Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.

Similar presentations


Presentation on theme: "Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA."— Presentation transcript:

1

2 Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA

3 What is Security? 2 Security Architecture & Models Cryptography Security Management Access Controls & Methodology Laws, Investigations, & Ethics Applications & Systems Development Physical Security Operations Security Telecommunications & Networking Security Business Continuity Planning

4 What is Enterprise Security Architecture? 3 Enterprise Security Architecture is… …the strategic focus that enables the organization to carry out its mission in a secure manner What Drives Security Architecture? FISMA OMB A-130; Appendix III NIST Organization Policies and Procedures

5 Minimum Enterprise Security Architecture 4 All agencies must create a Security and Privacy Profile (SPP) that addresses, per OMB A-130; Appendix III: Encryption Malware Access Controls Identification & Authentication Audit Trail Creation & Analysis Intrusion Detection & Prevention Fraud Detection, Prevention, & Mitigation

6 Enterprise Security Architecture Answers… 5 The OMB SPP Helps Organize… Is the existing security program effective? Is risk being managed effectively? Are there any new laws or policies that need to be implemented? Planning Efforts for Future Requirements Current Requirements Capabilities Gap Analysis Efforts

7 Key EA Security Goals 7 EA Security Requirements Confidentiality Integrity Availability Enable advanced IT security capabilities Developed an IT security empowered workforce Improve IT security situational awareness Provide DOT-wide IT security services

8 Where Do These Efforts Fit Within the EA Framework? 8

9 Priorities For Addressing Integration of EA & Security 10 Streamline communication between Business Owners, ISSO’s, and Information Security Office Implement metrics that will effectively analyze the performance of security within DOT Information Systems EA Team Members must participate within Information Security working groups and Vice Versa Coordinate with Business Owners and the Information Security Office to develop the Trust Model Architecture

10 QUESTIONS


Download ppt "Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA."

Similar presentations


Ads by Google