CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber

Similar documents
State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

Cybersecurity & Privacy Enhancements

Advanced Technology Academic Research Council Federal CISO Summit. Ms. Thérèse Firmin

National Policy and Guiding Principles

ACR 2 Solutions Compliance Tools

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

Enterprise Risk Management (ERM) and Cybersecurity. Na9onal Science Founda9on March 14, 2018

NCSF Foundation Certification

INFORMATION ASSURANCE DIRECTORATE

Cyber Security Program

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation

Cybersecurity in Higher Ed

State of South Carolina Interim Security Assessment

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Implementing Executive Order and Presidential Policy Directive 21

IT-CNP, Inc. Capability Statement

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

THE POWER OF TECH-SAVVY BOARDS:

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

U.S. Department of Homeland Security Office of Cybersecurity & Communications

Navigation and Vessel Inspection Circular (NVIC) 05-17; Guidelines for Addressing

Inspector General. Report on the Peace Corps Information Security Program. Peace Corps Office of. Background FISCAL YEAR 2017

existing customer base (commercial and guidance and directives and all Federal regulations as federal)

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Cyber Risks in the Boardroom Conference

Monthly Cyber Threat Briefing

White Paper. View cyber and mission-critical data in one dashboard

Defending Our Digital Density.

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security

Cyber Resilience. Think18. Felicity March IBM Corporation

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Federal Civilian Executive branch State, Local, Tribal, Territorial government (SLTT) Private Sector (PS) Unclassified / Business Networks

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

NCSF Foundation Certification

Updates to the NIST Cybersecurity Framework

INFORMATION ASSURANCE DIRECTORATE

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

ROADMAP TO DFARS COMPLIANCE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Cybersecurity Risk Management:

Section One of the Order: The Cybersecurity of Federal Networks.

Federal Continuous Monitoring Working Group. March 21, DOJ Cybersecurity Conference 2/8/2011

How Advanced Persistent Threats Successfully Breach Large Organizations AND, What To Do About It

Department of Management Services REQUEST FOR INFORMATION

Information Systems Security Requirements for Federal GIS Initiatives

Defense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

Building a Resilient Security Posture for Effective Breach Prevention

CISO as Change Agent: Getting to Yes

Information Security Continuous Monitoring (ISCM) Program Evaluation

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

10/4/2018. Prepare For When. About George Usi

RISK MANAGEMENT FRAMEWORK COURSE

Protecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations

CYBER SOLUTIONS & THREAT INTELLIGENCE

01.0 Policy Responsibilities and Oversight

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

California Cybersecurity Integration Center (Cal-CSIC)

Appendix 12 Risk Assessment Plan

Why you should adopt the NIST Cybersecurity Framework

Information Security Risk Strategies. By

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

Cyber Security & Homeland Security:

NIST RISK ASSESSMENT TEMPLATE

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Navigate IT Security with a Framework as Your Guide

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

Appendix 12 Risk Assessment Plan

Office of Security Capabilities Cybersecurity Management Framework

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

A Working Paper of the EastWest Institute Breakthrough Group. Increasing the Global Availability and Use of Secure ICT Products and Services

Compliance with NIST

Executive Order & Presidential Policy Directive 21. Ed Goff, Duke Energy Melanie Seader, EEI

Sirius Security Overview

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90

Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs

IT Modernization In Brief

Cybersecurity and the Board of Directors

INFORMATION ASSURANCE DIRECTORATE

INFORMATION ASSURANCE DIRECTORATE

Federal Initiatives to Protect Controlled Unclassified Information in Nonfederal Information Systems Against Cyber Threats

Cybersecurity, safety and resilience - Airline perspective

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Regulating Information: Cybersecurity, Internet of Things, & Exploding Rules. David Bodenheimer Evan Wolff Kate Growley

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)

standards and frameworks and controls oh my! Mike Garcia Senior Advisor for Elections Best Practices

FISMAand the Risk Management Framework

NEXT GENERATION SECURITY OPERATIONS CENTER

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Cybersecurity: Federalism as Defense-in-Depth

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Transcription:

CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber Initiatives 30 January 2018 1

Agenda Federal Landscape Cybersecurity Program Federal Funding NASCIO Call to Action NGA Call to Action CIS & MS-ISAC Economy of Security 2

Federal Directives May 11, 2017 Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure NIST Risk Management Framework (RMF) NIST Cybersecurity Framework (CSF) NIST Special Publication 800-53 r 5: Security and Privacy Controls for Systems and Organizations NIST Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations HIPAA, DoJ CJIS Security Policy, IRS Pub 1075, FERPA 3

Key Components of a Sound Cybersecurity Program Approach to Risk-Based Information Security Risk Management IT Governance Privacy Information Security Cybersecurity Environment FISMA and OMB Circular A-130 are the key drivers for Federal security & privacy, implemented by NIST, DHS, DoD & NSA CIOs and CISOs are seeking support at the enterprise and security architecture level NOT point solutions DHS is providing oversight and direction for improved cybersecurity and continuous monitoring under OMB Memorandums M-10-28, M-14-03 and M-15-01, EO. Risk Management identifies alignment of critical business processes with supporting technology systems. Serves to focus IT Governance and security investments in the areas contributing most to mission success. IT Governance provides the consistency, process, standards, and repeatability needed for effective operations at the lowest possible cost within compliance requirements. Increased I&T Governance improves the effectiveness of information security and privacy controls, using risk management practices, based on best practice frameworks such as COBIT, CMMI, ITIL, ISO/IEC & NIST Special Publications and the Cybersecurity Framework. Information Security the information security program is managed by the agency Chief Information Security Officer (CISO) according to the FISMA/NIST framework. This framework includes technology, processes, policies, and people under the family of controls outlined in NIST Special Publication (SP) 800-53 and other SPs. IT Governance must achieve a minimal level of maturity in order for the information security program to achieve an acceptable level of risk to operate. Privacy within an organization, privacy policies, procedures and controls manage the information lifecycle for properly designated personnel to access information governed under various privacy laws. Information security and IT Governance directly impact the success of a privacy program. 4

Evolution to a Predictive/Proactive Cybersecurity Program What is really important to the organization? Risk Management IT Governance Privacy Information Security Is this keeping the CISO from being successful? Continuous Monitoring What data is the organization trying to protect & meet privacy compliance requirements? What is the organization trying to protect? Cyber Analysis & Security Intelligence Defensive Offensive Reactive mitigate Predictive remediate & Prevent This evolution is critical to prevention NIST SP 800-137 is the guide for conducting continuous monitoring to achieve continuous improvement in security architecture protection Continuous Monitoring is the key for evolving from defensive reactive into defensive predictive protection through security intelligence The George Washington University Center for Cyber and Homeland Security (CCHS) developed a report "Into the Gray Zone" https://cchs.gwu.edu/ to clarify Defensive and Offensive security 5

Federal Funding DHS Cybersecurity Grants FEMA Grants NSF Cybersecurity Education Grants Maryland s Robert H. Smith School of Business receives part of a $5M Grant from the NSF for Cybersecurity Education https://www.rhsmith.umd.edu/news/smith school part 5mgrant nsf cybersecurity education 6

NASCIO: State Governments at Risk! States are attractive targets data! More aggressive threats organized crime, phishing, ransomware, hacktivism Nation state threats, attacks Critical infrastructure protection: disruption Human factor employees, contractors Data and services on the move: cloud and mobile Need for continuous training, awareness 7

NASCIO: What Do We Know? Patterns of Success Enterprise Leadership and Governance Statewide Cybersecurity Framework & Controls Cybersecurity Culture: A Team Sport Know the Risks, Assess the Risks, Measure Communicating the Risks: Training Invest: Deploy Security Technologies 9

NGA Paper Act and Adjust: A Call to Action for Governors for Cybersecurity Establishing a governance and authority structure for cybersecurity; Conducting risk assessments and allocating resources accordingly; Implementing continuous vulnerability assessments and threat mitigation practices; Ensuring that the state complies with current security methodologies and business disciplines in cybersecurity; and Creating a culture of risk awareness. https://www.nga.org/cms/home/nga center for best practices/center publications/page hspspublications/col2 content/main content list/act and adjust a call to action.html 10

CIS Benchmarks: Proven benchmark guidelines to protect 100 distinct systems and platforms CIS Controls: 20 prioritized controls to beat the vast majority of the most common attacks CIS CAT Pro: Automated configuration assessment tool MS ISAC Mission: To improve the overall cybersecurity posture of the nation's state, local, tribal and territorial governments through focused cyber threat prevention, protection, response, and recovery 11

The economy of security: How physical and cyber security drive economic vitality Economic vitality requires security Security challenges to economic vitality Case Study: Securing national registration Global IT Risk Study: IT managers and CIOs Agree that Security has economic benefits The drivers of economic vitality Addressing security intelligence into economic development A three point plan for security intelligence Get informed. Take a structured approach to assessing business and IT risks. Get aligned. Implement and enforce security excellence throughout the organizations, divisions, departments and agencies that make up local, municipal, regional and national governments. Get smart. Use analytics to proactively highlight risks and identify, monitor and address threats. Conclusion: Turn strategies into action https://www.ibm.com/blogs/insights on business/government/the economy of security howphysical and cyber security drive economic vitality 12

Thank You! Contact Information John Lainhart, Director P: 703.837.4510 E. john.lainhart@us.gt.com 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback