Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Security Update to NOAA SES December 15-17, 2004 Carl P. Staton Chief Information Officer.

Published byGarry Owen Modified over 9 years ago

Similar presentations

Presentation on theme: "IT Security Update to NOAA SES December 15-17, 2004 Carl P. Staton Chief Information Officer."— Presentation transcript:

1 IT Security Update to NOAA SES December 15-17, 2004 Carl P. Staton Chief Information Officer

2 2December 15 -17, 2004 Current Issues Results of DOC review of certification and accreditation (C&A) not consistent with OIG review Sustained level of hacker probes and attempted hacks Appropriate testing of national critical systems Results of financial audit Increasing expectations from Congress and OMB

3 3December 15 -17, 2004 Results of DOC review of C&A not consistent with OIG review Varying expectations on level of detail needed in C&A documentation NOAA and DOC team developing an affordable and repeatable process for C&A documentation NOAA and DOC team developing an affordable and repeatable process for C&A documentation Will engage OIG in reviewing output of NOAA process for concurrence Will engage OIG in reviewing output of NOAA process for concurrence NOAA will develop executable schedule to apply process NOAA will develop executable schedule to apply process National critical systems first National critical systems first

4 4December 15 -17, 2004 Sustained level of hacker probes and attempted hacks Percentage of intrusion attempts rejected

5 5December 15 -17, 2004 Appropriate testing of national critical systems Doing penetration testing Rigorous test Rigorous test Can be expensive Can be expensive Can identify vulnerabilities other tests and process do not Can identify vulnerabilities other tests and process do not Not doing penetration testing Would we pass the test of “ … sitting in front of a subcommittee hearing explaining our lack of testing of the pathway into the “hacked” system that we knew existed and was exploited” Would we pass the test of “ … sitting in front of a subcommittee hearing explaining our lack of testing of the pathway into the “hacked” system that we knew existed and was exploited”

6 6December 15 -17, 2004 Results of financial audit Any financial IT system (hardware, software, network, process) under increasing scrutiny “Material weakness” sustained as result of recently published audit

7 7December 15 -17, 2004 Increasing expectations from Congress and OMB Federal Information Security Act 2002 Greater accountability Greater accountability More monitoring and reporting More monitoring and reporting Language in the OMB FY06 pass back

8 8December 15 -17, 2004 Takeaways from SES Retreat IT Security is: Mission Impossible Possible to implement and manage Possible to implement and manage Makes NOAA’s mission possible Makes NOAA’s mission possible Integrate into planning and culture Apply the same planning and intellectual investments as applied to the product/service being developed and/or provided Apply the same planning and intellectual investments as applied to the product/service being developed and/or provided

Download ppt "IT Security Update to NOAA SES December 15-17, 2004 Carl P. Staton Chief Information Officer."

Similar presentations

Planning, Budgeting, Acquisition & Management of Capital Assets Capital programming is an integrated process within an agency for planning, budgeting,

Planning, Budgeting, Acquisition & Management of Capital Assets Capital programming is an integrated process within an agency for planning, budgeting,
IndicatorDescriptionProcurement Issues PI-4 Stock and monitoring of expenditure payment arrears (i) Stock of expenditure payment arrears (as a percentage.

IndicatorDescriptionProcurement Issues PI-4 Stock and monitoring of expenditure payment arrears (i) Stock of expenditure payment arrears (as a percentage.
SHIFTING INFORMATION SECURITY LANDSCAPE FROM C&AS TO CONTINUOUS MONITORING ANDREW PATCHAN JD, CISA ASSOCIATE IG FOR IT, FRB LOUIS C. KING, CPA, CISA, CMA,

SHIFTING INFORMATION SECURITY LANDSCAPE FROM C&AS TO CONTINUOUS MONITORING ANDREW PATCHAN JD, CISA ASSOCIATE IG FOR IT, FRB LOUIS C. KING, CPA, CISA, CMA,
A-133 Compliance & Audit Readiness Presented By: Tracy Jackson and Susan Cook.

A-133 Compliance & Audit Readiness Presented By: Tracy Jackson and Susan Cook.
1 2004 OMB Exhibit 53 Changes Briefing Presented by the Office of the Chief Information Officer June 5, 2002.

OMB Exhibit 53 Changes Briefing Presented by the Office of the Chief Information Officer June 5, 2002.
1  AGA-DC and GWSPCA 6 th ANNUAL CONFERENCE OMB Circular A-123, Appendix A Internal Control Over Financial Reporting Innovative Approaches Jerome A. Vaiana.

1  AGA-DC and GWSPCA 6 th ANNUAL CONFERENCE OMB Circular A-123, Appendix A Internal Control Over Financial Reporting Innovative Approaches Jerome A. Vaiana.
P e r f o r m a n c e Measuring Results of Organizational Performance Lesson 1 Strategic Planning/ Performance Management Abstract.

P e r f o r m a n c e Measuring Results of Organizational Performance Lesson 1 Strategic Planning/ Performance Management Abstract.
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.

NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
HHS CEA Executive Briefing Enterprise Performance Life Cycle (EPLC) Overview February 6, 2009.

HHS CEA Executive Briefing Enterprise Performance Life Cycle (EPLC) Overview February 6, 2009.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
1 Program Performance and Evaluation: Policymaker Expectations 2009 International Education Programs Service Technical Assistance Workshop Eleanor Briscoe.

1 Program Performance and Evaluation: Policymaker Expectations 2009 International Education Programs Service Technical Assistance Workshop Eleanor Briscoe.
More Straight Talk Brig. Gen. John J. Kelly, Jr., USAF (Ret.) Deputy Under Secretary for Oceans and Atmosphere December 1, 2005.

More Straight Talk Brig. Gen. John J. Kelly, Jr., USAF (Ret.) Deputy Under Secretary for Oceans and Atmosphere December 1, 2005.
Controls for Information Security

Controls for Information Security
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Vulnerability Assessment Course Terms, Methodology, Preparation, Obstacles, and Pitfalls.

Vulnerability Assessment Course Terms, Methodology, Preparation, Obstacles, and Pitfalls.
Development plan and quality plan for your Project

Development plan and quality plan for your Project
Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.

Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.
Complying With The Federal Information Security Act (FISMA)

Complying With The Federal Information Security Act (FISMA)

Similar presentations

Ads by Google