEFORE PROCEEDING, THE REQUESTING DEPARTMENT MUST AGREE TO BE
Page 1 of 9 Introduction The University of Houston Clear Lake requires any system that takes a credit or debit card for payment to comply with the Payment Card Industry s Data Security Standard (PCI-DSS).
More informationGet Started with Cisco DNA Center
About Cisco DNA Center, on page 1 Log In, on page 1 Default Home Page, on page 2 Use Search, on page 4 Where to Start, on page 5 About Cisco DNA Center Cisco Digital Network Architecture (DNA) offers centralized,
More informationVMware BCDR Accelerator Service
AT A GLANCE The rapidly deploys a business continuity and disaster recovery (BCDR) solution with a limited, pre-defined scope in a non-production environment. The goal of this service is to prove the solution
More informationHow Breaches Really Happen
How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationHow Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity
How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity Why is the NIST framework important? GOH Seow Hiong Executive Director, Global Policy & Government Affairs, Asia Pacific
More informationCOURSE OUTLINE: A Advanced Technologies of SharePoint 2016
Course Name 20339-2A Advanced Technologies of Course Duration 5 Days Course Structure Instructor-Led Course Overview This five-day course will teach you how to plan, configure, and manage the advanced
More informationPRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICES (CCS)) NETWORK VPN ATTACHMENT
PRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICES (CCS)) NETWORK VPN ATTACHMENT Last Revised 12/20/17 1. Private Mobile Connection Network VPN. Pursuant to the terms and conditions of
More informationSymantec Network Access Control Starter Edition
Simplified endpoint compliance Overview makes it easy to begin implementing a network access control solution. It offers a subset of Symantec Network Access Control functionality that can be completely
More informationCSD Project Overview DHS SCIENCE AND TECHNOLOGY. Dr. Ann Cox. March 13, 2018
DHS SCIENCE AND TECHNOLOGY CSD Project Overview March 13, 2018 Dr. Ann Cox Program Manager Cyber Security Division Science and Technology Directorate CSD Mission & Strategy REQUIREMENTS CSD MISSION Develop
More informationPetroleum Refiner Overhauls Security Infrastructure
Petroleum Refiner Overhauls Security Infrastructure Small team strengthens security posture and responds faster to threats HollyFrontier Customer Profile Fortune 500 independent petroleum refiner and distributor
More informationEmpower stakeholders with single-pane visibility and insights Enrich firewall security data
SonicWall Analytics Transforming data into information, information into knowledge, knowledge into decisions and decisions into actions SonicWall Analytics provides an eagle-eye view into everything that
More information