LANDWARNET 2011AMERICA’S ARMY: THE STRENGTH OF THE NATION UNCLASSIFIED.

Slides:

Advertisements

Similar presentations

MONITORING OF SUBGRANTEES

Advertisements

Session No. 4 Implementing the State’s Safety Programme Implementing Service Providers SMS

Organizational Governance

PERSONALLY IDENTIFIABLE INFORMATION (PII) BRIEFING

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

QA Programs for Local Health Departments

Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.

More CMM Part Two : Details.

UNIT PHYSICAL SECURITY PLAN

DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.

Data Ownership Responsibilities & Procedures

Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.

TLO 2: Action: Plan operational security. Intermediate-level training.

Security Controls – What Works

Command Supply Discipline Program

Information Systems Security Officer

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Computer Security: Principles and Practice

Field of Dreams Shaping Internal Controls & Process Remediation to Achieve Sustainable Financial Audit Success CDR COLIN CAMPBELL LCDR MIKE DANISH Touchstone.

Session No. 4 Implementing Service Providers SMS Implementing the State’s Safety Programme SMS Senior Management Workshop Rome, 21 May 2007.

National Incident Management System (NIMS) Jim Reardon Michigan State Police Emergency Management Division

Session No. 3 ICAO Safety Management Standards ICAO SMS Framework

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

The Key Process Areas for Level 2: Repeatable Ralph Covington David Wang.

Introduction to Software Quality Assurance (SQA)

Environmental Management Systems in Massachusetts April, 2003.

An Educational Computer Based Training Program CBTCBT.

SMS Operation.  Internal safety (SMS) audits are used to ensure that the structure of an SMS is sound.  It is also a formal process to ensure continuous.

 Computer security policy ◦ Defines the goals and elements of an organization's computer systems  Definition can be ◦ Highly formal ◦ Informal  Security.

Software Quality Assurance Activities

NIST Special Publication Revision 1

1 DOE IMPLEMENTATION WORKSHOP ASSESSING MY EMS Steven R. Woodbury

Section Five: Security Inspections and Reviews Note: All classified markings contained within this presentation are for training purposes only.

Soft Tech Development Inc. 1 Software Project Tracking A CMM Level 2 Key Process Area Soft Tech Development Inc.

Implementing and Auditing Ethics Programs

ASA (FM&C) 1 Department of the Army Mass Transportation Benefit Program (MTBP) Outside the National Capital Region (NCR) Guidance for Program Points of.

Agency Risk Management & Internal Control Standards (ARMICS)

Information Assurance Program Manager U.S. Army Europe and Seventh Army Information Assurance in Large-Scale Practice International Scientific NATO PfP/PWP.

Monitoring Schedule David Chappell, or

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

Mobile Audio/Video Recording Equipment Policy and Procedure Number PP

1.  Describe an overall framework for project integration management ◦ RelatIion to the other project management knowledge areas and the project life.

Web Security for Network and System Administrators1 Chapter 2 Security Processes.

Georgia Institute of Technology CS 4320 Fall 2003.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Maricopa County Air Quality Department Compliance Division – Inspections/NOVs Steve Depenbrok Compliance Division Manager.

Enterprise Cybersecurity Strategy

5/18/2006 Department of Technology Services Security Architecture.

Environmental Officer Course Introduction Fort Wainwright, Alaska Environmental Officer Course 2011 Name//office/phone/ address UNCLASSIFIED 12/24/2015.

Project Management Basics

Evaluate Phase Pertemuan Matakuliah: A0774/Information Technology Capital Budgeting Tahun: 2009.

Office of Human Research Protection Georgia Health Sciences University.

Pertemuan 14 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Information Security tools for records managers Frank Rankin.

Copyright © Houghton Mifflin Company. All rights reserved.8-1 Chapter 8 Developing an Effective Ethics Program.

Internal Control Process at Geneseo. Objectives Understand the objectives of effective internal controls Describe Geneseo’s internal control program Accurately.

Organization and Implementation of a National Regulatory Program for the Control of Radiation Sources Program Performance Criteria.

Business Continuity Planning 101

Risk Assessments in Many Flavors George J. Dolicker, CISA, CISSP.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Responsibilities of Sponsor, Investigator and Monitor

Department of Safety & Quality Assurance

CPA Gilberto Rivera, VP Compliance and Operational Risk

Responsibilities of Sponsor, Investigator and Monitor

Presented by Jean Fecteau OEO Fiscal Analyst

Overview Introduction Meaningful Use Objective for Security Key Security Areas and Measures Best Practices Security Risk Analysis (SRA) Action Plan Demonstration.

Introduction to the Federal Defense Acquisition Regulation

USAID/Peru Risk Assessment In-Briefing

Briefing to the Portfolio Committee on Police Audit outcomes of the Police portfolio for the financial year 13 October 2015.

Presentation transcript:

LANDWARNET 2011AMERICA’S ARMY: THE STRENGTH OF THE NATION UNCLASSIFIED

LANDWARNET 2011AMERICA’S ARMY: THE STRENGTH OF THE NATION UNCLASSIFIED 2  Purpose  DAIG Information Assurance Mission  Information Assurance Actions  What does DAIG IA Inspect? Army IA Functional Areas  Information Assurance Take-Aways  Panel Member Introduction  Forum Discussion/Question and Answer Period  Closing IEF Sessions: 1 and 3, USAIGA // LWN11_IA_DAIG IA Compliance.pptx

LANDWARNET 2011AMERICA’S ARMY: THE STRENGTH OF THE NATION UNCLASSIFIED IEF Sessions: 1 and 3, USAIGA 3 To provide insights from the Department of the Army Inspector General Information Assurance Team and organizations that have met the standard the last two years // LWN11_IA_DAIG IA Compliance.pptx

LANDWARNET 2011AMERICA’S ARMY: THE STRENGTH OF THE NATION UNCLASSIFIED IEF Sessions: 1 and 3, USAIGA 4  IA Establishment: 12 May 2005, the CSA directs The Inspector General (TIG) to establish an Information Assurance (IA) Inspection Division to conduct cyclical IA compliance inspections across the Army (Active, Guard and Reserve).  The purpose of IA Inspections: Measure level of deviation from established Army IA polices, regulations, doctrine, and procedures (compliance) Identify systemic IA problems, determine root causes, develop recommendations, and fix responsibilities for corrective action  Information Assurance Inspections conducted: 74 inspections from FY 08 to 1 Aug 11 (57 Active, 12 ARNG, 3 USAR, 2 MWR) Fiscal Year Annual Army Information Assurance (IA) Reports published (FY 08, 09 and 10 (Trends and Recommendations)) BLUF: DAIG IA Division is the eyes and ears for Army Senior Leaders in evaluating the Army’s IA posture IAW Army CIO/G-6 IA checklist, regulations, and policy // LWN11_IA_DAIG IA Compliance.pptx

LANDWARNET 2011AMERICA’S ARMY: THE STRENGTH OF THE NATION UNCLASSIFIED IEF Sessions: 1 and 3, USAIGA 5  Information Assurance key insights : - Establish command/leadership accountability - Establish the need for continuous oversight (Command Channels) - Formalize an acceptable level of risk/compliance for existing IA policies and standards  VCSA action Memorandum to Commanders (28 Nov 10) Subject: Commander and Leader Responsibilities for Information Assurance Capabilities and Standards Enforcement The VCSA memo directed: Army CIO/G-6 & the CDR, ARCYBER to review & improve, where necessary, IA processes/policies CDR, ARCYBER to monitor & assist commanders in the enforcement of IA compliance Senior Installation Commanders are responsible for their organization’s complying with the Army Information Assurance Program Commanders (Brigade equivalent and higher) will assess their organization’s IA program using the Army IA Self-Assessment Tool Every organization will incorporate IA into its organizational inspection program at all levels // LWN11_IA_DAIG IA Compliance.pptx

LANDWARNET 2011AMERICA’S ARMY: THE STRENGTH OF THE NATION UNCLASSIFIED IEF Sessions: 1 and 3, USAIGA 6 Army Focus Areas are those that pose a significant risk to the Army LandWarNet (Army IA Functional Areas and Army Focus Areas are established by Army CIO/G-6) Inspection Breakout (FY 08-11) TypeQty AC57 ARNG12 USAR3 MWR2 Total // LWN11_IA_DAIG IA Compliance.pptx

LANDWARNET 2011AMERICA’S ARMY: THE STRENGTH OF THE NATION UNCLASSIFIED IEF Sessions: 1 and 3, USAIGA 7  Accountability: Information Assurance requires Command/Leader accountability and oversight in order to protect and defend operational information  Self Assessment: Conduct an honest self assessment – develop realistic goals and empower subordinates  Standard: Be willing to make hard decisions – enforce the standard otherwise you allow deviations to become the new baseline  Assets: Ensure assets are configured IAW current DISA STIGs (to include manual checks)  PII: Complete your PII assessment (DD Form 2930, Privacy Impact Assessments) and coordinate with your customer organizations  Audits: Conduct full audit scans and review audit logs - Retina/Q-Tip scans – all assets, vulnerabilities (conduct one week prior to inspection)  Document: Document your internal and command wide procedures  Record: Establish a formal record retention program (hard drive and media destruction, wireless scanning/war driving (5yrs / 1yr) // LWN11_IA_DAIG IA Compliance.pptx

LANDWARNET 2011AMERICA’S ARMY: THE STRENGTH OF THE NATION UNCLASSIFIED IEF Sessions: 1 and 3, USAIGA 8  Identify: IT Contingency alternate site and document the results from the last contingency plan exercise  Develop: Build the IT Contingency Plan around supporting mission essential services  Ensure: - POA&M for all past due IAVAs are entered into NETCROP or VMS - Waivers are submitted for all deviations from the AGM and/or DISA STIGS - Incident Response Plans are complete and personnel are trained - Webmaster, OPSEC & PAO are trained in OPSEC WEB content vulnerability and web risk assessment training - Marking and labeling of media and peripheral devices are completed - Wireless security - complete scans (war drive, protocol analysis) are done - Register and track all IA Workforce personnel in ATCTS  Verify: SF700, SF701 forms are properly filled out (Safes/offices) A vulnerability allowed by one is a vulnerability assumed by all ! // LWN11_IA_DAIG IA Compliance.pptx

LANDWARNET 2011AMERICA’S ARMY: THE STRENGTH OF THE NATION UNCLASSIFIED IEF Sessions: 1 and 3, USAIGA 9  Panel Member Introduction  Forum Discussion/Question and Answer Period // LWN11_IA_DAIG IA Compliance.pptx

LANDWARNET 2011AMERICA’S ARMY: THE STRENGTH OF THE NATION UNCLASSIFIED IEF Sessions: 1 and 3, USAIGA 10 DAIG AKO Portal: // LWN11_IA_DAIG IA Compliance.pptx

LANDWARNET 2011AMERICA’S ARMY: THE STRENGTH OF THE NATION UNCLASSIFIED IEF Sessions: 1 and 3, USAIGA 11 DAIG Office Phone Number Commercial (703) DSN: // LWN11_IA_DAIG IA Compliance.pptx