Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise Cybersecurity Strategy

Published byJunior Robertson Modified over 8 years ago

Similar presentations

Presentation on theme: "Enterprise Cybersecurity Strategy"— Presentation transcript:

1 Enterprise Cybersecurity Strategy
LaVerne H. Council Assistant Secretary for Information and Technology

2 Topics Creating an IT Organization that Supports Tomorrow’s VA Facing Our Challenges with TrAITs Closer Look: VA’s Enterprise Cybersecurity Strategy

3 OI&T’s Leadership is Moving VA into the Future

4 Facing Our Challenges with TrAITs
“It’s our mission that the Veteran will be the vocal initiator driving every project, every decision for OI&T”

5 Why TrAITs TrAITs remind us to ask:
How will the Veteran benefit from this piece of technology or this new decision? What benefit will this bring to a Veteran or their family?

6 Facing Our Challenges with TrAITs
Transparency

7 Facing Our Challenges with TrAITs
Innovation Teamwork

8 Closer Look: VA’s Cybersecurity Strategy
“VA continues to face significant challenges in complying with the requirements of FISMA due to the nature and maturity of its information security program.” - Office of Inspector General, Federal Information Security Management Act Audits

9 Cyber Strategy Summary
Today’s IT security organizations operate under tremendous threat Recent OPM attacks demonstrate significant risk to VA OI&T is leading the way with aggressive strategic planning and emphasis on Veteran-focused initiatives

10 Enterprise Cybersecurity Strategy Team
“Nothing in IT is more important than protecting VA data and the information entrusted to us by Veterans.” LaVerne Council, Assistant Secretary for Information and Technology and Chief Information Officer

11

12 Enterprise Cybersecurity Strategy Team

13 Governance, Program Management, and Risk Management
Key supporting disciplines for decision- making across VA within context of cybersecurity and privacy Balances needs of VA’s mission with protecting high value assets Includes continuous scanning of cybersecurity landscape to proactively position VA to address emerging threats Addresses risks, deficiencies, breaches, and lessons learned

14 Operations, Telecommunication, and Network Security
Key supporting disciplines for securing VA information, data, and computing assets Includes people, products, and procedures to ensure data confidentiality, integrity, availability, assured delivery, and auditability of VA systems Addresses network, platform, and data security

15 Application and Software Development
Disciplines needed to ensure applications used during provision of services to Veterans utilize the most secure practices for data storage, access, manipulation, and transmission Encompasses entire software lifecycle Software assurance, that is, the level of confidence VA software is free of vulnerabilities or defects that could lead to vulnerabilities, is a critical concern

16 Access Control (AC), Identification and Authentication (IA)
Disciplines for reducing likelihood and impact of security incidents AC combines authentication and authorization processes that allow access to VA networks, hardware computing devices, and applications IA verifies a user, process, or device through specific credentials such as passwords, tokens, and biometrics as a prerequisite for granting access to system resources

17 Medical Cyber Focuses on devices not traditionally considered IT that can be networked or accessed electronically Must be protected from exploitation and from becoming operable vectors for cyberattacks as they collect and transmit PII and PHI Includes medical devices and “cyber physical” systems with similar electronic characteristics, such as HVAC and elevator systems

18 Security Architecture
Key supporting disciplines for developing an enterprise information security architecture Supports business optimization Includes design and engineering skills needed to fully integrate security into VA’s overall business, applications, and IT systems architecture

19 Privacy Policy and legislatively driven requirements for PII and PHI Focused on implementing the “Best Practices: Elements of a Federal Privacy Program,” published by the Federal CIO Privacy Committee

20 Cybersecurity Training and Human Capital
Hiring practices and skills maturation needed to create a workforce steeped in a culture of cybersecurity to proactively protect all data and information of the Veterans we serve

21 Enterprise Cybersecurity Strategy Team
ECST will construct an accountable, actionable, near-, mid-, and long-range cybersecurity strategic plan that continuously considers and adapts to the newest technologies to secure VA’s IT enterprise. Identifying and addressing: Strengths Weakness Resources Constraints Capabilities, Drivers, Known and unknown threats

22 Questions?

Download ppt "Enterprise Cybersecurity Strategy"

Similar presentations

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Cyber Security R&D Challenges: A Homeland Security Perspective Simon Szykman, Ph.D. Director, Cyber Security R&D 202-254-5802.

Cyber Security R&D Challenges: A Homeland Security Perspective Simon Szykman, Ph.D. Director, Cyber Security R&D
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Security Controls – What Works

Security Controls – What Works
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.

NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
The topics addressed in this briefing include:

The topics addressed in this briefing include:
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Information Technology Audit

Information Technology Audit
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Similar presentations

Ads by Google