Presentation is loading. Please wait.

Presentation is loading. Please wait.

USAID/Peru Risk Assessment In-Briefing

Published byJoseph Robertson Modified over 6 years ago

Similar presentations

Presentation on theme: "USAID/Peru Risk Assessment In-Briefing"— Presentation transcript:

1 USAID/Peru Risk Assessment In-Briefing
February 19, 1999 PRIME Principal Resource for Information Management Enterprise-wide USAID

2 Team Introduction USAID ISSO - Jim Craft
Risk Assessment Program Manager - Rod Murphy Consulting Manager, Information Technology - John Zobel Senior Computer Scientist - Mike Reiter UNIX Team Lead - Steve Bui

3 Purpose Determine which information is critical to the organization
A Risk Assessment allows one to: Determine which information is critical to the organization Identify the systems that process, store, or transmit that critical information Identify potential vulnerabilities Recommend solutions to mitigate or eliminate those vulnerabilities

4 Determine the Scope Identify the boundaries of the system(s) being evaluated Cisco Routers Servers Workstations Communication Lines Identify the level of detail expected from the Assessment Compliance with Agency/Mission requirements Compliance with best practices PRIME Principal Resource for Information Management Enterprise-wide USAID

5 Pre-Assessment Activity
Collected and Analyzed Mission Data Asset Information (Hardware/Software/Financial) Automated Survey Questionnaires 51 surveys sent out 22 responses received 34 potential vulnerabilities identified Conducted an Automated Network Scan using HYDRA Identified 8 major and 17 minor vulnerabilities Developed and forwarded an Immediate Needs Report to TCO and Mission staff for action Conducted a follow-up HYDRA scan to confirm Mission Configuration changes PRIME Principal Resource for Information Management Enterprise-wide USAID

6 On-site Activities Friday: Receive a Mission Threat Briefing
Coordinate Assessment Logistics A room for the Assessment team to work out of A room scheduled for conducting training (Wed) A room for in-briefing and out-briefing Interviews scheduled for Mon and Tue, if necessary Schedule meeting with Functional Management on Tues. Schedule all staff training for Wed. (one hour sessions) Schedule meeting with Security Plan and Contingency Planning staff. (Wed) List of mission phones number ranges for scan PRIME Principal Resource for Information Management Enterprise-wide USAID

7 On-Site Activities (continued)
Conduct a Physical Review of the Mission Facility Meet with System Administrators Establish System Ids as needed Conduct UNIX review Conduct Banyan review Review NT Security Monday: Conduct staff interviews Additional System (UNIX,Banyan,NT, Cisco) reviews Conduct an after-hours modem scan PRIME Principal Resource for Information Management Enterprise-wide USAID

8 On-Site Activities (continued)
Tuesday: Conduct additional interviews as needed Meet with Functional Mission Management to discuss: Connectivity/Business needs Mission impact with regards to Agency requirements Roles and Responsibilities associated with policies Wednesday: Conduct Mission staff training Assist in the development of Mission Security Plan and Contingency Plan PRIME Principal Resource for Information Management Enterprise-wide USAID

9 On-Site Activities (continued)
Conduct any activities needed to wrap-up assessment. Analyze information gathered from pre-assessment and on-site assessment activities. Develop “Draft” Assessment Executive Summary Report. Develop Out-Briefing Present Out-Briefing to Mission Management/Staff PRIME Principal Resource for Information Management Enterprise-wide USAID

10 Expected Outcome What the Assessment Team expects to Accomplish:
Identify areas of concern Provide recommendations that will enable management to make decisions associated with risks Assist in the development of a Mission Security Plan Assist in the development of a Mission Contingency Plan Provide an annual Security refresher Training class to all Mission personnel Develop a standardized approach to conducting Mission Risk Assessments Identify Mission Concerns associated with UNIX, Banyan, NT, Cisco configuration checklists Identify and address specific Mission concerns PRIME Principal Resource for Information Management Enterprise-wide USAID

11 Additional Activities Being Conducted at Each Mission
Assist in the development of a Mission System Security Plan Provide a template for developing a Mission Contingency Plan Provide on-site training General User System Administrator System Managers/Executive Officers Address any additional concerns PRIME Principal Resource for Information Management Enterprise-wide USAID

Download ppt "USAID/Peru Risk Assessment In-Briefing"

Similar presentations

(Individuals with Disabilities Education Improvement Act) and

(Individuals with Disabilities Education Improvement Act) and
Program Management Office (PMO) Design

Program Management Office (PMO) Design
Directions for this Template  Use the Slide Master to make universal changes to the presentation, including inserting your organization’s logo –“View”

Directions for this Template  Use the Slide Master to make universal changes to the presentation, including inserting your organization’s logo –“View”
© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213.

© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA
Summer 200811 IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.

Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.
Information Security Policies and Standards

Information Security Policies and Standards
Unit 8: Tests, Training, and Exercises Unit Introduction and Overview Unit objectives:  Define and explain the terms tests, training, and exercises. 

Unit 8: Tests, Training, and Exercises Unit Introduction and Overview Unit objectives:  Define and explain the terms tests, training, and exercises. 
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
By: Ashwin Vignesh Madhu

By: Ashwin Vignesh Madhu
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
Vulnerability Assessment Course Terms, Methodology, Preparation, Obstacles, and Pitfalls.

Vulnerability Assessment Course Terms, Methodology, Preparation, Obstacles, and Pitfalls.
1 USAID/Peru Risk Assessment In-Briefing February 19, 1999 PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME.

1 USAID/Peru Risk Assessment In-Briefing February 19, 1999 PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME.
Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.

Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.
ESC/EN Engineering Process Compliance Procedures August 2002.

ESC/EN Engineering Process Compliance Procedures August 2002.
Complying With The Federal Information Security Act (FISMA)

Complying With The Federal Information Security Act (FISMA)
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)

EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)
Unit Introduction and Overview

Unit Introduction and Overview
PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME 1 USAID/Peru Risk Assessment In-Briefing February 19, 1999 PRIME Principal.

PRIME Principal Resource for Information Management Enterprise-wide USAID PRIME 1 USAID/Peru Risk Assessment In-Briefing February 19, 1999 PRIME Principal.

Similar presentations

Ads by Google