Assured Information Solutions, LLC Securing the Life Blood of Business - INFORMATION Christopher D. Peele CISSP-ISSEP Chief IA Analyst.

Slides:



Advertisements
Similar presentations
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Advertisements

Security and Personnel
Visual 3.1 Unified Command Unit 3: Unified Command.
David A. Brown Chief Information Security Officer State of Ohio
DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.
Prepared for: DISA September 17, 2003 Establishing a Government Information Security System Presented to the IT AND COMMUNICATIONS SYSTEMS SECURITY CONFERENCE.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Information Systems Security Officer
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Security Governance Technology Executive Club
Stephen S. Yau CSE , Fall Security Strategies.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
INFORMATION SECURITY REGULATION COMPLIANCE By Insert name dd/mm/yyyy senior leadership training on the primary regulatory requirements,
Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.
Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
Information Systems in Organizations 3.2 Systems Management.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
H UMAN R ESOURCES M ANAGEMENT Beki Webster Director, HR, Intelligence Systems Division Northrop Grumman Information Systems July 31, 2009.
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.
1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Shift Left Feb 2013 Page-1 DISTRIBUTION STATEMENT A – Cleared for Open Publication by OSR on January 17 th, 2013 – SR case number 13-S-0851 Dr. Steven.
IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant,
CSCE 548 Secure Software Development Security Operations.
New A.M. Best Cyber Questionnaire
Information Systems in Organizations 3.2 Systems Management.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.
Information Systems in Organizations 3.2 Systems Management.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
Information Security in Laurier Grant Li Wilfrid Laurier University.
Risk Assessments in Many Flavors George J. Dolicker, CISA, CISSP.
Advanced Planning Brief to Industry Jerry L. Davis DAS, Office of Information Security June 9, 2011.
Cybersecurity as a Business Differentiator
Department of Safety & Quality Assurance
Information Security Program
Team 1 – Incident Response
Security Standard: “reasonable security”
Compliance with hardening standards
California Cybersecurity Integration Center (Cal-CSIC)
Introduction to the Federal Defense Acquisition Regulation
I have many checklists: how do I get started with cyber security?
Enterprise Risk Management
~ 20% of employees are military veterans.
Security week 1 Introductions Class website Syllabus review
Strategic threat assessment
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

Assured Information Solutions, LLC Securing the Life Blood of Business - INFORMATION Christopher D. Peele CISSP-ISSEP Chief IA Analyst

2 Background Christopher D. Peele, Chief IA Analyst B.S., Computer Technology, M.S., Information Assurance, CISSP, ISSEP, NSA IAM, NSA IEM Mr. Peele has over 30 years of technology experience ranging from avionics systems, bioelectronics systems, electronics, computer information systems, computer systems administration project management and information assurance. Mr. Peele spent a combination of 22 years in the US Air Force serving as active, reserve and guardsmen status as an Avionics Communication and Navigation Technician. He has over 14 years experience in information security and for 10 of those years, he has worked in the Department of Defense environment working on DIACAP initiatives in support of the Joint, Army and Marine Corps information and combat systems for the ATEC, NCR RNOSC, MCNOSC and MCSC. Mr. Peele has developed, witnessed, coordinated and conducted IA Assessments in support initial operational test and evaluation for AEC Survivability Directorate for a number of systems. He has also implemented certification and accreditation process in support of MCSC initiatives.

3 Securing the Critical Information Vital to Your Small Business Survival

4 Agenda Why should we secure information? What mandates the protection of information? What are the threats to information? How is security implemented? Who is going to implement security? Who is responsible for security? Areas of Concentration

5 Why should we secure information? Organizations Most Value Asset  Intellectual Property  Mission Information  Financial Information  Personal Identifiable Information Loss of Competitive Business or Technological Advantages Damage of Reputation Loss of Revenue Legal and Regulatory Sanctions Small/Medium Businesses are the Low Hanging Fruit

6 What mandates the protection of information? Federal Information Security Management Act 2002 Family Educational Rights and Privacy Act Health Insurance Portability and Accountability Act Sarbanes-Oxley Act 2002 Gramm–Leach–Bliley Act Payment Card Industry Data Security Standard Securing the Life Blood of Business – INFORMATION -

7 What are the threats to information? External Threats  Manmade Attack of known vulnerability by a cyber criminal. Zero-day malware attack Phishing, Spear Phishing and Whaling Advanced Persistent Threats (APT) Players: Nation State, Cyber Gangs, Hacktivists, Individuals  Natural Flood Fire Earthquake

8 What are the threats to information? Internal Threats  Intentional Trusted Insider Disgruntled employee Employee with financial problems Employee with adverse information  Unintentional User opening infected attachment Misconfigured settings Infecting work system while working remotely Introduction of malware via personal devices

9 How is security implemented? First, security is not a one size fits all! Security must align with business and mission objectives. Deploy in layers with input from stakeholders Implement relevant controls Fortifying network perimeters Instituting security policies and procedures

10 How is security implemented? Fortifying facility security control Implementing Security Awareness training Limiting unauthorized access to network and facility Monitoring and auditing network activity Protecting mobile endpoints Human Resources background investigations Bottom line: Implementing Defense-in-Depth

11 Who is going to implement security? Certified Security Professionals:  Information Assurance Professionals  Information System Security Engineers  Cyber Security Professionals Certifications:  CISSP, ISSEP, ISSMP, CISM, CISA, CAP  Security+, Network+, CASP  SANS Certifications  OEM Certifications

12 Who is responsible for security? Security is Everyone’s Responsibility! Senior Management is Ultimately Responsible for Security in their Organization Lead by Example!! TRUST BUT VERIFY!

13 Areas of Concentration Senior Management Buy-In Security Awareness Training Business Continuity Plan Configuration and Asset Management Develop Security Policies and Processes Enforce Security Policies Ensure Teaming Agreements Address Security Issues

14 AIS LLC’s Capabilities Risk Management & IS Security Engineering IA Compliance & Continuous Monitoring Certification and Accreditation Process Oversight IA Assessment & Evaluation IA Test & Evaluation (T&E) IA Subject Matter Expertise IA Acquisition Support Project Management & Security Strategic Planning

15 IA Current and Past Performance Regional Support Services (PdM MCNIS)  Provided day-to-day IA and Cyber Security support to the USMC Regional NOSC initiative to reestablish ownership and operational responsibility of the USMC NIPR network. Marine Corps Enterprise IT Services (PdM MCES)  Provided IA analysis and C&A oversight to PdM MCES during the acquisition and sustainment phases of the MCEITS data center project. Network Centric Enterprise Services (Joint/AEC)  Developed and coordinated IA test plans and analysis in support of DISA NCES program. CH-53K HLR Helicopter (Sikorsky/Navy)  Developed program protection plan and C&A process guidebook. Unified Command Suite (AEC)  Provided IA analysis of an operational test conducted by JITC of a multiple jurisdiction command and control system

16 QUESTIONS?

17 Contact Information Christopher Peele, MSIA CISSP-ISSEP, NSA IAM, NSA IEM Chief IA Analyst Office:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.