Presentation is loading. Please wait.

Presentation is loading. Please wait.

Threat Systems Management Office (TSMO)

Published byGregory Rice Modified over 5 years ago

Similar presentations

Presentation on theme: "Threat Systems Management Office (TSMO)"— Presentation transcript:

1 Threat Systems Management Office (TSMO)
Cybersecurity Threat Systems Management Office (TSMO) The objective of the Program Metrics Review is a review of program/product execution at the O-5 Product Manager level. The data used to support the review is provided by the Product Office. There should not be a requirement for a Product Office to generate any additional data to support this review. Briefer: Mr. Brad Thomason Title: Acting Director Date: 25 Jul 2018 /Phone: UNCLASSIFIED//FOUO

2 Cybersecurity Test and Evaluation Functions & Tasks
UNCLASSIFIED//FOUO Cybersecurity Test and Evaluation Functions & Tasks Compile list of cybersecurity and resiliency requirements • Prepare for cybersecurity T&E Events Develop the initial DEF Identify supporting cybersecurity T&E resources Develop the initial OT evaluation framework Align RMF activities with the TEMP Plan and schedule an MBCRA • Plan for cybersecurity T&E Develop cybersecurity T&E strategy Review PPP, System Engineering Plan Intelligence analysis Identify the cyber-attack surface Examine system architecture, components, and data flows Analyze and decompose system mission Map mission dependencies Analyze the attack surface Characterize the cyber threat Examine cyber effects on the system and mission Develop cyber kill chain Perform or update MBCRA Document results and update test planning and artifacts Document results of cyber-attack surface analysis in a cyber-attack surface analysis report Prepare for Phase 3 and Phase 4 cybersecurity DT&E events Formulate test strategy Plan CVI Test Activities Develop cybersecurity test objectives Contractor testing Plan test events Document test plans Plan cyber test infrastructure Integrate system testing • Conduct CVI events and document results Obtain reports Cybersecurity evaluation Update mission-based cyber risk assessment • Prepare for Phase 4 adversarial cybersecurity DT&E event Update cyber threat assessment and kill chain analysis Plan adversarial DT&E Develop test objectives Define metrics Identify resources Develop rules of engagement Define process and test cases Plan integrated tests Document test plans Finalize preparation of test infrastructure Conduct TRR Review threat assessments (e.g. VOLT) Review red team personnel assignment Conduct adversarial cybersecurity DT&E Perform ACD events Obtain reports Cybersecurity evaluation Exit criteria for cybersecurity DT&E Plan CVPA Coordinate with a cybersecurity vulnerability assessment team Execute CVPA Document results Plan adversarial assessment • Coordinate with the OTA team • Execute the adversarial assessment • Document results Threat objectives based mission impact assessment of capability World-class operators and infrastructure Event planning, coordination, deconfliction, and reporting Blue Team Red Team

3 Securing the Information Environment
UNCLASSIFIED//FOUO Securing the Information Environment

4 UNCLASSIFIED//FOUO Thoughts on Way Ahead Expand test philosophy to evaluate information pathways Compromise of Mission vs Compromise of System NDAA Section 1647 Up Front Analysis of Mission CVPA on Operational Networks Persistent Red Team

5 UNCLASSIFIED//FOUO Questions

Download ppt "Threat Systems Management Office (TSMO)"

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
Cyber and Maritime Infrastructure

Cyber and Maritime Infrastructure
National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]
Information Assurance (IA) - Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication,

Information Assurance (IA) - Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication,
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Lecture 5 MGMT 6180 - © 2012 Houman Younessi Framework for Cogenerating IS Strategy with Business Strategy (Co-Planning)

Lecture 5 MGMT © 2012 Houman Younessi Framework for Cogenerating IS Strategy with Business Strategy (Co-Planning)
Test Organization and Management

Test Organization and Management
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
SEE OTRR LONG-RANGE PLANNING CHECKLIST SEE OTRR PLANNING CHECKLIST SEE OTRR PRE-REVIEW CHECKLIST LONG RANGE PLANNING PHASE PRE-REVIEW PHASE At OTRR, the.

SEE OTRR LONG-RANGE PLANNING CHECKLIST SEE OTRR PLANNING CHECKLIST SEE OTRR PRE-REVIEW CHECKLIST LONG RANGE PLANNING PHASE PRE-REVIEW PHASE At OTRR, the.
Process for Analysis  Choose a standard / type  Qualitative / Quantitative Or  Formal / Informal  Select access controls  Match outcome to project.

Process for Analysis  Choose a standard / type  Qualitative / Quantitative Or  Formal / Informal  Select access controls  Match outcome to project.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Certification and Accreditation CS-7493-01 Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
UNCLASSIFIED DITSCAP Primer. UNCLASSIFIED 1/18/01DITSCAP Primer.PPT 2 DITSCAP* Authority ASD/C3I Memo, 19 Aug 92 –Develop Standardized C&A Process DODI.

UNCLASSIFIED DITSCAP Primer. UNCLASSIFIED 1/18/01DITSCAP Primer.PPT 2 DITSCAP* Authority ASD/C3I Memo, 19 Aug 92 –Develop Standardized C&A Process DODI.
Dr. Benjamin Khoo New York Institute of Technology School of Management.

Dr. Benjamin Khoo New York Institute of Technology School of Management.
IRM304 CDR Course Manager: Denny Involved Competency Leads: 26 (Cybersecurity)-Denman, 19 (Measurement)-Denny, 7 (DBS)-Corcoran [Capability Planning],

IRM304 CDR Course Manager: Denny Involved Competency Leads: 26 (Cybersecurity)-Denman, 19 (Measurement)-Denny, 7 (DBS)-Corcoran [Capability Planning],
Privacy Project Framework & Structure HIPAA Summit Brent Saunders

Privacy Project Framework & Structure HIPAA Summit Brent Saunders

Similar presentations

Ads by Google