0
Streamline Federal Security Compliance2:10 p.m. -2:50 p.m.Speakers include:• Jill Vaughan, CISO & Director of Information ...
Streamline Federal Security ComplianceModerator: Michael Paishon, IBM AVP/SME for US Department of JusticeDavid Otto, ITSC...
Opening Thoughts “Continuous monitoring is the backbone of true security.” - Vivek Kundra, former Federal Chief Informatio...
Federal Mandates and Requirements FISMA (NIST) Continuous Monitoring (OMB/DHS) Continuous monitoring definition   Inform...
Framework of discussion Challenges with functionalizing continuous monitoring   Organizational   Technical   Reaching the...
Jill Vaughan                       Jean Delices    , CISO, Director of                ELMS Team Lead, DOJ    Information A...
For Additional Information Visit the Agile Summit Solution  Center for demonstrations of these  capabilities. Ask an IBM...
Thank You !              8
Reference Slides                   9
Continuous Monitoring Capability Maturity                            Add Essential   Develop                            Mo...
Continuous Monitoring ConceptsThe Big Idea:•Data feeds are aggregated andrisk-analyzed up.•Strategies and policies areissu...
Continuous Monitoring and AutomationWhen possible, organizations look for automated solutions to lower costs, enhanceeffic...
Maturity in Functional Terms                               13
Upcoming SlideShare
Loading in...5
×

Streamline Federal Security Compliance

1,060

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,060
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Streamline Federal Security Compliance"

  1. 1. Streamline Federal Security Compliance2:10 p.m. -2:50 p.m.Speakers include:• Jill Vaughan, CISO & Director of Information Assurance and Cybersecurity, TSA, DHS• David Otto, ITSC Configuration Management Team Manager, DOJ• Jean Delices, Endpoint Lifecycle Management System Program Manager, DOJ• Mike Paishon, IBM BigFix Technical Program Account Manager, IBM
  2. 2. Streamline Federal Security ComplianceModerator: Michael Paishon, IBM AVP/SME for US Department of JusticeDavid Otto, ITSC Configuration Management Team Manager, DOJJill Vaughan, CISO, Director of Information Assurance and Cyber Security, TSAJean Delices, Endpoint Lifecycle Management System Program Manager, DOJ
  3. 3. Opening Thoughts “Continuous monitoring is the backbone of true security.” - Vivek Kundra, former Federal Chief Information Officer, OMB “If you can’t measure it, you can’t manage it.” - Dr. W. Edwards Deming 3
  4. 4. Federal Mandates and Requirements FISMA (NIST) Continuous Monitoring (OMB/DHS) Continuous monitoring definition Information security continuous monitoring is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. The objective is to conduct ongoing monitoring of the security of an organization’s networks, information, and systems, and respond by accepting, avoiding/rejecting, transferring/sharing, or mitigating risk as situations change. NIST SP 800-137 – Initial Public Draft 4
  5. 5. Framework of discussion Challenges with functionalizing continuous monitoring Organizational Technical Reaching the “edge” of the network (Mobile) Streamlining the approach Identifying areas for improvement Measuring vs. Securing Evolving the approach Stationary security is inadequate security Security Compliance Vs Active Security 5
  6. 6. Jill Vaughan Jean Delices , CISO, Director of ELMS Team Lead, DOJ Information Assurance and Cyber Security, TSA Q&A with Michael Paishon David Otto IBM AVPSME ,DOJ ITSC Configuration Management Team Manager, DOJ 66
  7. 7. For Additional Information Visit the Agile Summit Solution Center for demonstrations of these capabilities. Ask an IBM Ambassador for additional information (case study, white paper, solution brief, etc.) related to the content shared during this session. For a follow up discussion, complete the IBM Response Card on the table in front of you. 7
  8. 8. Thank You ! 8
  9. 9. Reference Slides 9
  10. 10. Continuous Monitoring Capability Maturity Add Essential Develop Monitoring Timeliness, Continuous Operational Control-induced and Controls Accuracy, Monitoring Supports Security Coverage x Response --- Maintain, and ImproveCapability-induced Security Security Capability-induced Security Evolution 1 Evolution 2 Evolution 3 Goal Cable Programming Content Metric Type Checklist Capability Metric CAG Operational Metric Monitoring Metric• Priorities identified Based on material developed by Kim Watson, NSA• Baselines established• Measures available 10
  11. 11. Continuous Monitoring ConceptsThe Big Idea:•Data feeds are aggregated andrisk-analyzed up.•Strategies and policies areissued down.•Stove pipes are eliminated.•Reporting is automated. 11
  12. 12. Continuous Monitoring and AutomationWhen possible, organizations look for automated solutions to lower costs, enhanceefficiency, and improve the reliability of monitoring security-related information.Security is implemented through a combination of people, processes and technology.The automation of IT security deals primarily with automating aspects of security thatrequire little human interaction. This includes items such as verifying technical settingson individual network endpoints, or ensuring that the software on a machine is up todate with organizational policy. This automation serves to augment the securityprocesses conducted by security professionals within an organization. NIST SP 800-137 pp. 15 – Initial Public Draft 12 6
  13. 13. Maturity in Functional Terms 13
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×