SlideShare a Scribd company logo

L11 Transition And Key Roles and SAT ROB IRP.pptx

Download as PPTX, PDF
S
StevenTharp2

RMF

Government & Nonprofit
1 of 33
TRANSITION AND ROLES C&A to RMF
Transition  Certification and Accreditation Process  NIST Developed  Waterfall approach  ATO Cycle - 3 years  Issues  Monitoring  Interconnected Systems
Certification and Accreditation Process
Initiation Phase  System  Function  Data Types  SP800-60 Volume I and II  Tasks  Preparation  SSP  Notification  Resource Identification  Analyze, Update, and Approve (SSP)
Certification Phase  Security Control Verification  Assembling Documentation  Developed tools and procedures  Assemble Team  Review technical, operational, management controls  SAR  System Certification Documentation  C&A Package
Accreditation Phase  AO  ATO  IATO  DATO  ATT  POAM
Continuous Monitoring Phase  Tasks  Configuration Management  CCB  Control Verification  Annual Assessments  Status Reporting
RMF  NIST SP800-53 - FIPS 200  DOD and NSS  Moving towards RMF  More flexible  Cost effective  Better management of Risks (Wholelistickly)  Risk Management  Impact as a whole  Continuous Monitoring
Categorize the System  Phase 1  Categorize the System  FIPS-199  Define the System  System Boundary  Other technical details  Registered
Select the Security Controls  Phase 2:  Common Control Identifications  Security Control Selection  Task 1-1 (Baseline)  System Specific  Continuous Monitoring Plan  SSP Approvals
Implement the Security Controls  Phase 3  Security Control Implementation  Security Control Documentation  SP800-53  FIPS-200
Assess Security Controls  Phase 4  Assessment Preparation  Assessment of the Security Controls  SAR  Remediation Actions
Authorize Information System  Phase 5  POAM  Security Authorization Package  Risk Determination  Risk Acceptance
Monitor Security Controls  Phase 6  6-1: Monitor Security Controls  6-2: Ongoing Assessments  6-3: Remediation Actions  6-4: Documentation Updates  6-5: Status Reports  6-6: Risk Assessments  6-7: Decommission
Key Positions and Roles  Head of Agency  CEO  Risk Executive  Holistic approach to addressing Risk  Commonly a board  RAR  CIO  Appoints CISO
Key positions and Roles  Information Owner  Maintaining Security During storage and processing  CISO  Oversight  AO  Delegated (Approves Packages)  Information System Owner  Devloping, using, and maintaining the System
Key Positions and Roles  ISSO  Maintaining Security  Information Security Architect  Security Built into the System  ISSE  Security Built into the System  Security Control Assessor  Assesses the System
SECURITY AWARENESS AND TRAINING, ROB AND IRP
Security Awareness and Training  Why do we need Security Awareness and Training?  All users  Specialized Training  Uninformed Users
Security Awareness and Training  Types of Training  “One in five workers (21%) let family and friends use company laptops and PCs to access the Internet”(Schneier, 2005).  “More than half (51%) connect their own devices or gadgets to their work PC...a quarter of who do so every day”(Schneier, 2005).  “One in ten confessed to downloading content at work they should not”(Schneier, 2005).  “Two thirds (62%) admitted they have a very limited knowledge of IT Security” (Schneier, 2005).  “More than half (51%) had no idea how to update the anti-virus protection on their company PC” (Schneier, 2005).  “Five percent say they have accessed areas of their IT system they should not have” (Schneier, 2005).
 Types of Training  Classroom  Website  Visual Aids  Promotions Security Awareness and Training
 Topics  Physical  Desktop  Wireless  Password  Phishing  http://www.sonicwall.com/furl/phishing/  Hoaxes  Malware  Viruses  Worms  Trojans  Spyware/Adware Security Awareness and Training
Security Awareness and Training  Evaluation  Evaluation Form  Testing
RULES OF BEHAVIOR
Rules of Behavior  User Agreement Form  User signs  Keeps  Redone on an annual basis  Internal and External
Rules of Behavior  Rules to include  Applications  General Support Systems  Mobile Devices  Laptops/Desktops  Privileged Users  Noncompliance  Disciplinary Actions  Training  Examples: Table 10.1 – 10.4
INCIDENT RESPONSE
IR  Why?  Need of a mechanism to address incidences that happen within an organization  Even the best information security infrastructure cannot guarantee that intrusions or other malicious acts will not happen. When computer security incidents occur, it will be critical for an organization to have an effective way to respond.  CSIRT  A Computer Security Incident Response Team (CSIRT) is a service organization that is responsible for receiving, reviewing, and responding to computer security incident reports and activity. Their services are usually performed for a defined constituency that could be a parent entity such as a corporate, governmental, or educational organization; a region or country; a research network; or a paid client.
IR  Security Incident  Each organization will need to define what a computer security incident is for their site. Examples of general definitions for a computer security incident might be:  Any real or suspected adverse event in relation to the security of computer systems or computer networks  The act of violating an explicit or implied security policy  Examples of incidents could include activity such as  attempts (either failed or successful) to gain unauthorized access to a system or its data  unwanted disruption or denial of service  unauthorized use of a system for the processing or storage of data  changes to system hardware, firmware, or software characteristics without the owner's knowledge, instruction, or consent  Computer security incident activity can be defined as network or host activity that potentially threatens the security of computer systems.
IR  Roles and Responsibilities  SO and ISSO  Agencies' IRP  Incident Response Manager  Incident  A security incident is a violation of a security policy for a system, network, telecommunications, system, or facility  A security incident is any real or suspected adverse event in relation to the security of computers or computer networks  A security incident is any compromised or suspected compromised system; any type of attack or preattack reconnaissance levied on or from a computer resource; or misuse of IT resources, or any other anomalous activities detected.
IR 1. Impact 2. Notification 3. Handling a) Detecting b) Containment/Eradication c) Recovery/Closure 4. Escalation 5. Forensic Investigations a) Time? b) What to look for?
IR  Types  Internal CSIRTs provide incident handling services to their parent organization. This could be a CSIRT for a bank, a manufacturing company, a university, or a federal agency.  National CSIRTs provide incident handling services to a country. Examples include: the Japan CERT Coordination Center (JPCERT/CC) or the Singapore Computer Emergency Response Team (SingCERT).  Coordination Centers coordinate and facilitate the handling of incidents across various CSIRTs. Examples include the CERT Coordination Center or the United States Computer Emergency Readiness Team (US-CERT).  Analysis Centers focus on synthesizing data from various sources to determine trends and patterns in incident activity. This information can be used to help predict future activity or to provide early warning when the activity matches a set of previously determined characteristics.  Vendor Teams handle reports of vulnerabilities in their software or hardware products. They may work within the organization to determine if their products are vulnerable and to develop remediation and mitigation strategies. A vendor team may also be the internal CSIRT for a vendor organization.  Incident Response Providers offer incident handling services as a for-fee service to other organizations.
IR  IR Checklist  Reporting Form

Recommended

Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environments
amiable_indian
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
Alan Holyoke
 
Information Security
Information SecurityInformation Security
Information Security
chenpingling
 
Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action Plan
Tripwire
 
chapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimechapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crime
muhammad awais
 
Secure Financial Intelligence System
Secure Financial Intelligence SystemSecure Financial Intelligence System
Secure Financial Intelligence System
Joseph Yosi Margalit
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.com
PrescottLunt384
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 

Recommended

Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environments
amiable_indian
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
Alan Holyoke
 
Information Security
Information SecurityInformation Security
Information Security
chenpingling
 
Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action Plan
Tripwire
 
chapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimechapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crime
muhammad awais
 
Secure Financial Intelligence System
Secure Financial Intelligence SystemSecure Financial Intelligence System
Secure Financial Intelligence System
Joseph Yosi Margalit
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.com
PrescottLunt384
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
abhichowdary16
 
Database development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgDatabase development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwg
John M. Kennedy
 
Risk Management
Risk ManagementRisk Management
Risk Management
ijtsrd
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
Infocyte
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data Leakage
Patty Buckley
 
Ch08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comCh08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.com
phanleson
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
jeanettehully
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
todd521
 
Eidws 107 information assurance
Eidws 107 information assuranceEidws 107 information assurance
Eidws 107 information assurance
IT2Alcorn
 
5757912.ppt
5757912.ppt5757912.ppt
5757912.ppt
Muhammad Mazhar
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
Christopher Nanchengwa
 
E’s Data Security Company Strategic Security Plan – 2015.docx
E’s Data Security Company Strategic Security Plan – 2015.docxE’s Data Security Company Strategic Security Plan – 2015.docx
E’s Data Security Company Strategic Security Plan – 2015.docx
mydrynan
 
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection SystemIRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET Journal
 
pdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdf
pdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdfpdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdf
pdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdf
Elyes ELEBRI
 
I0516064
I0516064I0516064
I0516064
IOSR Journals
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
EnterpriseGRC Solutions, Inc.
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
Rodrigo Piovesana
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
phanleson
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
ciso_insights
 
L5 RMF Phase 4 Implement.pptx
L5 RMF Phase 4 Implement.pptxL5 RMF Phase 4 Implement.pptx
L5 RMF Phase 4 Implement.pptx
StevenTharp2
 
L6 RMF Phase 5 Assess.pptx
L6 RMF Phase 5 Assess.pptxL6 RMF Phase 5 Assess.pptx
L6 RMF Phase 5 Assess.pptx
StevenTharp2
 

More Related Content

Similar to L11 Transition And Key Roles and SAT ROB IRP.pptx

17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
abhichowdary16
 
Risk Management
Risk ManagementRisk Management
Risk Management
ijtsrd
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
Infocyte
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data Leakage
Patty Buckley
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
jeanettehully
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
todd521
 
Eidws 107 information assurance
Eidws 107 information assuranceEidws 107 information assurance
Eidws 107 information assurance
IT2Alcorn
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
Christopher Nanchengwa
 
E’s Data Security Company Strategic Security Plan – 2015.docx
E’s Data Security Company Strategic Security Plan – 2015.docxE’s Data Security Company Strategic Security Plan – 2015.docx
E’s Data Security Company Strategic Security Plan – 2015.docx
mydrynan
 
pdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdf
pdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdfpdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdf
pdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdf
Elyes ELEBRI
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
Rodrigo Piovesana
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
ciso_insights
 

Similar to L11 Transition And Key Roles and SAT ROB IRP.pptx (20)

17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
 
Database development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgDatabase development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwg
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data Leakage
 
Ch08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comCh08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.com
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
 
Eidws 107 information assurance
Eidws 107 information assuranceEidws 107 information assurance
Eidws 107 information assurance
 
5757912.ppt
5757912.ppt5757912.ppt
5757912.ppt
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
 
E’s Data Security Company Strategic Security Plan – 2015.docx
E’s Data Security Company Strategic Security Plan – 2015.docxE’s Data Security Company Strategic Security Plan – 2015.docx
E’s Data Security Company Strategic Security Plan – 2015.docx
 
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection SystemIRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
 
pdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdf
pdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdfpdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdf
pdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdf
 
I0516064
I0516064I0516064
I0516064
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
 

More from StevenTharp2

L5 RMF Phase 4 Implement.pptx
L5 RMF Phase 4 Implement.pptxL5 RMF Phase 4 Implement.pptx
L5 RMF Phase 4 Implement.pptx
StevenTharp2
 
L3 RMF Phase 2 Categorize.pptx
L3 RMF Phase 2 Categorize.pptxL3 RMF Phase 2 Categorize.pptx
L3 RMF Phase 2 Categorize.pptx
StevenTharp2
 
L2 RMF Phase 1 Prepare.pptx
L2 RMF Phase 1 Prepare.pptxL2 RMF Phase 1 Prepare.pptx
L2 RMF Phase 1 Prepare.pptx
StevenTharp2
 
L4 RMF Phase 3 Select.pptx
L4 RMF Phase 3 Select.pptxL4 RMF Phase 3 Select.pptx
L4 RMF Phase 3 Select.pptx
StevenTharp2
 
L13 SDLC and Risk Management.pptx
L13 SDLC and Risk Management.pptxL13 SDLC and Risk Management.pptx
L13 SDLC and Risk Management.pptx
StevenTharp2
 
L8 RMF Phase 7 Monitor.pptx
L8 RMF Phase 7 Monitor.pptxL8 RMF Phase 7 Monitor.pptx
L8 RMF Phase 7 Monitor.pptx
StevenTharp2
 
L7 RMF Phase 6 Authorize.pptx
L7 RMF Phase 6 Authorize.pptxL7 RMF Phase 6 Authorize.pptx
L7 RMF Phase 6 Authorize.pptx
StevenTharp2
 

More from StevenTharp2 (10)

L5 RMF Phase 4 Implement.pptx
L5 RMF Phase 4 Implement.pptxL5 RMF Phase 4 Implement.pptx
L5 RMF Phase 4 Implement.pptx
 
L6 RMF Phase 5 Assess.pptx
L6 RMF Phase 5 Assess.pptxL6 RMF Phase 5 Assess.pptx
L6 RMF Phase 5 Assess.pptx
 
L3 RMF Phase 2 Categorize.pptx
L3 RMF Phase 2 Categorize.pptxL3 RMF Phase 2 Categorize.pptx
L3 RMF Phase 2 Categorize.pptx
 
L2 RMF Phase 1 Prepare.pptx
L2 RMF Phase 1 Prepare.pptxL2 RMF Phase 1 Prepare.pptx
L2 RMF Phase 1 Prepare.pptx
 
L4 RMF Phase 3 Select.pptx
L4 RMF Phase 3 Select.pptxL4 RMF Phase 3 Select.pptx
L4 RMF Phase 3 Select.pptx
 
L13 SDLC and Risk Management.pptx
L13 SDLC and Risk Management.pptxL13 SDLC and Risk Management.pptx
L13 SDLC and Risk Management.pptx
 
L1_Introduction.pptx
L1_Introduction.pptxL1_Introduction.pptx
L1_Introduction.pptx
 
L8 RMF Phase 7 Monitor.pptx
L8 RMF Phase 7 Monitor.pptxL8 RMF Phase 7 Monitor.pptx
L8 RMF Phase 7 Monitor.pptx
 
L7 RMF Phase 6 Authorize.pptx
L7 RMF Phase 6 Authorize.pptxL7 RMF Phase 6 Authorize.pptx
L7 RMF Phase 6 Authorize.pptx
 
L12 CP CMP PIA BIA.pptx
L12 CP CMP PIA BIA.pptxL12 CP CMP PIA BIA.pptx
L12 CP CMP PIA BIA.pptx
 

Recently uploaded

Mifepristion Pills IN Kuwait (+918133066128) Where I Can Buy Abortion pills K...
Mifepristion Pills IN Kuwait (+918133066128) Where I Can Buy Abortion pills K...Mifepristion Pills IN Kuwait (+918133066128) Where I Can Buy Abortion pills K...
Mifepristion Pills IN Kuwait (+918133066128) Where I Can Buy Abortion pills K...
Abortion pills in Kuwait Cytotec pills in Kuwait
 
Nitrogen filled high expansion foam in open Containers
Nitrogen filled high expansion foam in open ContainersNitrogen filled high expansion foam in open Containers
Nitrogen filled high expansion foam in open Containers
Harm Kiezebrink
 
Our nurses, our future. The economic power of care.
Our nurses, our future. The economic power of care.Our nurses, our future. The economic power of care.
Our nurses, our future. The economic power of care.
Christina Parmionova
 
"Plant health, safe trade and digital technology." International Day of Plant...
"Plant health, safe trade and digital technology." International Day of Plant..."Plant health, safe trade and digital technology." International Day of Plant...
"Plant health, safe trade and digital technology." International Day of Plant...
Christina Parmionova
 
Unique Value Prop slide deck________.pdf
Unique Value Prop slide deck________.pdfUnique Value Prop slide deck________.pdf
Unique Value Prop slide deck________.pdf
ScottMeyers35
 
The impact and warm of wildlife crime - 2024 World Wildlife Crime Report.
The impact and warm of wildlife crime - 2024 World Wildlife Crime Report.The impact and warm of wildlife crime - 2024 World Wildlife Crime Report.
The impact and warm of wildlife crime - 2024 World Wildlife Crime Report.
Christina Parmionova
 

Recently uploaded (20)

2024 UN Civil Society Conference in Support of the Summit of the Future.
2024 UN Civil Society Conference in Support of the Summit of the Future.2024 UN Civil Society Conference in Support of the Summit of the Future.
2024 UN Civil Society Conference in Support of the Summit of the Future.
 
Mifepristion Pills IN Kuwait (+918133066128) Where I Can Buy Abortion pills K...
Mifepristion Pills IN Kuwait (+918133066128) Where I Can Buy Abortion pills K...Mifepristion Pills IN Kuwait (+918133066128) Where I Can Buy Abortion pills K...
Mifepristion Pills IN Kuwait (+918133066128) Where I Can Buy Abortion pills K...
 
Sustainability by Design: Assessment Tool for Just Energy Transition Plans
Sustainability by Design: Assessment Tool for Just Energy Transition PlansSustainability by Design: Assessment Tool for Just Energy Transition Plans
Sustainability by Design: Assessment Tool for Just Energy Transition Plans
 
Nitrogen filled high expansion foam in open Containers
Nitrogen filled high expansion foam in open ContainersNitrogen filled high expansion foam in open Containers
Nitrogen filled high expansion foam in open Containers
 
Time, Stress & Work Life Balance for Clerks with Beckie Whitehouse
Time, Stress & Work Life Balance for Clerks with Beckie WhitehouseTime, Stress & Work Life Balance for Clerks with Beckie Whitehouse
Time, Stress & Work Life Balance for Clerks with Beckie Whitehouse
 
Electric vehicle infrastructure in rural areas
Electric vehicle infrastructure in rural areasElectric vehicle infrastructure in rural areas
Electric vehicle infrastructure in rural areas
 
Our nurses, our future. The economic power of care.
Our nurses, our future. The economic power of care.Our nurses, our future. The economic power of care.
Our nurses, our future. The economic power of care.
 
YHRGeorgetown Spring 2024 America should Take Her Share
YHRGeorgetown Spring 2024 America should Take Her ShareYHRGeorgetown Spring 2024 America should Take Her Share
YHRGeorgetown Spring 2024 America should Take Her Share
 
NGO working for orphan children’s education
NGO working for orphan children’s educationNGO working for orphan children’s education
NGO working for orphan children’s education
 
PPT Item # 7&8 6900 Broadway P&Z Case # 438
PPT Item # 7&8 6900 Broadway P&Z Case # 438PPT Item # 7&8 6900 Broadway P&Z Case # 438
PPT Item # 7&8 6900 Broadway P&Z Case # 438
 
2024: The FAR, Federal Acquisition Regulations, Part 31
2024: The FAR, Federal Acquisition Regulations, Part 312024: The FAR, Federal Acquisition Regulations, Part 31
2024: The FAR, Federal Acquisition Regulations, Part 31
 
"Plant health, safe trade and digital technology." International Day of Plant...
"Plant health, safe trade and digital technology." International Day of Plant..."Plant health, safe trade and digital technology." International Day of Plant...
"Plant health, safe trade and digital technology." International Day of Plant...
 
tOld settlement register shouldnotaffect BTR
tOld settlement register shouldnotaffect BTRtOld settlement register shouldnotaffect BTR
tOld settlement register shouldnotaffect BTR
 
Unique Value Prop slide deck________.pdf
Unique Value Prop slide deck________.pdfUnique Value Prop slide deck________.pdf
Unique Value Prop slide deck________.pdf
 
Electric Vehicle infrastructure planning in Rural Planning Organizations
Electric Vehicle infrastructure planning in Rural Planning OrganizationsElectric Vehicle infrastructure planning in Rural Planning Organizations
Electric Vehicle infrastructure planning in Rural Planning Organizations
 
Managing large-scale outbreaks at Farrow-to-Weaner Farms
Managing large-scale outbreaks at Farrow-to-Weaner FarmsManaging large-scale outbreaks at Farrow-to-Weaner Farms
Managing large-scale outbreaks at Farrow-to-Weaner Farms
 
BioandPicforRepKendrick_LastUpdatedMay2024
BioandPicforRepKendrick_LastUpdatedMay2024BioandPicforRepKendrick_LastUpdatedMay2024
BioandPicforRepKendrick_LastUpdatedMay2024
 
Yale Historical Review Machava Interview PDF Spring 2024
Yale Historical Review Machava Interview PDF Spring 2024Yale Historical Review Machava Interview PDF Spring 2024
Yale Historical Review Machava Interview PDF Spring 2024
 
The impact and warm of wildlife crime - 2024 World Wildlife Crime Report.
The impact and warm of wildlife crime - 2024 World Wildlife Crime Report.The impact and warm of wildlife crime - 2024 World Wildlife Crime Report.
The impact and warm of wildlife crime - 2024 World Wildlife Crime Report.
 
Contributi dei parlamentari del PD - Contributi L. 3/2019
Contributi dei parlamentari del PD - Contributi L. 3/2019Contributi dei parlamentari del PD - Contributi L. 3/2019
Contributi dei parlamentari del PD - Contributi L. 3/2019
 

L11 Transition And Key Roles and SAT ROB IRP.pptx

  • 2. Transition  Certification and Accreditation Process  NIST Developed  Waterfall approach  ATO Cycle - 3 years  Issues  Monitoring  Interconnected Systems
  • 4. Initiation Phase  System  Function  Data Types  SP800-60 Volume I and II  Tasks  Preparation  SSP  Notification  Resource Identification  Analyze, Update, and Approve (SSP)
  • 5. Certification Phase  Security Control Verification  Assembling Documentation  Developed tools and procedures  Assemble Team  Review technical, operational, management controls  SAR  System Certification Documentation  C&A Package
  • 6. Accreditation Phase  AO  ATO  IATO  DATO  ATT  POAM
  • 7. Continuous Monitoring Phase  Tasks  Configuration Management  CCB  Control Verification  Annual Assessments  Status Reporting
  • 8. RMF  NIST SP800-53 - FIPS 200  DOD and NSS  Moving towards RMF  More flexible  Cost effective  Better management of Risks (Wholelistickly)  Risk Management  Impact as a whole  Continuous Monitoring
  • 9. Categorize the System  Phase 1  Categorize the System  FIPS-199  Define the System  System Boundary  Other technical details  Registered
  • 10. Select the Security Controls  Phase 2:  Common Control Identifications  Security Control Selection  Task 1-1 (Baseline)  System Specific  Continuous Monitoring Plan  SSP Approvals
  • 11. Implement the Security Controls  Phase 3  Security Control Implementation  Security Control Documentation  SP800-53  FIPS-200
  • 12. Assess Security Controls  Phase 4  Assessment Preparation  Assessment of the Security Controls  SAR  Remediation Actions
  • 13. Authorize Information System  Phase 5  POAM  Security Authorization Package  Risk Determination  Risk Acceptance
  • 14. Monitor Security Controls  Phase 6  6-1: Monitor Security Controls  6-2: Ongoing Assessments  6-3: Remediation Actions  6-4: Documentation Updates  6-5: Status Reports  6-6: Risk Assessments  6-7: Decommission
  • 15. Key Positions and Roles  Head of Agency  CEO  Risk Executive  Holistic approach to addressing Risk  Commonly a board  RAR  CIO  Appoints CISO
  • 16. Key positions and Roles  Information Owner  Maintaining Security During storage and processing  CISO  Oversight  AO  Delegated (Approves Packages)  Information System Owner  Devloping, using, and maintaining the System
  • 17. Key Positions and Roles  ISSO  Maintaining Security  Information Security Architect  Security Built into the System  ISSE  Security Built into the System  Security Control Assessor  Assesses the System
  • 19. Security Awareness and Training  Why do we need Security Awareness and Training?  All users  Specialized Training  Uninformed Users
  • 20. Security Awareness and Training  Types of Training  “One in five workers (21%) let family and friends use company laptops and PCs to access the Internet”(Schneier, 2005).  “More than half (51%) connect their own devices or gadgets to their work PC...a quarter of who do so every day”(Schneier, 2005).  “One in ten confessed to downloading content at work they should not”(Schneier, 2005).  “Two thirds (62%) admitted they have a very limited knowledge of IT Security” (Schneier, 2005).  “More than half (51%) had no idea how to update the anti-virus protection on their company PC” (Schneier, 2005).  “Five percent say they have accessed areas of their IT system they should not have” (Schneier, 2005).
  • 21.  Types of Training  Classroom  Website  Visual Aids  Promotions Security Awareness and Training
  • 22.  Topics  Physical  Desktop  Wireless  Password  Phishing  http://www.sonicwall.com/furl/phishing/  Hoaxes  Malware  Viruses  Worms  Trojans  Spyware/Adware Security Awareness and Training
  • 23. Security Awareness and Training  Evaluation  Evaluation Form  Testing
  • 25. Rules of Behavior  User Agreement Form  User signs  Keeps  Redone on an annual basis  Internal and External
  • 26. Rules of Behavior  Rules to include  Applications  General Support Systems  Mobile Devices  Laptops/Desktops  Privileged Users  Noncompliance  Disciplinary Actions  Training  Examples: Table 10.1 – 10.4
  • 28. IR  Why?  Need of a mechanism to address incidences that happen within an organization  Even the best information security infrastructure cannot guarantee that intrusions or other malicious acts will not happen. When computer security incidents occur, it will be critical for an organization to have an effective way to respond.  CSIRT  A Computer Security Incident Response Team (CSIRT) is a service organization that is responsible for receiving, reviewing, and responding to computer security incident reports and activity. Their services are usually performed for a defined constituency that could be a parent entity such as a corporate, governmental, or educational organization; a region or country; a research network; or a paid client.
  • 29. IR  Security Incident  Each organization will need to define what a computer security incident is for their site. Examples of general definitions for a computer security incident might be:  Any real or suspected adverse event in relation to the security of computer systems or computer networks  The act of violating an explicit or implied security policy  Examples of incidents could include activity such as  attempts (either failed or successful) to gain unauthorized access to a system or its data  unwanted disruption or denial of service  unauthorized use of a system for the processing or storage of data  changes to system hardware, firmware, or software characteristics without the owner's knowledge, instruction, or consent  Computer security incident activity can be defined as network or host activity that potentially threatens the security of computer systems.
  • 30. IR  Roles and Responsibilities  SO and ISSO  Agencies' IRP  Incident Response Manager  Incident  A security incident is a violation of a security policy for a system, network, telecommunications, system, or facility  A security incident is any real or suspected adverse event in relation to the security of computers or computer networks  A security incident is any compromised or suspected compromised system; any type of attack or preattack reconnaissance levied on or from a computer resource; or misuse of IT resources, or any other anomalous activities detected.
  • 31. IR 1. Impact 2. Notification 3. Handling a) Detecting b) Containment/Eradication c) Recovery/Closure 4. Escalation 5. Forensic Investigations a) Time? b) What to look for?
  • 32. IR  Types  Internal CSIRTs provide incident handling services to their parent organization. This could be a CSIRT for a bank, a manufacturing company, a university, or a federal agency.  National CSIRTs provide incident handling services to a country. Examples include: the Japan CERT Coordination Center (JPCERT/CC) or the Singapore Computer Emergency Response Team (SingCERT).  Coordination Centers coordinate and facilitate the handling of incidents across various CSIRTs. Examples include the CERT Coordination Center or the United States Computer Emergency Readiness Team (US-CERT).  Analysis Centers focus on synthesizing data from various sources to determine trends and patterns in incident activity. This information can be used to help predict future activity or to provide early warning when the activity matches a set of previously determined characteristics.  Vendor Teams handle reports of vulnerabilities in their software or hardware products. They may work within the organization to determine if their products are vulnerable and to develop remediation and mitigation strategies. A vendor team may also be the internal CSIRT for a vendor organization.  Incident Response Providers offer incident handling services as a for-fee service to other organizations.
  • 33. IR  IR Checklist  Reporting Form