Your SlideShare is downloading. ×

Enterprise security management protection profiles an implementatiion plan final

169

Published on

Enterprise Security Management Protection Profiles: An Implementation Plan …

Enterprise Security Management Protection Profiles: An Implementation Plan

Brickman, J
CA Inc., Framingham, MA USA

Winterton, E
Booz | Allen | Hamilton Linthicum, MD USA


At the 9th ICCC, Eric Winterton and I presented a proposal to create a family of Protection Profiles (PP) covering Enterprise Security Management (ESM). Our proposal called for starting with a base PP using minimal requirements and building upon those functions for more complex functionality. We would use some existing PP’s and Security Targets as templates. The ultimate plan was to create a new family of PP’s for ESM. They would cover multiple Evaluation Assurance Levels for various needs of customers and vendors.
We have built a working group consisting of Booz Allen, most of the vendors who have ESM products, as well as full NIAP support. In this talk Mr. Brickman and Mr. Winterton will take the proposal down to the next level. We’ll walk through the various product types and their functions. We’ll describe the authoring and vetting process as well as the roll-out plan. Finally we will tie this proposal into NIAP’s strategy going forward. This new family of Protection Profiles would be used throughout industry including the U.S. Government DoD, IC, and Civil U.S. Markets. An outline of the process and strategy for collaboration with interested customer nations, and vendors to create these Protection Profiles will be provided. Booz Allen Hamilton, and the ESM vendor community are committed to devoting resources to make this proposed effort a success.

Organization: CA & Booz Allen Hamilton
BIO (1): Eric Winterton, CISSP, has over 21 years of direct experience in information assurance systems, security engineering, and security product testing. Mr. Winterton has been performing IA product assessments for the past 11 years and has performed as the Common Criteria Technical Director for the Booz Allen Hamilton CC lab for the past 5 years. He holds an undergraduate degree in computer science and a Master's Degree from Johns Hopkins University.
BIO (2): Joshua Brickman, Federal Certifications Program Manager at CA Inc, has led his company through the successful evaluation of Seven products through NIAP’s scheme of Common Criteria over the last three years. Prior to CA, Mr. Brickman worked in Program and Project Management at several software companies including PeopleSoft and Ceridian. He holds an undergraduate degree from Emerson College and a Masters in Management from Lesley College.
Title of Paper: Enterprise Management Solutions Protection Profiles: An Implementation Plan

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
169
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Enterprise Security Management Protection Profiles: An Implementation Plan September 2009 Eric Winterton, Booz | Allen| Hamilton Joshua Brickman, CA Inc.Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, servicesmarks and logos referenced herein belong to their respective companies.
  • 2. Agenda - Review - Enterprise Security Management—what are these products? - Categories - Methodology - Schedule - Communication Plan - Risks/Beta/Roll-out - How can you get involved (Participants)Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, servicesmarks and logos referenced herein belong to their respective companies. 2
  • 3. How did we got here? -2008 Proposal (Winterton/Brickman) -Approach -Consensus -All Participating CountriesCopyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, servicesmarks and logos referenced herein belong to their respective companies. 3
  • 4. Enterprise Security Management Identity Standardized Management logging Policy/Access Compliance Monitoring & & configuration responseCopyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, servicesmarks and logos referenced herein belong to their respective companies. 4
  • 5. What Products Make Up ESM? Identity Standardized Management Compliance Monitoring logging and and configuration response Policy/Access CA Identity CA GRC Manager CA Siteminder CA Auditor for z/OS CA Enterprise Log Manager Manager SC Operations SC Operations SC Operations SC Operations Manager, SC Manager, SC Manager & Manager* Configuration Configuration SC Essentials Manager & SC VMM Manager, SC Essentials Symantec Alteris Symantec CCS/FTK Symantec Alteris Symantec SSIM Symantec Alteris EMC RSA Access EMC RSA Envision EMC RSA Envision Manager Oracle Identity Oracle Enterprise Oracle Access Oracle Audit Vault Oracle Audit Vault Manager Manager Manager IBM Tivoli Identity IBM Tivoli IBM Tivoli Unified IBM Common Audit Manager Compliance Insight Single Sign-On , and Reporting Manager (TCIM) , Tivoli Security (CARS) & TCIM Security Policy Manager Information Event Manager (TSIEM) 5Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, servicesmarks and logos referenced herein belong to their respective companies.
  • 6. Approach Completed as of Sept 09 ID CC Establish Created Collected Start Gaps for Industry ESM Product Products ESM Team and Categories and Data Select Lab Develop Publish PP Define next Select Establish Global Draft for level of Use Protection High-level Develop PP Threat Public Cases Profile Spec for PP Analysis Comment Declare PP Publish PP No Verify (QA) Status Draft for PPs Publish PP on PP (Global Public Complete? Conference) Comment Yes StopCopyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, servicesmarks and logos referenced herein belong to their respective companies. 6
  • 7. Cause and Effect/FishboneCopyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, servicesmarks and logos referenced herein belong to their respective companies. 7
  • 8. Timeline so far - Sept 2008 Proposal - Received well at 9th ICCC--interest by multiple vendors, NIAP, consultants and other schemes - May 2009: NIAP pledges support for creation of the ESM PP’s. - May-Aug 2009: Concurrence of ESM product categories among Microsoft, IBM, EMC, Oracle Symantec, Ricoh, and CA Inc solidifiedCopyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, servicesmarks and logos referenced herein belong to their respective companies. 8
  • 9. Implementation PlanCopyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, servicesmarks and logos referenced herein belong to their respective companies. 9
  • 10. Communication Plan - Comment Periods - Posted on official sites - Allow for anyone to provide feedback - CCVF - ICCC and RSACopyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, servicesmarks and logos referenced herein belong to their respective companies. 10
  • 11. Participation to Date - You can be a part of this team - The more participants the better the qualityCopyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, servicesmarks and logos referenced herein belong to their respective companies. 11
  • 12. Joshua Brickman, PMPCA, Inc.Program Manager, Federal Certifications(508) 628-8917Joshua.Brickman@ca.com Q&A Eric Winterton, CISSP Booz | Allen | Hamilton CCTL Director (410) 684-6691 winterton_eric@bah.comCopyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, servicesmarks and logos referenced herein belong to their respective companies. 12
  • 13. Backup SlidesCopyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, servicesmarks and logos referenced herein belong to their respective companies. 13
  • 14. Impact to Effort MatrixCopyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, servicesmarks and logos referenced herein belong to their respective companies. 14
  • 15. All Products in ESMCopyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, servicesmarks and logos referenced herein belong to their respective companies. 15

×