Presentation is loading. Please wait.

Presentation is loading. Please wait.

Working Draft – Internal VA Use Only Technology Acquisition Center (TAC) Information Technology Advanced Planning Briefing for Industry 6/16/2015 Working.

Published byMabel Simon Modified over 8 years ago

Similar presentations

Presentation on theme: "Working Draft – Internal VA Use Only Technology Acquisition Center (TAC) Information Technology Advanced Planning Briefing for Industry 6/16/2015 Working."— Presentation transcript:

1 Working Draft – Internal VA Use Only Technology Acquisition Center (TAC) Information Technology Advanced Planning Briefing for Industry 6/16/2015 Working Draft, Pre-Decisional, Deliberative Document – Internal VA Use Only 1 Stanley F. Lowe Department of Veterans Affairs Office of Information Security (OIS) June 16, 2015

2 Working Draft – Internal VA Use Only 6/16/2015 2 Working Draft, Pre-Decisional, Deliberative Document – Internal VA Use Only Overview Goals Offices Other Priorities and Focus Areas Agenda

3 Working Draft – Internal VA Use Only OIS Overview Office of Information Security (OIS) Manages the VA-wide information security and privacy programs that protect the information security and privacy infrastructure of VA “Devoted to supporting all stages of Veteran care by protecting the personal information of Veterans and the employees who serve them” OIS protects the personally identifiable information (PII) of 23 million Veterans, 45 million beneficiaries, and over 300,000 VA employees 6/16/2015 Working Draft, Pre-Decisional, Deliberative Document 3

4 Working Draft – Internal VA Use Only OIS Goals Goal 1: Protect the overall VA information security and privacy posture to ensure confidentiality, integrity, availability, and appropriate destruction of information Goal 2: Integrate risk and performance management into information security and privacy practices to create a cost and process effective program Goal 3: Establish an information security governance structure and policies that create operational efficiency and accountability Goal 4: Seamlessly integrate security processes into VA’s business and IT projects to reduce exposure to risk and maximize efficiency Goal 5: Promote an environment where all employees’ and contractors’ actions reflect the importance of information security accountability 6/16/2015 Working Draft, Pre-Decisional, Deliberative Document 4

5 Working Draft – Internal VA Use Only OIS Offices Business Continuity (BC) Office of Cyber Security (OCS) Field Security Service (FSS) Office of Privacy and Records Management (OPRM) Network Security Operations Center (VA- NSOC) 6/16/2015 Working Draft, Pre-Decisional, Deliberative Document 5

6 Working Draft – Internal VA Use Only Business Continuity (BC) Responsible for developing and implementing emergency management and continuity programs that ensure resiliency of critical IT tasks Provides staffing to VA’s Integrated Operations Center to create and maintain shared situational awareness across administrations and staff offices concerning OI&T issues 6/16/2015 Working Draft, Pre-Decisional, Deliberative Document 6

7 Working Draft – Internal VA Use Only BC Activities Information Systems Contingency Planning (ISCP) IT Systems Disaster Recovery Business Impact Analysis (BIA) Continuity of Operations (COOP) 6/16/2015 Working Draft, Pre-Decisional, Deliberative Document 7

8 Working Draft – Internal VA Use Only Upcoming FY16 Contract Opportunities-BC 6/16/2015 Working Draft, Pre-Decisional, Deliberative Document 8 Name of InvestmentDescription Business Continuity SupportThis contract is for part-time subject matter experts across the continuity spectrum to assist in any internal support for OI&T exercises, including Contingency Plans and Disaster Recovery Plans. Exercise support provides subject matter experts to develop, measure, and run exercises at the OI&T, VA and National Level.

9 Working Draft – Internal VA Use Only Office of Cyber Security (OCS) Establishes policy and oversees the implementation and operation of IT security programs across the Department Manages and directs all activities for audit resolution and readiness, the Certification Program Service, security architecture and software assurance, the Emergency Response team, and identity access management 6/16/2015 Working Draft, Pre-Decisional, Deliberative Document 9

10 Working Draft – Internal VA Use Only OCS Activities Policy Development/Oversight and Compliance Reporting Continuous Readiness in Information Security Program (CRISP) Supporting Initiatives Assessment/Authorization Program Identity and Access Management Program Support Visibility to Everything (V2E) Related Initiatives Security Architecture and Software Assurance 6/16/2015 Working Draft, Pre-Decisional, Deliberative Document 10

11 Working Draft – Internal VA Use Only Upcoming FY16 Contract Opportunities-OCS 6/16/2015 Working Draft, Pre-Decisional, Deliberative Document 11 Name of InvestmentDescription Big DataAnalyze VA Cyber Security data and develop an approach for establishing a VA cyber security “big data” program. Cyber Security TransformationAddress the oversight, execution, budgeting, programming, promotion, management and monitoring of cyber security activities across VA regions and facilities. VA’s cyber security program is a comprehensive department-wide initiative supporting VA’s multiple administrations and staff offices in cooperation with Federal Departments and Agencies (i.e., DHS, HHS, DoD). End Point Manager (Big Fix) MaintenanceField Office remediation; Information Security Continuous Monitoring (ISCM); premium support for Enterprise Management Foundation (EMF) Federated Data Repository (FDR), with dedicated resources and additional product licenses required, due to increased utilization of the BigFix and Cognos platforms integrating into multiple efforts. Policy SupportThe contractor shall provide assistance to the OCS and Security Technical Management Service (STMS) in revising, reviewing, and interpreting the operational, technical, and management controls required by VA’s information security program. The contractor shall provide support to translate and customize specific requirements related to the Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA), E- government Act, Freedom of Information Act (FOIA), Privacy Act, and other requirements for the VA environment.

12 Working Draft – Internal VA Use Only Field Security Service (FSS) Field Security Service (FSS) consists of VA Information Security Officers (ISOs) FSS ISOs are the “boots on the ground” security professionals - the face of information security for the Department. 6/16/2015 Working Draft, Pre-Decisional, Deliberative Document 12

13 Working Draft – Internal VA Use Only FSS Activities Manages VA-wide field based Information Security Officers (ISOs) Continuous Readiness in Information Security Program (CRISP) Compliance - Ensures the security and compliance of all VA information systems Medical Device Protection Program - Ensures medical devices used at VA medical centers are safeguarded against cyber security threats 6/16/2015 Working Draft, Pre-Decisional, Deliberative Document 13

14 Working Draft – Internal VA Use Only Upcoming FY16 Contract Opportunities-FSS 6/16/2015 Working Draft, Pre-Decisional, Deliberative Document 14 Name of InvestmentDescription FSS Program Management Support FSS requires project management expertise at the national and regional level. This expertise is critical to meeting the goals of OIS, CRISP, and remediating the VA OI&T material weakness.

15 Working Draft – Internal VA Use Only 6/16/2015 15 Working Draft, Pre-Decisional, Deliberative Document – Internal VA Use Only Works across OIS to integrate privacy considerations and requests for information, manage official records, and ensure that the confidentiality, integrity, and availability of VA sensitive information and information systems are protected Office Of Privacy and Records Management (OPRM)

16 Working Draft – Internal VA Use Only 6/16/2015 16 Working Draft, Pre-Decisional, Deliberative Document – Internal VA Use Only Freedom of Information Act (FOIA) Records Management Release of Names and Addresses (RONA) Controlled Unclassified Information (CUI) Electronic Recordkeeping Initiatives Social Security Number Reduction and Elimination Privacy and Security Events Tracking System (PSETS) Policy and Training Development Efforts Privacy Impact Assessments (PIA) Identity Theft Prevention and Detection OPRM Activities

17 Working Draft – Internal VA Use Only 6/16/2015 17 Working Draft, Pre-Decisional, Deliberative Document – Internal VA Use Only Name of InvestmentDescription Privacy Security Events TrackingPrivacy and Security Event Tracking System (PSETS) is used to record all privacy-related complaints and privacy/security incidents across VA. Privacy and Security event tracking is a component of the Department of Veterans Affairs (VA) Privacy Program, mandated in VA Directive 6502, VA Enterprise Privacy Program, and administered by the VA Office of Privacy and Records Management, Privacy Service. Upcoming FY16 Contract Opportunities-OPRM

18 Working Draft – Internal VA Use Only 6/16/2015 18 Working Draft, Pre-Decisional, Deliberative Document – Internal VA Use Only Protects VA information on a 24/7 basis by monitoring, responding to, and reporting cyber threats and vulnerabilities Network Security Operations Center (NSOC)

19 Working Draft – Internal VA Use Only 6/16/2015 19 Working Draft, Pre-Decisional, Deliberative Document – Internal VA Use Only Manages Remote Access to VA Provides Support to Wide Area Network (WAN) Monitors Trusted Internet Connection (TIC) Gateways NSOC Activities

20 Working Draft – Internal VA Use Only Upcoming FY16 Contract Opportunities-NSOC 6/16/2015 Working Draft, Pre-Decisional, Deliberative Document 20 Name of InvestmentDescription CFS Data Storage and RetentionProcure dedicated storage to allow for future expansion and enable to keep a 1-year retention of all logs and keep all evidence related to security incidents for at least 3 years per federal standards. Storage could be expanded later to accommodate future needs for the Cyber Forensics Team. RESCUE SMC [change MAC to SMC) Adaptive Security Appliances (ASAs) Procure the CA Service Desk Manager (SDM) modules required by the NSOC to leverage the benefits of a configuration management database (CMDB) as well as procure the professional services required to successfully install, configure and maintain the CA SDM CMDB tool. RightIT NowRenew of the current RightITNow ECM (Event Correlation Manager) subscription to enable IT operations staff to proactively detect, isolate and respond to infrastructure issues before they affect customers. RightITNow ECM also enables the creation and execution of automated workflows. SourceFire 3D IncreaseIncrease in funding to the current SourceFire 3D contract to include devices that are currently out of license and need renewing. Tenable Additional 400,000 Internet Protocols (IPs) Identifies all vulnerabilities and reports the findings to the appropriate system administrators for corrective action and up to management. Requesting an additional 400,000 IPs for usage to accommodate the network growth and expansion. Trusted Internet Connections (TIC) Gateway Application Firewall Refresh Increase in the capacity of the Firewall system in order to offload web browsing traffic to hardware systems. TIC Gateway Nexus Core Switches The TIC program supports VA 6500 Handbook by allowing for a robust core switching capability and network virtualization. The TIC must be able to scale to support up to 100Gbps (gigabits per second) of mixed IP traffic throughput to meet projected operational needs.

21 Working Draft – Internal VA Use Only Upcoming FY16 Contract Opportunities-NSOC 6/16/2015 Working Draft, Pre-Decisional, Deliberative Document 21 Name of InvestmentDescription TIC GSI Refresh Perform a technical refresh of our converged infrastructure, which combines network, storage and computer resources in to one area or resource pool where virtual machines can operate and process work. AppSec License_Support Procure AppDetective Pro is an database auditing tool to assess all Office of Inspector General (OIG) / Federal Information Security Management Act (FISMA) audit sites and to assess other databases as necessary. This tool will directly impact remediation of ongoing material weaknesses. Security Incident and Event Management (SIEM) Procure a centralized event and information correlation tool that can correlate information from disparate network and security management systems, and present it at various levels ranging from an basic monitoring and technical analysis dashboards to Executive Management Level Reports for legal and compliance reporting. Tenable Security Center 500 IPs Supports the enterprise scanning solution and Visibility to the Desktop, identifying all vulnerabilities and reporting the findings to the appropriate system administrators for corrective action and up to management. Tenable Security Center Supports the enterprise scanning solution and Visibility to the Desktop, identifying all vulnerabilities and reporting the findings to the appropriate system administrators for corrective action and up to management. TIC Gateway Storage Infrastructure Maintenance Support Provides VA with the maintenance and support to the infrastructure deployed for SIEM and SAN as well as updates and servicing to 430,000 endpoints VA-wide. Web Content Filtering Procure hardware and software to positively identify the VA active directory credentials of individuals accessing the Internet and positively link a user to logged access attempts. The solution must be able to record this information for use in investigations and disciplinary action where necessary.

22 Working Draft – Internal VA Use Only 6/16/2015 22 Working Draft, Pre-Decisional, Deliberative Document – Internal VA Use Only Cloud Services Patching Encryption Other Priorities and Focus Areas

23 Working Draft – Internal VA Use Only 6/16/2015 23 Working Draft, Pre-Decisional, Deliberative Document – Internal VA Use Only For more information about the Office of Information Security, contact: OISBusinessOffice@va.gov OISBusinessOffice@va.gov For information on doing business with VA, visit: http://www.va.gov/oal.business/dbwva.asp http://www.va.gov/oal.business/dbwva.asp Questions? Additional Information

Download ppt "Working Draft – Internal VA Use Only Technology Acquisition Center (TAC) Information Technology Advanced Planning Briefing for Industry 6/16/2015 Working."

Similar presentations

IT Asset Management Status Update 02/15/2010. 2 Agenda What is Asset Management and What It Is Not Scope of Asset Management Status of Key Efforts Associated.

IT Asset Management Status Update 02/15/ Agenda What is Asset Management and What It Is Not Scope of Asset Management Status of Key Efforts Associated.
Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)

Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
1 July 08, 2010 Information Security Officer Meeting.

1 July 08, 2010 Information Security Officer Meeting.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.

Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Similar presentations

Ads by Google