1 / 27

MCIWEST Information Assurance

MCIWEST Information Assurance. Mr. David Robbins MCIWEST Information Assurance Manager (Bldg 24200) Camp Pendleton, CA 92055 Comm: (760) 725-2725 DSN: 365-2725 BlkBry: (760) 213-0400 david.robbins@usmc.mil. MCIWEST Information Assurance 201. (AFCEA…me again?).

race
Download Presentation

MCIWEST Information Assurance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MCIWESTInformation Assurance Mr. David Robbins MCIWEST Information Assurance Manager (Bldg 24200) Camp Pendleton, CA 92055 Comm: (760) 725-2725 DSN: 365-2725 BlkBry: (760) 213-0400 david.robbins@usmc.mil

  2. MCIWEST Information Assurance201 (AFCEA…me again?)

  3. MCIWEST Information Assurance201 (AFCEA…me again?)

  4. MCIWEST Information Assurance201 (AFCEA…me again?) • …regardless of the reason, here I am!!!

  5. MCIWEST Information Assurance201 (…but before we proceed) • Summary of MCIWEST IA 101 (April 2010) • Pass IA 101 Certification Exam in order to Proceed to the MCIWEST IA 201 Course!!!

  6. MCIWESTInformation Assurance MCIWEST Commands +1

  7. MCIWESTInformation Assurance Command & Organizational Relationships

  8. MCIWESTInformation Assurance 101 IA Mission & Overview • The Marine Corps Information Assurance (IA) division supports expeditionary maneuver warfare extending from the Operating Forces to the Supporting Establishment. Marine Corps IA ensures end-to-end capability to deliver secure information at the right time, to the right place, and in a useable format, allowing commanders to exercise command and communication, regardless of proximity to their assigned forces. • The Marine Corps' specific objective for achieving IA is to employ state-of-the-art technology, provide awareness training to all users, and to deploy computer network defense tools across the enterprise. This is achieved by deploying a defense in depth strategy integrating the capabilities of people, sound procedures, and technology to achieve strong, effective, multi-layer and multi-dimensional protection. The goals of the Marine Corps IA division include confidentiality, integrity, availability, authentication, and non-repudiation.

  9. MCIWESTInformation Assurance 101 IA Goals & Pillars • Protect Information • Defend Systems & Networks (CND) • Provide SA & IA Command & Cntrl • Transform & Enable IA Capabilities • Create an IA Empowered Workforce • Confidentiality • Integrity • Availability • Authentication • Non-Repudiation

  10. MCIWESTInformation Assurance Information Assurance Manager (PD) • Develop Mission, Functions, & Responsibilities • Define - Refine Command Relationships • Identify Issues, Commonalities, & Solutions • Develop Regional Policies & Doctrine • Allocate resources to installations • Set Priorities, Deadlines, & Schedules • Interface with other Uniformed Services, Federal Agencies, local governments, and commercial service providers in the region, as directed • Scan Legacy, NMCI, & SIPRNET • Ensure Scans are sent from each Installation to the REM Server @ CPEN • Ensure the REM Server forwards Installation scans to MCNOSC • Ensure Remediation is conducted • Manage Audit Recods • Ensure Arcsight feed is monitored • Verify Backups • Review POA&M • Password Cracking • Ensure scanning is completed and reported • Conduct Self Assessments • Manage War Driving • Report COOP activities • Ensure Emergency Action Plans are in place and up to date • Review System Security Program

  11. MCIWESTInformation Assurance Information Assurance Manager (PD) con’t • Develop Mission, Functions, & Responsibilities • Define - Refine Command Relationships • Identify Issues, Commonalities, & Solutions • Develop Regional Policies & Doctrine • Allocate resources to installations • Set Priorities, Deadlines, & Schedules • Interface with other Uniformed Services, Federal • Agencies, local governments, and commercial service providers in the region, as directed • Scan Legacy, NMCI, & SIPRNET • Ensure Scans are sent from each Installation to the REM Server @ CPEN • Ensure the REM Server forwards Installation scans to MCNOSC • Ensure Remediation is conducted • Manage Audit Recods • Ensure Arcsight feed is monitored • Verify Backups • Review POA&M • Password Cracking • Ensure scanning is completed and reported • Conduct Self Assessments • Manage War Driving • Report COOP activities • Ensure Emergency Action Plans are in place and up to date • Review System Security Program

  12. MCIWESTInformation Assurance Information Assurance Manager (PD) con’t • Develop Mission, Functions, & Responsibilities • Define - Refine Command Relationships • Identify Issues, Commonalities, & Solutions • Develop Regional Policies & Doctrine • Allocate resources to installations • Set Priorities, Deadlines, & Schedules • Interface with other Uniformed Services, Federal Agencies, • local governments, and commercial service providers in the region, as directed • Scan Legacy, NMCI, & SIPRNET • Ensure Scans are sent from each Installation to the REM Server @ CPEN • Ensure the REM Server forwards Installation scans to MCNOSC • Ensure Remediation is conducted • Manage Audit Recods • Ensure Arcsight feed is monitored • Verify Backups • Review POA&M • Password Cracking • Ensure scanning is completed and reported • Conduct Self Assessments • Manage War Driving • Report COOP activities • Ensure Emergency Action Plans are in place and up to date • Review System Security Program • On the 8th Day, catch up on emails (you have fallen behind, AGAIN)!!!

  13. MCIWEST Information Assurance OKAY!!! Enough reviewing…..on to the TEST!!!

  14. MCIWEST Information Assurance101 TEST • How many installations/bases comprise MCIWEST? • What is the MCIWEST Higher Headquarters Command? • What are the 3 Pillars of Information Assurance? • What is the acronym for Information Assurance?

  15. MCIWEST Information Assurance101 TEST • How many installations/bases comprise MCIWEST? • 7 (+1) • What is the MCIWEST Higher Headquarters Command? • MARFOR Bases Pacific (MARFORPAC) • What are the 3 Pillars of Information Assurance? • Confidentiality, Integrity, Availability • What is the acronym for Information Assurance? • IA • ……..and for the bonus round

  16. MCIWEST Information Assurance101 TEST The Bonus Round • What do IAMs do on the 8th day of the week? • What is the most widely used phrase in an IAM’s vocabulary? • What does DIACAP stand for?

  17. MCIWEST Information Assurance101 TEST The Bonus Round • What do IAMs do on the 8th day of the week? • Catch up on emails!!! • What is the most widely used phrase in an IAM’s vocabulary?NO! (backup phrase: NO-WAY!) • What does DIACAP stand for? • Dept of Defense Certification & Accreditation Process

  18. MCIWEST Information Assurance201 AGENDA • Command Support • IT Governance • Access (process & physical security partnership) • Certification & Accreditation

  19. MCIWEST Information Assurance201 COMMAND SUPPORT of IA PROGRAM • Structure (T/O, Contractor Support) • Funding (Training, Equipment, Salaries) • Policy (IT Governance…5 W’s) • Procedure (IT Governance…How)

  20. MCIWEST Information Assurance201 IT GOVERNANCE (Policy, Doctrine, & Procedures) • Who Writes, Reviews, Approves • Resources Required • Establish & Document Clear Roles & Responsibilities (R&R) • Key Information Security Documents • Mission Statements • Job Descriptions • Reporting Relationships • Owner, Custodian, User Roles • Outsourcing

  21. MCIWEST Information Assurance201 ACCESS (process & physical security partnership) • Process for ACCESS • System Authorization Access Request (SAAR…new!) • Request, Need to Know, Clearance Validated, Verified • IA last line of defense: “Assurance” • IA Training (IA, PII, PKI, Removable Media, Phishing) • Physical Security Partnership

  22. MCIWEST Information Assurance201 Certification & Accreditation (DIACAP) • PHASE I: Train (Both IA Community and Customers/Users) • PHASE II: Identify (Systems & Applications) • PHASE III: Verify (already ATO/ATC?) • PHASE III: Document • PHASE IV: Maintain & Decommission • VALIDATORS!!! Uncle Sam Needs You!!!

  23. MCIWESTInformation Assurance“Keys to Success” • Right People, Procedures, Technology • Confidentiality • Integrity • Availability • Authentication • Non-Repudiation

  24. MCIWESTInformation Assurance Cyber War: Is the Threat Real?

  25. MCIWESTInformation Assurance C & A (The FOG of WAR)

  26. MCIWESTInformation Assurance Questions?

More Related