1 / 34

Information Assurance

Information Assurance. Awareness, Training and Education. Presented to University of Phoenix By: Francine C. Hammond 9/19/2014. Agenda and Background. IA Background Why IA? IA Mission and Strategied IA Capabilities IA Strategies Summary Summary. Background.

gavivi
Download Presentation

Information Assurance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Assurance Awareness, Training and Education

  2. Presented to University of Phoenix By: Francine C. Hammond 9/19/2014

  3. Agenda and Background

  4. IA Background • Why IA? • IA Mission and Strategied • IA Capabilities • IA Strategies • Summary • Summary

  5. Background • In response to the terrorist attack against the Pentagon on September 11, 2001, the Department of Defense established the Pentagon Force Protection Agency (PFPA). • The new agency absorbed the Pentagon’s police force, formerly known as the Defense Protective Service (DPS) and its role of providing basic law enforcement and security for the Pentagon and DOD interests in the National Capitol Region (NCR). • PFPA expanded that mission to provide force protection against the full spectrum of potential threats through robust prevention, preparedness, detection, and response measures.

  6. Mr. Bush Supports Information Security

  7. Why Information Assurance? • Publicity of attacks on information systems is increasing and Identity Thieves Prosper in Information Age. • Identity thieves assume the identities of other individuals and use these identities to obtain credit cards, loans and other things of value. • The old methods used to obtain information still apply: stealing credit card statements, bank checks, and other personal information from mailboxes. • However, the openness of the Internet has given identity thieves access to a wealth of personal information stored in the databases of online data brokers, who collect and sell personal information. • A secure information system provides three properties

  8. Availability Confidentiality Integrity Information Assurance Awareness, Training , and Education

  9. CIA • Confidentiality ensures that people who don't have the appropriate clearance, access level and "need to know" do not access the information. • Integrity ensures that information cannot be modified or destroyed. • Availability means that information services are there when you need them.

  10. What would happen if someone changed your data?

  11. Waht wuold hppaen if someone chagned your adat?

  12. Wtah wuold henapp if sooneme chagend yrou adat?

  13. Is Your Organization Secure?

  14. Implement IA Program…

  15. IA Mission and Strategies

  16. Strengthen risk mitigation policies by successfully implementing sound Information Assurance and Information Technology practices to… • Protect the integrity, confidentiality, and availability of IT systems, ensuring that all personnel who use the IT systems are trained to understand their responsibilities, both individual position requirements and those concerning the security of systems. Mission

  17. Risk Management Strategies

  18. Risk Management Strategies • Manage and mitigate the risks of threats and vulnerabilities by implementing the following controls: • Policies and Regulations; • Certification and Accreditation (C&A); • Computer Incident Response Team (CIRT); and • IA Awareness Program.

  19. Policies and Regulations

  20. Implement policies, standards and procedures which are consistent with statutory, Federal, and DOD policies and procedures for securing information systems and networks that include the following controls: • Assign responsibility for security; • Maintain a security plan for all systems and major applications; • Provide for the review of security controls; and • Require authorization before processing.

  21. Certification and Accreditation

  22. Implement the DOD established standard process to identify, implement, and validate IA controls for: • Authorizing the operation of DOD information systems and; • Managing IA posture across DOD information systems consistent with the Federal Information Security Management Act (FISMA).

  23. Computer Incident Response Team

  24. CIRT security analysts provide support in: • Day-to-day intrusion detection operations • Remote vulnerability detection • On-line system survey • Information protection support • Tool design and integration • Technical support

  25. IA Awareness Program

  26. National Information Assurance Training and Education Center • “Literacy, Awareness, Training and EducationBecause there is no patch for ignorance”

  27. Implement the IA Awareness Program by focusing on the following learning components: • Awareness • Focus attention on security • Training • Produce relevant and needed security skills and competency • Education • Integrate all (security skills and competencies) into a common body of knowledge, adding a multidisciplinary study of concepts, issues, and principles  • Professional Development • Imply a guarantee as meeting a standard by applying evaluation or measurement criteria

  28. IA Awareness Program Objectives • Enhance understanding of IA issues among all system users; • Encourage meaningful behavioral change; • Provide coherent accessible technical training; • Deliver flexible content for different audience groups; and… • Keep training current and relative.

  29. IA Awareness Program Deliverables • Training Programs • General Awareness Training • Briefings, Distributed Security Tips, Newsletters • Technical Training • System Administrators, Help Desk personnel, Directors • Training Materials • Handbooks, Reference Guides, Presentations • IA Intraweb/Intranet • ‘One-stop shop’ portal for awareness training

  30. IA Strategy

  31. Summary

  32. IA Mission • Strengthen the risk mitigation policies and the PFPA defense-in-depth by successfully implementing sound Information Assurance (IA) and Information Technology (IT) practices. • Risk Management Strategies • Policies and Regulations • Certification and Accreditation • CIRT • IA Awareness Program

  33. Q & A

  34. THANK YOU! Obrigado Gracias Danke Merci Domo Arrigato Kat Ouen Diloch Salamat Takk Cheers Nani Toda Mahalo Do Jeh M’goy Thoinks Moite

More Related