170 likes | 309 Views
Assured Information Solutions, LLC Securing the Life Blood of Business - INFORMATION. Christopher D. Peele CISSP-ISSEP Chief IA Analyst. Background. Christopher D. Peele, Chief IA Analyst B.S., Computer Technology, M.S., Information Assurance, CISSP, ISSEP, NSA IAM, NSA IEM
E N D
Assured Information Solutions, LLC Securing the Life Blood of Business - INFORMATION Christopher D. Peele CISSP-ISSEP Chief IA Analyst
Background • Christopher D. Peele, Chief IA Analyst • B.S., Computer Technology, M.S., Information Assurance, CISSP, ISSEP, NSA IAM, NSA IEM • Mr. Peele has over 30 years of technology experience ranging from avionics systems, bioelectronics systems, electronics, computer information systems, computer systems administration project management and information assurance. • Mr. Peele spent a combination of 22 years in the US Air Force serving as active, reserve and guardsmen status as an Avionics Communication and Navigation Technician. • He has over 14 years experience in information security and for 10 of those years, he has worked in the Department of Defense environment working on DIACAP initiatives in support of the Joint, Army and Marine Corps information and combat systems for the ATEC, NCR RNOSC, MCNOSC and MCSC. • Mr. Peele has developed, witnessed, coordinated and conducted IA Assessments in support initial operational test and evaluation for AEC Survivability Directorate for a number of systems. He has also implemented certification and accreditation process in support of MCSC initiatives.
Securing the Critical Information Vital to Your Small Business Survival
Agenda • Why should we secure information? • What mandates the protection of information? • What are the threats to information? • How is security implemented? • Who is going to implement security? • Who is responsible for security? • Areas of Concentration
Why should we secure information? • Organizations Most Value Asset • Intellectual Property • Mission Information • Financial Information • Personal Identifiable Information • Loss of Competitive Business or Technological Advantages • Damage of Reputation • Loss of Revenue • Legal and Regulatory Sanctions • Small/Medium Businesses are the Low Hanging Fruit
What mandates the protection of information? • Federal Information Security Management Act 2002 • Family Educational Rights and Privacy Act • Health Insurance Portability and Accountability Act • Sarbanes-Oxley Act 2002 • Gramm–Leach–Bliley Act • Payment Card Industry Data Security Standard Securing the Life Blood of Business – INFORMATION -
What are the threats to information? • External Threats • Manmade • Attack of known vulnerability by a cyber criminal. • Zero-day malware attack • Phishing, Spear Phishing and Whaling • Advanced Persistent Threats (APT) • Players: Nation State, Cyber Gangs, Hacktivists, Individuals • Natural • Flood • Fire • Earthquake
What are the threats to information? • Internal Threats • Intentional • Trusted Insider • Disgruntled employee • Employee with financial problems • Employee with adverse information • Unintentional • User opening infected attachment • Misconfigured settings • Infecting work system while working remotely • Introduction of malware via personal devices
How is security implemented? • First, security is not a one size fits all! • Security must align with business and mission objectives. • Deploy in layers with input from stakeholders • Implement relevant controls • Fortifying network perimeters • Instituting security policies and procedures
How is security implemented? • Fortifying facility security control • Implementing Security Awareness training • Limiting unauthorized access to network and facility • Monitoring and auditing network activity • Protecting mobile endpoints • Human Resources background investigations Bottom line: Implementing Defense-in-Depth
Who is going to implement security? • Certified Security Professionals: • Information Assurance Professionals • Information System Security Engineers • Cyber Security Professionals • Certifications: • CISSP, ISSEP, ISSMP, CISM, CISA, CAP • Security+, Network+, CASP • SANS Certifications • OEM Certifications
Who is responsible for security? • Security is Everyone’s Responsibility! • Senior Management is Ultimately Responsible for Security in their Organization • Lead by Example!! TRUST BUT VERIFY!
Areas of Concentration • Senior Management Buy-In • Security Awareness Training • Business Continuity Plan • Configuration and Asset Management • Develop Security Policies and Processes • Enforce Security Policies • Ensure Teaming Agreements Address Security Issues
AIS LLC’s Capabilities • Risk Management & IS Security Engineering • IA Compliance & Continuous Monitoring • Certification and Accreditation Process Oversight • IA Assessment & Evaluation • IA Test & Evaluation (T&E) • IA Subject Matter Expertise • IA Acquisition Support • Project Management & Security Strategic Planning
IA Current and Past Performance • Regional Support Services (PdM MCNIS) • Provided day-to-day IA and Cyber Security support to the USMC Regional NOSC initiative to reestablish ownership and operational responsibility of the USMC NIPR network. • Marine Corps Enterprise IT Services (PdM MCES) • Provided IA analysis and C&A oversight to PdM MCES during the acquisition and sustainment phases of the MCEITS data center project. • Network Centric Enterprise Services (Joint/AEC) • Developed and coordinated IA test plans and analysis in support of DISA NCES program. • CH-53K HLR Helicopter (Sikorsky/Navy) • Developed program protection plan and C&A process guidebook. • Unified Command Suite (AEC) • Provided IA analysis of an operational test conducted by JITC of a multiple jurisdiction command and control system
Contact Information Christopher Peele, MSIA CISSP-ISSEP, NSA IAM, NSA IEM Chief IA Analyst Office: 703-919-9859 cdpeele21@comcast.net