Get documents about "Slide 1 - SecureInfo Corporation
Document Sample
CYBER TOWN HALL WEB MEETING on
Continuous Monitoring within the Risk Management Framework
Welcome to a Cyber Town Hall Meeting
Featuring Guest Speakers from NIST and DHS:
Dr. Ron Ross, NIST
Senior Computer Scientist at NIST
Principal Architect, Risk Management Framework
Dr. Ross leads the FISMA implementation project which includes
the development of security standards and guidelines.
Moderated by:
Mr. Christopher Fountain
Robert C. West, DHS President & CEO
Chief Information Security Officer SecureInfo Corporation
Mr. West was selected as the first CISO of the Department of
Homeland Security and continues to lead the Department’s
information security organization and programs.
Matt Coose, DHS
Director of FNS (Federal Network Security)
Mr. Coose leads the Federal Network Security organization
within NCSD and works across the federal government to
improve the cyber security posture of federal systems and
networks.
CYBER TOWN HALL WEB MEETING on
Continuous Monitoring within the Risk Management Framework
Dr. Ron Ross, NIST
Senior Computer Scientist at NIST
Principal Architect, Risk Management Framework
Dr. Ross leads the FISMA implementation project which includes the
development of security standards and guidelines.
Enterprise-Wide Risk Management
Multi-tiered Risk Management Approach STRATEGIC RISK
Implemented by the Risk Executive Function FOCUS
Enterprise Architecture and SDLC Focus
TIER 1
Flexible and Agile Implementation
Organization
(Governance)
TIER 2
Mission / Business Process
(Information and Information Flows)
TACTICAL RISK
TIER 3 FOCUS
Information System
(Environment of Operation)
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
Risk Management Framework
Starting Point
CATEGORIZE
Information System
Define criticality/sensitivity of
information system according to
MONITOR potential worst-case, adverse SELECT
Security Controls impact to mission/business. Security Controls
Continuously track changes to the Select baseline security controls;
information system that may affect apply tailoring guidance and
security controls and reassess supplement controls as needed
Security Life Cycle
control effectiveness. based on risk assessment.
AUTHORIZE IMPLEMENT
Information System Security Controls
Determine risk to organizational Implement security controls within
operations and assets, individuals, enterprise architecture using sound
other organizations, and the Nation; ASSESS systems engineering practices; apply
if acceptable, authorize operation. security configuration settings.
Security Controls
Determine security control effectiveness
(i.e., controls implemented correctly,
operating as intended, meeting security
requirements for information system).
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
Risk Management Process
Applied Across Three Organizational Tiers
Assess Respond
Risk
Monitor
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
Contact Information
100 Bureau Drive Mailstop 8930
Gaithersburg, MD USA 20899-8930
Project Leader Administrative Support
Dr. Ron Ross Peggy Himes
(301) 975-5390 (301) 975-2489
ron.ross@nist.gov peggy.himes@nist.gov
Senior Information Security Researchers and Technical Support
Marianne Swanson Kelley Dempsey
(301) 975-3293 (301) 975-2827
marianne.swanson@nist.gov kelley.dempsey@nist.gov
Pat Toth Arnold Johnson
(301) 975-5140 (301) 975-3247
patricia.toth@nist.gov arnold.johnson@nist.gov
Web: csrc.nist.gov/sec-cert Comments: sec-cert@nist.gov
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
CYBER TOWN HALL WEB MEETING on
Continuous Monitoring within the Risk Management Framework
Robert C. West, DHS
Chief Information Security Officer (CISO)
Mr. West was selected as the first CISO of the Department of Homeland
Security and continues to lead the Department’s information security
organization and programs.
Threats to information and IT resources
High Risk Threats
• Well-resourced, highly-motivated groups of cyber-warriors
• Numerous attack vectors including email, social media, and apparent trust paths
like those with contractor facilities
• Use of zero-day attacks and exploitation of weak credentials are common
• Often referred to as the Advanced Persistent Threat in public media
Medium Risk Threats
• Criminals targeting identity and money
• Varying levels of technical sophistication
• Russian Business Network
• Botnets and Bot Herders
Low Risk Threats
• Standard Internet Pollution
• Threats against every user
• Unsophisticated
FOUO
Strong enterprise IT governance is key
Mission Assurance requires strong IT governance
Security fully integrated into IT Governance
Framework
Multi-layered risk mitigation strategy
• Perimeter • Information & Data
• Network • Security Operations
• Systems • Identity Management
• End Point • Training & Awareness
Comprehensive controls based on NIST
Risk Management Framework
• Management controls
• Operational controls
• Technical controls
FOUO
Mission Assurance through multiple security layers
Trust Zone B
C
Trust Zone A PEP O
Trust Zone C
DHS N
PEP PEP
Wide Area T
Network R
O
TIC SMTP L
L
A
Y
E
R
S
Internet
Automated
TICs PEPs C&A Patching
Control Examples
FOUO
Trust Zone B
Trust Zone C
Continuous Monitoring
PEP Network
Enterprise
Trust Zone A DHS PEP • FW
PEP Wide Area SEM • IDS/IPS
Network • PCAP
SMTP • Netflow Perimeter
• Proxy
TIC • DNS/Time
• A/V
• PCAP
Visibility Internet Enterprise • Email
Policy Enterprise Log inspection
Roadmap Server Aggregation • Netflow
• DNSSec
DHS Wide Area Network
SEM SEM SEM
Policy Policy Policy
Server Server Server
• Asset Inventory
.
Log
Log
Aggregation
Aggregation • Asset Inventory
Log
Log
.
Aggregation
Aggregation • Asset Inventory
Log
.
Log
Aggregation
Aggregation
• Patch &Power • Patch &Power • Patch &Power
Management HIDS
HIDS Management HIDS
HIDS Management HIDS
HIDS
• Configuration Firewalls
Firewalls • Configuration Firewalls
Firewalls • Configuration Firewalls
Firewalls
Control Servers/Apps
Servers/Apps Control Servers/Apps
Servers/Apps Control Servers/Apps
Servers/Apps
Other
Other Other
Other Other
Other
Endpoint Devices Systems Endpoint Devices Systems Endpoint Devices Systems
Trust Zone A Trust Zone B Trust Zone C
FOUO
CYBER TOWN HALL WEB MEETING on
Continuous Monitoring within the Risk Management Framework
Matt Coose, DHS
Director of FNS (Federal Network Security)
Mr. Coose leads the Federal Network Security organization within NCSD
and works across the federal government to improve the cyber security
posture of federal systems and networks.
FNS Vision and Process
VISION: To be the recognized leader for driving change that
enhances the cyber security posture of the Federal Government
Assess Enterprise Needs and Required Capabilities
Identify and prioritize actions required to mitigate risks and Assess
improve cyber security posture across the Enterprise
Influence Policy and Strategies to Implement
Promote actionable cyber security policies, initiatives, Influence
standards, and guidelines for implementation
Drive Implementation of Capabilities
Enable and drive the effective implementation of cyber Drive
security risk mitigation activities and capabilities
Measure and Monitor Implementation and Security Posture
Measure and monitor Agency implementation, compliance Measure
(with published policies, initiatives, standards, and guidelines),
and security posture Simultaneous and
Iterative Process!
Homeland National Cyber Security Division
Security
2/17/2013 7:47:39 AM
Overview
• Cyber Ecosystem is Complex – Improving Posture Requires Management of ALL
Ecosystem Components
• Effective Management Requires:
– Identifying what to monitor and mitigate (SP800-53, CAG, Ecosystem Components)
– Efficient, Accurate, and Timely collection and integration of a wide range of “data
feeds” (Defining Capabilities and Maturing to Full Automation)
– Immediate mitigation actions (Prioritizing, Accountability, Empowering to Act)
• Facilitating Effective Management Across the USG Requires:
– Collaboration (D/As, Private Sector, NIST, NSA, DHS, etc…)
– Establishing goals and evolving goals over time to drive maturity (FISMA)
– Balancing/Aligning standards development/adoption with operational needs
– Facilitating Agency Implementation (Architectures, Contract Vehicles, etc…)
– Minimizing Disruptions/Disconnects
– Encouraging Vendor Adoption (COTS/Content Delivery with ROI)
– Effectively Communicating our Progress and Plans
Homeland National Cyber Security Division
14 Security
2/17/2013 7:47:39 AM
Picture View
Maturing Enterprise-Wide Cybersecurity Capabilities to include:
•System Inventory
•Asset Management*
•Configuration Management*
•Vulnerability Management*
•Identity and Access Management
•Data Protection
•Boundary Protection
•Incident Management
•Network Security Protocols
•Remote Access/Telework Management
•Training and Education
•Software Assurance
•Supply Chain
•Others… NIST Maturity Model
*Standards Exist (SCAP)–Now Focus on Content in
these areas
•USG Effort Equates to a Complex Business Process Enabler Activities
Improvement Project NIST: Best-of-Breed: ISSLOB:
Data Reference Enterprise
Standards Architectures Contract Vehicles
Homeland National Cyber Security Division
Security
2/17/2013 7:47:39 AM
Continuous Monitoring Activities
• FY10 Annual FISMA Reporting requires auto feeds for three SCAP-based data sets
• Published a Continuous Monitoring Reference Architecture (CAESARS) on 9/1/10
• Established SAIR TIER I BPA with GSA in June 2009 based on SCAP Validated Tools
• McAfee, Gideon Technologies (now Symantec), BIGFIX (now IBM)
• Defining requirements for SAIR TIER III (continuous monitoring) BPA to expand the
number and types of vendors available to Agencies
• Considering the development of a USG approved product list based on SCAP
• NSA/NIST/DHS co-sponsored Vendor Outreach effort in Mountain View, CA on 8/13/10
• 120+ participants
• Established a joint FNS/ISIMC Continuous Monitoring Working Group (CMWG) 8/15/10
• Group will drive definition of additional “data feeds” (to be used for FY11 FISMA
Reporting)
• Conducting joint FNS/NIST CM Workshop as part of ITSAC Conference on 9/29/10 to
engage vendor community
• CMWG members will facilitate small groups with vendors to define additional
“ecosystem” data feeds
• Conducting joint NCSD/ISIMC Conference on 10/19-21
• Continuous Monitoring Sessions
Homeland National Cyber Security Division
16 Security
2/17/2013 7:47:39 AM
CYBER TOWN HALL WEB MEETING on
Continuous Monitoring within the Risk Management Framework
Q&A Segment
Questions submitted by registrants
were consolidated for the panel.
Dr. Ron Ross, NIST
ronald.ross@nist.gov
Mr. Robert C. West, DHS HQ
robert.west@dhs.gov
Mr. Matt Coose, DHS FNS
matt.coose@dhs.gov
Moderated by:
Mr. Christopher Fountain, SecureInfo
christopher.fountain@secureinfo.com
