Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presenter: Mohammed Jalaluddin

Published byAugustine Curtis Modified over 6 years ago

Similar presentations

Presentation on theme: "Presenter: Mohammed Jalaluddin"— Presentation transcript:

1 Presenter: Mohammed Jalaluddin
Managing Security of your UI Data using NIST Presenter: Mohammed Jalaluddin

2 Who are they? National Institute of Standards and Technology
Established 1901 National Bureau of Standards Non Regulatory Agency 18 control families each family has

3 What they do? Develop standards and metrics for various areas
Promote innovation and industrial competitiveness 18 control families each family has

4 Areas of Focus NIST sets the standard for these areas
Advanced Communications Cybersecurity Energy & Environment Health & Bioscience Advanced Manufacturing Forensic Science Disaster Resilience Quantum Science Areas of Focus NIST sets the standard for these areas

5 Security Control Families
AC - Access Control 25 AU - Audit & Accountability 16 AT - Awareness & Training 05 CM - Configuration Management 11 CP - Contingency Planning 12 IA - Identification & Authentication 11 IR - Incident Response 10 MA - Maintenance 06 MP - Media Protection 08 PS - Personnel Security 08 PE - Physical & Environmental 20 PL - Planning 09 PM - Program Management 16 RA - Risk Assessment 06 CA - Security Assessment & Authorization 09 SC - System & Communication Protection 44 SI - System and Information Integrity 17 SA - System and Services Acquisition 22 Controls 255 800+ controls & enhancements

6 Figure 1.

7 Money Staff Challenges

8 COMPLIANCE

9 What’s Needed Cultural Change Maturity Resources Focus on the basics
Invest in Awareness Training Get Senior Management Buy in Policies & Procedures Implementation and Testing Integration Properly Maintained Equipment Knowledgeable Staff Budget Cultural Change Maturity Resources

10 How ???????? Figure 2

11 WHY NIST? Improves overall organizational security
Helps to ensure a secure infrastructure Lays a foundation to follow to achieve compliance with specific regulations

12 Pub 1075 largely based on NIST
NIST & Pub 1075 Pub 1075 largely based on NIST Pub 1075 has additional requirements such as: Two factor authentication FTI not allowed to be printed, ed or faxed FTI can not be used in a test environment Special requirements for cloud computing

13 Build it right Continuously monitor
Rev 4 What’s New? NIST PUB1075 • New security controls and control enhancements • New privacy controls and implementation guidance • Updated security control baselines • New summary tables for security controls to facilitate ease-of-use • Background investigations minimum requirements • Table for 45 Day notification reporting requirements • Guidance for use of consolidated data centers • All contractor and shared sites to be included in Safeguard reviews Build it right Continuously monitor

14 MDES’ APPROACH

15 Cloud Off site data storage Productivity anywhere
Low cost of ownership & maintenance Scalable Resiliency and Redundancy Productivity anywhere Off site data storage

16 Unauthorized access prevention
Tools Unauthorized access prevention Data Protection Encryption PUB 1075 Monitoring Vormetric Guardium

17 A good set of tools for improving information cyber security;
A good guide for industry best practices; and Agencies such as the FTC, SSA, and IRS are increasingly expecting NIST-level safeguards. TAKE-AWAYS

18

19 References: Figure 1 Figure 2
Figure 2

20

Download ppt "Presenter: Mohammed Jalaluddin"

Similar presentations

Major Accident Prevention Policy (MAPP) and Safety Management System (SMS) in the Context of the Seveso II Directive.

Major Accident Prevention Policy (MAPP) and Safety Management System (SMS) in the Context of the Seveso II Directive.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Security Controls – What Works

Security Controls – What Works
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.

NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Privacy and Security Tiger Team Meeting Recommendations regarding a framework of security protections for EHRs December 7, 2011.

Privacy and Security Tiger Team Meeting Recommendations regarding a framework of security protections for EHRs December 7, 2011.
An overview of the NIST Risk Management Framework ISA 652 Fall 2010

An overview of the NIST Risk Management Framework ISA 652 Fall 2010
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.

CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.
Evolving IT Framework Standards (Compliance and IT)

Evolving IT Framework Standards (Compliance and IT)
DFARS 204.73 & 252.204-7012 What is Unclassified Controlled Technical Information (UCTI)?

DFARS & What is Unclassified Controlled Technical Information (UCTI)?
Applied Technology Services, Inc. Your Partner in Technology www.appliedtechnologyservices.com Applied Technology Services, Inc. Your Partner in Technology.

Applied Technology Services, Inc. Your Partner in Technology Applied Technology Services, Inc. Your Partner in Technology.
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Chapter 8 8-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Similar presentations

Ads by Google