FISWG / NCMS Briefing July 12, 2017 Presented by: Sr. ISR Jason Howard

Slides:

Advertisements

Similar presentations

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.

Advertisements

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

Life Science Services and Solutions

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.

Defense Security Service. DSS Update DSS Changing With A Changing Security Environment.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

Child Care Regulations for Licensure Presentation Kevin Savage Licensing Administrator March 31, 2015 Healthy Children and Youth, Strong Families, Diverse.

11 Karen Atkins 12 September 2013 The Importance of New Hire Orientation - FISWG.

A brief overview of the IRVS for Schools Assessment Tool and its four major components.

Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.

Brian Markham Director, DIT Compliance and Risk Services May 1, 2014

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

Navigating the Maze How to sell to the public sector Adrian Farley Chief Deputy CIO State of California

UNCLASSIFIED U.S. Coast Guard Building Tomorrow’s Capabilities RADM Mark Butt & Mr. Joe Call, USCG April 2, 2014 UNCLASSIFIED.

THE REGIONAL MUNICIPALITY OF YORK Information Technology Strategy & 5 Year Plan.

Introduction Challenges of Managing in a Network Economy.

1 Foreign Trade Regulations Mandatory Automated Export System Christina Farr September 15, 2008 Foreign Trade Division Regulations, Outreach and Education.

CAIRA is a quantitative vulnerability assessment tool for examining the physical security of energy systems (electrical, natural gas, steam and water)

Operational Security PCC. VII-F.1.

Critical Infrastructure Protection: Program Overview

Accompanying notes to presentation What you need to know This presentation is part of the Art of connecting. There are four themes in total, each with.

SAM for Virtualizatio n Presenter Name. Virtualization: a key priority for business decision makers Technavio forecasts that the global virtualization.

ISS SiteProtector and Internet Scanner LanAdmin Group Meeting 12/8/2005.

Presenter’s Name June 17, Directions for this Template  Use the Slide Master to make universal changes to the presentation, including inserting.

1 Appendix B Initial Briefing Template. 2 Site X Vulnerability Assessment (VA) Presenter name Presenter organization Presenter phone Presenter phone/ .

23 July 2003 PM-ITTS TSMOTSMO Information Assessment Test Tool (IATT) for IO/IW Briefing by: Darrell L Quarles Program Director U.S. Army Threat Systems.

DOD SOFTWARE ASSURANCE INITIATIVE: Mitigating Risks Attributable to Software through Enhanced Risk Management Joe Jarzombek, PMP Deputy Director for Software.

Segment 6: Provider Communication California ICD-10 Site Visit Training segments to assist the State of California with the ICD-10 Implementation June.

Key Terms Business Continuity Plan (BCP) – A comprehensive written plan to maintain or resume business in the event of a disruption Critical Process –

Homeland Security, First Edition © 2012 Pearson Education, Inc. All rights reserved. Intelligence and Counterintelligence and Terrorism CHAPTER 8.

NISPOM Chapter 1 Basics General Requirements Reporting Responsibilities Steven Rivera, FSO July 10, 2013.

UNCLASSIFIED // FOR OFFICIAL USE ONLY CMD LOGO Operations Security (OPSEC) CMD LOGO Assessment in-brief DD MMM YYYY Presenter Contact information.

FOR OFFICIAL USE ONLY 1 National Critical Infrastructure Prioritization Program Tier 1 and Tier 2 Program Overview Office of Infrastructure Protection.

THE TOP FOUR BEST PRACTICES WHEN SELECTING A DALLAS DATA CENTER.

Overall Classification of this Briefing is UNCLASSIFIED//FOUO

Utilizing Your Business Continuity Plan.

Physical Security Governance Model

Proactive Attack Prevention and Detection

Patch Management Patch Management Best Practices

Problem Statement and Research Question

IFPC Beta Testing Fact Sheet

Strategic analysis Europol’s products and services

Advanced Threat Protection

A Guide to Conducting Integrated Baseline Reviews

Cybersecurity EXERCISE (CE) ATD Scenario intro

Making Information Security Manageable with GRC

Welcome to ALA 365 The only Social Business TV Network

AASHTO Winter Meeting Safety Rulemaking Update Office of Transit Safety and Oversight Angela Dluger December 3, 2015.

Making Information Security Actionable with GRC

cyberopsalliance.com |

Hazard and Vulnerability Assessment

TERRORIST PROTECTION PLANNING USING A RELATIVE RISK REDUCTION APPROACH

By Jeff Burklo, Director

Confronting Cyber Threats: Cybersecurity from the FBI’s Perspective

AT&T/Cisco Partnership…Enabling Customer Success

Force Protection Ms. Trish Huber Deputy for Munitions and Logistics

MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further

Third-party risk management (TPRM)

MAZARS’ CONSULTING PRACTICE

MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further

Data Governance & Management Skills and Experience

MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further

Senior Security Manager/ FSO

MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further

DSS in Transition/Execution

MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further

Ben Rohrbaugh Lantern UAS, LLC

FISWG Summer 2012 Meeting Agenda

Presentation transcript:

DSS IN TRANSITION Partnering with Industry to Protect National Security FISWG / NCMS Briefing July 12, 2017 Presented by: Sr. ISR Jason Howard CISA Douglas Hartwell UNCLASSIFIED

DiT Presentation Overview Why do we need to change? Discuss the new DSS methodology Provide industry with tips, guidance, and tools to help cleared industry better protect national security information Questions & Answers UNCLASSIFIED

Adversaries are successfully: Need For Change The U.S. is facing the most significant foreign intelligence threat it has ever encountered. Adversaries are successfully: Attacking cleared industry at an unprecedented rate Stealing our national security information and technology Using multiple and varying avenues of attack Shifting priorities based upon their needs UNCLASSIFIED

Need For Change DSS is evolving from schedule-driven compliance to intelligence-led, asset-focused, threat driven security oversight The new methodology is fluid and dynamic It will allow DSS to work more effectively with cleared industry to ensure that contracted capabilities, technologies, and services are delivered uncompromised UNCLASSIFIED

New DSS Methodology Four steps of the New DSS Methodology: 1. Identify all the assets of each facility 2. Prioritize assets UNCLASSIFIED

New DSS Methodology 3. Threat, Vulnerability, and Impact Analysis 4. Develop Tailored Security Programs UNCLASSIFIED

DiT Outreach Processes New DSS Methodology DiT Outreach Processes Threat, Vulnerability, and Impact Analysis Triage Outreach Program (TOP) Continuous Monitoring Advise & Assist Visits UNCLASSIFIED

Applying Technology Trends to Your Facility UNCLASSIFIED

Applying Technology Trends to Your Facility UNCLASSIFIED

Benefits UNCLASSIFIED

Q&A Questions? UNCLASSIFIED