Your SlideShare is downloading. ×
0
.ppt
.ppt
.ppt
.ppt
.ppt
.ppt
.ppt
.ppt
.ppt
.ppt
.ppt
.ppt
.ppt
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

.ppt

1,038

Published on

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,038
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Security Strategies and Standards to Secure Cyberspace Presented to ATIC State of Arizona
  • 2. Strategies for Enterprise Architecture (EA) <ul><li>EA is comprised of a variety of processes and </li></ul><ul><li>methods among various organizations and divisions </li></ul><ul><li>within state government to facilitate the following: </li></ul><ul><li>Efficiencies and effectiveness in government </li></ul><ul><li>Improve Interoperability </li></ul><ul><li>Improve Data Collection and Quality </li></ul><ul><li>Improve Public Access </li></ul><ul><li>Secure Cyber Assets </li></ul><ul><li>Cross Agency Business </li></ul><ul><li>Requirements </li></ul><ul><li>Strives toward a Statewide IT Product </li></ul><ul><li>Portfolio of open systems architecture. </li></ul><ul><li>Economies of Scale </li></ul>htttp://www.azgita.gov/enterprise_architecture
  • 3. Critical Strategies to Secure Cyberspace <ul><li>Securing Cyberspace: Statewide policies, standards, and best practices for securing networks, platforms, software, and data/ information. </li></ul><ul><li>Security Response System: Resources for emergency response in the event of cyber crimes and terrorism. </li></ul><ul><li>Threat and Vulnerability Reduction Program: An assessment of state assets and associated risks/readiness. </li></ul><ul><li>Security Awareness &amp; Training : State agency and employee programs. </li></ul><ul><li>AZ Homeland Security: Intelligence gathering; threat analysis; IT infrastructure protection; tele-communications and cyber-security. </li></ul>
  • 4. Critical Strategies to Secure Cyberspace <ul><li>Security Response System: </li></ul><ul><li>The State’s Security Response Team consists of DPS, </li></ul><ul><li>ADOA/ISD/Security and the Office of the Attorney </li></ul><ul><li>General. </li></ul><ul><ul><li>DPS – Enforcement investigation, forensics and arresting support. </li></ul></ul><ul><ul><li>ADOA/ISD/Security – Assists with Virus/Intrusion detection, resolution and recovery. </li></ul></ul><ul><ul><li>Office of the Attorney General – Enforcement investigation, forensics and prosecutorial support. </li></ul></ul>Security Response System
  • 5. Critical Strategies to Secure Cyberspace <ul><li>Threat and Vulnerability Reduction Program: </li></ul><ul><li>The State has established an IT Vulnerability Assessment </li></ul><ul><li>Program conducted annually with state agencies. Examines </li></ul><ul><li>twenty-one categories of risk. </li></ul><ul><li>Standards </li></ul><ul><li>Risk Mgmt </li></ul><ul><li>Account Mgmt </li></ul><ul><li>Configuration Mgmt </li></ul><ul><li>Authentication </li></ul><ul><li>Session Controls </li></ul><ul><li>Network Security </li></ul><ul><li>Modems </li></ul><ul><li>Encryption </li></ul><ul><li>System Admin </li></ul><ul><li>Incident Response </li></ul><ul><li>Auditing </li></ul><ul><li>Virus Protection </li></ul><ul><li>Business Continuity/Disaster Recovery </li></ul><ul><li>Backups </li></ul><ul><li>Maintenance </li></ul><ul><li>Labeling </li></ul><ul><li>Media Sanitizing/ Disposal </li></ul><ul><li>Physical Security </li></ul><ul><li>Personnel Security </li></ul><ul><li>Training &amp; Awareness </li></ul>
  • 6. Critical Strategies to Secure Cyberspace <ul><li>Security Awareness and Training Program: </li></ul><ul><li>The State has established a Statewide Infrastructure Protection </li></ul><ul><li>Center (SIPC) for virus/intrusion alerts and incident reporting </li></ul><ul><li>under the direction of ADOA/ISD Security. </li></ul><ul><li>Value-added threat advisories, alerts and warnings for state agencies who become SIPC members. </li></ul><ul><li>Agencies report actual or attempted illegal intrusions and disruptions through incident reporting. </li></ul><ul><li>Will provide intrusion/threat reporting to the AZ Homeland Security office, DPS and AG’s for investigation, forensics, and prosecutorial activities. </li></ul><ul><li>Provide SIPC members a forum for education and training on vulnerabilities and protection measures. </li></ul><ul><li>Membership information for SIPC: www.security.state.az.us </li></ul>
  • 7. Critical Strategies to Secure Cyberspace <ul><li>AZ Homeland Security (projected strategies) </li></ul><ul><ul><li>Border and Transportation Security </li></ul></ul><ul><ul><li>Emergency Preparedness and Response </li></ul></ul><ul><ul><li>Chemical, Biological, Radiological and Nuclear Countermeasures </li></ul></ul><ul><ul><li>Information Analysis and Infrastructure Protection; telecommunications and cyber security </li></ul></ul><ul><ul><li>Cities, Counties, Local Governments and Private Sector Coordination </li></ul></ul><ul><ul><li>Federal Homeland Security and the Homeland Security Council </li></ul></ul>
  • 8. Critical Strategies to Secure Cyberspace <ul><li>Securing Cyberspace: </li></ul><ul><li>P800 IT Security Policy – “State agencies shall adopt a minimum </li></ul><ul><li>set of security standards as identified in this policy to safeguard </li></ul><ul><li>and protect the distributed nature of today’s technology.” </li></ul>S805 – Risk Management Standard S810 – Account Management Standard S815 – Configuration Management Standard S820 – Authentication and Directory Services S825 – Session Controls Standard S830 – Network Security Standard S850 – Encryption Technology Standard S855 – Incident Response and Reporting Standard S860 – Virus &amp; Malicious Code Protection Standard S865 – Business Continuity/Disaster Recovery Standard S870 – Backups Standard S875 – Maintenance Standard S880 – Media Sanitizing/Disposal Standard S885 – Physical Security Standard S890 – Personnel Security Standard S895 – Security Training and Awareness Standard
  • 9. S830 – Network Security Standard <ul><li>4. STANDARD </li></ul><ul><li>The following network security standards provide minimum requirements </li></ul><ul><li>for providing secure and seamless Interconnection of communications </li></ul><ul><li>networks and systems while protecting the State’s computing resources </li></ul><ul><li>and information. Multi-layered protection shall be deployed at the </li></ul><ul><li>Internet gateway, the network server, and the desktop levels to prevent </li></ul><ul><li>introduction of malicious code or unauthorized access into the State’s </li></ul><ul><li>information systems. </li></ul>4.1 Firewall Technology 4.2 Access to Internetworking Devices and Shared Platforms 4.3 Demilitarized Zone 4.4 External Connection to Networks 4.5 Wireless Network Access 4.6 Intrusion Detection 4.7 Vulnerability Scanning
  • 10. <ul><li>Education, awareness, and attention to securing cyberspace. </li></ul><ul><li>Agreeable performance measures for securing cyberspace. </li></ul><ul><li>Detect, report, and share information on intrusions and vulnerabilities with SIPC. </li></ul><ul><li>Statewide IT contracts provide security products and services as required by EA standards for state agencies. </li></ul>Implementation Priorities to Secure Cyberspace Statewide Executive Management
  • 11. <ul><li>Continue to identify and document security gaps with respect to Enterprise Architecture targets. </li></ul><ul><li>Submit security gaps for project approval and funding through the State’s PIJ process. </li></ul><ul><li>Agency and appropriated funding to integrate security deliverables into capital planning as an investment. </li></ul><ul><li>Continuously assess cyber threats and vulnerabilities and risks they pose to agency operations and other organizations. </li></ul><ul><li>Implement security controls and remediation efforts to reduce and manage such risks. </li></ul>Implementation Priorities to Secure Cyberspace State Agencies
  • 12. Critical Strategies to Secure Cyberspace Network Architecture Security Architecture Platform Architecture Software Architecture Data/Info Architecture E-Government Arizona Markets Health Transportation Social Services Criminal Justice Labor/Employment Cities, Counties, Local &amp; Federal Government, Private Sector, Communities of Interest Citizens Markets Public Safety Revenue Administration Environmental Education Licensing
  • 13. Critical Strategies to Secure Cyberspace Securing Cyberspace is as strong as its weakest link! Firewall Protection Detection &amp; Scanning DMZ &amp; VPN Arizona Agencies You’re crossing the line buddy! I know it was you! I use firewall technology at the gateway and desktop! http://www.azgita.gov/security or www.security.state.az.us

×