CounterMeasures™ Risk Analysis and Management May 2005.

Slides:

Advertisements

Similar presentations

FMS. 2 Fires Terrorism Internal Sabotage Natural Disasters System Failures Power Outages Pandemic Influenza COOP/ Disaster Recovery/ Emergency Preparedness.

Advertisements

Business Development Suit Presented by Thomas Mathews.

Open Range Software Welcome to a presentation of the Open Range Industrial Hygiene Program.

IRS SMALL BUSINESS SHOWCASE (BAYFIRST SOLUTIONS, LLC.) THE CONVERGENCE OF PEOPLE PROCESS TECHNOLOGY Small Business Size: SBA Certified 8(a) Small Disadvantaged.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

SACM Terminology Nancy Cam-Winget, David Waltermire, March.

1 1 UNITED STATES ARMY EVALUATION CENTER Chris Wilcox US Army Evaluation Center Mission-Based T&E Primer v1.3, 2.

Experience, Technology and Focus in Mid Market CRM Soffront Asset management: An Overview.

MAINSTAY ENTERPRISES, INC. “We Support Your Security Needs” Information System Security Services In today’s competitive marketplace, facilitating electronic.

© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.

Introduction to the State-Level Mitigation 20/20 TM Software for Management of State-Level Hazard Mitigation Planning and Programming A software program.

OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Objectives Explain the purpose and various phases of the traditional systems development life cycle (SDLC) Explain when to use an adaptive approach to.

Managing Risk in Information Systems Strategies for Mitigating Risk

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

Vulnerability Assessments

Sustainment Management Systems

Application Threat Modeling Workshop

Microsoft ® Office Project Portfolio Server 2007.

Performance Metrics for EMS Self Assessment & Management Review 30 th Environmental and Energy Symposium & Exhibition April 5 – 8, 2004.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Front Page …..is an Asset Management tool designed to record and aid the analysis of activities affecting Production capability and costs. …..promotes.

What is Business Analysis Planning & Monitoring?

Appendix 2 Automated Tools for Systems Development © 2006 ITT Educational Services Inc. SE350 System Analysis for Software Engineers: Unit 2 Slide 1.

© VESP International Pty Limited To Contents Slide CLICK to advance slides/ bullet points within slides Integrated Master Planner An Overview.

Presenting The Broker-Dealer Certification Tool The Compliance Department Inc. Broker Dealer Compliance Consultants Compliance SCORE Powered by Keane BRMS.

© 2001 by Carnegie Mellon University PSM-1 OCTAVE SM : Senior Management Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh,

Assurance Case Approach TECNALIA Inspiring Business Novara November, 2013 TRIAL WS.

Process for Analysis  Choose a standard / type  Qualitative / Quantitative Or  Formal / Informal  Select access controls  Match outcome to project.

Emergency Management & HLS Solution Assessment and Pre-Planning Software.

1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.

1 Process Engineering A Systems Approach to Process Improvement Jeffrey L. Dutton Jacobs Sverdrup Advanced Systems Group Engineering Performance Improvement.

Integrating Security Design Into The Software Development Process For E-Commerce Systems By: M.T. Chan, L.F. Kwok (City University of Hong Kong)

Fundamentals of Project Management

Systems and Software Consortium | 2214 Rock Hill Road, Herndon, VA Phone: (703) | FAX: (703) Best.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

Products Briefing WebEOC Message 911 EM Assist. WebEOC ä Extensive and prestigious client base ä Proven technology ä Highly rated by DOJ.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Integrated Enterprise-wide Risk Management Protecting Critical Information Assets and Records FIRM Forum.

Using a Comprehensive Occupational Exposure Database to Integrate Members of the Occupational Health Team and Improve Your Occupational Health Program.

Sensitive Metric Collection and Reporting System Michael Aiello Hanning Gao Martin Goldberg Michael Sosonkin Jason Woloz.

An application architecture specifies the technologies to be used to implement one or more (and possibly all) information systems in terms of DATA, PROCESS,

Acquisition, Technology and Logistics The Department of Defense: Transforming the Business of Military Cultural Resource Data Brian Michael Lione Deputy.

Traffic Management Transit Management Emergency Management Fixed Point-to-Fixed Point Communications Roadway Toll Administration Remote Traveler Support.

Certification and Accreditation CS Syllabus Ms Jocelyne Farah Mr Clinton Campbell.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Strategic Planning Model A B C D E

1 MISA Model Douglas Petry Manager Information Security Architecture Methodist Health System Managed Information Security.

March 2004 At A Glance NASA’s GSFC GMSEC architecture provides a scalable, extensible ground and flight system approach for future missions. Benefits Simplifies.

1 Washington State Critical Infrastructure Program “No security, No infrastructure” Infrastructure Protection Office Emergency Management Division Washington.

SEAMLESS: Demo Version 1.4 “Presenting current developments and welcoming your feedback” For contact:

PI in a Modern Power Plant – American National Power, Inc. PI User Conference ‘03 Presented by: Brian M. Wood, American National Power, Inc More Uses Than.

Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.

JNTC Joint Management Office

Information Security Governance and Risk Chapter 2 Part 2 Pages 69 to 100.

GRC: Aligning Policy, Risk and Compliance

Mike Fetterman DISA SSO Montgomery.

1 Acquisition Automation – Challenges and Pitfalls Breakout Session # E11 Name: Jim Hargrove and Allen Edgar Date: Tuesday, July 31, 2012 Time: 2:30 pm-3:45.

1 Iowa Emergency Management Association Iowa Homeland Security and Emergency Management Department Emergency Management Program Development Course EMERGENCY.

1 Using CobiT to Enhance IT Security Governance LHS © John Mitchell John Mitchell PhD, MBA, CEng, CITP, FBCS, MBCS, FIIA, CIA, CISA, QiCA, CFE LHS Business.

© ITT Educational Services, Inc. All rights reserved. IS4680 Security Auditing for Compliance Unit 1 Information Security Compliance.

Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.

Requirements Analysis Scenes

Mission-Based T&E Primer v1.3, 2 Sep 08

Antiterrorism / Force Protection (AT/FP) Assessment Tool Training

IS4680 Security Auditing for Compliance

The Obermeier Software SNMP OPC Server 3.0

URS Washington Group International, Inc.

Presentation transcript:

CounterMeasures™ Risk Analysis and Management May 2005

Slide 2 Mission of Risk Management Division To support commercial and governmental risk mitigation programs for facilities, assets, missions, and infrastructure by providing policies, processes, tools and architectures that integrate strategic, operational, and tactical components across multiple domains.

Slide 3 CounterMeasures™ is a software data engine that is currently used to: Automate & Standardize Risk Assessments for: Information Assurance RF and IT communication Physical Security Facilities, Seaports, Airports, Bases Anti-Terrorism Construction Standards UFC-Anti Terrorism Construction Standards Critical Infrastructure Protection Road, Rail, Power, POL, Dams Generates automated comparison / summary reports Leverages NIPRNET or even WWW for data collection Can generate customized graphic, textual or data outputs Can be integrated with existing GOTS-based or COTS-based databases or programs.

Slide 4 Commercial Clients & Domains Anti-Terrorism Physical Security Info Assurance Port Security O.S.H.A. * Banks Gas/Oil Insurance Ports Universities States / Municipalities Security Firms A.D.A ** * O.S.H.A – Occupational Safety and Health Admin compliance ** A.D.A. – Americans with Disabilities Act compliance

Slide 5 Anti-Terrorism Physical Security Info Assurance Port Security C.I.P. * M.A ** U.S. Marines Defense Program Off. U.S. Army U.S. Coast Guard F.D.I.C. U.S. Trans. Command Other Federal * C.I.P. – Critical Infrastructure Protection ** M.A. – Mission Assurance Analysis Federal Clients & Domains

Slide 6 CounterMeasures™ is a data-driven Program that: Standardizes the data collected during an assessment Calculates vulnerabilities indexes based on security controls Evaluates risk based on vulnerability index, threat template, and facility value/criticality Threat template includes applicability relationships as well as severity and frequency Facilitates “what-if” effects of posture improvements Can performs Cost/Benefit analysis of proposed changes for POM purposes Exports data to other vulnerability management tools Determines compliance with rules & policies Manages implementation of changes and automatically updates posture

Slide 7 Detail of a Survey Screen

Slide 8 Browser-based survey/data collection capability Browser-based tools allow for pre-assessment surveys. For some sites, the same tools can be used to perform self-assessments. Data Collection. Running on: WWW LAN WAN

Slide 9 Vulnerability Analysis / Mission Confidence Output Each bar represents an identified vulnerability or assigned mission Green bar: Current vulnerability (or mission confidence) index Yellow bar: Projected posture adjustments Red: Un-addressed (residual ) vulnerability Screen also tracks any changes to security posture

Slide 10 Analysis Screen for Posture Modification For areas of concern, managers can review in-place and required countermeasures. They can also propose difference solutions to arrive at a desirable proposed posture. The analysis module also tracks the status of security posture as conditions change.

Slide 11 Common Risk-Based methodology proven across all domains Diagram below is a simplified relationship schematic Actual relational nature of data is a many-to-many correlation All items and metrics can be adjusted to fit client environment Enemy/Environmental Threat(s) w/ anticipated frequency % Vulnerabilities Countermeasures with weighting metrics % Threat vs. Vulnerability Effectiveness Coefficient Asset Type(s) and value Environmental / Role Filter Countermeasure to Vulnerability Coefficient Asset Attributes

Slide 12 Graphic Output examples 70+ Reports depicting aspects of Risk Understanding: Reports also include cost-benefit and return-on-investment

Slide 13 Configurable Pre-formatted reports (MS Word) Custom reports, tailored to specific organizations, can be generated in MS Word using flexible custom report generating interfaces Military Ports NIST General

Slide 14 Analysis of Compliance Issues Compliance with laws, rules, policy, and guidance is evaluated to determine compliance gaps, as well as to document due-diligence.

Slide 15 Example of custom output: Integration w/ map program

Slide 16 Point of Contact: Caleb L. Jones Program Manger, Vulnerability / Risk Management Alion Science and Technology, Inc N. Beauregard St. Suite 600 Alexandria, VA (V) (F) Toll Free: