1 USAID/Peru Risk Assessment In-Briefing February 19, 1999 PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME.

Slides:

Advertisements

Similar presentations

Program Management Office (PMO) Design

Advertisements

Process and Procedure Documentation. Agenda Why document processes and procedures? What is process and procedure documentation? Who creates and uses this.

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

Evaluation Team Chair Training Presented By Dr. Tim Eaton TRACS Regional Representative.

S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.

© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA

Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.

UNIVERSITY OF DUNDEE ONE IT. Professor Pete Downes - Principal & Vice-Chancellor One Dundee / One IT / One Approach Individual Consultations Collective.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.

Information Security Policies and Standards

Unit Outline Information Security Risk Assessment Module 1: Introduction to Risk Module 2: Definitions and Nomenclature Module 3: Security Risk Assessment.

Unit 8: Tests, Training, and Exercises Unit Introduction and Overview Unit objectives:  Define and explain the terms tests, training, and exercises. 

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

By: Ashwin Vignesh Madhu

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

Vulnerability Assessment Course Terms, Methodology, Preparation, Obstacles, and Pitfalls.

Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.

ESC/EN Engineering Process Compliance Procedures August 2002.

Student Assessment Inventory for School Districts Inventory Planning Training.

Photocopies Occasionally need uncontrolled copies

Complying With The Federal Information Security Act (FISMA)

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Unit Introduction and Overview

School Technology Solutions, LLC Technology Audits What's in it for you? 4 th Annual SW/WC Technology Conference March 11, 2010 Presenter: Lee Whitcraft.

 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,

PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME 1 USAID/Peru Risk Assessment In-Briefing February 19, 1999 PRIME Principal.

WHAT IS “CLASS”? A BRIEF ORIENTATION TO THE CLASS METHODOLOGY.

Module 3 Develop the Plan Planning for Emergencies – For Small Business –

Hosted by How to Conduct an Information Security (INFOSEC) Assessment The NSA INFOSEC Assessment Methodology (IAM) Stephen Mencik, CISSP ACS Defense, Inc.

Unit 5:Elements of A Viable COOP Capability (cont.)  Define and explain the terms tests, training, and exercises (TT&E)  Explain the importance of a.

© 2001 by Carnegie Mellon University PSM-1 OCTAVE SM : Senior Management Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh,

Process for Analysis  Choose a standard / type  Qualitative / Quantitative Or  Formal / Informal  Select access controls  Match outcome to project.

Unit 8:COOP Plan and Procedures  Explain purpose of a COOP plan  Propose an outline for a COOP plan  Identify procedures that can effectively support.

ISA 562 Internet Security Theory & Practice

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

NMS Certification and Accreditation (C&A) Removal of Material Weakness for NMS Security and Access Controls Jim Craft USAID ISSO.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

Web Security for Network and System Administrators1 Chapter 2 Security Processes.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

Physical Inventory Project Overview 0 Physical Inventory Overview George Vrtiak Transformation Projects Team April 10, 2007.

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

 A review of role and responsibility assignments for those involved in research administration and compliance functions has progressed through a final.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Staff Meeting Monday 14 April – 8.30am Review of the IT Department Outline: the process the statistics recommendations.

Audit Planning Process

Developing an Enterprise-Wide Privacy and Data Security Training Program Ross T. Janssen, J.D., CIPP Privacy & Security Officer University of Minnesota.

HIPAA Security A Quantitative and Qualitative Risk Assessment Rosemary B. Abell Director, National Healthcare Vertical Keane, Inc. HIPAA Summit VII September.

NFPA 1600 Disaster/Emergency Management and Business Continuity Programs.

Introduction to Information Security

Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

Disaster Planning Workshop Hosted By: Pleasantview Fire Protection District.

Better Prepared And Ready to Help Emergency Preparedness Mission Nepal February 2011 From Contingency planning to readiness WFP’s Emergency Preparedness.

Independent Expert Program Review (IEPR) February 2006.

Evaluate Phase Pertemuan Matakuliah: A0774/Information Technology Capital Budgeting Tahun: 2009.

Tax Administration Diagnostic Assessment Too l PREPARING FOR A TADAT ASSESSMENT.

IAEA International Atomic Energy Agency. IAEA Outline LEARNING OBJECTIVES REVIEW TEAM AMD COUNTERPARTS Team Composition Qualification PREPARATORY PHASE.

Office of Public Health Preparedness and Response Division of Emergency Operations Centers for Disease Control and Prevention.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

Unit: 111 Unit 11 Rapid Assessment. Unit: 112 Introduction and Overview l Instructor introduction l Session objectives: –Understand the concept of rapid.

Managing Multiple Projects Steve Westerman California Department of Motor Vehicles Steve Young Mathtech, Inc.

Business Continuity Planning 101

Risk Assessments in Many Flavors George J. Dolicker, CISA, CISSP.

USAID/Peru Risk Assessment In-Briefing

1 Stadium Company Network. The Stadium Company Project Is a sports facility management company that manages a stadium. Stadium Company needs to upgrade.

TEXAS DSHS HIV Care services group

Central New York HEALTH EMERGENCY PREPAREDNESS COALITION

Presentation transcript:

1 USAID/Peru Risk Assessment In-Briefing February 19, 1999 PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME

2 Team Introduction USAID ISSO - Jim Craft Risk Assessment Program Manager - Rod Murphy Consulting Manager, Information Technology - John Zobel Senior Computer Scientist - Mike Reiter UNIX Team Lead - Steve Bui

3 Purpose A Risk Assessment allows one to: –Determine which information is critical to the organization –Identify the systems that process, store, or transmit that critical information –Identify potential vulnerabilities –Recommend solutions to mitigate or eliminate those vulnerabilities

4 Determine the Scope Identify the boundaries of the system(s) being evaluated –Cisco Routers –Servers –Workstations –Communication Lines Identify the level of detail expected from the Assessment –Compliance with Agency/Mission requirements –Compliance with best practices PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME

5 Pre-Assessment Activity Collected and Analyzed Mission Data –Asset Information (Hardware/Software/Financial) –Automated Survey Questionnaires 51 surveys sent out 22 responses received –34 potential vulnerabilities identified –Conducted an Automated Network Scan using HYDRA Identified 8 major and 17 minor vulnerabilities Developed and forwarded an Immediate Needs Report to TCO and Mission staff for action –Conducted a follow-up HYDRA scan to confirm Mission Configuration changes PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME

6 On-site Activities PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME Friday: Receive a Mission Threat Briefing Coordinate Assessment Logistics –A room for the Assessment team to work out of –A room scheduled for conducting training (Wed) –A room for in-briefing and out-briefing –Interviews scheduled for Mon and Tue, if necessary –Schedule meeting with Functional Management on Tues. –Schedule all staff training for Wed. (one hour sessions) –Schedule meeting with Security Plan and Contingency Planning staff. (Wed) –List of mission phones number ranges for scan

7 On-Site Activities (continued) PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME Conduct a Physical Review of the Mission Facility Meet with System Administrators –Establish System Ids as needed –Conduct UNIX review –Conduct Banyan review –Review NT Security Monday: Conduct staff interviews Additional System (UNIX,Banyan,NT, Cisco) reviews Conduct an after-hours modem scan

8 On-Site Activities (continued) PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME Tuesday: Conduct additional interviews as needed Meet with Functional Mission Management to discuss: –Connectivity/Business needs –Mission impact with regards to Agency requirements –Roles and Responsibilities associated with policies Wednesday: Conduct Mission staff training Assist in the development of Mission Security Plan and Contingency Plan

9 On-Site Activities (continued) Conduct any activities needed to wrap-up assessment. Analyze information gathered from pre-assessment and on-site assessment activities. Develop “Draft” Assessment Executive Summary Report. Develop Out-Briefing Present Out-Briefing to Mission Management/Staff PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME

10 Expected Outcome What the Assessment Team expects to Accomplish: –Identify areas of concern –Provide recommendations that will enable management to make decisions associated with risks –Assist in the development of a Mission Security Plan –Assist in the development of a Mission Contingency Plan –Provide an annual Security refresher Training class to all Mission personnel –Develop a standardized approach to conducting Mission Risk Assessments –Identify Mission Concerns associated with UNIX, Banyan, NT, Cisco configuration checklists –Identify and address specific Mission concerns PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME

11 Additional Activities Being Conducted at Each Mission Assist in the development of a Mission System Security Plan Provide a template for developing a Mission Contingency Plan Provide on-site training –General User –System Administrator –System Managers/Executive Officers Address any additional concerns PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME