Building the Next Generation ISAC-- A Blueprint for Success

244 views
152 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
244
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Building the Next Generation ISAC-- A Blueprint for Success

  1. 1. www.boozallen.com Booz Allen Hamilton is a leading provider of management consulting, technology, and engineering services to the US government in defense, intelligence, and civil markets, and to major corporations, institutions, and not-for-profit organizations. Booz Allen is headquartered in McLean, Virginia, employs approximately 23,000 people, and had revenue of $5.76 billion for the 12 months ended March 31, 2013. In 2014, Booz Allen celebrates its 100th anniversary year. To learn more, visit www.boozallen.com. (NYSE: BAH) About Booz Allen Hamilton Building the Next Generation ISAC—A Blueprint for Success Information Sharing as a Critical Asset Cyber-attacks have leveled the playing field for today’s businesses, encouraging industries to collaborate and share cybersecurity information. As threats evolve, companies rely on their peers and competitors to better understand common challenges presented in the evolving threat environment and to learn how they can work together to remediate and protect their critical infrastructure. To be more effective at both the business and industry level, Information Sharing and Analysis Centers (ISAC) have become key players in strengthening an industry’s resistance to and resilience after cyber-attacks. ISACs provide a trusted environment for members to share information during both steady-state and crisis operations and to decrease overall cybersecurity risk. At Booz Allen Hamilton, a leading strategy and technology consulting firm, our experience working on the most sophisticated national security threats has given us superior visibility into the landscape of emerging cyber challenges within both the government and commercial industry sectors. We work to fully understand your unique cybersecurity challenges and tailor solutions so that you can act decisively. Building an ISAC requires the acumen and knowledge in understanding a complex threat environment and the expertise in how to share critical information and navigate collaboration with both industry partners and government entities. Given our experience and record of success, we can apply a unique approach to building and growing ISACs across various critical infrastructures. Booz Allen’s ISAC Organizational Blueprint Experience shows us that there are foundational building blocks necessary to create successful information sharing and analysis organizations. Whether yours is a new ISAC or an existing ISAC looking to mature, the five key building blocks—Governance, Policy, Technology, For more information, contact Jim Koenig Principal koenig_james@bah.com 267-330-7822 Scott Walters Senior Associate walters_scott@bah.com 917-305-8011 Susan Maly Lead Associate maly_susan@bah.com 703-377-6448
  2. 2. Culture, and Economics—ensure the solid foundation required for successful implementation. We ask questions such as: • Policy: Who is eligible for membership? • Governance: How will the ISAC be governed and does it have a strong leader with the right industry and functional cybersecurity skills to oversee day-to-day operations? • Technology: What mechanisms exist to manage identities, authorize and authenticate users, and ensure confidentiality? • Culture: Has the ISAC created a trusted environment where members feel comfortable sharing information? • Economics: How will the ISAC be funded and measure success? We have seen these building blocks emerge via a five-phase process that engages key industry partners from inception to maturity. As ISACs mature, Booz Allen can provide support across three focus areas: management, operations, and infrastructure. Booz Allen recognizes the importance of an ISAC to: • Create a trusted environment to quickly detect or respond to threats before they affect your enterprise • Learn from others to decrease your overall risk, increase safety, and avoid revenue loss • Protect your reputation and serve as an industry leader out in front of attackers • Access pertinent information to avoid data overload and make timely decisions Client Success Stories • Startup Project Management: Booz Allen partnered with the oil and natural gas subsector to create an ISAC to strengthen the industry. • Cyber Threat Sharing: Booz Allen supported the Defense Information Systems Agency and DoD Chief Information Officer in the development, accreditation, and sustainment of the Defense Industrial Base Network Portal environment (DIBNet) to allow DIB companies and the U.S. Government to exchange cyber threat and incident information. • Enhancement Through Wargaming: Booz Allen joined forces with the financial services industry to conduct simulations and evaluate industry response to cybersecurity risks and incidents. ISAC FOCUS AREAS BOOZ ALLEN SUPPORT MANAGEMENT OPERATIONS INFRASTRUCTURE • Advisory services • Conference and webinar support • Member management • Cybersecurity roadmaps • Project management • ISAC start-up support • Staffing support • Subject matter expertise • Threat intelligence • Forensics & malware analysis • Simulations and exercises • Industry benchmarking • Vendor benchmarking • Onsite incident response and recovery support • Strategic communications • Development of secure web portals • Incident response plans and playbooks • System/firewall support • Intrusion detection and prevention • Industry best practices PHASE I Engage Partners PHASE II Mobilize ISAC Planning Team PHASE III Develop Concept of Operations PHASE IV Incorporate and Implement Operations PHASE V Mature the Organization 03.072.14

×