Massively Scaled Security Solutions for Massively Scaled IT:SecTor 09

•Download as PPT, PDF•

1 like•897 views

The US Federal Government is the world's largest consumer of IT products and, by extension, one of the largest consumers of IT security products and services. This talk covers some of the problems with security on such a massive scale; how and why some technical, operational, and managerial solutions are working or not working; and how these lessons can be applied to smaller-scale security environments.

Michael Smith, SecTor 2009 Massively Scaled Security Solutions for Massively Scaled IT

Who is Michael Smith? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

$75B IT Budget That’s a lot of green stuff! Photo by The Lizard Queen

Caveat! ,[object Object]

Federal Information Security Management Act ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],§ 3544(a) § 3544(b) §§ 3544(c), 3545 (e) §§ 3544(c), 3545 (e)

The Standard Approach ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Certification and Accreditation: IT Security in the SDLC --NIST SP 800-64

HSPD-12 ,[object Object],[object Object],[object Object],[object Object]

Federal Desktop Core Configuration—FDCC ,[object Object],[object Object],[object Object],[object Object],[object Object]

Security Control Automation Protocol—SCAP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Trusted Internet Connections—TIC ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

EINSTEIN ,[object Object],[object Object],[object Object],[object Object]

Standard Convergence ,[object Object],[object Object],[object Object],[object Object]

“ Azimuth Check” ,[object Object],[object Object],[object Object],[object Object],[object Object]

My View of the World ,[object Object],[object Object]

Existing Models of Management ,[object Object]

United Nations Photo by Wikimedia

Public Accounting Photo by Wikimedia

Fast Food Franchises Photo by ebruli

Bolshevism Photo by Wikimedia

Stalingrad Photo by Wikimedia

Counterinsurgency/ LIC/OOTW/SASO Photo by rybolov

Observations and Truthinesses ,[object Object],[object Object],[object Object],[object Object]

The Models Begat More Questions… ,[object Object],[object Object],[object Object],[object Object]

The Cybertastic Future: Management ,[object Object],[object Object],[object Object],[object Object]

The Cybertastic Future: Process ,[object Object],[object Object],[object Object]

The Cybertastic Future: Vendors ,[object Object],[object Object],[object Object],[object Object]

[object Object],[object Object],[object Object]

More Related Content

What's hot

Trends Affecting the Future of Cybersecurity

Trends Affecting the Future of Cybersecurity

Trends Affecting the Future of CybersecurityMason Bird

Proactive cyber defence through adversary emulation for improving your securi...

Proactive cyber defence through adversary emulation for improving your securi...

Proactive cyber defence through adversary emulation for improving your securi...idsecconf

SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL

SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL

SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELIJCSEIT Journal

edgescan vulnerability stats report (2019)

edgescan vulnerability stats report (2019)

edgescan vulnerability stats report (2019) Eoin Keary

Bit defender ebook_secmonitor_print

Bit defender ebook_secmonitor_print

Bit defender ebook_secmonitor_printjames morris

Security Architecture for Cyber Physical Systems

Security Architecture for Cyber Physical Systems

Security Architecture for Cyber Physical SystemsAlan Tatourian

Computer Security Incident Handling Guide

Computer Security Incident Handling Guide

Computer Security Incident Handling GuideMuhammad FAHAD

Application Security

Application Security

Application SecurityMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master

Cybersecurity Skills Audit

Cybersecurity Skills Audit

Cybersecurity Skills AuditVilius Benetis

How to improve endpoint security on a SMB budget

How to improve endpoint security on a SMB budget

How to improve endpoint security on a SMB budgetLumension

Securing the Cloud by Matthew Rosenquist 2016

Securing the Cloud by Matthew Rosenquist 2016

Securing the Cloud by Matthew Rosenquist 2016Matthew Rosenquist

System Security Threats and Risks)

System Security Threats and Risks)

System Security Threats and Risks)BPalmer13

02.security systems

02.security systems

02.security systemsSri Lanka Institute of Information Technology

Cyber Security vs.pdf

Cyber Security vs.pdf

Cyber Security vs.pdfMing Man Chan

Epic Sales Presentation

Epic Sales Presentation

Epic Sales Presentationdpsmith1968

How can we predict vulnerabilities to prevent them from causing data losses

How can we predict vulnerabilities to prevent them from causing data losses

How can we predict vulnerabilities to prevent them from causing data lossesAbhishek BV

Five Essential Enterprise Architecture Practices to Create the Security-Aware...

Five Essential Enterprise Architecture Practices to Create the Security-Aware...

Five Essential Enterprise Architecture Practices to Create the Security-Aware...UBM_Design_Central

SecureDhani Ahmad

What's hot (19)

Trends Affecting the Future of Cybersecurity

Trends Affecting the Future of Cybersecurity

Trends Affecting the Future of Cybersecurity

Proactive cyber defence through adversary emulation for improving your securi...

Proactive cyber defence through adversary emulation for improving your securi...

Proactive cyber defence through adversary emulation for improving your securi...

SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL

SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL

SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL

edgescan vulnerability stats report (2019)

edgescan vulnerability stats report (2019)

edgescan vulnerability stats report (2019)

Paper4

Bit defender ebook_secmonitor_print

Bit defender ebook_secmonitor_print

Bit defender ebook_secmonitor_print

Security Architecture for Cyber Physical Systems

Security Architecture for Cyber Physical Systems

Security Architecture for Cyber Physical Systems

Computer Security Incident Handling Guide

Computer Security Incident Handling Guide

Computer Security Incident Handling Guide

Application Security

Application Security

Application Security

Cybersecurity Skills Audit

Cybersecurity Skills Audit

Cybersecurity Skills Audit

How to improve endpoint security on a SMB budget

How to improve endpoint security on a SMB budget

How to improve endpoint security on a SMB budget

Securing the Cloud by Matthew Rosenquist 2016

Securing the Cloud by Matthew Rosenquist 2016

Securing the Cloud by Matthew Rosenquist 2016

System Security Threats and Risks)

System Security Threats and Risks)

System Security Threats and Risks)

02.security systems

02.security systems

02.security systems

Cyber Security vs.pdf

Cyber Security vs.pdf

Cyber Security vs.pdf

Epic Sales Presentation

Epic Sales Presentation

Epic Sales Presentation

How can we predict vulnerabilities to prevent them from causing data losses

How can we predict vulnerabilities to prevent them from causing data losses

How can we predict vulnerabilities to prevent them from causing data losses

Five Essential Enterprise Architecture Practices to Create the Security-Aware...

Five Essential Enterprise Architecture Practices to Create the Security-Aware...

Five Essential Enterprise Architecture Practices to Create the Security-Aware...

Secure

Similar to Massively Scaled Security Solutions for Massively Scaled IT:SecTor 09

2008: Web Application Security Tutorial

2008: Web Application Security Tutorial

2008: Web Application Security TutorialNeil Matatall

Afcea it security course 2015 flyer

Afcea it security course 2015 flyer

Afcea it security course 2015 flyerClaude Gelinas

CISSPCertified Information SystemsSecurity ProfessionalCop.docx

CISSPCertified Information SystemsSecurity ProfessionalCop.docx

CISSPCertified Information SystemsSecurity ProfessionalCop.docxmccormicknadine86

CISSPCertified Information SystemsSecurity ProfessionalCop.docx

CISSPCertified Information SystemsSecurity ProfessionalCop.docx

CISSPCertified Information SystemsSecurity ProfessionalCop.docxsleeperharwell

Lessons Learned from Implementing the Cybersecurity Capacity Maturity Model f...

Lessons Learned from Implementing the Cybersecurity Capacity Maturity Model f...

Lessons Learned from Implementing the Cybersecurity Capacity Maturity Model f...Carolin Weisser

Strategic HRM Plan Grading GuideHRM498 Version 42.docx

Strategic HRM Plan Grading GuideHRM498 Version 42.docx

Strategic HRM Plan Grading GuideHRM498 Version 42.docxflorriezhamphrey3065

Information security[277]

Information security[277]

Information security[277]Timothy Warren

MEDSmielmarketing

Application Threat Modeling In Risk Management

Application Threat Modeling In Risk Management

Application Threat Modeling In Risk ManagementMel Drews

NIST Critical Security Framework (CSF)

NIST Critical Security Framework (CSF)

NIST Critical Security Framework (CSF) Priyanka Aash

Federal IT Initiatives - BDPA Conference Executive Panel

Federal IT Initiatives - BDPA Conference Executive Panel

Federal IT Initiatives - BDPA Conference Executive PanelBDPA Education and Technology Foundation

Exploration Draft Document- CEM Machine Learning & AI Project 2018

Exploration Draft Document- CEM Machine Learning & AI Project 2018

Exploration Draft Document- CEM Machine Learning & AI Project 2018Leslie McFarlin

Presentation to GFCE 2019 in Addis Ababa, Ethiopia

Presentation to GFCE 2019 in Addis Ababa, Ethiopia

Presentation to GFCE 2019 in Addis Ababa, EthiopiaOxford Martin Centre, OII, and Computer Science at the University of Oxford

The Federal Information Security Management Act

The Federal Information Security Management Act

The Federal Information Security Management ActMichelle Singh

Software Security in the Real World

Software Security in the Real World

Software Security in the Real WorldMark Curphey

FDseminar IT Risk - Yuri Bobbert - Antwerp Management School

FDseminar IT Risk - Yuri Bobbert - Antwerp Management School

FDseminar IT Risk - Yuri Bobbert - Antwerp Management School FDMagazine

Automation of Information (Cyber) Security by Joe Hessmiller

Automation of Information (Cyber) Security by Joe Hessmiller

Automation of Information (Cyber) Security by Joe HessmillerJoe Hessmiller

Why Care About Government Security

Why Care About Government Security

Why Care About Government SecurityMichael Smith

Consensus Audit Guidelines 2008

Consensus Audit Guidelines 2008

Consensus Audit Guidelines 2008John Gilligan

Discussion 1Recommend three countermeasures that could enhance.docx

Discussion 1Recommend three countermeasures that could enhance.docx

Discussion 1Recommend three countermeasures that could enhance.docxelinoraudley582231

Similar to Massively Scaled Security Solutions for Massively Scaled IT:SecTor 09 (20)

2008: Web Application Security Tutorial

2008: Web Application Security Tutorial

2008: Web Application Security Tutorial

Afcea it security course 2015 flyer

Afcea it security course 2015 flyer

Afcea it security course 2015 flyer

CISSPCertified Information SystemsSecurity ProfessionalCop.docx

CISSPCertified Information SystemsSecurity ProfessionalCop.docx

CISSPCertified Information SystemsSecurity ProfessionalCop.docx

CISSPCertified Information SystemsSecurity ProfessionalCop.docx

CISSPCertified Information SystemsSecurity ProfessionalCop.docx

CISSPCertified Information SystemsSecurity ProfessionalCop.docx

Lessons Learned from Implementing the Cybersecurity Capacity Maturity Model f...

Lessons Learned from Implementing the Cybersecurity Capacity Maturity Model f...

Lessons Learned from Implementing the Cybersecurity Capacity Maturity Model f...

Strategic HRM Plan Grading GuideHRM498 Version 42.docx

Strategic HRM Plan Grading GuideHRM498 Version 42.docx

Strategic HRM Plan Grading GuideHRM498 Version 42.docx

Information security[277]

Information security[277]

Information security[277]

MEDS

Application Threat Modeling In Risk Management

Application Threat Modeling In Risk Management

Application Threat Modeling In Risk Management

NIST Critical Security Framework (CSF)

NIST Critical Security Framework (CSF)

NIST Critical Security Framework (CSF)

Federal IT Initiatives - BDPA Conference Executive Panel

Federal IT Initiatives - BDPA Conference Executive Panel

Federal IT Initiatives - BDPA Conference Executive Panel

Exploration Draft Document- CEM Machine Learning & AI Project 2018

Exploration Draft Document- CEM Machine Learning & AI Project 2018

Exploration Draft Document- CEM Machine Learning & AI Project 2018

Presentation to GFCE 2019 in Addis Ababa, Ethiopia

Presentation to GFCE 2019 in Addis Ababa, Ethiopia

Presentation to GFCE 2019 in Addis Ababa, Ethiopia

The Federal Information Security Management Act

The Federal Information Security Management Act

The Federal Information Security Management Act

Software Security in the Real World

Software Security in the Real World

Software Security in the Real World

FDseminar IT Risk - Yuri Bobbert - Antwerp Management School

FDseminar IT Risk - Yuri Bobbert - Antwerp Management School

FDseminar IT Risk - Yuri Bobbert - Antwerp Management School

Automation of Information (Cyber) Security by Joe Hessmiller

Automation of Information (Cyber) Security by Joe Hessmiller

Automation of Information (Cyber) Security by Joe Hessmiller

Why Care About Government Security

Why Care About Government Security

Why Care About Government Security

Consensus Audit Guidelines 2008

Consensus Audit Guidelines 2008

Consensus Audit Guidelines 2008

Discussion 1Recommend three countermeasures that could enhance.docx

Discussion 1Recommend three countermeasures that could enhance.docx

Discussion 1Recommend three countermeasures that could enhance.docx

More from Michael Smith

Meta-Metrics: Building a Scorecard for the Evaluation of Security Management ...

Meta-Metrics: Building a Scorecard for the Evaluation of Security Management ...

Meta-Metrics: Building a Scorecard for the Evaluation of Security Management ...Michael Smith

BarcodesMichael Smith

Building A Modern Security Policy For Social Media and Government

Building A Modern Security Policy For Social Media and Government

Building A Modern Security Policy For Social Media and GovernmentMichael Smith

Dojo Con 09Michael Smith

Security Content Automation Protocol and Web Application Security

Security Content Automation Protocol and Web Application Security

Security Content Automation Protocol and Web Application SecurityMichael Smith

The Authorizing Official And The Accreditation Decision

The Authorizing Official And The Accreditation Decision

The Authorizing Official And The Accreditation DecisionMichael Smith

Backtrack 3 USB

Backtrack 3 USB

Backtrack 3 USBMichael Smith

More from Michael Smith (7)

Meta-Metrics: Building a Scorecard for the Evaluation of Security Management ...

Meta-Metrics: Building a Scorecard for the Evaluation of Security Management ...

Meta-Metrics: Building a Scorecard for the Evaluation of Security Management ...

Barcodes

Building A Modern Security Policy For Social Media and Government

Building A Modern Security Policy For Social Media and Government

Building A Modern Security Policy For Social Media and Government

Dojo Con 09

Security Content Automation Protocol and Web Application Security

Security Content Automation Protocol and Web Application Security

Security Content Automation Protocol and Web Application Security

The Authorizing Official And The Accreditation Decision

The Authorizing Official And The Accreditation Decision

The Authorizing Official And The Accreditation Decision

Backtrack 3 USB

Backtrack 3 USB

Backtrack 3 USB

Recently uploaded

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal

My Hashitalk Indonesia April 2024 Presentation

My Hashitalk Indonesia April 2024 Presentation

My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los

GenCyber Cyber Security Day Presentation

GenCyber Cyber Security Day Presentation

GenCyber Cyber Security Day PresentationMichael W. Hawkins

AI as an Interface for Commercial Buildings

AI as an Interface for Commercial Buildings

AI as an Interface for Commercial BuildingsMemoori

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software

Handwritten Text Recognition for manuscripts and early printed texts

Handwritten Text Recognition for manuscripts and early printed texts

Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko

08448380779 Call Girls In Friends Colony Women Seeking Men

08448380779 Call Girls In Friends Colony Women Seeking Men

08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh

Pigging Solutions Piggable Sweeping Elbows

Pigging Solutions Piggable Sweeping Elbows

Pigging Solutions Piggable Sweeping ElbowsPigging Solutions

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada

The Codex of Business Writing Software for Real-World Solutions 2.pptx

The Codex of Business Writing Software for Real-World Solutions 2.pptx

The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph

SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)Gabriella Davis

Salesforce Community Group Quito, Salesforce 101

Salesforce Community Group Quito, Salesforce 101

Salesforce Community Group Quito, Salesforce 101Paola De la Torre

Understanding the Laravel MVC Architecture

Understanding the Laravel MVC Architecture

Understanding the Laravel MVC ArchitecturePixlogix Infotech

Slack Application Development 101 Slides

Slack Application Development 101 Slides

Slack Application Development 101 Slidespraypatel2

Injustice - Developers Among Us (SciFiDevCon 2024)

Injustice - Developers Among Us (SciFiDevCon 2024)

Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik

How to Remove Document Management Hurdles with X-Docs?

How to Remove Document Management Hurdles with X-Docs?

How to Remove Document Management Hurdles with X-Docs?XfilesPro

Recently uploaded (20)

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service

My Hashitalk Indonesia April 2024 Presentation

My Hashitalk Indonesia April 2024 Presentation

My Hashitalk Indonesia April 2024 Presentation

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024

GenCyber Cyber Security Day Presentation

GenCyber Cyber Security Day Presentation

GenCyber Cyber Security Day Presentation

AI as an Interface for Commercial Buildings

AI as an Interface for Commercial Buildings

AI as an Interface for Commercial Buildings

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Handwritten Text Recognition for manuscripts and early printed texts

Handwritten Text Recognition for manuscripts and early printed texts

Handwritten Text Recognition for manuscripts and early printed texts

08448380779 Call Girls In Friends Colony Women Seeking Men

08448380779 Call Girls In Friends Colony Women Seeking Men

08448380779 Call Girls In Friends Colony Women Seeking Men

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi

Pigging Solutions Piggable Sweeping Elbows

Pigging Solutions Piggable Sweeping Elbows

Pigging Solutions Piggable Sweeping Elbows

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024

The Codex of Business Writing Software for Real-World Solutions 2.pptx

The Codex of Business Writing Software for Real-World Solutions 2.pptx

The Codex of Business Writing Software for Real-World Solutions 2.pptx

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

Salesforce Community Group Quito, Salesforce 101

Salesforce Community Group Quito, Salesforce 101

Salesforce Community Group Quito, Salesforce 101

Understanding the Laravel MVC Architecture

Understanding the Laravel MVC Architecture

Understanding the Laravel MVC Architecture

Slack Application Development 101 Slides

Slack Application Development 101 Slides

Slack Application Development 101 Slides

Injustice - Developers Among Us (SciFiDevCon 2024)

Injustice - Developers Among Us (SciFiDevCon 2024)

Injustice - Developers Among Us (SciFiDevCon 2024)

How to Remove Document Management Hurdles with X-Docs?

How to Remove Document Management Hurdles with X-Docs?

How to Remove Document Management Hurdles with X-Docs?

Massively Scaled Security Solutions for Massively Scaled IT:SecTor 09

1. Michael Smith, SecTor 2009 Massively Scaled Security Solutions for Massively Scaled IT

2.

3. $75B IT Budget That’s a lot of green stuff! Photo by The Lizard Queen

4.

5.

6.

7. Certification and Accreditation: IT Security in the SDLC --NIST SP 800-64

8.

9.

10.

11.

12.

13.

14.

15.

16.

17. United Nations Photo by Wikimedia

18. Public Accounting Photo by Wikimedia

19. Fast Food Franchises Photo by ebruli

20. Bolshevism Photo by Wikimedia

21. Stalingrad Photo by Wikimedia

22. Counterinsurgency/ LIC/OOTW/SASO Photo by rybolov

23.

24.

25.

26.

27.

28.