Presentation is loading. Please wait.

Presentation is loading. Please wait.

CounterMeasures™ Risk Analysis and Management May 2005.

Published byHillary Jefferson Modified over 8 years ago

Similar presentations

Presentation on theme: "CounterMeasures™ Risk Analysis and Management May 2005."— Presentation transcript:

1 CounterMeasures™ Risk Analysis and Management May 2005

2 Slide 2 Mission of Risk Management Division To support commercial and governmental risk mitigation programs for facilities, assets, missions, and infrastructure by providing policies, processes, tools and architectures that integrate strategic, operational, and tactical components across multiple domains.

3 Slide 3 CounterMeasures™ is a software data engine that is currently used to: Automate & Standardize Risk Assessments for: Information Assurance RF and IT communication Physical Security Facilities, Seaports, Airports, Bases Anti-Terrorism Construction Standards UFC-Anti Terrorism Construction Standards Critical Infrastructure Protection Road, Rail, Power, POL, Dams Generates automated comparison / summary reports Leverages NIPRNET or even WWW for data collection Can generate customized graphic, textual or data outputs Can be integrated with existing GOTS-based or COTS-based databases or programs.

4 Slide 4 Commercial Clients & Domains Anti-Terrorism Physical Security Info Assurance Port Security O.S.H.A. * Banks Gas/Oil Insurance Ports Universities States / Municipalities Security Firms A.D.A ** * O.S.H.A – Occupational Safety and Health Admin compliance ** A.D.A. – Americans with Disabilities Act compliance

5 Slide 5 Anti-Terrorism Physical Security Info Assurance Port Security C.I.P. * M.A ** U.S. Marines Defense Program Off. U.S. Army U.S. Coast Guard F.D.I.C. U.S. Trans. Command Other Federal * C.I.P. – Critical Infrastructure Protection ** M.A. – Mission Assurance Analysis Federal Clients & Domains

6 Slide 6 CounterMeasures™ is a data-driven Program that: Standardizes the data collected during an assessment Calculates vulnerabilities indexes based on security controls Evaluates risk based on vulnerability index, threat template, and facility value/criticality Threat template includes applicability relationships as well as severity and frequency Facilitates “what-if” effects of posture improvements Can performs Cost/Benefit analysis of proposed changes for POM purposes Exports data to other vulnerability management tools Determines compliance with rules & policies Manages implementation of changes and automatically updates posture

7 Slide 7 Detail of a Survey Screen

8 Slide 8 Browser-based survey/data collection capability Browser-based tools allow for pre-assessment surveys. For some sites, the same tools can be used to perform self-assessments. Data Collection. Running on: WWW LAN WAN

9 Slide 9 Vulnerability Analysis / Mission Confidence Output Each bar represents an identified vulnerability or assigned mission Green bar: Current vulnerability (or mission confidence) index Yellow bar: Projected posture adjustments Red: Un-addressed (residual ) vulnerability Screen also tracks any changes to security posture

10 Slide 10 Analysis Screen for Posture Modification For areas of concern, managers can review in-place and required countermeasures. They can also propose difference solutions to arrive at a desirable proposed posture. The analysis module also tracks the status of security posture as conditions change.

11 Slide 11 Common Risk-Based methodology proven across all domains Diagram below is a simplified relationship schematic Actual relational nature of data is a many-to-many correlation All items and metrics can be adjusted to fit client environment Enemy/Environmental Threat(s) w/ anticipated frequency % Vulnerabilities Countermeasures with weighting metrics % Threat vs. Vulnerability Effectiveness Coefficient Asset Type(s) and value Environmental / Role Filter Countermeasure to Vulnerability Coefficient Asset Attributes

12 Slide 12 Graphic Output examples 70+ Reports depicting aspects of Risk Understanding: Reports also include cost-benefit and return-on-investment

13 Slide 13 Configurable Pre-formatted reports (MS Word) Custom reports, tailored to specific organizations, can be generated in MS Word using flexible custom report generating interfaces Military Ports NIST 800-26 General

14 Slide 14 Analysis of Compliance Issues Compliance with laws, rules, policy, and guidance is evaluated to determine compliance gaps, as well as to document due-diligence.

15 Slide 15 Example of custom output: Integration w/ map program

16 Slide 16 Point of Contact: Caleb L. Jones Program Manger, Vulnerability / Risk Management Alion Science and Technology, Inc. 1701 N. Beauregard St. Suite 600 Alexandria, VA 22311 (V) 703.998.1620 (F) 703.998.1624 Toll Free: 1.800.754.4204 risk_mgt@alionscience.com www.alionscience.com www.CounterMeasures.com

Download ppt "CounterMeasures™ Risk Analysis and Management May 2005."

Similar presentations

FMS. 2 Fires Terrorism Internal Sabotage Natural Disasters System Failures Power Outages Pandemic Influenza COOP/ Disaster Recovery/ Emergency Preparedness.

FMS. 2 Fires Terrorism Internal Sabotage Natural Disasters System Failures Power Outages Pandemic Influenza COOP/ Disaster Recovery/ Emergency Preparedness.
Business Development Suit Presented by Thomas Mathews.

Business Development Suit Presented by Thomas Mathews.
Open Range Software Welcome to a presentation of the Open Range Industrial Hygiene Program.

Open Range Software Welcome to a presentation of the Open Range Industrial Hygiene Program.
IRS SMALL BUSINESS SHOWCASE (BAYFIRST SOLUTIONS, LLC.) THE CONVERGENCE OF PEOPLE PROCESS TECHNOLOGY Small Business Size: SBA Certified 8(a) Small Disadvantaged.

IRS SMALL BUSINESS SHOWCASE (BAYFIRST SOLUTIONS, LLC.) THE CONVERGENCE OF PEOPLE PROCESS TECHNOLOGY Small Business Size: SBA Certified 8(a) Small Disadvantaged.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 © 2002 Carnegie.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213.

© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA
National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]
SACM Terminology Nancy Cam-Winget, David Waltermire, March.

SACM Terminology Nancy Cam-Winget, David Waltermire, March.
1 1 UNITED STATES ARMY EVALUATION CENTER Chris Wilcox US Army Evaluation Center 410-306-0475 Mission-Based T&E Primer v1.3, 2.

1 1 UNITED STATES ARMY EVALUATION CENTER Chris Wilcox US Army Evaluation Center Mission-Based T&E Primer v1.3, 2.
Experience, Technology and Focus in Mid Market CRM Soffront Asset management: An Overview.

Experience, Technology and Focus in Mid Market CRM Soffront Asset management: An Overview.
MAINSTAY ENTERPRISES, INC. “We Support Your Security Needs” Information System Security Services In today’s competitive marketplace, facilitating electronic.

MAINSTAY ENTERPRISES, INC. “We Support Your Security Needs” Information System Security Services In today’s competitive marketplace, facilitating electronic.
© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE www.visible.com Holistic View of the Enterprise Business Development Operations.

© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.
Introduction to the State-Level Mitigation 20/20 TM Software for Management of State-Level Hazard Mitigation Planning and Programming A software program.

Introduction to the State-Level Mitigation 20/20 TM Software for Management of State-Level Hazard Mitigation Planning and Programming A software program.
OPM Cybersecurity Competencies by Occupation (Technical Competencies) 2210085508540391 Information Technology Management Series Electronics Engineering.

OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Objectives Explain the purpose and various phases of the traditional systems development life cycle (SDLC) Explain when to use an adaptive approach to.

Objectives Explain the purpose and various phases of the traditional systems development life cycle (SDLC) Explain when to use an adaptive approach to.
Managing Risk in Information Systems Strategies for Mitigating Risk

Managing Risk in Information Systems Strategies for Mitigating Risk
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Vulnerability Assessments

Vulnerability Assessments
Sustainment Management Systems

Sustainment Management Systems

Similar presentations

Ads by Google