SlideShare a Scribd company logo

Enterprise security management protection profiles an implementatiion plan final

Download as PPTX, PDF
Joshua Brickman, PMP
Joshua Brickman, PMP

Enterprise Security Management Protection Profiles: An Implementation Plan Brickman, J CA Inc., Framingham, MA USA Winterton, E Booz | Allen | Hamilton Linthicum, MD USA At the 9th ICCC, Eric Winterton and I presented a proposal to create a family of Protection Profiles (PP) covering Enterprise Security Management (ESM). Our proposal called for starting with a base PP using minimal requirements and building upon those functions for more complex functionality. We would use some existing PP’s and Security Targets as templates. The ultimate plan was to create a new family of PP’s for ESM. They would cover multiple Evaluation Assurance Levels for various needs of customers and vendors. We have built a working group consisting of Booz Allen, most of the vendors who have ESM products, as well as full NIAP support. In this talk Mr. Brickman and Mr. Winterton will take the proposal down to the next level. We’ll walk through the various product types and their functions. We’ll describe the authoring and vetting process as well as the roll-out plan. Finally we will tie this proposal into NIAP’s strategy going forward. This new family of Protection Profiles would be used throughout industry including the U.S. Government DoD, IC, and Civil U.S. Markets. An outline of the process and strategy for collaboration with interested customer nations, and vendors to create these Protection Profiles will be provided. Booz Allen Hamilton, and the ESM vendor community are committed to devoting resources to make this proposed effort a success. Organization: CA & Booz Allen Hamilton BIO (1): Eric Winterton, CISSP, has over 21 years of direct experience in information assurance systems, security engineering, and security product testing. Mr. Winterton has been performing IA product assessments for the past 11 years and has performed as the Common Criteria Technical Director for the Booz Allen Hamilton CC lab for the past 5 years. He holds an undergraduate degree in computer science and a Master's Degree from Johns Hopkins University. BIO (2): Joshua Brickman, Federal Certifications Program Manager at CA Inc, has led his company through the successful evaluation of Seven products through NIAP’s scheme of Common Criteria over the last three years. Prior to CA, Mr. Brickman worked in Program and Project Management at several software companies including PeopleSoft and Ceridian. He holds an undergraduate degree from Emerson College and a Masters in Management from Lesley College. Title of Paper: Enterprise Management Solutions Protection Profiles: An Implementation Plan

Technology
1 of 15
Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Enterprise Security Management Protection Profiles: An Implementation Plan September 2009 Eric Winterton, Booz | Allen| Hamilton Joshua Brickman, CA Inc.
Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 2 Agenda - Review - Enterprise Security Management—what are these products? -Categories -Methodology - Schedule - Communication Plan - Risks/Beta/Roll-out - How can you get involved (Participants)
Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 3 How did we got here? -2008 Proposal (Winterton/Brickman) -Approach -Consensus -All Participating Countries
Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Enterprise Security Management 4 Standardized logging Compliance & configuration Identity Management Monitoring & response Policy/Access
Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. What Products Make Up ESM? CA Identity Manager CA GRC Manager CA Siteminder CA Auditor for z/OS CA Enterprise Log Manager SC Operations Manager, SC Configuration Manager & SC VMM SC Operations Manager, SC Configuration Manager, SC Essentials SC Operations Manager & SC Essentials SC Operations Manager* Symantec Alteris Symantec CCS/FTK Symantec Alteris Symantec SSIM Symantec Alteris EMC RSA Access Manager EMC RSA Envision EMC RSA Envision Oracle Identity Manager Oracle Enterprise Manager Oracle Access Manager Oracle Audit Vault Oracle Audit Vault IBM Tivoli Identity Manager IBM Tivoli Compliance Insight Manager (TCIM) , Security Information Event Manager (TSIEM) IBM Tivoli Unified Single Sign-On , Tivoli Security Policy Manager IBM Common Audit and Reporting (CARS) & TCIM 5 Identity Management Compliance and configuration Policy/Access Monitoring and response Standardized logging
Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 6 Approach ID CC Gaps for ESM Start Establish Industry Team and Select Lab Created ESM Product Categories Collected Products and Data Define next level of Use Cases Develop Global Threat Analysis Select Protection Profile Establish High-level Spec for PP Develop PP Verify (QA) on PP Publish PP Draft for Public Comment Declare PP Status (Global Conference) Publish PP PPs Complete? Stop No Yes Publish PP Draft for Public Comment Completed as of Sept 09
Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 7 Cause and Effect/Fishbone
Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 8 Timeline so far - Sept 2008 Proposal - Received well at 9th ICCC--interest by multiple vendors, NIAP, consultants and other schemes - May 2009: NIAP pledges support for creation of the ESM PP’s. - May-Aug 2009: Concurrence of ESM product categories among Microsoft, IBM, EMC, Oracle Symantec, Ricoh, and CA Inc solidified
Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Implementation Plan 9
Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Communication Plan - Comment Periods -Posted on official sites -Allow for anyone to provide feedback - CCVF - ICCC and RSA 10
Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Participation to Date - You can be a part of this team - The more participants the better the quality 11
Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Joshua Brickman, PMP CA, Inc. Program Manager, Federal Certifications (508) 628-8917 Joshua.Brickman@ca.com Q & A 12 Eric Winterton, CISSP Booz | Allen | Hamilton CCTL Director (410) 684-6691 winterton_eric@bah.com
Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 13 Backup Slides
Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Impact to Effort Matrix 14
Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. All Products in ESM 15

Recommended

Web 2.0 Nuevo
Web 2.0 NuevoWeb 2.0 Nuevo
Web 2.0 Nuevomikepirincho
 
Vzaimno prostye chisla
Vzaimno prostye chislaVzaimno prostye chisla
Vzaimno prostye chislaDimon4
 
Uchim bukvy i_cifry
Uchim bukvy i_cifryUchim bukvy i_cifry
Uchim bukvy i_cifryDimon4
 
FOS Bureau of Alcohol, Tobacco, Firearms, PP
FOS Bureau of Alcohol, Tobacco, Firearms, PPFOS Bureau of Alcohol, Tobacco, Firearms, PP
FOS Bureau of Alcohol, Tobacco, Firearms, PPJoshua Kraus
 
É CORRETO DANÇAR NA IGREJA?
É CORRETO DANÇAR NA IGREJA?É CORRETO DANÇAR NA IGREJA?
É CORRETO DANÇAR NA IGREJA?Celso do Rozário Brasil Gonçalves
 
Waiter, there's a fly in my code
Waiter, there's a fly in my codeWaiter, there's a fly in my code
Waiter, there's a fly in my codeJoshua Brickman, PMP
 
Brickman-Brunette 2015-ICMC
Brickman-Brunette 2015-ICMCBrickman-Brunette 2015-ICMC
Brickman-Brunette 2015-ICMCJoshua Brickman, PMP
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 

Recommended

Web 2.0 Nuevo
Web 2.0 NuevoWeb 2.0 Nuevo
Web 2.0 Nuevomikepirincho
 
Vzaimno prostye chisla
Vzaimno prostye chislaVzaimno prostye chisla
Vzaimno prostye chislaDimon4
 
Uchim bukvy i_cifry
Uchim bukvy i_cifryUchim bukvy i_cifry
Uchim bukvy i_cifryDimon4
 
FOS Bureau of Alcohol, Tobacco, Firearms, PP
FOS Bureau of Alcohol, Tobacco, Firearms, PPFOS Bureau of Alcohol, Tobacco, Firearms, PP
FOS Bureau of Alcohol, Tobacco, Firearms, PPJoshua Kraus
 
É CORRETO DANÇAR NA IGREJA?
É CORRETO DANÇAR NA IGREJA?É CORRETO DANÇAR NA IGREJA?
É CORRETO DANÇAR NA IGREJA?Celso do Rozário Brasil Gonçalves
 
Waiter, there's a fly in my code
Waiter, there's a fly in my codeWaiter, there's a fly in my code
Waiter, there's a fly in my codeJoshua Brickman, PMP
 
Brickman-Brunette 2015-ICMC
Brickman-Brunette 2015-ICMCBrickman-Brunette 2015-ICMC
Brickman-Brunette 2015-ICMCJoshua Brickman, PMP
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxnull - The Open Security Community
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 

More Related Content

Recently uploaded

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Recently uploaded (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

Featured

Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 

Featured (20)

Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 

Enterprise security management protection profiles an implementatiion plan final

  • 1. Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Enterprise Security Management Protection Profiles: An Implementation Plan September 2009 Eric Winterton, Booz | Allen| Hamilton Joshua Brickman, CA Inc.
  • 2. Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 2 Agenda - Review - Enterprise Security Management—what are these products? -Categories -Methodology - Schedule - Communication Plan - Risks/Beta/Roll-out - How can you get involved (Participants)
  • 3. Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 3 How did we got here? -2008 Proposal (Winterton/Brickman) -Approach -Consensus -All Participating Countries
  • 4. Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Enterprise Security Management 4 Standardized logging Compliance & configuration Identity Management Monitoring & response Policy/Access
  • 5. Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. What Products Make Up ESM? CA Identity Manager CA GRC Manager CA Siteminder CA Auditor for z/OS CA Enterprise Log Manager SC Operations Manager, SC Configuration Manager & SC VMM SC Operations Manager, SC Configuration Manager, SC Essentials SC Operations Manager & SC Essentials SC Operations Manager* Symantec Alteris Symantec CCS/FTK Symantec Alteris Symantec SSIM Symantec Alteris EMC RSA Access Manager EMC RSA Envision EMC RSA Envision Oracle Identity Manager Oracle Enterprise Manager Oracle Access Manager Oracle Audit Vault Oracle Audit Vault IBM Tivoli Identity Manager IBM Tivoli Compliance Insight Manager (TCIM) , Security Information Event Manager (TSIEM) IBM Tivoli Unified Single Sign-On , Tivoli Security Policy Manager IBM Common Audit and Reporting (CARS) & TCIM 5 Identity Management Compliance and configuration Policy/Access Monitoring and response Standardized logging
  • 6. Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 6 Approach ID CC Gaps for ESM Start Establish Industry Team and Select Lab Created ESM Product Categories Collected Products and Data Define next level of Use Cases Develop Global Threat Analysis Select Protection Profile Establish High-level Spec for PP Develop PP Verify (QA) on PP Publish PP Draft for Public Comment Declare PP Status (Global Conference) Publish PP PPs Complete? Stop No Yes Publish PP Draft for Public Comment Completed as of Sept 09
  • 7. Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 7 Cause and Effect/Fishbone
  • 8. Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 8 Timeline so far - Sept 2008 Proposal - Received well at 9th ICCC--interest by multiple vendors, NIAP, consultants and other schemes - May 2009: NIAP pledges support for creation of the ESM PP’s. - May-Aug 2009: Concurrence of ESM product categories among Microsoft, IBM, EMC, Oracle Symantec, Ricoh, and CA Inc solidified
  • 9. Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Implementation Plan 9
  • 10. Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Communication Plan - Comment Periods -Posted on official sites -Allow for anyone to provide feedback - CCVF - ICCC and RSA 10
  • 11. Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Participation to Date - You can be a part of this team - The more participants the better the quality 11
  • 12. Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Joshua Brickman, PMP CA, Inc. Program Manager, Federal Certifications (508) 628-8917 Joshua.Brickman@ca.com Q & A 12 Eric Winterton, CISSP Booz | Allen | Hamilton CCTL Director (410) 684-6691 winterton_eric@bah.com
  • 13. Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 13 Backup Slides
  • 14. Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Impact to Effort Matrix 14
  • 15. Copyright ©2009 CA & Booz Allen Hamilton. All rights reserved. All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. All Products in ESM 15