Information Technology Security Plan Policy, Control, and Procedures Manual Detect: Anomalies and Events

Size: px
Start display at page:

Download "Information Technology Security Plan Policy, Control, and Procedures Manual Detect: Anomalies and Events"

Transcription

1 Information Technology Security Plan Policy, Control, and Procedures Manual Detect: Anomalies and Events Location: Need the right URL for this document TSecPlan_DEAE2017.pdf

2 Information Security Policy and Procedures Detect: Anomalies and Events DE.AE Table of Contents Detect Anomalies and Events (DE.AE) Overview... 3 Establish and Manage Baseline of Network Operations and Expected Data Flows for Users and Systems (DE.AE-1)... 4 Risk Management:... 5 Compliance Management:... 5 Resources Required... 6 Links to Supporting Policies, ation, and Resources... 6 Deliverables Status:... 6 Analyze Detected Events to Understand Attack Targets and Methods DE.AE Risk Management:... 9 Compliance Management:... 9 Resources Required... 9 Links to Supporting Policies, ation, and Resources Deliverables Status: Aggregate and Correlate Event Data from Multiple Sources and Sensors DE.AE Risk Management: Compliance Management: Resources Required Links to Supporting Policies, ation, and Resources North Dallas Community Bible Fellowship IT Security Plan Detect Anomalies and Events DE.AE Page: 1

3 Deliverables Status: Determine Impact of Events DE.AE Risk Management: Compliance Management: Resources Required Links to Supporting Policies, ation, and Resources Deliverables Status: Establish Incident Alert Thresholds DE.AE Risk Management: Compliance Management: Resources Required Links to Supporting Policies, ation, and Resources Deliverables Status: North Dallas Community Bible Fellowship IT Security Plan Detect Anomalies and Events DE.AE Page: 2

4 Detect Anomalies and Events (DE.AE) Overview Anomalous activity is detected in a timely manner and the potential impact of events is understood. Detect Anomalies and Events functions are: Establish and Manage Baseline of Network Operations and Expected Data Flows for Users and Systems DE.AE-1 - A baseline of network operations and expected data flows for users and systems is established and managed Analyze Detected Events to Understand Attack Targets and Methods DE.AE-2 - Detected events are analyzed to understand attack targets and methods Aggregate and Correlate Event Data from Multiple Sources and Sensors DE.AE-3 - Event data are aggregated and correlated from multiple sources and sensors Determine Impact of Events DE.AE-4 - Impact of events is determined Establish Incident Alert Thresholds DE.AE-5 - Incident alert thresholds are established North Dallas Community Bible Fellowship IT Security Plan Detect Anomalies and Events DE.AE Page: 3

5 Establish and Manage Baseline of Network Operations and Expected Data Flows for Users and Systems (DE.AE- 1) A baseline of NDCBF s network operations and expected data flows for users and systems is established and managed. Primary Control Reference - NIST SP Rev. 4 AC-4, CA-3, CM- 2, SI-4 AC-4 INFORMATION FLOW ENFORCEMENT - Control: The information system enforces approved authorizations for controlling the flow of information within the system and between interconnected systems based on [Assignment: organization-defined information flow control policies] CA-3 SYSTEM INTERCONNECTIONS Control: The organization: a. Authorizes connections from the information system to other information systems through the use of Interconnection Security Agreements; b. s, for each interconnection, the interface characteristics, security requirements, and the nature of the information communicated; and c. Reviews and updates Interconnection Security Agreements [Assignment: organization-defined frequency]. CM-2 BASELINE CONFIGURATION Control: The organization develops, documents, and maintains under configuration control, a current baseline configuration of the information system SI-4 INFORMATION SYSTEM MONITORING Control: The organization: a. Monitors the information system to detect: North Dallas Community Bible Fellowship IT Security Plan Detect Anomalies and Events DE.AE Page: 4

6 o 1. Attacks and indicators of potential attacks in accordance with [Assignment: organization defined monitoring objectives]; and o 2. Unauthorized local, network, and remote connections; b. Identifies unauthorized use of the information system through [Assignment: organization defined techniques and methods]; c. Deploys monitoring devices: o 1. Strategically within the information system to collect organization-determined essential information; and o 2. At ad hoc locations within the system to track specific types of transactions of interest to the organization; d. Protects information obtained from intrusion-monitoring tools from unauthorized access, modification, and deletion; e. Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of information; f. Obtains legal opinion with regard to information system monitoring activities in accordance with applicable federal laws, Executive Orders, directives, policies, or regulations; and g. Provides [Assignment: organization-defined information system monitoring information] to [Assignment: organization-defined personnel or roles] [Selection (one or more): as needed; [Assignment: organization-defined frequency]]. RISK MANAGEMENT: erisk Self-Assessment Questions that apply COMPLIANCE MANAGEMENT: North Dallas Community Bible Fellowship IT Security Plan Detect Anomalies and Events DE.AE Page: 5

7 PCI Compliance Requirements Requirements that apply HIPAA AND TEXAS HOUSE BILL 300 Requirements Requirements and questions that apply RESOURCES REQUIRED Support agreements and other resources required to execute LINKS TO SUPPORTING POLICIES, DOCUMENTATION, AND RESOURCES DELIVERABLES STATUS: Supplier Deliverable Consumer Status North Dallas Community Bible Fellowship IT Security Plan Detect Anomalies and Events DE.AE Page: 6

8 Analyze Detected Events to Understand Attack Targets and Methods DE.AE-2 Detected events are analyzed to understand attack targets and methods. Primary Control Reference - NIST SP Rev. 4 AU-6, CA-7, IR-4, SI-4 AU-6 AUDIT REVIEW, ANALYSIS, AND REPORTING Control: The organization: a. Reviews and analyzes information system audit records [Assignment: organization-defined frequency] for indications of [Assignment: organization-defined inappropriate or unusual activity]; and b. Reports findings to [Assignment: organization-defined personnel or roles]. CA-7 CONTINUOUS MONITORING Control: The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes: a. Establishment of [Assignment: organization-defined metrics] to be monitored; b. Establishment of [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessments supporting such monitoring; c. Ongoing security control assessments in accordance with the organizational continuous monitoring strategy; North Dallas Community Bible Fellowship IT Security Plan Detect Anomalies and Events DE.AE Page: 7

9 d. Ongoing security status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy; e. Correlation and analysis of security-related information generated by assessments and monitoring; f. Response actions to address results of the analysis of securityrelated information; and g. Reporting the security status of organization and the information system to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency]. IR-4 INCIDENT HANDLING Control: The organization: a. Implements an incident handling capability for security incidents that includes preparation, detection and analysis, containment, eradication, and recovery; b. Coordinates incident handling activities with contingency planning activities; and c. Incorporates lessons learned from ongoing incident handling activities into incident response procedures, training, and testing, and implements the resulting changes accordingly SI-4 INFORMATION SYSTEM MONITORING Control: The organization: a. Monitors the information system to detect: o 1. Attacks and indicators of potential attacks in accordance with [Assignment: organization defined monitoring objectives]; and o 2. Unauthorized local, network, and remote connections; b. Identifies unauthorized use of the information system through [Assignment: organization defined techniques and methods]; North Dallas Community Bible Fellowship IT Security Plan Detect Anomalies and Events DE.AE Page: 8

10 c. Deploys monitoring devices: o Strategically within the information system to collect organization-determined essential information; and o At ad hoc locations within the system to track specific types of transactions of interest to the organization; d. Protects information obtained from intrusion-monitoring tools from unauthorized access, modification, and deletion; e. Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of information; f. Obtains legal opinion with regard to information system monitoring activities in accordance with applicable federal laws, Executive Orders, directives, policies, or regulations; and g. Provides [Assignment: organization-defined information system monitoring information] to [Assignment: organization-defined personnel or roles] [Selection (one or more): as needed; [Assignment: organization-defined frequency]]. RISK MANAGEMENT: erisk Self-Assessment Questions that apply COMPLIANCE MANAGEMENT: PCI Compliance Requirements Requirements that apply HIPAA AND TEXAS HOUSE BILL 300 Requirements Requirements and questions that apply RESOURCES REQUIRED Support agreements and other resources required to execute North Dallas Community Bible Fellowship IT Security Plan Detect Anomalies and Events DE.AE Page: 9

11 LINKS TO SUPPORTING POLICIES, DOCUMENTATION, AND RESOURCES DELIVERABLES STATUS: Supplier Deliverable Consumer Status North Dallas Community Bible Fellowship IT Security Plan Detect Anomalies and Events DE.AE Page: 10

12 Aggregate and Correlate Event Data from Multiple Sources and Sensors DE.AE-3 Event data are aggregated and correlated from multiple sources and sensors Primary Control Reference - NIST SP Rev. 4 AU-6, CA-7, IR-4, IR-5, IR-8, SI-4 AU-6 AUDIT REVIEW, ANALYSIS, AND REPORTING Control: The organization: a. Reviews and analyzes information system audit records [Assignment: organization-defined frequency] for indications of [Assignment: organization-defined inappropriate or unusual activity]; and b. Reports findings to [Assignment: organization-defined personnel or roles]. CA-7 CONTINUOUS MONITORING Control: The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes: a. Establishment of [Assignment: organization-defined metrics] to be monitored; b. Establishment of [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessments supporting such monitoring; c. Ongoing security control assessments in accordance with the organizational continuous monitoring strategy; d. Ongoing security status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy; North Dallas Community Bible Fellowship IT Security Plan Detect Anomalies and Events DE.AE Page: 11

13 e. Correlation and analysis of security-related information generated by assessments and monitoring; f. Response actions to address results of the analysis of securityrelated information; and g. Reporting the security status of organization and the information system to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency]. IR-4 INCIDENT HANDLING Control: The organization: a. Implements an incident handling capability for security incidents that includes preparation, detection and analysis, containment, eradication, and recovery; b. Coordinates incident handling activities with contingency planning activities; and c. Incorporates lessons learned from ongoing incident handling activities into incident response procedures, training, and testing, and implements the resulting changes accordingly IR-5 INCIDENT MONITORING Control: The organization tracks and documents information system security incidents. IR-8 INCIDENT RESPONSE PLAN Control: The organization: a. Develops an incident response plan that: o 1. Provides the organization with a roadmap for implementing its incident response capability; o 2. Describes the structure and organization of the incident response capability; North Dallas Community Bible Fellowship IT Security Plan Detect Anomalies and Events DE.AE Page: 12

14 o 3. Provides a high-level approach for how the incident response capability fits into the overall organization; o 4. Meets the unique requirements of the organization, which relate to mission, size, structure, and functions; o 5. Defines reportable incidents; o 6. Provides metrics for measuring the incident response capability within the organization; o 7. Defines the resources and management support needed to effectively maintain and mature an incident response capability; and o 8. Is reviewed and approved by [Assignment: organizationdefined personnel or roles]; b. Distributes copies of the incident response plan to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; c. Reviews the incident response plan [Assignment: organizationdefined frequency]; d. Updates the incident response plan to address system/organizational changes or problems encountered during plan implementation, execution, or testing; e. Communicates incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and f. Protects the incident response plan from unauthorized disclosure and modification SI-4 INFORMATION SYSTEM MONITORING Control: The organization: a. Monitors the information system to detect: North Dallas Community Bible Fellowship IT Security Plan Detect Anomalies and Events DE.AE Page: 13

15 o 1. Attacks and indicators of potential attacks in accordance with [Assignment: organization defined monitoring objectives]; and o 2. Unauthorized local, network, and remote connections; b. Identifies unauthorized use of the information system through [Assignment: organization defined techniques and methods]; c. Deploys monitoring devices: o Strategically within the information system to collect organization-determined essential information; and o At ad hoc locations within the system to track specific types of transactions of interest to the organization; d. Protects information obtained from intrusion-monitoring tools from unauthorized access, modification, and deletion; e. Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of information; f. Obtains legal opinion with regard to information system monitoring activities in accordance with applicable federal laws, Executive Orders, directives, policies, or regulations; and g. Provides [Assignment: organization-defined information system monitoring information] to [Assignment: organization-defined personnel or roles] [Selection (one or more): as needed; [Assignment: organization-defined frequency]]. RISK MANAGEMENT: erisk Self-Assessment Questions that apply COMPLIANCE MANAGEMENT: North Dallas Community Bible Fellowship IT Security Plan Detect Anomalies and Events DE.AE Page: 14

16 PCI Compliance Requirements Requirements that apply HIPAA AND TEXAS HOUSE BILL 300 Requirements Requirements and questions that apply RESOURCES REQUIRED Support agreements and other resources required to execute LINKS TO SUPPORTING POLICIES, DOCUMENTATION, AND RESOURCES DELIVERABLES STATUS: Supplier Deliverable Consumer Status North Dallas Community Bible Fellowship IT Security Plan Detect Anomalies and Events DE.AE Page: 15

17 Determine Impact of Events DE.AE-4 Impact of events is determined Primary Control Reference - NIST SP Rev. 4 CP-2, IR-4, RA-3, SI -4 CP-2 CONTINGENCY PLAN Control: The organization: a. Develops a contingency plan for the information system that: o 1. Identifies essential missions and business functions and associated contingency requirements; o 2. Provides recovery objectives, restoration priorities, and metrics; o 3. Addresses contingency roles, responsibilities, assigned individuals with contact information; o 4. Addresses maintaining essential missions and business functions despite an information system disruption, compromise, or failure; o 5. Addresses eventual, full information system restoration without deterioration of the security safeguards originally planned and implemented; and o 6. Is reviewed and approved by [Assignment: organizationdefined personnel or roles]; North Dallas Community Bible Fellowship IT Security Plan Detect Anomalies and Events DE.AE Page: 16

18 b. Distributes copies of the contingency plan to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; c. Coordinates contingency planning activities with incident handling activities; d. Reviews the contingency plan for the information system [Assignment: organization-defined frequency]; e. Updates the contingency plan to address changes to the organization, information system, or environment of operation and problems encountered during contingency plan implementation, execution, or testing; f. Communicates contingency plan changes to [Assignment: organization-defined key contingency personnel (identified by name and/or by role) and organizational elements]; and g. Protects the contingency plan from unauthorized disclosure and modification IR-4 INCIDENT HANDLING Control: The organization: a. Implements an incident handling capability for security incidents that includes preparation, detection and analysis, containment, eradication, and recovery; b. Coordinates incident handling activities with contingency planning activities; and c. Incorporates lessons learned from ongoing incident handling activities into incident response procedures, training, and testing, and implements the resulting changes accordingly RA-3 RISK ASSESSMENT Control: The organization: North Dallas Community Bible Fellowship IT Security Plan Detect Anomalies and Events DE.AE Page: 17

19 a. Conducts an assessment of risk, including the likelihood and magnitude of harm, from the unauthorized access, use, disclosure, disruption, modification, or destruction of the information system and the information it processes, stores, or transmits; b. s risk assessment results in [Selection: security plan; risk assessment report; [Assignment: organization-defined document]]; c. Reviews risk assessment results [Assignment: organizationdefined frequency]; d. Disseminates risk assessment results to [Assignment: organization-defined personnel or roles]; and e. Updates the risk assessment [Assignment: organization-defined frequency] or whenever there are significant changes to the information system or environment of operation (including the identification of new threats and vulnerabilities), or other conditions that may impact the security state of the system. SI-4 INFORMATION SYSTEM MONITORING Control: The organization: a. Monitors the information system to detect: o 1. Attacks and indicators of potential attacks in accordance with [Assignment: organization defined monitoring objectives]; and o 2. Unauthorized local, network, and remote connections; b. Identifies unauthorized use of the information system through [Assignment: organization defined techniques and methods]; c. Deploys monitoring devices: o Strategically within the information system to collect organization-determined essential information; and o At ad hoc locations within the system to track specific types of transactions of interest to the organization; North Dallas Community Bible Fellowship IT Security Plan Detect Anomalies and Events DE.AE Page: 18

20 d. Protects information obtained from intrusion-monitoring tools from unauthorized access, modification, and deletion; e. Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of information; f. Obtains legal opinion with regard to information system monitoring activities in accordance with applicable federal laws, Executive Orders, directives, policies, or regulations; and g. Provides [Assignment: organization-defined information system monitoring information] to [Assignment: organization-defined personnel or roles] [Selection (one or more): as needed; [Assignment: organization-defined frequency]]. RISK MANAGEMENT: erisk Self-Assessment Questions that apply COMPLIANCE MANAGEMENT: PCI Compliance Requirements Requirements that apply HIPAA AND TEXAS HOUSE BILL 300 Requirements Requirements and questions that apply RESOURCES REQUIRED Support agreements and other resources required to execute LINKS TO SUPPORTING POLICIES, DOCUMENTATION, AND RESOURCES North Dallas Community Bible Fellowship IT Security Plan Detect Anomalies and Events DE.AE Page: 19

21 DELIVERABLES STATUS: Supplier Deliverable Consumer Status Establish Incident Alert Thresholds DE.AE-5 Incident alert thresholds are established Primary Control Reference - NIST SP Rev. 4 IR-4, IR-5, IR-8 IR-4 INCIDENT HANDLING Control: The organization: a. Implements an incident handling capability for security incidents that includes preparation, detection and analysis, containment, eradication, and recovery; b. Coordinates incident handling activities with contingency planning activities; and North Dallas Community Bible Fellowship IT Security Plan Detect Anomalies and Events DE.AE Page: 20

22 c. Incorporates lessons learned from ongoing incident handling activities into incident response procedures, training, and testing, and implements the resulting changes accordingly IR-5 INCIDENT MONITORING Control: The organization tracks and documents information system security incidents. IR-8 INCIDENT RESPONSE PLAN Control: The organization: a. Develops an incident response plan that: o 1. Provides the organization with a roadmap for implementing its incident response capability; o 2. Describes the structure and organization of the incident response capability; o 3. Provides a high-level approach for how the incident response capability fits into the overall organization; o 4. Meets the unique requirements of the organization, which relate to mission, size, structure, and functions; o 5. Defines reportable incidents; o 6. Provides metrics for measuring the incident response capability within the organization; o 7. Defines the resources and management support needed to effectively maintain and mature an incident response capability; and o 8. Is reviewed and approved by [Assignment: organizationdefined personnel or roles]; b. Distributes copies of the incident response plan to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; North Dallas Community Bible Fellowship IT Security Plan Detect Anomalies and Events DE.AE Page: 21

23 c. Reviews the incident response plan [Assignment: organizationdefined frequency]; d. Updates the incident response plan to address system/organizational changes or problems encountered during plan implementation, execution, or testing; e. Communicates incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and f. Protects the incident response plan from unauthorized disclosure and modification RISK MANAGEMENT: erisk Self-Assessment Questions that apply COMPLIANCE MANAGEMENT: PCI Compliance Requirements Requirements that apply HIPAA AND TEXAS HOUSE BILL 300 Requirements Requirements and questions that apply RESOURCES REQUIRED Support agreements and other resources required to execute LINKS TO SUPPORTING POLICIES, DOCUMENTATION, AND RESOURCES DELIVERABLES STATUS: Supplier Deliverable Consumer Status North Dallas Community Bible Fellowship IT Security Plan Detect Anomalies and Events DE.AE Page: 22

24 North Dallas Community Bible Fellowship IT Security Plan Detect Anomalies and Events DE.AE Page: 23

Information Technology Security Plan Policies, Controls, and Procedures Identify Risk Assessment ID.RA

Information Technology Security Plan Policies, Controls, and Procedures Identify Risk Assessment ID.RA Information Technology Security Plan Policies, Controls, and Procedures Identify Risk Assessment ID.RA Information Security Policy and Procedures Identify Risk Assessment ID.RA Table of Contents Identify

More information

INTERNATIONAL CIVIL AVIATION ORGANIZATION ASIA and PACIFIC OFFICE ASIA/PAC RECOMMENDED SECURITY CHECKLIST

INTERNATIONAL CIVIL AVIATION ORGANIZATION ASIA and PACIFIC OFFICE ASIA/PAC RECOMMENDED SECURITY CHECKLIST INTERNATIONAL CIVIL AVIATION ORGANIZATION ASIA and PACIFIC OFFICE Aeronautical Telecommunication Network Implementation Coordination Group (ATNICG) ASIA/PAC RECOMMENDED SECURITY CHECKLIST September 2009

More information

Information Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC

Information Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC Information Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/protect/ndcbf_

More information

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf

More information

NIST SP Controls

NIST SP Controls NIST SP 800-53 Controls and Netwrix Auditor Mapping www.netwrix.com Toll-free: 888-638-9749 About FISMA / NIST The Federal Information Security Management Act of 2002 (commonly abbreviated to FISMA) is

More information

Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments

Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments 1 ID.AM-1: Physical devices and systems within the organization are inventoried Asset Management (ID.AM): The

More information

Compliance Brief: The National Institute of Standards and Technology (NIST) , for Federal Organizations

Compliance Brief: The National Institute of Standards and Technology (NIST) , for Federal Organizations VARONIS COMPLIANCE BRIEF NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST) 800-53 FOR FEDERAL INFORMATION SYSTEMS CONTENTS OVERVIEW 3 MAPPING NIST 800-53 CONTROLS TO VARONIS SOLUTIONS 4 2 OVERVIEW

More information

SYSTEMS ASSET MANAGEMENT POLICY

SYSTEMS ASSET MANAGEMENT POLICY SYSTEMS ASSET MANAGEMENT POLICY Policy: Asset Management Policy Owner: CIO Change Management Original Implementation Date: 7/1/2017 Effective Date: 7/1/2017 Revision Date: Approved By: NIST Cyber Security

More information

PT-BSC. PT-BSC version 0.3. Primechain Technologies Blockchain Security Controls. Version 0.4 dated 21 st October, 2017

PT-BSC. PT-BSC version 0.3. Primechain Technologies Blockchain Security Controls. Version 0.4 dated 21 st October, 2017 PT-BSC Primechain Technologies Blockchain Security Controls Version 0.4 dated 21 st October, 2017 PT-BSC version 0.3 PT-BSC (version 0.4 dated 21 st October, 2017) 1 Blockchain technology has earned the

More information

Using Metrics to Gain Management Support for Cyber Security Initiatives

Using Metrics to Gain Management Support for Cyber Security Initiatives Using Metrics to Gain Management Support for Cyber Security Initiatives Craig Schumacher Chief Information Security Officer Idaho Transportation Dept. January 2016 Why Metrics Based on NIST Framework?

More information

Annex 3 to NIST Special Publication Recommended Security Controls for Federal Information Systems

Annex 3 to NIST Special Publication Recommended Security Controls for Federal Information Systems Annex 3 to NIST Special Publication 800-53 Recommended Security Controls for Federal Information Systems Minimum Security Controls High Baseline Includes updates through 04-22-2005 AC-1 ACCESS CONTROL

More information

Mapping of FedRAMP Tailored LI SaaS Baseline to ISO Security Controls

Mapping of FedRAMP Tailored LI SaaS Baseline to ISO Security Controls Mapping of FedRAMP Tailored LI SaaS Baseline to ISO 27001 Security Controls This document provides a list of all controls that require the Cloud Service Provider, Esri, to provide detailed descriptions

More information

CONTINUOUS VIGILANCE POLICY

CONTINUOUS VIGILANCE POLICY CONTINUOUS VIGILANCE POLICY Policy: Policy Owner: Continuous Vigilance CIO Change Management Original Implementation Date: 8/30/2017 Effectie Date: 8/30/2017 Reision Date: Approed By: NIST Cyber Security

More information

Altius IT Policy Collection Compliance and Standards Matrix

Altius IT Policy Collection Compliance and Standards Matrix Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions

More information

ACHIEVING COMPLIANCE WITH NIST SP REV. 4:

ACHIEVING COMPLIANCE WITH NIST SP REV. 4: ACHIEVING COMPLIANCE WITH NIST SP 800-53 REV. 4: How Thycotic Helps Implement Access Controls OVERVIEW NIST Special Publication 800-53, Revision 4 (SP 800-53, Rev. 4) reflects the U.S. federal government

More information

CloudCheckr NIST Matrix

CloudCheckr NIST Matrix CloudCheckr NIST 800-53 Matrix FISMA NIST 800-53 (Rev 4) Shared Public Cloud Infrastructure Standards NIST CONTROL AC-2 ACCOUNT MANAGEMENT a. Identifies and selects the following types of information system

More information

existing customer base (commercial and guidance and directives and all Federal regulations as federal)

existing customer base (commercial and guidance and directives and all Federal regulations as federal) ATTACHMENT 7 BSS RISK MANAGEMENT FRAMEWORK PLAN [L.30.2.7, M.2.2.(7), G.5.6; F.2.1(41) THROUGH (76)] A7.1 BSS SECURITY REQUIREMENTS Our Business Support Systems (BSS) Risk MetTel ensures the security of

More information

Altius IT Policy Collection Compliance and Standards Matrix

Altius IT Policy Collection Compliance and Standards Matrix Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions

More information

INFORMATION ASSURANCE DIRECTORATE

INFORMATION ASSURANCE DIRECTORATE National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Host Intrusion Detection The Host Intrusion Detection helps to detect malicious activity by monitoring for anomalies

More information

Annex 1 to NIST Special Publication Recommended Security Controls for Federal Information Systems

Annex 1 to NIST Special Publication Recommended Security Controls for Federal Information Systems Annex 1 to NIST Special Publication 800-53 Recommended Security Controls for Federal Information Systems Minimum Security Controls Low Baseline AC-1 ACCESS CONTROL POLICY AND PROCEDURES The organization

More information

Certified Information Security Manager (CISM) Course Overview

Certified Information Security Manager (CISM) Course Overview Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,

More information

Data Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory

Data Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory Audience: NDCBF IT Security Team Last Reviewed/Updated: March 2018 Contact: Henry Draughon hdraughon@processdeliveysystems.com Overview... 2 Sensitive Data Inventory and Classification... 3 Applicable

More information

Continuous Monitoring Strategy & Guide

Continuous Monitoring Strategy & Guide Version 1.0 June 27, 2012 Executive Summary The OMB memorandum M-10-15, issued on April 21, 2010, changed from static point in time security authorization processes to Ongoing Assessment and Authorization

More information

IASM Support for FISMA

IASM Support for FISMA Introduction Most U.S. civilian government agencies, and commercial enterprises processing electronic data on behalf of those agencies, are concerned about whether and how Information Assurance products

More information

EXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

EXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations EXCERPT NIST Special Publication 800-171 R1 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations An Excerpt Listing All: Security Requirement Families & Controls Security

More information

Four Deadly Traps of Using Frameworks NIST Examples

Four Deadly Traps of Using Frameworks NIST Examples Four Deadly Traps of Using Frameworks NIST 800-53 Examples ISACA Feb. 2015 Meeting Doug Landoll dlandoll@lantego.com (512) 633-8405 Session Agenda Framework Definition & Uses NIST 800-53 Framework Intro

More information

DoD Guidance for Reviewing System Security Plans and the NIST SP Security Requirements Not Yet Implemented This guidance was developed to

DoD Guidance for Reviewing System Security Plans and the NIST SP Security Requirements Not Yet Implemented This guidance was developed to DoD Guidance for Reviewing System Security Plans and the s Not Yet Implemented This guidance was developed to facilitate the consistent review and understanding of System Security Plans and Plans of Action,

More information

EXABEAM HELPS PROTECT INFORMATION SYSTEMS

EXABEAM HELPS PROTECT INFORMATION SYSTEMS WHITE PAPER EXABEAM HELPS PROTECT INFORMATION SYSTEMS Meeting the Latest NIST SP 800-53 Revision 4 Guidelines SECURITY GUIDELINE COMPLIANCE There has been a rapid increase in malicious insider threats,

More information

NIST Compliance Controls

NIST Compliance Controls NIST 800-53 Compliance s The following control families represent a portion of special publication NIST 800-53 revision 4. This guide is intended to aid McAfee, its partners, and its customers, in aligning

More information

INFORMATION ASSURANCE DIRECTORATE

INFORMATION ASSURANCE DIRECTORATE National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Signature Repository A Signature Repository provides a group of signatures for use by network security tools such

More information

Meeting RMF Requirements around Compliance Monitoring

Meeting RMF Requirements around Compliance Monitoring Meeting RMF Requirements around Compliance Monitoring An EiQ Networks White Paper Meeting RMF Requirements around Compliance Monitoring Purpose The purpose of this paper is to provide some background on

More information

Managed Trusted Internet Protocol Service (MTIPS) Enterprise Infrastructure Solutions (EIS) Risk Management Framework Plan (RMFP)

Managed Trusted Internet Protocol Service (MTIPS) Enterprise Infrastructure Solutions (EIS) Risk Management Framework Plan (RMFP) Enterprise Infrastructure Solutions Volume 1 Technical Volume EIS MTIPS Risk Management Framework Plan Managed Trusted Internet Protocol Service (MTIPS) Enterprise Infrastructure Solutions (EIS) Risk Management

More information

DFARS Safeguarding Covered Defense Information The Interim Rule: Cause for Confusion and Request for Questions

DFARS Safeguarding Covered Defense Information The Interim Rule: Cause for Confusion and Request for Questions DFARS 252.204.7012 Safeguarding Covered Defense Information The Interim Rule: Cause for Confusion and Request for Questions By Jonathan Hard, CEO And Carol Claflin, Director of Business Development H2L

More information

Big Brother is Watching Your Big Data: z/os Actions Buried in the FISMA Security Regulation

Big Brother is Watching Your Big Data: z/os Actions Buried in the FISMA Security Regulation Big Brother is Watching Your Big Data: z/os Actions Buried in the FISMA Security Regulation Bill Valyo CA Technologies February 7, 2013 Session #12765 Quick Abstract: About this Presentation This presentation

More information

Improving Critical Infrastructure Cybersecurity Executive Order Preliminary Cybersecurity Framework

Improving Critical Infrastructure Cybersecurity Executive Order Preliminary Cybersecurity Framework 1 Improving Critical Infrastructure Cybersecurity Executive Order 13636 Preliminary Cybersecurity Framework 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

More information

CloudCheckr NIST Audit and Accountability

CloudCheckr NIST Audit and Accountability CloudCheckr NIST 800-53 Audit and Accountability FISMA NIST 800-53 (Rev 4) Audit and Accountability: Shared Public Cloud Infrastructure Standards Standard Requirement per NIST 800-53 (Rev. 4) CloudCheckr

More information

Safeguarding of Unclassified Controlled Technical Information. SAFEGUARDING OF UNCLASSIFIED CONTROLLED TECHNICAL INFORMATION (NOV 2013)

Safeguarding of Unclassified Controlled Technical Information. SAFEGUARDING OF UNCLASSIFIED CONTROLLED TECHNICAL INFORMATION (NOV 2013) Page 1 of 7 Section O Attach 2: SAFEGUARDING OF UNCLASSIFIED CONTROLLED TECHNICAL INFORMATION (NOV 2013) 252.204-7012 Safeguarding of Unclassified Controlled Technical Information. As prescribed in 204.7303,

More information

NIST Special Publication

NIST Special Publication DATASHEET NIST Special Publication 800-53 Security and Privacy Controls for Federal Information Systems and Organizations Mapping for Carbon Black BACKGROUND The National Institute of Standards and Technology

More information

Information Technology Procedure IT 3.4 IT Configuration Management

Information Technology Procedure IT 3.4 IT Configuration Management Information Technology Procedure IT Configuration Management Contents Purpose and Scope... 1 Responsibilities... 1 Procedure... 1 Identify and Record Configuration... 2 Document Planned Changes... 3 Evaluating

More information

FISMA-NIST SP Rev.4 Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD FISMA NIST SP

FISMA-NIST SP Rev.4 Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD FISMA NIST SP FISMA-NIST SP 800-53 Rev.4 Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical solutions that transform high-volume cryptic log data into actionable, prioritized intelligence

More information

Rev.1 Solution Brief

Rev.1 Solution Brief FISMA-NIST SP 800-171 Rev.1 Solution Brief New York FISMA Cybersecurity NIST SP 800-171 EventTracker 8815 Centre Park Drive, Columbia MD 21045 About EventTracker EventTracker delivers business critical

More information

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity 1 Framework for Improving Critical Infrastructure Cybersecurity Standards Certification Education & Training Publishing Conferences & Exhibits Dean Bickerton ISA New Orleans April 5, 2016 A Brief Commercial

More information

NIST Special Publication

NIST Special Publication NIST Special Publication 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations Ryan Bonner Brightline WHAT IS INFORMATION SECURITY? Personnel Security

More information

Contingency Planning

Contingency Planning Contingency Planning Introduction Planning for the unexpected event, when the use of technology is disrupted and business operations come close to a standstill Procedures are required that will permit

More information

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program

More information

The Cybersecurity Risk Management Framework Applied to Enterprise Risk Management

The Cybersecurity Risk Management Framework Applied to Enterprise Risk Management The Cybersecurity Risk Management Framework Applied to Enterprise Risk Management Session 43, March 6, 2018 Barry S. Herrin, JD, FAHIMA, FACHE Founder, Herrin Health Law, PC 1 Conflict of Interest Barry

More information

Are Traditional Disaster Recovery Plans Still Relevant? Bobby Williams, MBCP, MBCI Director, IT Resiliency Planning Fidelity Investments

Are Traditional Disaster Recovery Plans Still Relevant? Bobby Williams, MBCP, MBCI Director, IT Resiliency Planning Fidelity Investments Are Traditional Disaster Recovery Plans Still Relevant? Bobby Williams, MBCP, MBCI Director, IT Resiliency Planning Fidelity Investments Who am I? Bobby Williams is the Director of IT Resiliency Planning

More information

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not

More information

NIST (NCF) & GDPR to Microsoft Technologies MAP

NIST (NCF) & GDPR to Microsoft Technologies MAP NIST (NCF) & GDPR to Microsoft Technologies MAP Digital Transformation Realized.TM IDENTIFY (ID) Asset Management (ID.AM) The data, personnel, devices, systems, and facilities that enable the organization

More information

SAC PA Security Frameworks - FISMA and NIST

SAC PA Security Frameworks - FISMA and NIST SAC PA Security Frameworks - FISMA and NIST 800-171 June 23, 2017 SECURITY FRAMEWORKS Chris Seiders, CISSP Scott Weinman, CISSP, CISA Agenda Compliance standards FISMA NIST SP 800-171 Importance of Compliance

More information

Using ACR 2 Reports. 4. Deficiency.pdf - a cross listing of missing or underperforming safeguards with risk categories for this system at this time.

Using ACR 2 Reports. 4. Deficiency.pdf - a cross listing of missing or underperforming safeguards with risk categories for this system at this time. Using ACR 2 Reports Creating Compliance Action Plans After entering and reviewing system data on information security, users will receive either a baseline or an update set of reports depending on whether

More information

Security Standards Compliance NIST SP Release 4 Trend Micro Products (Deep Security and SecureCloud) - Version 1.1

Security Standards Compliance NIST SP Release 4 Trend Micro Products (Deep Security and SecureCloud) - Version 1.1 Security Standards Compliance NIST SP 800-53 Release 4 Trend Micro Products (Deep Security and SecureCloud) - Version 1.1 Document TMIC-003-N Version 1.1, 24 August 2012 1 Security and Privacy Controls

More information

CSAM Support for C&A Transformation

CSAM Support for C&A Transformation CSAM Support for C&A Transformation Cyber Security Assessment and Management (CSAM) 1 2 3 4 5 Five Services, One Complete C&A Solution Mission/Risk-Based Policy & Implementation/Test Guidance Program Management

More information

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities

More information

INFORMATION ASSURANCE DIRECTORATE

INFORMATION ASSURANCE DIRECTORATE National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Network Intrusion The Network Intrusion helps to detect malicious activity incoming to, outgoing from, and on the

More information

10/18/2016. Preparing Your Organization for a HHS OIG Information Security Audit. Models for Risk Assessment

10/18/2016. Preparing Your Organization for a HHS OIG Information Security Audit. Models for Risk Assessment Preparing Your Organization for a HHS OIG Information Security Audit David Holtzman, JD, CIPP/G CynergisTek, Inc. Brian C. Johnson, CPA, CISA HHS OIG Section 1: Models for Risk Assessment Section 2: Preparing

More information

University of Pittsburgh Security Assessment Questionnaire (v1.7)

University of Pittsburgh Security Assessment Questionnaire (v1.7) Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided

More information

NIST Security Certification and Accreditation Project

NIST Security Certification and Accreditation Project NIST Security Certification and Accreditation Project An Integrated Strategy Supporting FISMA Dr. Ron Ross Computer Security Division Information Technology Laboratory 1 Today s Climate Highly interactive

More information

MINIMUM SECURITY CONTROLS SUMMARY

MINIMUM SECURITY CONTROLS SUMMARY APPENDIX D MINIMUM SECURITY CONTROLS SUMMARY LOW-IMPACT, MODERATE-IMPACT, AND HIGH-IMPACT INFORMATION SYSTEMS The following table lists the minimum security controls, or security control baselines, for

More information

INFORMATION ASSURANCE DIRECTORATE

INFORMATION ASSURANCE DIRECTORATE National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Risk Monitoring Risk Monitoring assesses the effectiveness of the risk decisions that are made by the Enterprise.

More information

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CIP Cyber Security Configuration Change Management and Vulnerability Assessments CIP-010-2 3 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:

More information

TEL2813/IS2820 Security Management

TEL2813/IS2820 Security Management TEL2813/IS2820 Security Management Contingency Planning Jan 22, 2008 Introduction Planning for the unexpected event, when the use of technology is disrupted and business operations come close to a standstill

More information

CCISO Blueprint v1. EC-Council

CCISO Blueprint v1. EC-Council CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance

More information

Costing Information Assurance

Costing Information Assurance Costing Information Assurance Marybeth Panock 30 September 2009 The Aerospace Corporation The Aerospace Corporation 2009 1 Costing Information Assurance or Security Called Security for this exercise to

More information

Attachment 1 to Appendix 2 Risk Assessment Security Report for the Networx Security Plan

Attachment 1 to Appendix 2 Risk Assessment Security Report for the Networx Security Plan Attachment 1 to Appendix 2 Risk Assessment Security Report for the Networx Security Plan DRAFT December 13, 2006 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203

More information

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains

More information

INFORMATION ASSURANCE DIRECTORATE

INFORMATION ASSURANCE DIRECTORATE National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Network Intrusion Network Intrusion Prevention employs a response to perceived anomalous activity on the network.

More information

Security Incident Management in Microsoft Dynamics 365

Security Incident Management in Microsoft Dynamics 365 Security Incident Management in Microsoft Dynamics 365 Published: April 26, 2017 This document describes how Microsoft handles security incidents in Microsoft Dynamics 365 2017 Microsoft Corporation. All

More information

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles Incident Response Lessons From the Front Lines Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles 1 Conflict of Interest Nolan Garrett Has no real or apparent conflicts of

More information

SECURITY & PRIVACY DOCUMENTATION

SECURITY & PRIVACY DOCUMENTATION Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive

More information

ISACA Arizona May 2016 Chapter Meeting

ISACA Arizona May 2016 Chapter Meeting ISACA Arizona May 2016 Chapter Meeting Suzanne Farr / Carlos A. Villalba Agenda Introduction Preliminary questions CCM Preliminaries Definition Benefits Challenges Beyond Templates Questions 1 Background

More information

NIST Risk Management Framework (RMF)

NIST Risk Management Framework (RMF) NIST Risk Management Framework (RMF) Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical solutions that transform high-volume cryptic log data into actionable, prioritized

More information

INTELLIGENCE DRIVEN GRC FOR SECURITY

INTELLIGENCE DRIVEN GRC FOR SECURITY INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to

More information

NIST Special Publication

NIST Special Publication NIST Special Publication 800-53 Practical Application of the Minimum Baseline Security Controls Graydon S. McKee IV CISSP, GSEC A Framework for All Seasons With the finalization of Federal Information

More information

Designing & Building a Cybersecurity Program. Based on the NIST Cybersecurity Framework (CSF)

Designing & Building a Cybersecurity Program. Based on the NIST Cybersecurity Framework (CSF) Designing & Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson Lesson 2 June, 2015 1 Lesson 2: Controls Factory Components Part 1: The Controls Factory Part 2:

More information

HIPAA Federal Security Rule H I P A A

HIPAA Federal Security Rule H I P A A H I P A A HIPAA Federal Security Rule nsurance ortability ccountability ct of 1996 HIPAA Introduction - What is HIPAA? HIPAA = The Health Insurance Portability and Accountability Act A Federal Law Created

More information

NW NATURAL CYBER SECURITY 2016.JUNE.16

NW NATURAL CYBER SECURITY 2016.JUNE.16 NW NATURAL CYBER SECURITY 2016.JUNE.16 ADOPTED CYBER SECURITY FRAMEWORKS CYBER SECURITY TESTING SCADA TRANSPORT SECURITY AID AGREEMENTS CONCLUSION QUESTIONS ADOPTED CYBER SECURITY FRAMEWORKS THE FOLLOWING

More information

Cybersecurity: Incident Response Short

Cybersecurity: Incident Response Short Cybersecurity: Incident Response Short August 2017 Center for Development of Security Excellence Contents Lesson 1: Incident Response 1-1 Introduction 1-1 Incident Definition 1-1 Incident Response Capability

More information

CISM Certified Information Security Manager

CISM Certified Information Security Manager CISM Certified Information Security Manager Firebrand Custom Designed Courseware Logistics Start Time Breaks End Time Fire escapes Instructor Introductions Introduction to Information Security Management

More information

01.0 Policy Responsibilities and Oversight

01.0 Policy Responsibilities and Oversight Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities

More information

Because Security Gives Us Freedom

Because Security Gives Us Freedom Because Security Gives Us Freedom PANOPTIC CYBERDEFENSE CYBERSECURITY LEADERSHIP Panoptic Cyberdefense is a monitoring and detection service in three levels: Security Management and Reporting Managed Detection

More information

Building Secure Systems

Building Secure Systems Building Secure Systems Antony Selim, CISSP, P.E. Cyber Security and Enterprise Security Architecture 13 November 2015 Copyright 2015 Raytheon Company. All rights reserved. Customer Success Is Our Mission

More information

Fiscal Year 2013 Federal Information Security Management Act Report

Fiscal Year 2013 Federal Information Security Management Act Report U.S. ENVIRONMENTAL PROTECTION AGENCY OFFICE OF INSPECTOR GENERAL Fiscal Year 2013 Federal Information Security Management Act Report Status of EPA s Computer Security Program Report. 14-P-0033 vember 26,

More information

Acalvio Deception and the NIST Cybersecurity Framework 1.1

Acalvio Deception and the NIST Cybersecurity Framework 1.1 Acalvio Deception and the NIST Cybersecurity Framework 1.1 June 2018 The Framework enables organizations regardless of size, degree of cybersecurity risk, or cybersecurity sophistication to apply the principles

More information

READ ME for the Agency ATO Review Template

READ ME for the Agency ATO Review Template READ ME for the Agency ATO Review Template Below is the template that the FedRAMP Program Management Office (PMO) uses when reviewing an Agency ATO package. Agencies and CSPs should be cautious to not

More information

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government

More information

Securing an IT. Governance, Risk. Management, and Audit

Securing an IT. Governance, Risk. Management, and Audit Securing an IT Organization through Governance, Risk Management, and Audit Ken Sigler Dr. James L. Rainey, III CRC Press Taylor & Francis Group Boca Raton London New York CRC Press Is an imprint cf the

More information

David Missouri VP- Governance ISACA

David Missouri VP- Governance ISACA David Missouri VP- Governance ISACA Present-Senior Agency Information Security Officer (SAISO) @GA DJJ 2012-2016 Information System Security Officer (ISSO) @ US DOL WHD 2011-2012 Network Administrator

More information

2015 HFMA What Healthcare Can Learn from the Banking Industry

2015 HFMA What Healthcare Can Learn from the Banking Industry 2015 HFMA What Healthcare Can Learn from the Banking Industry Agenda Introduction- Background and Experience Healthcare vs. Banking The Results OCR Audit Results Healthcare vs. Banking The Theories Practical

More information

Automating the Top 20 CIS Critical Security Controls

Automating the Top 20 CIS Critical Security Controls 20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises

More information

Ransomware. How to protect yourself?

Ransomware. How to protect yourself? Ransomware How to protect yourself? ED DUGUID, CISSP, VCP CONSULTANT, WEST CHESTER CONSULTANTS Ransomware Ransomware is a type of malware that restricts access to the infected computer system in some way,

More information

NIST Standards. October 14, 2016 Steve Konecny

NIST Standards. October 14, 2016 Steve Konecny NIST Standards October 14, 2016 Steve Konecny Overview Function Category Subcategory RS.AN 1: Notifications from detection systems are investigated RESPOND (RS) Analysis (RS.AN) Analysis is conducted to

More information

Security Audit What Why

Security Audit What Why What A systematic, measurable technical assessment of how the organization's security policy is employed at a specific site Physical configuration, environment, software, information handling processes,

More information

Recommended Security Controls for Federal Information Systems and Organizations

Recommended Security Controls for Federal Information Systems and Organizations NIST Special Publication 800-53 Revision 3 Excerpt Recommended Security Controls for Federal Information Systems and Organizations JOINT TASK FORCE TRANSFORMATION INITIATIVE HIGH-IMPACT BASELINE I N F

More information

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CIP Cyber Security Configuration Change Management and Vulnerability Assessments CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:

More information

TEL2813/IS2820 Security Management

TEL2813/IS2820 Security Management TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management

More information

Putting It All Together:

Putting It All Together: Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,

More information

Embedding GDPR into the SDLC. Sebastien Deleersnyder Siebe De Roovere

Embedding GDPR into the SDLC. Sebastien Deleersnyder Siebe De Roovere Embedding GDPR into the SDLC Sebastien Deleersnyder Siebe De Roovere Who is Who? Sebastien Deleersnyder 5 years developer experience 15+ years information security experience Application security consultant

More information

COMPLIANCE BRIEF: NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY S FRAMEWORK FOR IMPROVING CRITICAL INFRASTRUCTURE CYBERSECURITY

COMPLIANCE BRIEF: NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY S FRAMEWORK FOR IMPROVING CRITICAL INFRASTRUCTURE CYBERSECURITY COMPLIANCE BRIEF: NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY S FRAMEWORK FOR IMPROVING CRITICAL INFRASTRUCTURE CYBERSECURITY OVERVIEW On February 2013, President Barack Obama issued an Executive Order

More information

Evolving Cybersecurity Strategies

Evolving Cybersecurity Strategies Evolving Cybersecurity Strategies NIST Special Publication 800-53, Revision 4 ISSA National Capital Chapter April 17, 2012 Dr. Ron Ross Computer Security Division Information Technology Laboratory NATIONAL

More information