Presentation is loading. Please wait.

Presentation is loading. Please wait.

Office of Information and Technology (OI&T) Field Security Operations Field Security Service - On behalf of Office of Information and Technology (OI&T)

Published byBlaze Daniels Modified over 6 years ago

Similar presentations

Presentation on theme: "Office of Information and Technology (OI&T) Field Security Operations Field Security Service - On behalf of Office of Information and Technology (OI&T)"— Presentation transcript:

1 Office of Information and Technology (OI&T) Field Security Operations Field Security Service
- On behalf of Office of Information and Technology (OI&T) Field Security Operations, it is great to be here this morning! - I want to share with you some of our support for VA achieving the “Gold Standard” in data security.

2 Overview Field Security Operations Information Protection
Questions and Answers - Field Security Operations provides support of the field through support and leadership for YOUR facility Information Security Officer (ISO) - Secondly, Information Protection is charged with managing the initiatives to move the VA toward methodologies which will allow us to securely transmit and store sensitive information. Examples are the hard drive encryption, PKI ect. - Finally, I want to emphasize and the importance of YOU in the role of Information Protection, but I will discuss that more toward the end of the presentation.

3 Office of Information and Technology
Field Security Operations - We should start with a short discussion of Field Security Operations and the how the ISOs align within our organizational structure.

4 OI&T Field Security Operations
Director of IT Field Security Operations Enterprise Security Solutions Service (SCMS & TIS) Critical Infrastructure Protection Service IT Field Security Service Security Project Management Office Data Center ISO Support Division Technical Security Officers (TSO) Division Information Security Officers Division Continuity of Operation Planning (COOP) Division Field Security Operations has three divisions. - Critical Infrastructure Protection Services that includes the Network Security Operation Centers (NSOCs), Managed Security Services Division; and Operations and Maintenance Division. - Field Security Service that includes the Technical Security Officer (TSOs), Information Security Officers (ISOs), new Data Center ISO Support and IT COOP. - Enterprise Security Solutions Service consists of the examination of emerging technologies, provides security configurations guidelines, requirements integration, and security solutions. Region 1 Region 2 Region 3 Region 4 Region 5 Network 18, 19, 20, 21 & 22 POs Network 12, 15, 16, 17 & 23 POs SOC Network 6, 7, 8, 9, 10 & 11 POs Network 1, 2, 3, 4 & 5 POs VBA NCA VACO AAC

5 Office of Information and Technology
Field Security Service - Lets further discuss Field Security Service

6 Field Security Service Mission
The mission of the OI&T Field Security Service (FSS) is to ensure the privacy, confidentiality, integrity, and availability of VA information assets associated with the services offered by the Department of Veterans Affairs. In addition, FSS provides assurance that cost effective security controls are in place to protect automated systems from financial fraud, waste, and abuse.

7 Field Security Service
IT Field Security Service Enterprise Technical Security Officer (TSO) Data Center Support Division Information Security Officers Division Continuity of Operation Planning (COOP) Division Region 1 Region 2 Region 3 Region 4 Region 5 Region TSO Region TSO Region TSO Region TSO Region TSO Network 18, 19, 20, 21 & 22 POs Network 6, 7, 8, 9, 10 & 11 POs Network 1, 2, 3, 4 & 5 POs Network 12, 15, 16, 17 & 23 POs SOC VBA NCA VACO AAC

8 IT Boundaries - Field Security Service followed the IT boundaries
- Wanted to provide a visual

9 Field Security Service Leadership Team
IT FSS Director (Supervisor) Randy Ledsome Region 1 ISO (Supervisor) John White Region 2 ISO (Supervisor) Alan Mattson Region 3 ISO (Supervisor) Barbara Smith Region 4 ISO (Supervisor) Alan Papier Region 5 ISO (Supervisor) Dennis Smith IT COOP (Team Lead) Don Sheehan Network 18 ISO (Team Lead) Steve Kerby Network 19 ISO (Team Lead) Armando Diaz De Leon Network 20 ISO (Team Lead) Michael Sutherland Network 21 ISO (Team Lead) Mary Ebner Network 22 ISO (Team Lead) Doug Foster Network 12 ISO (Team Lead) Steve Deyoe Network 15 ISO (Team Lead) VACANT Terry Taylor (Acting) Network 16 ISO (Team Lead) Dan Cleaver Network 17 ISO (Team Lead) Diane Dixon Network 23 ISO (Team Lead) Craig Heitz Network 6 ISO (Team Lead) VACANT Steve Blackwell (Acting) Network 7 ISO (Team Lead) Greg Walker Network 8 ISO (Team Lead) Dale Bogle Network 9 ISO (Team Lead) Chris Varacalli Network 10 ISO (Team Lead) Kristin Steel Network 11 ISO (Team Lead) Mark Latendresse (Acting) Network 1 ISO (Team Lead) Tim ODonnell Network 2 ISO (Team Lead) Chafica Angeli Network 3 ISO (Team Lead) Alan Papier (Acting) Network 4 ISO (Team Lead) Starr Washington Network 5 ISO (Team Lead) Michael Barnes Network VBA – St Petersburg ISO (Team Lead) Jessica Lewis Network VBA – St Paul ISO (Team Lead) Connie Hamm Network VBA – San Diego ISO (Team Lead) Patrice Volante Network VACO ISO (Team Lead) Louise Lovett-Robinson NCA ISO Judi Huffman - All the ISOs are aligned to a Region and within that region a Network. Supervision and guidance is provided through this structure. - The goal of this leadership structure is to enable standardization and greater customer service. Note: This presentation only includes staff in Team Lead and Supervisor positions.

10 ISO Standardization Position Descriptions (including series and grades) Performance Standards Roles and Responsibilities Guidance and Procedure Training and Education Lets start out by saying that all ISOs were owned by the local medical centers, and the grades, series and roles & responsibilities. Example: Some ISOs has addition duties of photographer, locksmith, etc. Standard PDs for the various levels of ISOs (Regional, Network and Facility) that complement each other. Standard PS for the various levels of ISOs Standard R&R Training and education…such as the OCIS TEAP CSP training. Recommend all take and pass the CSP-100 training

11 Office of Information and Technology
Information Protection - Let’s now discuss Information Protection, and please note while these two entitles are spoken about separately they really operate as one. Before when I discussed the goal of standardizing, it is the Information Protection side which identifies how our security tools and applications can be standardized (…as much as possible)

12 Information Protection
Management Controls Policy Directives Memoranda Operational Controls Training Human Resources Standard Operating Procedures - Information Protection follows the structure of the National Institute of Standards and Technology (NIST) , which Congress has mandated by the FISMA (say it) for all Executive Agencies. - As this slide illustrates, it covers the Management, Operational and Technical controls. If you recall back when I discussed Technical Security Officers and Information Security Officers… The difference can be seen more clearly here, in that, TSOs generally operation within the area of Technical Controls While ISO generally ensure Management and Operational Controls are met. Technical Controls Remote Access Security Network Transmission Security Removable Media and Storage Security and Document Security Laptop Encryption Smart Phone/Blackberry Encryption

13 Information Protection Technology Summary
\ Security Issue Technical Solution Removable Media and Storage Only authorized Users And devices User Only Government Furnished devices; Encrypted; password protected Smart Phones/Blackberry Devices No clear text; Encrypted data Transmissions Network Transmissions Remote Access Reduce VPN access; Scan all equipment connecting to VA network - RESCUE Here is a summary of Information Protection Technology. (FIRST ARROW) Removable Media and Storage: VA Directive 6601, Removable Storage Media – mandates the use of FIPS thumb drives VA sensitive information must be in a VA protected environment at all times, or it must be encrypted. Technology available to encrypt removable storage media such as external hard drives, CDs and DVDs can be obtained through your local IT Field Operations Services (IRM or Desktop Support). Port Security and Device Control restricts removal of information based on assigned user roles and permissions. Allows only approved devices to use USB ports i.e., only FIPS certified thumb drives (SECOND ARROW) SmartPhones/Blackberry Devices: Standardize models/versions of Blackberrys and SmartPhones supported by VA. Apply standard security policies to the devices such as encryption/content protection, strong password, patches, antivirus software (THIRD ARROW) Secure Network Transmissions: Benefits: Prevent User ID, Passwords and data from being transmitted over the network in the clear. Brings VA into compliance with HIPAA and FISMA. Supports PKI infrastructure and smartcard devices for HSPD-12. Enterprise standardization of terminal emulator technology such as ETA/IFCAP, Vista Mail, CPRS. (FOURTH ARROW) Remote Access: Government Furnished Equipment (GFE) The GFE Remote Access solution ensures that remote devices such as laptops are encrypted and security policies are updated by performing a host check, an integrity check and remediating if necessary. Non-VA Owned Other Equipment (OE) restricts access to a virtual desktop. No information can be saved locally, if information needs to be saved it will be saved to an internal VA server. (FIFTH ARROW) and Documents: RMS: Provides a secure mechanism for and document collaboration to small groups until the group determines to reclassify the information for public use Provides a secure mechanism to prevent s from being forwarded printed and copied Provides a secure mechanism to prevent documents from being viewed, printed, copied by unauthorized users Public Key Infrastructure (PKI): Encrypts and can be used internally and externally. Integrates with RMS. RMS will result in reducing the use of PKI for internal correspondance. Internet Gateway Scans Scanning is conducted on that passes through the VA Internet Gateways. s can be scanned for medical, privacy, customer, HIPAA, and other terms that are classified as sensitive. Currently the gateway is scanning for messages with social security numbers. The sender will receive an notification that their message contained sensitive information. PKI, Internet Gateway Scans, RMS - Full document control. and Documents Layered approach to provide Comprehensive information protection of VA sensitive data Control data storage and transmission

14 Field Security Operations and Field Security Service
Summary Field Security Operations and Field Security Service Information Protection Information Protection is EVERYONE’s Responsibility! - In summary, I believe Field Security Operations and these Information Protection activities will support the VA in achieving the “Gold Standard” in data security. - At our annual InfoSec Conference 2 weeks ago, one the guest speaker was a 23 year-old Veteran who had served in Iraq. He spoke to us of his challenges after coming home after a major injury. He told us a story….While in Iraq, one of his duties was to go to the desert with his fellow marines, where they would form a line, and walk up and down the desert in the hot sun looking for unexploded bombs. He recalls that at the time he saw no value it what he was doing, but yet everyday was detailed to do this mudane task. After his injury and reflecting back while in the hospital…he came to realize that “his” small piece of the puzzle to pick-up unexploded bombs, saved countless civilian and military lives. GO to next slide to explain…

15 General Questions? Randy Ledsome Director of Field Security Service

Download ppt "Office of Information and Technology (OI&T) Field Security Operations Field Security Service - On behalf of Office of Information and Technology (OI&T)"

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
Network Systems Sales LLC

Network Systems Sales LLC
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
The International Security Standard

The International Security Standard
1 Office of Information and Technology (OI&T) Field Security Operations Field Security Service.

1 Office of Information and Technology (OI&T) Field Security Operations Field Security Service.
Security Controls – What Works

Security Controls – What Works
IT PLANNING Enterprise Architecture (EA) & Updates to the Plan.

IT PLANNING Enterprise Architecture (EA) & Updates to the Plan.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.

Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.
Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?

Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?
Network security policy: best practices

Network security policy: best practices
Complying With The Federal Information Security Act (FISMA)

Complying With The Federal Information Security Act (FISMA)
InterSwyft Technology presentation. Introduction InterSwyft brings secured encrypted transmission of SMS messages for internal and external devices such.

InterSwyft Technology presentation. Introduction InterSwyft brings secured encrypted transmission of SMS messages for internal and external devices such.
VA OI&T Field Security Service Seal of the U.S. Department of Veterans Affairs Office of Information and Technology Office of Information Security.

VA OI&T Field Security Service Seal of the U.S. Department of Veterans Affairs Office of Information and Technology Office of Information Security.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.

1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.
Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.

Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.

Similar presentations

Ads by Google