Security Strategies and Standards to Secure Cyberspace Presented to ATIC State of Arizona
Strategies for Enterprise Architecture (EA) <ul><li>EA is comprised of a variety of processes and  </li></ul><ul><li>metho...
Critical Strategies to Secure Cyberspace <ul><li>Securing Cyberspace:  Statewide policies, standards, and best practices f...
Critical Strategies to Secure Cyberspace <ul><li>Security Response System: </li></ul><ul><li>The State’s Security Response...
Critical Strategies to Secure Cyberspace <ul><li>Threat and Vulnerability Reduction Program:   </li></ul><ul><li>The State...
Critical Strategies to Secure Cyberspace <ul><li>Security Awareness and Training Program: </li></ul><ul><li>The State has ...
Critical Strategies to Secure Cyberspace <ul><li>AZ Homeland Security  (projected strategies) </li></ul><ul><ul><li>Border...
Critical Strategies to Secure Cyberspace <ul><li>Securing Cyberspace: </li></ul><ul><li>P800 IT Security Policy – “State a...
S830 – Network Security Standard <ul><li>4. STANDARD </li></ul><ul><li>The following network security standards provide mi...
<ul><li>Education, awareness, and attention to securing cyberspace. </li></ul><ul><li>Agreeable performance measures for s...
<ul><li>Continue to identify and document security gaps with respect to Enterprise Architecture targets. </li></ul><ul><li...
Critical Strategies to Secure Cyberspace Network Architecture Security Architecture Platform Architecture Software Archite...
Critical Strategies to Secure Cyberspace Securing Cyberspace is as strong as its weakest link! Firewall Protection Detecti...
Upcoming SlideShare
Loading in …5
×

.ppt

1,221 views

Published on

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,221
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

.ppt

  1. 1. Security Strategies and Standards to Secure Cyberspace Presented to ATIC State of Arizona
  2. 2. Strategies for Enterprise Architecture (EA) <ul><li>EA is comprised of a variety of processes and </li></ul><ul><li>methods among various organizations and divisions </li></ul><ul><li>within state government to facilitate the following: </li></ul><ul><li>Efficiencies and effectiveness in government </li></ul><ul><li>Improve Interoperability </li></ul><ul><li>Improve Data Collection and Quality </li></ul><ul><li>Improve Public Access </li></ul><ul><li>Secure Cyber Assets </li></ul><ul><li>Cross Agency Business </li></ul><ul><li>Requirements </li></ul><ul><li>Strives toward a Statewide IT Product </li></ul><ul><li>Portfolio of open systems architecture. </li></ul><ul><li>Economies of Scale </li></ul>htttp://www.azgita.gov/enterprise_architecture
  3. 3. Critical Strategies to Secure Cyberspace <ul><li>Securing Cyberspace: Statewide policies, standards, and best practices for securing networks, platforms, software, and data/ information. </li></ul><ul><li>Security Response System: Resources for emergency response in the event of cyber crimes and terrorism. </li></ul><ul><li>Threat and Vulnerability Reduction Program: An assessment of state assets and associated risks/readiness. </li></ul><ul><li>Security Awareness & Training : State agency and employee programs. </li></ul><ul><li>AZ Homeland Security: Intelligence gathering; threat analysis; IT infrastructure protection; tele-communications and cyber-security. </li></ul>
  4. 4. Critical Strategies to Secure Cyberspace <ul><li>Security Response System: </li></ul><ul><li>The State’s Security Response Team consists of DPS, </li></ul><ul><li>ADOA/ISD/Security and the Office of the Attorney </li></ul><ul><li>General. </li></ul><ul><ul><li>DPS – Enforcement investigation, forensics and arresting support. </li></ul></ul><ul><ul><li>ADOA/ISD/Security – Assists with Virus/Intrusion detection, resolution and recovery. </li></ul></ul><ul><ul><li>Office of the Attorney General – Enforcement investigation, forensics and prosecutorial support. </li></ul></ul>Security Response System
  5. 5. Critical Strategies to Secure Cyberspace <ul><li>Threat and Vulnerability Reduction Program: </li></ul><ul><li>The State has established an IT Vulnerability Assessment </li></ul><ul><li>Program conducted annually with state agencies. Examines </li></ul><ul><li>twenty-one categories of risk. </li></ul><ul><li>Standards </li></ul><ul><li>Risk Mgmt </li></ul><ul><li>Account Mgmt </li></ul><ul><li>Configuration Mgmt </li></ul><ul><li>Authentication </li></ul><ul><li>Session Controls </li></ul><ul><li>Network Security </li></ul><ul><li>Modems </li></ul><ul><li>Encryption </li></ul><ul><li>System Admin </li></ul><ul><li>Incident Response </li></ul><ul><li>Auditing </li></ul><ul><li>Virus Protection </li></ul><ul><li>Business Continuity/Disaster Recovery </li></ul><ul><li>Backups </li></ul><ul><li>Maintenance </li></ul><ul><li>Labeling </li></ul><ul><li>Media Sanitizing/ Disposal </li></ul><ul><li>Physical Security </li></ul><ul><li>Personnel Security </li></ul><ul><li>Training & Awareness </li></ul>
  6. 6. Critical Strategies to Secure Cyberspace <ul><li>Security Awareness and Training Program: </li></ul><ul><li>The State has established a Statewide Infrastructure Protection </li></ul><ul><li>Center (SIPC) for virus/intrusion alerts and incident reporting </li></ul><ul><li>under the direction of ADOA/ISD Security. </li></ul><ul><li>Value-added threat advisories, alerts and warnings for state agencies who become SIPC members. </li></ul><ul><li>Agencies report actual or attempted illegal intrusions and disruptions through incident reporting. </li></ul><ul><li>Will provide intrusion/threat reporting to the AZ Homeland Security office, DPS and AG’s for investigation, forensics, and prosecutorial activities. </li></ul><ul><li>Provide SIPC members a forum for education and training on vulnerabilities and protection measures. </li></ul><ul><li>Membership information for SIPC: www.security.state.az.us </li></ul>
  7. 7. Critical Strategies to Secure Cyberspace <ul><li>AZ Homeland Security (projected strategies) </li></ul><ul><ul><li>Border and Transportation Security </li></ul></ul><ul><ul><li>Emergency Preparedness and Response </li></ul></ul><ul><ul><li>Chemical, Biological, Radiological and Nuclear Countermeasures </li></ul></ul><ul><ul><li>Information Analysis and Infrastructure Protection; telecommunications and cyber security </li></ul></ul><ul><ul><li>Cities, Counties, Local Governments and Private Sector Coordination </li></ul></ul><ul><ul><li>Federal Homeland Security and the Homeland Security Council </li></ul></ul>
  8. 8. Critical Strategies to Secure Cyberspace <ul><li>Securing Cyberspace: </li></ul><ul><li>P800 IT Security Policy – “State agencies shall adopt a minimum </li></ul><ul><li>set of security standards as identified in this policy to safeguard </li></ul><ul><li>and protect the distributed nature of today’s technology.” </li></ul>S805 – Risk Management Standard S810 – Account Management Standard S815 – Configuration Management Standard S820 – Authentication and Directory Services S825 – Session Controls Standard S830 – Network Security Standard S850 – Encryption Technology Standard S855 – Incident Response and Reporting Standard S860 – Virus & Malicious Code Protection Standard S865 – Business Continuity/Disaster Recovery Standard S870 – Backups Standard S875 – Maintenance Standard S880 – Media Sanitizing/Disposal Standard S885 – Physical Security Standard S890 – Personnel Security Standard S895 – Security Training and Awareness Standard
  9. 9. S830 – Network Security Standard <ul><li>4. STANDARD </li></ul><ul><li>The following network security standards provide minimum requirements </li></ul><ul><li>for providing secure and seamless Interconnection of communications </li></ul><ul><li>networks and systems while protecting the State’s computing resources </li></ul><ul><li>and information. Multi-layered protection shall be deployed at the </li></ul><ul><li>Internet gateway, the network server, and the desktop levels to prevent </li></ul><ul><li>introduction of malicious code or unauthorized access into the State’s </li></ul><ul><li>information systems. </li></ul>4.1 Firewall Technology 4.2 Access to Internetworking Devices and Shared Platforms 4.3 Demilitarized Zone 4.4 External Connection to Networks 4.5 Wireless Network Access 4.6 Intrusion Detection 4.7 Vulnerability Scanning
  10. 10. <ul><li>Education, awareness, and attention to securing cyberspace. </li></ul><ul><li>Agreeable performance measures for securing cyberspace. </li></ul><ul><li>Detect, report, and share information on intrusions and vulnerabilities with SIPC. </li></ul><ul><li>Statewide IT contracts provide security products and services as required by EA standards for state agencies. </li></ul>Implementation Priorities to Secure Cyberspace Statewide Executive Management
  11. 11. <ul><li>Continue to identify and document security gaps with respect to Enterprise Architecture targets. </li></ul><ul><li>Submit security gaps for project approval and funding through the State’s PIJ process. </li></ul><ul><li>Agency and appropriated funding to integrate security deliverables into capital planning as an investment. </li></ul><ul><li>Continuously assess cyber threats and vulnerabilities and risks they pose to agency operations and other organizations. </li></ul><ul><li>Implement security controls and remediation efforts to reduce and manage such risks. </li></ul>Implementation Priorities to Secure Cyberspace State Agencies
  12. 12. Critical Strategies to Secure Cyberspace Network Architecture Security Architecture Platform Architecture Software Architecture Data/Info Architecture E-Government Arizona Markets Health Transportation Social Services Criminal Justice Labor/Employment Cities, Counties, Local & Federal Government, Private Sector, Communities of Interest Citizens Markets Public Safety Revenue Administration Environmental Education Licensing
  13. 13. Critical Strategies to Secure Cyberspace Securing Cyberspace is as strong as its weakest link! Firewall Protection Detection & Scanning DMZ & VPN Arizona Agencies You’re crossing the line buddy! I know it was you! I use firewall technology at the gateway and desktop! http://www.azgita.gov/security or www.security.state.az.us

×