Download presentation
1
Enterprise Cybersecurity Strategy
LaVerne H. Council Assistant Secretary for Information and Technology
2
Topics Creating an IT Organization that Supports Tomorrow’s VA Facing Our Challenges with TrAITs Closer Look: VA’s Enterprise Cybersecurity Strategy
3
OI&T’s Leadership is Moving VA into the Future
4
Facing Our Challenges with TrAITs
“It’s our mission that the Veteran will be the vocal initiator driving every project, every decision for OI&T”
5
Why TrAITs TrAITs remind us to ask:
How will the Veteran benefit from this piece of technology or this new decision? What benefit will this bring to a Veteran or their family?
6
Facing Our Challenges with TrAITs
Transparency
7
Facing Our Challenges with TrAITs
Innovation Teamwork
8
Closer Look: VA’s Cybersecurity Strategy
“VA continues to face significant challenges in complying with the requirements of FISMA due to the nature and maturity of its information security program.” - Office of Inspector General, Federal Information Security Management Act Audits
9
Cyber Strategy Summary
Today’s IT security organizations operate under tremendous threat Recent OPM attacks demonstrate significant risk to VA OI&T is leading the way with aggressive strategic planning and emphasis on Veteran-focused initiatives
10
Enterprise Cybersecurity Strategy Team
“Nothing in IT is more important than protecting VA data and the information entrusted to us by Veterans.” LaVerne Council, Assistant Secretary for Information and Technology and Chief Information Officer
12
Enterprise Cybersecurity Strategy Team
13
Governance, Program Management, and Risk Management
Key supporting disciplines for decision- making across VA within context of cybersecurity and privacy Balances needs of VA’s mission with protecting high value assets Includes continuous scanning of cybersecurity landscape to proactively position VA to address emerging threats Addresses risks, deficiencies, breaches, and lessons learned
14
Operations, Telecommunication, and Network Security
Key supporting disciplines for securing VA information, data, and computing assets Includes people, products, and procedures to ensure data confidentiality, integrity, availability, assured delivery, and auditability of VA systems Addresses network, platform, and data security
15
Application and Software Development
Disciplines needed to ensure applications used during provision of services to Veterans utilize the most secure practices for data storage, access, manipulation, and transmission Encompasses entire software lifecycle Software assurance, that is, the level of confidence VA software is free of vulnerabilities or defects that could lead to vulnerabilities, is a critical concern
16
Access Control (AC), Identification and Authentication (IA)
Disciplines for reducing likelihood and impact of security incidents AC combines authentication and authorization processes that allow access to VA networks, hardware computing devices, and applications IA verifies a user, process, or device through specific credentials such as passwords, tokens, and biometrics as a prerequisite for granting access to system resources
17
Medical Cyber Focuses on devices not traditionally considered IT that can be networked or accessed electronically Must be protected from exploitation and from becoming operable vectors for cyberattacks as they collect and transmit PII and PHI Includes medical devices and “cyber physical” systems with similar electronic characteristics, such as HVAC and elevator systems
18
Security Architecture
Key supporting disciplines for developing an enterprise information security architecture Supports business optimization Includes design and engineering skills needed to fully integrate security into VA’s overall business, applications, and IT systems architecture
19
Privacy Policy and legislatively driven requirements for PII and PHI Focused on implementing the “Best Practices: Elements of a Federal Privacy Program,” published by the Federal CIO Privacy Committee
20
Cybersecurity Training and Human Capital
Hiring practices and skills maturation needed to create a workforce steeped in a culture of cybersecurity to proactively protect all data and information of the Veterans we serve
21
Enterprise Cybersecurity Strategy Team
ECST will construct an accountable, actionable, near-, mid-, and long-range cybersecurity strategic plan that continuously considers and adapts to the newest technologies to secure VA’s IT enterprise. Identifying and addressing: Strengths Weakness Resources Constraints Capabilities, Drivers, Known and unknown threats
22
Questions?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.