Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presenter: Mohammed Jalaluddin

Similar presentations


Presentation on theme: "Presenter: Mohammed Jalaluddin"— Presentation transcript:

1 Presenter: Mohammed Jalaluddin
Managing Security of your UI Data using NIST Presenter: Mohammed Jalaluddin

2 Who are they? National Institute of Standards and Technology
Established 1901 National Bureau of Standards Non Regulatory Agency 18 control families each family has

3 What they do? Develop standards and metrics for various areas
Promote innovation and industrial competitiveness 18 control families each family has

4 Areas of Focus NIST sets the standard for these areas
Advanced Communications Cybersecurity Energy & Environment Health & Bioscience Advanced Manufacturing Forensic Science Disaster Resilience Quantum Science Areas of Focus NIST sets the standard for these areas

5 Security Control Families
AC - Access Control 25 AU - Audit & Accountability 16 AT - Awareness & Training 05 CM - Configuration Management 11 CP - Contingency Planning 12 IA - Identification & Authentication 11 IR - Incident Response 10 MA - Maintenance 06 MP - Media Protection 08 PS - Personnel Security 08 PE - Physical & Environmental 20 PL - Planning 09 PM - Program Management 16 RA - Risk Assessment 06 CA - Security Assessment & Authorization 09 SC - System & Communication Protection 44 SI - System and Information Integrity 17 SA - System and Services Acquisition 22 Controls 255 800+ controls & enhancements

6 Figure 1.

7 Money Staff Challenges

8 COMPLIANCE

9 What’s Needed Cultural Change Maturity Resources Focus on the basics
Invest in Awareness Training Get Senior Management Buy in Policies & Procedures Implementation and Testing Integration Properly Maintained Equipment Knowledgeable Staff Budget Cultural Change Maturity Resources

10 How ???????? Figure 2

11 WHY NIST? Improves overall organizational security
Helps to ensure a secure infrastructure Lays a foundation to follow to achieve compliance with specific regulations

12 Pub 1075 largely based on NIST
NIST & Pub 1075 Pub 1075 largely based on NIST Pub 1075 has additional requirements such as: Two factor authentication FTI not allowed to be printed, ed or faxed FTI can not be used in a test environment Special requirements for cloud computing

13 Build it right Continuously monitor
Rev 4 What’s New? NIST PUB1075 • New security controls and control enhancements • New privacy controls and implementation guidance • Updated security control baselines • New summary tables for security controls to facilitate ease-of-use • Background investigations minimum requirements • Table for 45 Day notification reporting requirements • Guidance for use of consolidated data centers • All contractor and shared sites to be included in Safeguard reviews Build it right Continuously monitor

14 MDES’ APPROACH

15 Cloud Off site data storage Productivity anywhere
Low cost of ownership & maintenance Scalable Resiliency and Redundancy Productivity anywhere Off site data storage

16 Unauthorized access prevention
Tools Unauthorized access prevention Data Protection Encryption PUB 1075 Monitoring Vormetric Guardium

17 A good set of tools for improving information cyber security;
A good guide for industry best practices; and Agencies such as the FTC, SSA, and IRS are increasingly expecting NIST-level safeguards. TAKE-AWAYS

18

19 References: Figure 1 Figure 2
Figure 2

20


Download ppt "Presenter: Mohammed Jalaluddin"

Similar presentations


Ads by Google