Managing a “Data Spill” Corrie Velez Technical Security Orlando, Florida March 14, 2012.

Slides:



Advertisements
Similar presentations
1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.
Advertisements

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
How to Manage a Contamination Incident Defense Security Service Carolyn Shugart Information Technology Specialist Standards & Quality Branch.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Privacy, Security, Confidentiality, and Legal Issues
Defense Security Service. DSS Update DSS Changing With A Changing Security Environment.
ODAA Workshop December 2012 Charles Duchesne, DSS Tiffany Snyder, DSS
What’s the path to a SSP? Information System Profile Contractor: Lockheed Martin, Missiles and Fire Control Address: 1701 W. Marshall Dr. Grand Prairie,
1 © Jetico, Inc. Oy Military-Standard Data Protection Software Customer Challenges with Classified Data Spills.
NOAA Computer/Hard Drive Sanitization Validation Form and PDA/Cell Phone Destruction Worksheet.
Chapter 5: Asset Classification
Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.
Industrial Security Field Operations (ISFO) Office of the Designated Approving Authority (ODAA) August 2010.
1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.
Security Policies Group 1 - Week 8 policy for use of technology.
Network security policy: best practices
Section Eight: Communication Security (COMSEC) Note: All classified markings contained within this presentation are for.
Fermi Computer Incident Response Team Computer Security Awareness Day March 8, 2005 Michael Diesburg.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Section Ten: Security Violations and Deviations Note: All classified markings contained within this presentation are for training purposes only.
Incident Reporting Procedure
Discovery Planning steps (1)
Electronic Public Record What is it, and Where Can Agency Lawyers Find It?
1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.
Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.
OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil March 20, 2015 UNCLASSIFIED Industrial Security.
Information Systems Security Computer System Life Cycle Security.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
HQ Expectations of DOE Site IRBs Reporting Unanticipated Problems and Review/Approval of Projects that Use Personally Identifiable Information Libby White.
Data management in the field Ari Haukijärvi 2nd EHES training seminar.
OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil August 12, 2014 UNCLASSIFIED NISPOM Update.
Section Five: Security Inspections and Reviews Note: All classified markings contained within this presentation are for training purposes only.
Public Employees Retirement System October 31, 2007 Eric Sokol, CSD Administrator Jeffrey Marecic, ISD Administrator Senate Bill 583 Implementation.
Project Management Methodology Project Closing. Project closing stage Must be performed for all projects, successfully completed or shut off by management.
1. Objectives  Describe the responsibilities and procedures for reporting and investigating ◦ incidents / near-miss incidents ◦ spills, releases, ◦ injuries,
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Developing Plans and Procedures
A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Sample only Order at Security Awareness Training A threat awareness briefing. A defensive security briefing. An overview of the.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
SECURITY BRIEFING A threat awareness briefing A defensive security briefing An overview of the security classification system Employee reporting obligations.
Administrative Inquiries
Defense Security Service Contractor SIPRNet Process June 2013
Staying ahead of the storm: know your role in information security before a crisis hits Jason Testart, IST Karen Jack, Secretariat.
TRUENORTH TECHNOLOGY POLICIES OVERVIEW. This includes but is not limited to : – Games – Non-work related software – Streaming media applications – Mobile.
Managing a “Data Spill”
How To Conduct An Administrative Inquiry (AI) Due To A Security Violation
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.
Information Management and the Departing Employee.
Business Continuity Planning 101
HIPAA: So You Think You’re Compliant September 1, 2011 Carolyn Heyman-Layne, J.D.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
Safeguarding CDI - compliance with DFARS
Information Security Policy
Incident Reporting And Investigation Program
Mysale Information Classification 101
Derivative Classification Overview
Josh Thompson Classified Information Systems – Western Region
HQMC ISC BRIEF FEBRUARY 6, 2007
Incident Reporting And Investigation Program
County HIPAA Review All Rights Reserved 2002.
HIPAA Security Standards Final Rule
HQ Expectations of DOE Site IRBs
Presentation transcript:

Managing a “Data Spill” Corrie Velez Technical Security Orlando, Florida March 14, 2012

Objectives Classified Data Spill Data Spill / Incident Plan Responsibilities Reporting Review steps for conducting an Administrative Inquiry Review reporting requirements Discuss cleanup considerations Summary

Classified Data Spill AKA- Contamination or Classified Message Incident –Occurs when Classified Data is introduced to an Unclassified System or to a system accredited as a lower level classification than the data SECRET Unclassified

Classified Spill Definition Classified Spills (also known as contaminations or classified message incidents) occur when classified data is introduced to an unclassified computer system or to a system accredited at a lower classification than the data. Any classified spill will involve an Administrative Inquiry for the facility concerned. SECRET (reference ISFO rev 3 section )

Data Spill / Incident Response Plan Provides a roadmap Defines structure, response and capability Meets unique organizational requirements Defines incidents, resources and support Supporting document that can be pre- approved by Data Owners/Customers. Reference ISFO Process Manual, Rev ,

Contamination occurs when… People not following the rules Confusion – didn’t understand Data not reviewed by SME IAW SCG Received data electronically ( or optical media) from outside source.

All Personnel –Immediately open lines of communication –Participate and support response efforts –Assess risk / follow data owner (customer) guidelines and/or approved procedures –Assign cleared people to assist cleanup Responsibilities

Responsibilities…cont FSO –Acts as incident lead, notifies Government agencies, data and cleaning procedure, Id Sender/Receiver(s) then coordinates the cleanup effort

Responsibilities…cont ISSM / ISSO –Assess extent of spill and plans cleanup actions –Contact GCA to receive their spill clean up procedure(s) or receive approval if forwarding the DSS/Contractors’ procedure(s). –Conducts cleanup actions –Reports findings –Protect/Isolate systems from further contamination, etc

Conduct a preliminary inquiry! Conduct immediately Determine Who, What, Where, Why and How “Did a loss, compromise or suspected compromise occur?” What happened? NISPOM Para 1-303a

Sample preliminary inquiry Timeline for Initial Report Top Secret: within 24-hours (1-day) Secret / Confidential: within 72-hours (3-days)

Reporting Must be accomplished Guidance is located in: –ISFO Process Manual Rev , pgs – industry.pdf –DoD M, NISPOM Operating Manual Reports of Loss, Compromise, or Suspected Compromise.

Is there a loss, compromise, or suspected compromise? Loss: material can’t be located within a reasonable period of time Compromise: disclosure to unauthorized person(s) Suspected compromise: when disclosure can’t be reasonably precluded

Where to begin? Assemble team Physically isolate, protect all contaminated equipment Remove access from unauthorized personnel

What should be done? (cont.) Call your Defense Security Service (DSS) IS Rep and/or ISSP* Contact your customer, the data owner * Information Systems Security Professional “Would you take care of this for me!” DO NOT delete the suspect data yet!

Help you limit further systems from being contaminated. Work with you on sanitizing all infected systems. What to expect from DSS

What platforms and O/Ss are involved? Are there any remote dial-ins Are there any other network connections? At what locations was the file or received ( servers) or placed? Was the data encrypted? Was the file deleted? Is there RAID technology involved? –ISFO Process Manual Rev contains step-by-step descriptions starting on pg 100…to order the manual, go to: Some important facts to consider…

ISFO Cleansing Checklists Inside of ISFO (General, Desktop, Bl ackBerry devices and Servers) Some Data Owners / customers may provide specific guidance / checklists to be used

What about an server? What type of system is involved? Is System Admin cleared? Is Tape/Disk Backup Admin cleared? Ensure areas where deleted files are retained are addressed, e.g., MS Exchange’s deleted item recovery container). MS Exchange is discussed because of its widespread use. DSS does not endorse the use of any products.

Forget any components?

Follow through! Gather and review Audit Trails that are applicable –Paper –Electronic Interview all people known to be involved - Note…Do Not use to communicate the “Who, What, When, Where, Why, How” except for reporting requirements to DSS/Customer or others involved, (i.e. other contractors)

Prepare Final Report Write and submit the final report (Paragraph 1-303c, NISPOM) Due within 15 days of notification of spill

Sample Administrative Inquiry

Final Actions Request they provide additional cleanup steps within 30 days Send details to government customer to include cleanup action Include hardware and operating system platforms “Create your data spill / incident plan prior to experiencing a data spill, for if you fail to plan, your plan will fail!” ~ Anonymous ISSM

Follow available guidance! NISPOM Admin Inquiry (AI) Report Requirements (Paragraph 1-303) – om pdf DSS Guidance for Conducting an AI – job-aid-for-industry.pdf Clearing and Sanitization Matrix –ISFO Process Manual Rev (to order the manual, go to:

Overwrite utilities programs Determine types of devices and operating systems involved. Locate (acquire) approved overwrite utilities to sanitize the suspect data from systems –Contact your DSS ISSP or the Data Owner if you require additional information on how to sanitize the affected media. Administrative Inquiry (AI) Guidelines for Information Systems (IS)

NIST Common Criteria (Sensitive Data Protection)NISTCommon Criteria (Sensitive Data Protection) Sun’s “Purge” ( Part of the O/S) SGI “FX” (Part of the O/S) Unishred Pro (EAL1) BCWipe Total WipeOut Terminus 6 White Canyon Wipe Drive (EAL4) Overwrite utilities: Note: This is a partial list of products that have enabled contamination cleanup in the past. DSS does not endorse any products.

Report suspenses! Timeline for Initial Report –Top Secret: within 24-hours (1-day) –Secret / Confidential: within 72-hours (3-days) Timeline for Final Report –Top Secret/Secret/Confidential: within 15-days of discovery Administrative Inquiry (AI) Process Job Aid, dated Jul 2011

Summary What causes contaminations Possible cleanup considerations Reporting requirements NISPOM Para 8-103b,c

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.