Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 17 Page 1 CS 236 Online Prolog to Lecture 17 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Published byNeal Caldwell Modified over 8 years ago

Similar presentations

Presentation on theme: "Lecture 17 Page 1 CS 236 Online Prolog to Lecture 17 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher."— Presentation transcript:

1 Lecture 17 Page 1 CS 236 Online Prolog to Lecture 17 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

2 Lecture 17 Page 2 CS 236 Online Security Evaluations and the US Government The US government runs lots of computers and networks It’s a big, obvious target –And does get attacked a lot We obviously want its systems to be secure How to evaluate their system security?

3 Lecture 17 Page 3 CS 236 Online Something That Didn’t Work FISMA (Federal Information Security Management Act of 2002) Result of law intended to improve security of government systems –Passed in 2002 Required NIST to set standards Other gov’t agencies needed to document what they did to meet them

4 Lecture 17 Page 4 CS 236 Online What Happened With FISMA Turned into an exercise in generating reports All agencies had to do was write lengthy reports Small companies went into business writing the reports But most government systems’ security was not actually improved

5 Lecture 17 Page 5 CS 236 Online What’s the Lesson For Us? Not just that government tends to useless bureaucracy Rather, be sure to ask for the right thing from security reviews What you really want is to know whether you’re secure And what to do to become more so

6 Lecture 17 Page 6 CS 236 Online What Was the Problem With FISMA? Did not force agencies to actually improve security –You just had to write reports Did not focus on practical methods of improving security Did not take into account dynamic and changing nature of threats

7 Lecture 17 Page 7 CS 236 Online How Can You Do Better? If you’re involved in a security evaluation, keep your eye on the ball Look at things that strongly affect real security –In ways relevant to your situation Consider the real threats you’re facing Think about and report on where the system needs to be improved

8 Lecture 17 Page 8 CS 236 Online The New Government Approach FISMA 2.0 Moving through US legislature (2010) Intended to place more emphasis on actually securing systems –Automated security reporting –Mandating security requirements in contracts –Legislates federal CTO

Download ppt "Lecture 17 Page 1 CS 236 Online Prolog to Lecture 17 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher."

Similar presentations

Engaging with Small Business Lessons learnt so far from the ATO trials and other forums and activities. Presentation to The Tax Commissioner’s Small Business.

Engaging with Small Business Lessons learnt so far from the ATO trials and other forums and activities. Presentation to The Tax Commissioner’s Small Business.
SHIFTING INFORMATION SECURITY LANDSCAPE FROM C&AS TO CONTINUOUS MONITORING ANDREW PATCHAN JD, CISA ASSOCIATE IG FOR IT, FRB LOUIS C. KING, CPA, CISA, CMA,

SHIFTING INFORMATION SECURITY LANDSCAPE FROM C&AS TO CONTINUOUS MONITORING ANDREW PATCHAN JD, CISA ASSOCIATE IG FOR IT, FRB LOUIS C. KING, CPA, CISA, CMA,
Copyright © Allyn & Bacon (2007) Single-Variable, Independent-Groups Designs Graziano and Raulin Research Methods: Chapter 10 This multimedia product and.

Copyright © Allyn & Bacon (2007) Single-Variable, Independent-Groups Designs Graziano and Raulin Research Methods: Chapter 10 This multimedia product and.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
PPA 502 – Program Evaluation Lecture 5b – Collecting Data from Agency Records.

PPA 502 – Program Evaluation Lecture 5b – Collecting Data from Agency Records.
Psych 231: Research Methods in Psychology

Psych 231: Research Methods in Psychology
 Running is something we all do, but the kids do it much more than the adults, and many of them are quite good at it! Doing.

 Running is something we all do, but the kids do it much more than the adults, and many of them are quite good at it! Doing.
Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.

Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.
Shoot For The Stars By Getting Yourself Into The Workforce!! Presented By Jeremiah Swisher.

Shoot For The Stars By Getting Yourself Into The Workforce!! Presented By Jeremiah Swisher.
Lecture 4 Page 1 CS 236 Online Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 4 Page 1 CS 236 Online Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.

Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Introduction (Based on Lecture slides by J. H. Wang)

Introduction (Based on Lecture slides by J. H. Wang)
Decision Making.

Decision Making.
Lecture 10 Page 1 CS 236 Online Prolog to Lecture 10 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 10 Page 1 CS 236 Online Prolog to Lecture 10 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Yoshives Belizaire 5/2/12 E-Commerce. Introduction My E-Commerce initiative I intend to make a service were you can listen and download all type of music.

Yoshives Belizaire 5/2/12 E-Commerce. Introduction My E-Commerce initiative I intend to make a service were you can listen and download all type of music.
Lecture 15 Page 1 CS 236 Online Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 15 Page 1 CS 236 Online Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
VULNERABILITY ASSESSMENT FOR THE POLICE DEPARTMENT’S NETWORK.

VULNERABILITY ASSESSMENT FOR THE POLICE DEPARTMENT’S NETWORK.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
CSCD 330 Network Programming Fall/Winter/Spring 2014 Lecture 1 - Course Details.

CSCD 330 Network Programming Fall/Winter/Spring 2014 Lecture 1 - Course Details.
Lecture 13 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 13 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Similar presentations

Ads by Google