Designing and Building a Cybersecurity Program

Similar documents
K12 Cybersecurity Roadmap

ISE North America Leadership Summit and Awards

Automating the Top 20 CIS Critical Security Controls

CyberSecurity: Top 20 Controls

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Cyber Protections: First Step, Risk Assessment

Putting the 20 Critical Controls into Action: Real World Use Cases. Lawrence Wilson, UMass, CSO Wolfgang Kandek, Qualys, CTO

CISO as Change Agent: Getting to Yes

NCSF Foundation Certification

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security

CYBERSECURITY MATURITY ASSESSMENT

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

TIPS FOR AUDITING CYBERSECURITY

WHO AM I? Been working in IT Security since 1992

Cybersecurity Today Avoid Becoming a News Headline

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Cybersecurity Threat Modeling ISACA Atlanta Chapter Geek Week Conference

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Aligning with the Critical Security Controls to Achieve Quick Security Wins

NCSF Foundation Certification

Certified Information Security Manager (CISM) Course Overview

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

Internet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin

Top 20 Critical Security Controls (CSC) for Effective Cyber Defense. Christian Espinosa Alpine Security

Building a Resilient Security Posture for Effective Breach Prevention

Building Resilience in a Digital Enterprise

Les joies et les peines de la transformation numérique

THE POWER OF TECH-SAVVY BOARDS:

Cyber Security Technologies

Building Secure Systems

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

NCSF-CFM Practitioner Syllabus

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Assurance through the ISO27002 Standard and the US NIST Cybersecurity Framework. Keith Price Principal Consultant

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

Nebraska CERT Conference

Sage Data Security Services Directory

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

How to Develop Key Performance Indicators for Security

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

A Controls Factory Approach To Operationalizing a Cyber Security Program Based on the NIST Cybersecurity Framework

align security instill confidence

Why you should adopt the NIST Cybersecurity Framework

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Critical Hygiene for Preventing Major Breaches

How Breaches Really Happen

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

Gujarat Forensic Sciences University

CCISO Blueprint v1. EC-Council

Changing the Game: An HPR Approach to Cyber CRM007

NIST Special Publication

NEN The Education Network

What It Takes to be a CISO in 2017

Stop Threats Before They Stop You

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Cyber Resilience - Protecting your Business 1

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

ISACA Arizona May 2016 Chapter Meeting

Cyber Hygiene: A Baseline Set of Practices

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

CompTIA CSA+ Cybersecurity Analyst

NCSF-CFM Practitioner Syllabus

GDPR Update and ENISA guidelines

A Controls Factory Approach To Building a Cyber Security Program Based on the NIST Cybersecurity Framework (NCSF)

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Using Metrics to Gain Management Support for Cyber Security Initiatives

InfoSec Risks from the Front Lines

An Aflac Case Study: Moving a Security Program from Defense to Offense

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

RSA NetWitness Suite Respond in Minutes, Not Months

LESSONS LEARNED IN SMART GRID CYBER SECURITY

Sirius Security Overview

CCNA Cybersecurity Operations. Program Overview

Implementing NIST Cybersecurity Framework Standards with BeyondTrust Solutions

From Managed Security Services to the next evolution of CyberSoc Services

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 04/12/2017

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Best Practices in Securing a Multicloud World

CoreMax Consulting s Cyber Security Roadmap

THE ACCENTURE CYBER DEFENSE SOLUTION

Make IR Effective with Risk Evaluation and Reporting

ForeScout Extended Module for Splunk

Cybersecurity Overview

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

Transcription:

Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016

Designing & Building a Cybersecurity Program Agenda Part 1: The Threat Situation Part 2: The Risk Equation Part 3: Protecting the Assets Part 4: The Program Deliverables 2

Part 1: The Threat Situation 3

Data is the New Oil 4

The Problem: Data is Ever ywhere Growing attack surface Consumerization of IT Public, private, hybrid cloud Mobile applications Privileged accounts Internet of Things. 5

The Challenges: Business, Technology, Compliance, Skills The Key Business Challenges The Key Technology Challenges Legal, Regulatory, Compliance Challenges The Key Workforce Challenges 7 6

The Possible Consequences Cyber Attacks Could Put Humans and Infrastructure at Risk 7

We have executive attention.. Now What? 8

The UMASS Cybersecurity Program Approach 1 The Asset Inventory Network Diagrams / Data Flow Diagrams Asset Inventory, Configuration, Vulnerabilities Endpoints Devices Data Center Systems (Servers, Databases) Network Devices Key Business Applications Confidential Data Inventory List of Users with Administrative Accounts X The Security Technologies 2 Network Technologies Firewalls, IPS, URL Filtering, Wireless, NAC Vulnerability Management Directory Service Endpoint / Server / Database Technologies Hardware / Software / Configuration Management Security Incident & Event Management (SIEM) Anti-Virus, Data Loss Protection, etc. Application Security Web App Scanning, Web App Firewall 3 Industry Standard Controls 4 Current & Target Security Profile Current Profile Target Score Roadmap Target Profile Target Score Score Score Critical Security Controls Critical Security Controls 9

Part 2: The Risk Equation 10

Calculating Risk Managed Assets Unmanaged Assets Risk = Threats X Vulnerabilities X Asset Value + Threats X Vulnerabilities X Asset Value Strong Controls Weak Controls How do we calculate risk? Risk is based on the likelihood and impact of a cyber-security incident or data breach Threats involve the potential attack against IT resources and information assets Vulnerabilities are weaknesses of IT resources and information that could be exploited by a threat Asset Value is based on criticality of IT resources and information assets Controls are safeguards that protect IT resources and information assets against threats and/or vulnerabilities Managed assets = strong controls; unmanaged assets = weak controls 11

Unmanaged vs. Managed Assets Our Unmanaged Assets ARE NOT protected Our Managed Assets ARE protected Our unmanaged assets There are undetected problems not seen, not reported Our unmanaged assets become easy targets Which lead to a breach from missing or ineffective controls Our managed assets We need to understand why security breaches occur And the steps to take to prevent them And build a portfolio of managed assets 12

The Asset Families The Networks Family The Systems Family Switches, routers, firewalls, etc. The Applications Family Endpoints, mobile, workstations, servers, etc. The Critical Assets Privileged User Access Critical Information Assets Applications, databases, etc. 13

The NIST Cybersecurity Framework Functions IDENTIFY Framework Core Categories Subcategories Informative References Control-1 Control-2 Control-3 Framework Tiers Tier 1: Partial Ad hoc risk management Limited cybersecurity risk awareness Low external participation Weak Controls Current Profile Framework Profile Current state of alignment between core elements and organizational requirements, risk tolerance, & resources Where am I today relative to the Framework? PROTECT Control-4 Control-5 Control-6 Control-7 Tier 2: Risk Informed Some risk management practices Increased awareness, no program Informal external participation Roadmap Control-8 Control-9 DETECT RESPOND Control-10 Control-11 Control-12 Control-13 Control-14 Control-15 Tier 3: Repeatable Formalized risk management Organization-wide program Receives external partner info Strong Controls Target Profile Desired state of alignment between core elements and organizational requirements, risk tolerance, & resources RECOVER Control-16 Control-17 Control-18 Control-19 Tier 4: Adaptive Adaptive risk management practice Cultural, risk-informed program Actively shares information Where do I aspire to be relative to the Framework? Control-20 14

The Critical Security Controls The 20 Critical Security Controls CSC 1.0 CSC 2.0 CSC 3.0 CSC 4.0 CSC 5.0 Inventory of Authorized & Unauthorized Devices Inventory of Authorized & Unauthorized Software Secure Configurations for Mobile Devices, Laptops, Workstations, and Servers Continuous Vulnerability Assessment & Remediation Controlled Use of Administration Privileges (6 Controls) (4 Controls) (7 Controls) (8 Controls) (9 Controls) CSC 6.0 CSC 7.0 CSC 8.0 CSC 9.0 CSC 10.0 Maintenance, Monitoring & Analysis of Audit Logs Email & Web Browser Protection Malware Defenses Limitation and Control of Network Ports, Protocols, Services Data Recovery Capability (6 Controls) (8 Controls) (6 Controls) (6 Controls) (4 Controls) CSC 11.0 CSC 12.0 CSC 13.0 CSC 14.0 CSC 15.0 Secure Configurations for Network Devices (Firewalls, Routers, Switches) Boundary Defense Data Protection Controlled Access Based on the Need to Know Wireless Access Control (7 Controls) (10 Controls) (9 Controls) (7 Controls) (9 Controls) CSC 16.0 CSC 17.0 CSC 18.0 CSC 19.0 CSC 20.0 Account Monitoring & Control Security Skills Assessment & Training to Fill Gaps Application Software Security Incident Response and Management Penetration Tests and Red Team Exercises (14 Controls) (5 Controls) (9 Controls) (7 Controls) (8 Controls) 15

How the Controls Work (Part 1) They map to the Assets Security Technology Algorithms Managed Assets CSC 1: Inventory of Authorized and Unauthorized Devices CSC 2: Inventory of Authorized and Unauthorized Software Algorithms Security Technology Managed Assets CSC 3: Secure Configuration of Endpoints, Servers, Workstations CSC 4: Continuous Vulnerability Assessment and Remediation 16

How the Controls Work (Part 2) They map to the Framework Cybersecurity Framework (CSF) Core CIS Critical Security Controls (V 6.0) Asset Family IDENTIFY PROTECT DETECT RESPOND RECOVER CSC-01: Inventory of Authorized and Unauthorized Devices Systems AM CSC-02: Inventory of Authorized and Unauthorized Software Systems AM CSC-03: Secure Configuration of Endpoints, Servers, etc. Systems IP CSC-04: Continuous Vulnerability Assessment and Remediation Systems RA CM MI CSC-05: Controlled Use of Administrative Privileges Systems AC CSC-06: Maintenance, Monitoring and analysis of Audit Logs Systems AE AN CSC-07: Email and Web Browser Protections Systems PT CSC-08: Malware Defenses Systems PT CM CSC-09: Limitation and Control of Ports, Protocols, Services Systems IP CSC-10: Data Recovery Capability Systems RP CSC-11: Secure Configuration of Network Devices Networks IP CSC-12: Boundary Defense Networks DP CSC-13: Data Protection Applications DS CSC-14: Controlled Access Based on Need to Know Networks AC CSC-15: Wireless Access Control Networks AC CSC-16: Account Monitoring and Control Applications AC CM CSC-17: Security Skills Assessment and Appropriate Training Applications AT CSC-18: Application Software Security Applications IP CSC-19: Incident Response and Management Applications AE RP CSC-20: Penetration Tests and Red Team Exercises Applications IM IM 17

Part 3: Protecting the Assets 18

Today s Cybersecurity Programs Are Closed or Proprietary The Cisco Cybersecurity Framework The Oracle Cybersecurity Framework EY s Cyber Program Management (CPM) Framework Deloitte Cyber Risk Management Strategy Cyber Risk as a Strategic Issue Develop Policies and Frameworks Secure Vigilant Resilient Spread Awareness and Education Invest in Effective Implementation 19

The UMASS Cybersecurity Program Is Open and Freely Available The Controls Factory 3 4 Input Unmanaged Assets 2 Output Managed Assets P1: System Family P2: Network Family P3: Applications Family P4: Crown Jewels 5 P1: System Family P2: Network Family P3: Applications Family P4: Crown Jewels 1 6 1 Threat Office: Threats, Vulnerabilities, IOCs, Attack Chain, Threat & Attack Risk Vectors 2. Design Center: Internal Controls, Controls Framework, Controls Standards 3. Technology Center: Design Guides, Build Guides, Run Guides 4. Monitoring Center: Asset / Configuration Monitoring, Netflow / Packet Monitoring, Syslog / Event Monitoring 5. Testing Center : Controls / Risk Assessment, Technology / Services Assessment, Operations Assessment 6. Risk Office: Cybersecurity Program, Policy & Training, Program Deliverables / Roadmap / Communications 20

The Functional Requirements Inside the Controls Factory 1. Threats Exposure Input Unmanaged Assets 2. Controls Safeguards 1 st Line of Defense 3. Technology Algorithms 2 nd Line of Defense Output Managed Assets P1: System Family P2: Network Family P3: Applications Family P4: Crown Jewels 4. Monitoring Visibility 5. Testing Assurance 3 rd Line of Defense 4 th Line of Defense P1: System Family P2: Network Family P3: Applications Family P4: Crown Jewels 6. Risk Management 1 Threat Office: Threats, Vulnerabilities, IOCs, Attack Chain, Threat & Attack Risk Vectors 2. Design Center: Internal Controls, Controls Framework, Controls Standards 3. Technology Center: Design Guides, Build Guides, Run Guides 4. Monitoring Center: Asset / Configuration Monitoring, Netflow / Packet Monitoring, Syslog / Event Monitoring 5. Testing Center : Controls / Risk Assessment, Technology / Services Assessment, Operations Assessment 6. Risk Office: Cybersecurity Program, Policy & Training, Program Deliverables / Roadmap / Communications 21

The Technical Requirements Inside the Controls Factory The Design, Build, Run, Test Area Intel Qualys Palo Alto Dell Kace Bit9 Microsoft HP Input Output Unmanaged Assets Unmanaged Endpoints Unmanaged Servers Unmanaged Networks Managed Assets P1: System Family P2: Network Family P3: Applications Family P4: Crown Jewels CheckPoint Oracle Tenable Cisco EiQ Veracode IBM P1: System Family P2: Network Family P3: Applications Family P4: Crown Jewels Design Center Technology Center Monitoring Center Testing Center 1 Threat Office: Threats, Vulnerabilities, IOCs, Attack Chain, Threat & Attack Risk Vectors 2. Design Center: Internal Controls, Controls Framework, Controls Standards 3. Technology Center: Design Guides, Build Guides, Run Guides 4. Monitoring Center: Asset / Configuration Monitoring, Netflow / Packet Monitoring, Syslog / Event Monitoring 5. Testing Center : Controls / Risk Assessment, Technology / Services Assessment, Operations Assessment 6. Risk Office: Cybersecurity Program, Policy & Training, Program Deliverables / Roadmap / Communications 22

The UMASS Controls Factory Model The Current Profile (Before the Factory) The Target Profile (After the Factory) The Threat Area The Design, Build, Run, Test Area The Risk Area Threats, Vulnerabilities, IOCs Internal Controls Process Design Guides Asset, Software, Configuration Monitoring Controls & Risk Assessment The Risk Management Practice Input Unmanaged Assets Actionable Threat Intelligence Controls Framework Build Guides Threat, Vulnerability, IOC Monitoring Technology & Services Assessment Policy, Training & Awareness Output Managed Assets The Cyber Attack Chain Controls Standards Run Guides Netflow, Packet, Security Event Monitoring Operations Assessment Deliverables, Communication, Roadmap Threat Office Design Center Technology Center Monitoring Center Testing Center Risk Office 23

The Threat Office Threats, Vulnerabilities, IOCs Actionable Threat Intelligence BitSight Threat Categories The Cyber Attack Chain Mapping Threats to the Asset Families Networks Systems Applications Critical Assets 24

The Design Center Internal Controls Process The Controls Framework The Controls Standards Mapping Controls to the Asset Families Networks Systems Applications Critical Assets 25

The Technology Center Design Guides Build Guides Cybersecurity Technology Design Guide Cybersecurity Technology Build Guide Run Guides Mapping Technology Solutions to the Asset Families Cybersecurity Technology Run Guide Networks Systems Applications Critical Assets 26

The Monitoring Center Asset, Software, Configuration Monitoring Threats, Vulnerabilities, IOC Monitoring T Netflow, Packet, Security Event Monitoring E Mapping Cybersecurity Operations to the Asset Families Networks Systems Applications Critical Assets 27

The Testing Center Controls / Risk Assessments Technology Assessments Operations Assessments Mapping Cybersecurity Testing to the Asset Groups Networks Systems Black Box Testing Applications Gray Box Testing Penetration Testing Methodology White Box Testing Critical Assets 28

The Risk Office Cyber Risk Practice The Security Policies Program Deliverables, Communications & Roadmap Mapping Cyber Risk Practices to Asset Families Networks Systems Applications Critical Assets 29

Part 4: The Program Deliverables 30

The Controls Factory Threat Office Design Center Technology Center Monitoring Center Testing Center Risk Office P4 Crown Jewels Program Input P3 Applications Family Program Output Unmanaged Assets P2 Networks Family Program Managed Assets P1 Systems Family Program Attack Vectors Controls Design Technology Build Operations Run QA Test Risk Management (1 st Line Defense) (2 nd Line Defense) (3 rd Line Defense) (4 th Line Defense) 31

P1: The Systems Security Program 1. The Assets 2. The Controls 3. The Technical Solutions 4. The Monitoring 5. The Testing 6. The Risk Office 32

P2: The Network Security Program 1. The Assets 2. The Controls 3. The Technical Solutions 4. The Monitoring 5. The Testing 6. The Risk Office 33

P3: The Applications Security Program 1. The Assets 2. The Controls 3. The Technical Solutions 4. The Monitoring 5. The Testing 6. The Risk Office 34

P4: The Crown Jewels Program 1. The Assets 2. The Controls 3. The Technical Solutions 4. The Monitoring 5. The Testing 6. The Risk Office 35

The Program Mapping Unmanaged Asset Groups Before the Attack During the Attack After the Attack Cyber Attack Chain 1 2 3 4 5 6 7 NIST Controls Framework Identify Protect Detect Respond Recover Controls Standards Management Controls (ISO 27001:2013) Operations Controls (ISO 27001:2013) Technical Controls (Council on Cyber-security CSC) Technologies & Services Continuous Monitoring Asset, Software, Configuration Monitoring Threat & Vulnerability Monitoring Netflow, Packet, Event Monitoring Assessments & Testing Controls / Risk Assessment Technology / Services Assessment Operations Assessment Managed Asset Groups Managed Systems Family Managed Networks Family Managed Applications Family Managed Crown Jewels 36

The Maturity Scorecard The Current Profile P1: Systems Security Program P2: Network Security Program P3: Application Security Program 100% Controls Maturity 75% Target Score = 75%? 50% 25% 0% 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Critical Security Controls Note: Target Score (by control) and implementation timeline (by control) to be determined 37

The Program Roadmap Priority Summary of Findings / Recommendations Critical Security Control Mapping Implementation Start 1 Review / update as needed network architecture based on Palo Alto recommendation CSC-12: Boundary Defense Q1, 2016 2 Fully utilize Endpoint Management, SIEM, Vulnerability Scanner to establish device inventory, software inventory, standard device configurations. Implement 2F authentication, jump box, and a Log Management program (SIEM) for privileged accounts Consider purchasing a SIEM or subscribing to Managed Security Monitoring Services for device monitoring. CSC-01: Inventory of Authorized and Unauthorized Devices CSC-02: Inventory of Authorized and Unauthorized Software CSC-03: Secure Configuration of Endpoints, Servers, etc. CSC-05: Controlled Use of Administrative Privileges CSC-06: Maintenance, Monitoring and analysis of Audit Logs CSC-11: Secure Configuration of Network Devices Q2, 2016 3 Use DLP Solution to locate, classify, manage, remove PII and critical business data CSC-13: Data Protection Q2, 2016 4 Implement a Threat and Vulnerability Management program, a Log Management program (SIEM) Block known C2 domains via DNS restrictions (NextGen FW) Implement malicious URL filtering (NextGen FW) Limit use of ports, protocols and services to only those that are necessary (Port Scanning) CSC-04: Continuous Vulnerability Assessment & Remediation CSC-08: Malware Defenses CSC-09: Limitation and Control of Ports, Protocols, Services Q4, 2016 5 Implement formal Security Awareness and Security Skills Assessment Program CSC-17: Security Skills Assessment and Appropriate Training Q4, 2016 6 Establish, document, implement, maintain Incident Response & Forensics Program CSC-19: Incident Response and Management Q4, 2016 38

UMASS Cybersecurity Services No. Cybersecurity Service Service Description 1 Threat and Vulnerability Management Practice Provide our customers with the latest threat and vulnerability intelligence information through collaboration and sharing with our service partners. 2 Cybersecurity Program Design and Build Service Help our customers design, implement and maintain their cybersecurity program based on the NIST Cybersecurity Framework and 20 Critical Security Controls. 3 Cybersecurity Operations and Incident Response Service Provide 24x7 continuous security monitoring, alerting and escalation; ensuring incidents are detected, investigated, communicated, remediated and reported. 4 Cybersecurity Risk Management Practice TBD To Be Defined. Possibly based on the DHS Cyber Resilience Review 5 Cybersecurity Education, Training, Awareness Includes CAE-2Y, CAE-4Y, CAE-R, Industry Certification training (work with ISACA and ISC2), Designing and Building a Cybersecurity Program based on the NIST Framework, Cybersecurity Awareness and Skills Training. 6 Sponsored Projects, Testing, Student Internships Sponsored projects from ACSC members and other industry partners defined and delivered through a Statement of Work (SOW). Using University security lab services, delivered and managed by students internships under supervision of the University President s Office and campus IT departments. 39

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback