Presentation is loading. Please wait.

Presentation is loading. Please wait.

Defense Security Service Top 10 Vulnerabilities

Published byΞενία Ράγκος Modified over 5 years ago

Similar presentations

Presentation on theme: "Defense Security Service Top 10 Vulnerabilities"— Presentation transcript:

1 Defense Security Service Top 10 Vulnerabilities
July 10, 2013 Corrie Velez Jeff Vaccariello

2 Was I suppose to come in from my vacation
Number 10 Not auditing and reviewing audit results for classified systems Ensure Information System Security Officer (ISSO) understands DSS auditing requirements Recognizes event codes and symbols Was I suppose to come in from my vacation

3 We don’t have time for security; we have a milestone to reach
Number 9 Processing on an unaccredited system Must have an Authority to Operate (ATO), Interim Authority to Operate (IATO), or Self Certification Authority We don’t have time for security; we have a milestone to reach

4 Number 8 What's anti-virus
Lack of process to detect and deter viruses / malicious code Anti Virus requirements should be documented in your Master System Security Plan (MSSP) or System Security Plan (SSP) What's anti-virus

5 Number 7 I swear I spun the lock Not reporting classified compromises
Compromise must be reported within 24 hours of confirmation A final report is due within 15 days Check your Contract Security Classification Specification (DD254) for additional reporting requirements I swear I spun the lock

6 I needed to use it on my other program
Number 6 Classified IS configuration and connectivity management Provide detailed description of hardware, software, and any other items listed in your SSP. Include make, model, serial numbers, memory, etc. I needed to use it on my other program

7 They are the customer, it’s their data
Number 5 Persons without proper eligibility accessing classified Continuously check JPAS for accuracy and change in records Ensure visitors are checked for proper eligibility prior to granting access They are the customer, it’s their data

8 Number 4 Unreported FCL change conditions (foreign buyout, etc) Check with your legal department and company officers What's eFCL

9 They don’t work on anything classified, why do they need to be cleared
Number 3 Uncleared Key Management Personnel How is your company structured? Is there a Board of Directors? If so, do they have authority to make decisions on classified issues Check all the company officers They don’t work on anything classified, why do they need to be cleared

10 What's the charge number, this packet is too long
Personnel clearance re-investigations out-of-scope Check JPAS records continuously Make sure that employees submit all the necessary information What's the charge number, this packet is too long

11 He doesn't have a badge, he can’t even get on site
Number 1 Poor safe combination security Meet with employees to inspect their safe He doesn't have a badge, he can’t even get on site

12

Download ppt "Defense Security Service Top 10 Vulnerabilities"

Similar presentations

AP Review Overview of UCI Pilot online review system.

AP Review Overview of UCI Pilot online review system.
Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.
CLAYTON COUNTY PUBLIC SCHOOLS (CCPS) Help Completing The Facility Use Contract Facilities/Maintenance 770-473-2825 Ext. 9.

CLAYTON COUNTY PUBLIC SCHOOLS (CCPS) Help Completing The Facility Use Contract Facilities/Maintenance Ext. 9.
File Management Tips and Suggestions FISWG/NCMS Winter Training Event December 17 th, 2014 Dela Williams Facility Security Officer.

File Management Tips and Suggestions FISWG/NCMS Winter Training Event December 17 th, 2014 Dela Williams Facility Security Officer.
Section Six: Foreign Ownership, Control, or Influence (FOCI)

Section Six: Foreign Ownership, Control, or Influence (FOCI)
Defense Security Service Facility Clearance Branch (FCB)

Defense Security Service Facility Clearance Branch (FCB)
Defense Security Service. DSS Update DSS Changing With A Changing Security Environment.

Defense Security Service. DSS Update DSS Changing With A Changing Security Environment.
ODAA Workshop December 2012 Charles Duchesne, DSS Tiffany Snyder, DSS

ODAA Workshop December 2012 Charles Duchesne, DSS Tiffany Snyder, DSS
What’s the path to a SSP? Information System Profile Contractor: Lockheed Martin, Missiles and Fire Control Address: 1701 W. Marshall Dr. Grand Prairie,

What’s the path to a SSP? Information System Profile Contractor: Lockheed Martin, Missiles and Fire Control Address: 1701 W. Marshall Dr. Grand Prairie,
ISFO – ODAA Defense Security Service Industrial Security Field Operations (ISFO) Office of the Designated Approving Authority (ODAA) Nov 2013 1 Nov 2013.

ISFO – ODAA Defense Security Service Industrial Security Field Operations (ISFO) Office of the Designated Approving Authority (ODAA) Nov Nov 2013.
Kentucky Auditor of Public Accounts Libby Carlin, Assistant State Auditor (502) 564-5841.

Kentucky Auditor of Public Accounts Libby Carlin, Assistant State Auditor (502)
Section Four: Employee and Visitor Access Controls Note: All classified markings contained within this presentation are for training purposes only.

Section Four: Employee and Visitor Access Controls Note: All classified markings contained within this presentation are for training purposes only.
Industrial Security Field Operations (ISFO) Office of the Designated Approving Authority (ODAA) August 2010.

Industrial Security Field Operations (ISFO) Office of the Designated Approving Authority (ODAA) August 2010.
1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.

1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.
Information Systems Security Officer

Information Systems Security Officer
District Financial Matters Budgets, Audits and Safeguarding the Public’s Funds.

District Financial Matters Budgets, Audits and Safeguarding the Public’s Funds.
Obligations of the Company

Obligations of the Company
1.2.1 > ISPS Module ISPS Code Responsibilities

1.2.1 > ISPS Module ISPS Code Responsibilities
Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.

Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.
Office of Field Services Fiscal Review Process Becky Pennington Susan Szymas February 7, 2013.

Office of Field Services Fiscal Review Process Becky Pennington Susan Szymas February 7, 2013.

Similar presentations

Ads by Google