© TecSec® Incorporated 2003 Threat Notification Model for Federal, State and Local Authorities Threat Notification Model for Federal, State and Local Authorities.

Slides:



Advertisements
Similar presentations
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Advertisements

Homeland Security and Law Enforcement Created By: Ashley Spivey For _Local_Actions_for_Homeland_Security.pdf.
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
National Incident Management System (NIMS)  Part of Homeland Security Presidential Directive-5, February 28,  Campuses must be NIMS compliant in.
1 GPO PKI – Getting Started U.S. Government Printing Office May 20, 2011.
National Incident Management System Overview Briefing Fiscal Year (FY) 2006 Implementation.
DHS, National Cyber Security Division Overview
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Chapter 15: Government at Work: The Bureaucracy Section 1
Shared Technical Architecture’s Role within the ECIO Organization “Arkansas Shared Technical Architecture”
Security Controls – What Works
Information Security Policies and Standards
Understanding Active Directory
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Information Systems Security Officer
NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
FIRE DEPARTMENT ORGANIZATION State of Georgia BASIC FIRE FIGHTER TRAINING COURSE.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Information Technology Audit
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
District Planning Council Program Overview. District Planning Concept Local Elected Officials Emergency Managers Emergency Responders Local Business Community.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
November 17, Critical Risk Identification System (CRIS) United States Department of Agriculture Office of Homeland Security & Emergency Coordination.
Wisconsin Digital Summit Monona Terrace November 15, 2004 Justice and Public Safety Interoperability: Wisconsin’s Justice Information Sharing (WIJIS) Initiative.
CITIZEN CORPS & CERT ORGANIZATIONS. What is Citizen Corps? Following the tragic events that occurred on September 11, 2001, state and local government.
Securing Microsoft® Exchange Server 2010
Confidentiality Integrity Accountability Communications Data Hardware Software Next.
11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.
Hands-On Microsoft Windows Server 2008
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
Roles and Responsibilities
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Information Sharing Challenges, Trends and Opportunities
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
U of Maryland, Baltimore County Risk Analysis of Critical Process –Financial Aid Adapted STAR model –Focus on process and information flow –Reduced analysis.
1-1 System Development Process System development process – a set of activities, methods, best practices, deliverables, and automated tools that stakeholders.
Developing Plans and Procedures
1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.
Course # Unit 2 - OEP and PEMS. Unit 2 OEP and PEMS HQ OEP  OEP Mission  EP Website PEMS  Overview  Benefits  Current Functionality 
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Disaster Planning Workshop Hosted By: Pleasantview Fire Protection District.
Statewide Radio Feasibility Study (SIRN) Presented by Tom Harris SIEC Chair Mike Ressler.
Information Security Framework Regulatory Compliance and Reporting Auditing and Validation Metrics Definition and Collection Reporting (management, regulatory,
Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.
Office for Domestic Preparedness Overview Briefing Bob Johns Branch Chief State and Local Program Management Division June 4, 2003 Department of Homeland.
NATIONAL INCIDENT MANAGEMENT SYSTEM Department of Homeland Security Executive Office of Public Safety.
Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.
Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
National Emergency Communications Plan Update National Association of Regulatory Utility Commissioners Winter Committee Meeting February 16, 2015 Ron Hewitt.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
SEC 440 OUTLET The learning interface/sec440outletdotcom.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
IT Development Initiative: Status and Next Steps
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
County HIPAA Review All Rights Reserved 2002.
PLANNING A SECURE BASELINE INSTALLATION
Presentation transcript:

© TecSec® Incorporated 2003 Threat Notification Model for Federal, State and Local Authorities Threat Notification Model for Federal, State and Local Authorities Getting Critical Information to the Homeland Security Threat-Fighter Standards-based Desktop Software provides Secure Information Sharing without Cost of New Infrastructure

© TecSec® Incorporated 2003 Overview President’s National Strategy Defines the Problem Sharing Threat Information Selectively, Confidentially, and on a Need-to-Know and Need-to-Share Basis

© TecSec® Incorporated 2003 The Problem

© TecSec® Incorporated 2003 President’s National Strategy Document asserts: Currently, there is no central, coordinating mechanism to assess the impact of sensitive information and ensure that it gets to all the parties with a need to know. Adding to this problem is the lack of technical communications systems to enable the secure transmittal of classified threat information to the owners and operators of concern. Source: The National Strategy for The Physical Protection of Critical Infrastructures and Key Assets, February 2003, Page 26

© TecSec® Incorporated 2003 One of the first steps we must take is to precisely define information sharing requirements as they pertain to the critical infrastructure and key asset protection mission. These requirements should focus on the sharing of real-time threat, vulnerability, and incident data; best practices; security guidelines; risk assessments; and operational procedures. Source: The National Strategy for The Physical Protection of Critical Infrastructures and Key Assets, February 2003, Page 26 Need to Define Information Sharing Requirements

© TecSec® Incorporated 2003 Threat Notification and Distribution From Federal to State & Local Or Vice-Versa

© TecSec® Incorporated 2003 Sample Threat Notification Enterprise State Local FR Federal FR = First Responders

© TecSec® Incorporated 2003 Information Sharing Flow And from the top down or the bottom up….. Information Sharing can occur……vertically or horizontally Or in a variety of other configurations depending on the Enterprise Architecture and Workflow

© TecSec® Incorporated 2003 Threat Analysis Threat is received at the Federal Level and analyzed Differentiated Access Control Credentials are applied to Threat Notification Threat is distributed to State and Local and First Responders and/or to other Agencies.

© TecSec® Incorporated 2003 Threat Notification: Credentialing and Distribution Threat Notification Federal State Local Different Credentials are Assigned to Different Parts of a Single Threat Notification. The Notification is dispersed throughout the “Enterprise”. FR FR = First Responders

© TecSec® Incorporated 2003 Threat Notification with Credentials Assigned Federal FR = First Responders State Local FR

© TecSec® Incorporated 2003 Access to the Threat Notification Access to the Threat Notification is Limited by a Recipient’s Role…and the Credentials Associated with that Role. FEDERAL ROLE Federal Credential State Credential Local Credential FR Credential STATE ROLE State Credential Local Credential FR Credential FR ROLE FR Credential Federal Role: has all Credentials & can access the entire document. State Role: can only access the State, Local, and FR portions. Local Role: can only access the Local and FR portions. FR (First Responders) Role: can only access the FR portion Threat Notification Federal State Local FR LOCAL ROLE Local Credential FR Credential FR = First Responders

© TecSec® Incorporated 2003 Constructive Key Management ® (CKM ® )

© TecSec® Incorporated 2003 CKM Enterprise Architecture Concepts Enterprise –A collection of Members, Organizational Units, Roles, Domains, Categories and Credentials that are administered as a whole. Domain –A grouping of Roles, Categories and Credentials with common security needs that defines who can communicate securely with whom within the Enterprise. Organizational Unit (OU) –A grouping of Members with common attributes

© TecSec® Incorporated 2003 CKM Enterprise Architecture President Director Manager Director Manager Director Manager A typical CKM Enterprise can be modeled after a standard organizational chart It consists of Organizational Units (OUs), which can be thought of as Departments. HR OUFinance OUSales OU And Domains, which can be thought of as Working Groups or Communities of Interest President Director Manager Director Manager Director Manager Domain 1Domain 2

© TecSec® Incorporated 2003 CKM Enterprise Administration CKM Enterprise Builder provides a Division of Labor and a Balance of Power by distributing the administration among three types of administrators for each CKM Enterprise. No one person has all the keys to the kingdom

© TecSec® Incorporated 2003 CKM Enterprise Administration Enterprise Authority (EA) Domain Authority (DA) Organizational Unit Authority (OUA) All Administrators are Members of the Enterprise. There are three types of Administrators in a typical CKM Enterprise

© TecSec® Incorporated 2003 Distribution of Labor – Balance of Power Enterprise Authority (EA) –Maintains the Enterprise Structure –Creates Domains and Organizational Units –Creates Custom Fields –Creates Top Organizational Unit Authority (who is assigned to all OUs) –Creates other EAs (optional) –A DA placeholder is automatically created when the Domain is created – this is assigned to a specific Domain. Organizational Unit Authority (OUA) – –Administers one or more Organizational Units – –Creates Members – –Assigns Roles to Members – –Creates and Distributes Tokens to Members – –Creates other OUAs (optional) Domain Authority (DA) – –Defines Domain Policy – –Administers a Domain – –Creates Categories, Credentials and Roles – –Assigns Roles to Organizational Units – –Creates other DAs (optional)

© TecSec® Incorporated 2003 Credentials and Roles

© TecSec® Incorporated 2003 Credentials and Roles Credential – a control method –Access to information is controlled by distributing appropriate Credentials to a person’s functional Role. –When distributing objects (files, s, all or just part of documents, etc.), Members apply Credentials to define Recipients –A cryptographic value used in the key generation and regeneration process as an enforcing mechanism. Role - a person’s assigned duties –Credentials (and other Domain and Enterprise Information) are assigned to Roles based on duties and need to know. –A Project Mgr. may have several Credentials that give differential access (read and/or write) to types of information.

© TecSec® Incorporated 2003 Credentials are Assigned to Roles Federal Credential State Credential Local Credential Staff Credential State Credential Local Credential Staff Credential Local Credential Staff Credential Federal Role State Role Local Role Staff Credential 1 st Reponders Role

© TecSec® Incorporated 2003 Need to Know Roles are Assigned to Members … Federal RoleState RoleLocal Role Under Secretary Management Under Secretary Science & Technology Under Secretary Information Analysis & Infrastructure Protection Under Secretary Border & Transportation Security Under Secretary Emergency Preparedness & Response Governor State CIO State Police Chief State Medical Director State Fire ChiefSheriff Mayor County Executive EMT Director Hospital Director Local Police Chief Local Fire Chief FR Role Law Officer Fire Fighter Emergency Medical Technician Hospital Worker

© TecSec® Incorporated 2003 Credentials Assigned by Sender to Objects when Distributing Message Threat Notification Document Federal State Local This portion was encrypted with the Federal Credential This portion was encrypted with the State Credential This portion was encrypted with the Local Credential FR This portion was encrypted with the First Responders (FR) Credential

© TecSec® Incorporated 2003 CKM provides Instant Network for Homeland Security with Need to Know Information Access Transport independent, reliable, messaging Secures the data in transit and at rest Sender and Recipient Authenticated Information Confidentiality Sender Alert uses pre-assigned Credentials to need-to-know, known parties. Quick deployment and installation Low Cost, standards-based, proven products Microsoft ® Windows ® and PKI compatible + others Wireless application will be available

© TecSec® Incorporated 2003 IdentificationAuthenticationAuthorization

Identity, Authentication, and Authorization CKM Token with CKM Credentials for Authorization PKI Certificate on the CKM Token for Identity Authentication Token can be software or hardware The Member must authenticate to the Token before participating in the CKM System

© TecSec® Incorporated 2003 Backup Slides

© TecSec® Incorporated 2003 Facts About First Responders There are over 1 million firefighters in the United States, of which approximately 750,000 are volunteers. Local police departments have an estimated 556,000 full-time employees including about 436,000 sworn enforcement personnel. Sheriffs' offices reported about 291,000 full-time employees, including about 186,000 sworn personnel. There are over 155,000 nationally registered emergency medical technicians (EMT). Source:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.