Agency Security Update Service (ASUS) Mike Bolger KSC CIO.

Slides:



Advertisements
Similar presentations
CPIC Training Session: Enterprise Architecture
Advertisements

Federal Desktop Core Configuration and the Security Content Automation Protocol Peter Mell, National Vulnerability Database National Institute of Standards.
CUBIC DEFENSE APPLICATIONS Security Summit Discussions Jeff Snyder Vice President, Cyber Programs Cubic Defense Applications.
Lumension: Because Hope is no Strategy Andreas Müller Regional Sales Manager D/A/CH.
Optimizing the User Experience Throughout the Infrastructure Consolidation Process Dan Smith, Enterprise Solutions Manager, GTSI Chris Theon, Practice.
Alabama Geospatial Office Established May 2007 Mike Vanhook State GIS Coordinator.
Copyright 2009 FUJITSU TECHNOLOGY SOLUTIONS PRIMERGY Servers and Windows Server® 2008 R2 Benefit from an efficient, high performance and flexible platform.
IT PLANNING Enterprise Architecture (EA) & Updates to the Plan.
© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
Prepared: October, Ann Garrett, State Chief Information Security Officer Statewide Security Update October 25, 2005 Information Technology Advisory.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
© 2009 VMware Inc. All rights reserved VMware Updates Orlando VMware User Group – April 2011 Ryan Johnson VMware, Inc. Technical Account Manager Professional.
Patch Management In Solaris and Red Hat. What is a Patch A collection of fixes to a problem Three main categories: Security Bugs in the system that provide.
1 Federal IT Asset Management: The Government’s SAM Challenges Alan Vander Mallie, Program Manager U.S. General Services Administration Interagency Policy.
How PNNL Manages Windows Desktops 1 Will Jorgensen.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
ITSC Report From The CIO: Network Program Update 25 September 2014.
IT:Network:Apps.  Security Options  Group Policy  AppLocker  ACL.
1 | © 2013 Infoblox Inc. All Rights Reserved. Authoritative IP Address Management (IPAM) and its Security Implications Rick Bylina, Sr. Product Marketing.
Stellar Stars – Reflections of a Center CIO Mike Bolger (KSC) and Kelly Carter (HQ) August 16, 2011.
1 Continuous Monitoring Proprietary Information of SecureInfo ® Corporation © 2011 All Rights Reserved.
1 May 12, 2010 Federal Data Center Consolidation Initiative.
S T A N F O R D U N I V E R S I T Y I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S C o m m u n i c a t i o n S e r v i c e s July 12,
HIPAA COMPLIANCE WITH DELL
NG/VITA Strategy & Architecture Tony Shoot
CALIFORNIA DEPARTMENT OF WATER RESOURCES GEOSPATIAL TECHNICAL SUPPORT MODULE 2 ARCHITECTURE OVERVIEW AND DATA PROMOTION FEBRUARY 20, 2013.
ACME ACME Solutions Inc. You Focus on Your Business & We Focus on Your IT.
Commonwealth of Massachusetts Statewide Strategic IT Consolidation (ITC) Initiative ANF IT Consolidation Website Publishing / IA Working Group Kickoff.
An Introduction to IBM Systems Director
Review of NWS IT Consolidation Efforts For HIC Meeting July 2006 Tom Schwein Team Leader of Desktop Management Tiger Team SOD CRH.
Optimized IT Gae Lyn DeLand, IT Director In. March 15, 2007 IT Governance General Description: “This Bill consolidates information technology services.
All AITR Meeting – IP re-addressing 0 IP re-addressing Implementation All AITR Meeting Presented by: Bill Furr June 24, 2008.
Chapter 2: Enterprise Systems Accounting Information Systems, 9e Gelinas ►Dull ► Wheeler © 2011 Cengage Learning. All Rights Reserved. May not be copied,
Commonwealth IT Consolidation Background and Basic Talking Points (Update Title as Needed) Committee or Person Presenting Date MM/DD/YYYY.
Automating Enterprise IT Management by Leveraging Security Content Automation Protocol (SCAP) John M. Gilligan May, 2009.
Secure Cloud Solutions Open Government Forum Abu Dhabi April 2014 Karl Chambers CISSP PMP President/CEO Diligent eSecurity International.
May11-cesg-1 status:OKCAUTIONPROBLEM comment: Very Good SOIS Area Report Wireless WG Goals for the spring meeting Complete the discussions and agree on.
1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.
The Infrastructure Optimization Journey Kamel Abu Ayash Microsoft Corporation.
NASA Shared Services Center Providing Agency IT Services 1 Bruce O’Dell Chief Information Officer NASA Shared Services Center August 18, 2010.
Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.
1 NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL 1 NG/VITA Strategy & Architecture NG/VITA Strategy & Architecture Tony Shoot December 19, 2006.
1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.
1 Management Information Systems NYC Human Resources Administration Richard Siemer – Deputy Commissioner MIS.
Stellar Stars: Reflections of a Center CIO James F. Williams Ames Research Center August 15, 2011.
Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.
PMC Update on Cyber Sprint June 18, Overview: 30-Day Cyber Sprint 1.Interagency Cyber Sprint Team: Launched June 11 and executing against the.
1. Scomis now Apple certified ACSP – Apple Certified Support Professional ACTC – Apple Certified Technical Coordinator 2.
GSA/OGP Section 508 Program Overview
Minimising IT costs, maximising operational efficiency NIMM: Key Business Technology Map The core application delivery solutions that.
MP University EMEA Oct. 28, 2015 CETTopicPresented By 9:00 – 9:15 Kick-OffSilect / Infront 9:15 – 10:45 MP Best Practices and VSAEBrian Microsoft.
Cloud Computing Use Case Draft v2.
2012 DHS/ACT-IAC Cybersecurity Awards The “Fed Cyber Cup” Concept Overview Cheryl Soderstrom, Programs Chair, Cybersecurity SIG.
Microsoft and Symantec
Agency Introduction to DDM Dell Desktop Manager (DDM) Implementation.
Government-wide Performance Data Standards Discussion Document Performance and Personnel Management Dr. Jim Rolfes Program Director, Federal Performance.
IT Support Packs. CUSTOMER SEGMENT IT Service Desk teams who provide internal and external support to traditional systems including desktops, laptops.
Commonwealth IT Consolidation Background and Basic Talking Points Date MM/DD/YYYY.
A managed, cost effective ICT environment for schools... School Technology Architecture and Resources.
Infrastructure for the People-Ready Business. Presentation Outline POINT B: Pro-actively work with your Account manager to go thru the discovery process.
1 Evolution and Revolution: Windows 7 and Desktop Virtualization Changing the Desktop Support Landscape Denise Harrison, CIO and Vice President.
Lawrence Livermore National Laboratory - LLNL-PRES S&T PAD - Computation / ICCD IT Cost LLNL NLIT 2008 Mark Dietrich.
GSA IT Strategic Plan 2009 – 2011 August 2007 US General Services Administration 1.
NG/VITA Strategy & Architecture Tony Shoot
Security Patching.
Braindumps4IT Braindumps
IT 200 STUDY Education Your Life - it200study.com.
Information Security Services CIO Council Update
Microsoft Azure Meets the Demand for Medical Media Storage and Integration in the Cloud MINI-CASE STUDY “Microsoft Azure offers the robust features and.
IT Management Services Infrastructure Services
Presentation transcript:

Agency Security Update Service (ASUS) Mike Bolger KSC CIO

ASUS Data Collection  The ASUS Project collects Enterprise IT Security Data: »Patch Management – 80,000+ devices »Software Inventory – 80,000+ devices »Federal Desktop Core Configuration (FDCC) – 60,000+ devices »Network Vulnerability – 120,000+ devices »Network Inventory – 120,000+ devices  Data is stored in IT Security Enterprise Data Warehouse (ITSEC-EDW) »Provides centralized “one-stop-shop” for IT Security Data 2 9/20/2015

Continuous Monitoring / Reporting 3 Example Data

Continuous Monitoring / Reporting 4 Interactive website provides searchable reports List of Vulnerabilities By Center Or Security Plan Drill down to a list of Workstation/server with vulnerabilities

Continuous Monitoring  The Agency is focusing on expanded Continuous Monitoring in alignment to proposed FISMA changes »ASUS Team is currently providing Continuous Monitoring for: Patch Management Software Inventory Network Inventory Network Vulnerabilities »Developing automated methods to Continuously Monitor NIST Controls (IT System Security Plans) 5 9/20/2015

IT Security Risk-Based Reporting  Continuous Monitoring will feed NASA IT Security Risk Score »Provide overall Risk score for a Security Plan, Center and the Agency »Helps focus workforce to problem areas »Puts focus on reducing risk, not just meeting metrics 6

Collaboration with other NASA projects  ASUS Project is working to add IT Security Data Sources »Incident data from the NASA SOC »Antivirus data from ODIN »DHCP data from IPAM »Application data from Agency Data Center Consolidation (ADCC)  The ASUS Project is a preventative tool in NASA’s IT Security arsenal 7 9/20/2015

 Agency is moving to a new Patch Management Solution »Reached the potential of the PatchLink product »Selected product »Benefits: More robust Agent Scalable to meet NASA’s complex architecture Follows OVAL standards Provides additional functionality o “Agent on a USB Stick” o Network Inventory to locate machines missing an Agent Appliance – reduces costs and maintenance for the Agency Patch Management Solution 8 9/20/2015

Agency Data Center Consolidation (ADCC)  Collaborating with the Agency Data Center Consolidation (ADCC) Project »OMB has come out with the “Federal Data Center Consolidation Initiative” »Goal is to reduce overall costs and energy consumption »ADCC is preparing to deploy an Inventory and Application Mapping tool in all NASA Data Centers –Application Mapping = tells us what is required to move a “service” (i.e. Tech Doc) »ASUS team will be providing the technical expertise to coordinate the deployment of the automated tool across the Agency 9 9/20/2015