PMC Update on Cyber Sprint June 18, 2015 1. Overview: 30-Day Cyber Sprint 1.Interagency Cyber Sprint Team: Launched June 11 and executing against the.

Slides:

Advertisements

Similar presentations

June 27, 2005 Preparing your Implementation Plan.

Advertisements

Department of Homeland Security Site Assistance Visit (SAV)

A-16 Portfolio Management Implementation Plan Update

Homeland Security at the FCC July 10, FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

SHIFTING INFORMATION SECURITY LANDSCAPE FROM C&AS TO CONTINUOUS MONITORING ANDREW PATCHAN JD, CISA ASSOCIATE IG FOR IT, FRB LOUIS C. KING, CPA, CISA, CMA,

NIH is a Valuable Place with Valuable People: We Need to Protect it! Cyber threat is one of the most serious economic and national security challenges.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.

Proposed Maturity Model for

KDP-1: Integrate supply chain knowledge into secure solutions concepts Evaluate supply chain threats with respect to the set of possible solutions under.

David A. Brown Chief Information Security Officer State of Ohio

DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.

National Infrastructure Protection Plan

DHS, National Cyber Security Division Overview

We make it easier for businesses of all sizes to safely accept checks transmodus offers clients automation utilizing our online processing platform for.

Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Vulnerability and Configuration Management Best Practices for State and Local Governments Jonathan Trull, CISO, Qualys, Inc.

Confidential Crisis Management Innovations, LLC. CMI CrisisPad TM Product Overview Copyright © 2011, Crisis Management Innovations, LLC. All Rights Reserved.

Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.

SANS Technology Institute - Candidate for Master of Science Degree Establishing a Security Metrics Program Tiger Team Final Report Chris Cain & Erik Couture.

EOSC Generic Application Security Framework

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Seán Paul McGurk National Cybersecurity and Communications

Network Security Resources from the Department of Homeland Security National Cyber Security Division.

Enterprise Product Implementation Process. Components of a Successful Implementation  A detailed Scope Document for customer review and signoff  Creation.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

OPSWAT Presentation for XXX Month Date, Year. OPSWAT & ____________ Agenda  Overview of OPSWAT  Multi-scanning with Metascan  Controlling Data Workflow.

Disaster Management eGov Initiative (DM) Program Overview December 2004.

Chapter 6 of the Executive Guide manual Technology.

Association of Defense Communities June 23, 2015

Critical Infrastructure Protection: Program Overview

Homeland Security Grant Program 2015 Process Michelle Hanneken Illinois Emergency Management Agency.

1 Project Kick Off Briefing Cost Data Integrity Project August 30, 2007.

U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.

Week 3 E-GOVERNMENT. Security PRIVACY Learning outcome At the end of this slide, student can: 1) Explain the network security 2) Understand the contribution.

Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.

U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.

Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.

Introduction and Feature Highlights

Emergency Management Training and Education System Protection and National Preparedness National Preparedness Directorate National Training and Education.

University of Maryland University College (UMUC) 3/11/2004 POA&M and FISMA What does it really mean? FISSEA Annual Conference.

Enterprise Cybersecurity Strategy

Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Governor’s Office of Homeland Security and Emergency Response State Directors Meeting February 24, 2014 Bruce A. Davis, Ph.D. Senior Program Manager Resilient.

2012 DHS/ACT-IAC Cybersecurity Awards The “Fed Cyber Cup” Concept Overview Cheryl Soderstrom, Programs Chair, Cybersecurity SIG.

NATIONAL ACTION PLAN: Priorities for Managing Freshwater Resources in a Changing Climate June

Public Law Government Charge Card Abuse Prevention Act of 2012 (Charge Card Act) REPORTS December 2013.

Commonwealth of Massachusetts Statewide Strategic IT Consolidation (ITC) Initiative Phase 3d Work Plan IT Consolidation Working Group Discussion Document.

Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.

Chapter 3: Business Continuity Planning. Planning for Business Continuity Assess risks to business processes Minimize impact from disruptions Maintain.

Supplier Kickoff Presentation Presented by Computer Aid, Inc.

Financial Services Sector Coordinating Council (FSSCC) 2011 KEY FSSCC INITIATIVES 2011 Key FSSCC Initiatives Project Name: Project Description: All-Hazards.

OFFICE OF VA ENTERPRISE ARCHITECTURE VA EA Cybersecurity Content Line of Sight Report April 29, 2016.

DHS/ODP OVERVIEW The Department of Homeland Security (DHS), Office for Domestic Preparedness (ODP) implements programs designed to enhance the preparedness.

1 Getting to Green at the Department of Energy Progress on OMB’s Environmental Sustainability Scorecard Andy Lawrence Director, Office of Nuclear Safety,

 December 2010 US Chief Information Officer Vivek Kundra released the Federal Cloud Computing Strategy. This became to be what is known as “Cloud First”

Iowa Communications Alliance

Cybersecurity - What’s Next? June 2017

California Cybersecurity Integration Center (Cal-CSIC)

Active Cyber Security, OnDemand

Leverage What’s Out There

I have many checklists: how do I get started with cyber security?

Cybersecurity ATD technical

CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version // uopcourse.com

CMGT 431 CMGT431 cmgt 431 cmgt431 Entire Course // uopstudy.com

AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.

Presentation transcript:

PMC Update on Cyber Sprint June 18,

Overview: 30-Day Cyber Sprint 1.Interagency Cyber Sprint Team: Launched June 11 and executing against the following work streams High Value Asset Review Two-Factor PIV Best Practices Cybersecurity Shared Service Offerings Incident Response Rapid Recovery Emerging Technologies Resources 2.Agency High Priority Actions Strong Authentication – Privileged and All Users DHS’s Critical Vulnerability Report Indicators of Compromise Scans High Value Asset Identification and Protection Reviews Privileged Users and their Activities Reviews GOAL: Dramatically and Rapidly Improve Federal Cybersecurity 2

Agency High Priority Actions Dashboard To follow-up on the priority cybersecurity action items sent by the Federal CIO, OMB has developed a new Dashboard to help track progress The scheduled FISMA and PMC quarterly process will continue. However, given the current threat environment we will collect additional information from agencies in order to drive priority, executive attention to 5 key actions (which are a subset of the actions required in the PMC process) that all agencies must take immediately OMB is working with the Chief Information Security Officers to fully integrate the FISMA reporting metrics into the PMC quarterly process by the start of FY

Components of the Dashboard The Cyber Sprint Priority Actions Dashboard will track the following actions: Strong Authentication – status of information normally reported for the Cybersecurity CAP Goal DHS’s Critical Vulnerability Report – status information from DHS’s weekly report Indicators of Compromise (IOC) – status of agency scans for these IOCs across their internal networks High Value Assets – identification and review of security protections of high value assets Privileged Users and their Activities – review Privileged Users and their activities to reduce the number as much as possible 4

Agency High Priority Actions Targets 100% PIV based Strong Authentication * for Privileged Users by June 26, % PIV based Strong Authentication for all users by July 15, 2015 No critical vulnerabilities should go unmitigated for more than 30 days Indicator of Compromise (IOC) scans started within 24 hours of DHS issuance Meet agency self-defined targets for reduction in the number of Privileged Users by July 15, 2015 High Value Assets identified and initial agency security protection reviews completed by July 15, 2015 *- Personal Identity Verification (PIV) or alternative solutions that provides NIST Level-4 assurance of the user's identity 5

New information to be collected from agencies Agency High Priority Actions Dashboard Agency sort order: Privileged user %, Not mitigated after 30 days or more, Unprivileged users % 6

Agency Tools and Support Cyber Sprint Knowledge Portal Repository of solutions for implementing priority actions Example, solution for PIV Implementation on Apple Devices DHS Assessment Teams Cyber Sprint Team identified Top 10 High Value Assets DHS dedicating teams to assessing these assets over the next few weeks Digital Service – Cybersecurity Experts Cybersecurity Experts being identified Will support cyber sprint activities Agencies will also have access to candidates 7

Agencies will be required to submit updated information on the following dates: June 26 July 10 July 15 (as part of quarterly FISMA and CAP Goal reporting) OMB will establish a MAX Collect Exercise to collect this information – details will be sent to Agency CIOs by early next week Cyber Sprint Priority Actions Dashboard will be updated and shared following these submissions Next Steps 8