information assurance information assurance for defense
play

Information Assurance Information Assurance for Defense Security - PowerPoint PPT Presentation

Nov 20, 2022 •162 likes •662 views

Information Assurance Information Assurance for Defense Security for Defense Security Prof. Paul A. Strassmann George Mason University, March 27, 2007 1 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY Elements of

  1. Information Assurance Information Assurance for Defense Security for Defense Security Prof. Paul A. Strassmann George Mason University, March 27, 2007 1 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY

  2. Elements of Information Transformation in DoD Net-Centric Net-Centric Data Strategy Data Strategy Enterprise Net-Centric Enterprise Net-Centric Services Operations Services Operations Information Information Assurance Assurance 2 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY

  3. Information Assurance Requirements 3 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY

  4. Definition of Information Assurance • Information Assurance (IA) are the methods for managing the risks of information assets. • IA practitioners seek to protect the confidentiality, integrity, and availability of data and their delivery systems, whether the data are in storage, processing, or transit, and whether threatened by malice or accident. 4 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY

  5. IA is More than Information Security • IA’s includes reliability and emphasizes risk management over tools and tactics. • IA includes privacy, regulatory compliance, audits, business continuity, and disaster recovery. • IA draws from fraud examination, forensic science, military science, systems engineering, security engineering, and criminology in addition to computer science. • IA is a superset of information security. 5 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY

  6. Responsibilities • CIO responsibilities include: – Monitoring the reliability of cyber-security; – Robustness of cyber-crime protection; – Up-time availability of network services; – Installation of trusted backup capabilities; – Designs for systems redundancy; – Capacity for recovery from extreme failures. 6 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY

  7. Federal Information Security Management Act of 2002 - "FISMA" • FISMA imposes processes that must be followed by information systems used by US Government. • Must follow Federal Information Processing standards (FIPS) issued by NIST (National Institute of Standards & Technology). 7 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY

  8. FISMA Requirements • Security controls must be incorporated into system. • Must meet the security requirements of NIST 800-53. • Security controls must contain the management, operational, and technical safeguards or countermeasures. • The controls must be documented in the security plan. 8 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY

  9. Homeland Security Presidential Directive HSPD-12 • Defines the Federal standard for secure and reliable forms of identification; • Executive departments and agencies shall have a program to ensure that identification meets the standard; • Executive departments and agencies shall identify information systems that are important for security. 9 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY

  10. Required: Public Key Encryption 10 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY

  11. A Secure Identity Card Radio Frequency Antenna Digital Photo Heavy Duty Password One-Time Password Electronic Wallet Physical Access Control Digital Identify Certificate Biometrics Encryption Key 11 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY

  12. Encryption Policy • Unclassified data on mobile computing devices and removable storage media shall be encrypted. • Encryption is achieved by means of the Trusted Platform Module (TPM). It is a microcontroller that can organize and store secured information. • TPM offers facilities for secure generation of cryptographic keys 12 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY

  13. What is TPM • The TPM is a microcontroller that stores keys, passwords and digital certificates. • It is affixed to the motherboard. • Silicon ensures that the information stored is made secure from external software attack and physical theft. • Security processes, such as digital signature and key exchange are protected. • Critical applications such as secure email, secure web access and local protection of data are assured. 13 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY

  14. MS VISTA Necessary for TPM 14 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY

  15. Spending on Information Assurance Federal Information Assurance Spending ($B) FY 06 FY 07 Federal Information Assurance Spending ($B) FY 06 FY 07 Defense Department $3.15 $3.31 Defense Department $3.15 $3.31 All O thers $2.31 $2.45 All O thers $2.31 $2.45 Total I.T. Security Spending $5.46 $5.76 Total I.T. Security Spending $5.46 $5.76 Total IT Spending on Training and Reporting $1.38 $1.43 Total IT Spending on Training and Reporting $1.38 $1.43 DoD IA Spending/Total I.T. Spending 10.3% 10.5% DoD IA Spending/Total I.T. Spending 10.3% 10.5% 15 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY

  16. Information Assurance Certification & Accreditation Program (DIACAP) • E-Government Act – Title III of the E-Government Act, Federal Information Security Management Act (FISMA), requires Federal departments and agencies to develop, document, and implement an organization-wide program to provide information assurance. DIACAP ensures DoD Certification and Accreditation (C&A) is consistent with FISMA, DoDD 8500.1 and DoDI 8500.2 • Global Information Grid (GIG) – The DIACAP is a central component of GIG IA C&A Strategy. DIACAP satisfies the need for a dynamic C&A process for the GIG and net-centric applications 16 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY

  17. DIACAP Activities 17 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY

  18. Designated Approving Authority (DAA) • Official with the authority to formally assume responsibility for operating a system at an acceptable level of risk. 18 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY

  19. The Internet 19 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY

  20. Web Looks Simple to the User Internet 20 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY

  21. Internet Advantage • Any properly configured computer can act as a host for a personal web-page. • Any of several hundred million other computers can view that personal web-page. • Any of several hundred million other computers can connect to another computer capable of delivering an information processing service. 21 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY

  22. Internet Protocols: For Identification of Message “Packets” Message Trailer Header Message Contents 22 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY

  23. What is in an Internet Packet Header • 4 bits that contain the version, that specifies IPv4 or IPv6 packet, • 4 bits that contain the length of the header, 8 bits that contain the Type of Service - Quality of Service • (QoS), • 16 bits that contain the length of the packet, • 16 bits identification tag to reconstruct the packet from fragments, • 3 bits flag that says if the packet is allowed to be fragmented or not, • 13 bits identify which fragment this packet is attached to, • 8 bits that contain the Time to live (TTL) number of hops allowed • 8 bits that contain the protocol (TCP, UDP, ICMP, etc..) • 16 bits that contain the Header Checksum,, • 32 bits that contain the source IP address, • 32 bits that contain the destination address. 23 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY

  24. Problems with Nets and Servers • Capacity limitations for peak loads; • Congestion in access to data sources; • Excessive delays for global access; • Expensive to scale capacity for growth; • Problem not in bandwidth, but mostly in switching; • Depends on reliability and capacity of ISP “peers” to forward data to the destination; • Conflicting economic interests among “peers” can inhibit growth and performance. 24 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY

  25. Internet Liabilities • 17,000+ partially secure, poorly connected networks with practically unlimited number of unverifiable points of access; • The most frequently used security protocol (SSL- Secure Socket Layer authenticates destination servers, but not the sending sources); • Networks are mostly small, with large ISP’s managing less than 10% of network traffic; • Performance of the network depends on “peering relationships” between ISP (Information Service Providers), each providing network capacity and router switching capacity ; • Delivery of packets cannot be guaranteed because network performance determined by routers that may not have sufficient capacity to handle traffic spikes. 25 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Probabilistic Mission Defense and Assurance NATO STO IST-148 Symposium on Cyber Defence Situation

Probabilistic Mission Defense and Assurance NATO STO IST-148 Symposium on Cyber Defence Situation

INSTITUTE OF INFORMATION SYSTEMS Probabilistic Mission Defense and Assurance NATO STO IST-148 Symposium on Cyber Defence Situation Awareness Alexander Motzek Ralf Mller Universitt zu Lbeck Institute of Information Systems

605 views • 28 slides
1 Measuring quality Costs of quality assurance Is it possible to quantify software

1 Measuring quality Costs of quality assurance Is it possible to quantify software

Key Points Many different characteristics of quality Quality Assurance and Testing Importance of having independent quality assurance from development The deliverable of QA is information CSE 403 Write it down Lecture 22 QA

359 views • 5 slides
MATERIALS AND TESTING QUALITY ASSURANCE QUALITY ASSURANCE What is Quality Assurance? Why

MATERIALS AND TESTING QUALITY ASSURANCE QUALITY ASSURANCE What is Quality Assurance? Why

Luanna Cambas, P.E. LADOTD District 02 Lab Engineer Jason Davis, P.E. LADOTD Field Quality Assurance Administrator MATERIALS AND TESTING QUALITY ASSURANCE QUALITY ASSURANCE What is Quality Assurance? Why needed? Sampling &

1.01k views • 63 slides
information security and cybercrime; To grant awards, scholarships or sponsorships to people

information security and cybercrime; To grant awards, scholarships or sponsorships to people

RAISA Romanian Association for Information Security Assurance is a profes - sional, non-governmental, non-partisan political, nonprofit and public benefit association. PURPOSE The aim of Romanian Association for Information Security Assurance

84 views • 6 slides
Census Data Quality Assurance 17 May 2010 Types of Quality Assurance (QA) Quality assurance of

Census Data Quality Assurance 17 May 2010 Types of Quality Assurance (QA) Quality assurance of

Census Data Quality Assurance 17 May 2010 Types of Quality Assurance (QA) Quality assurance of captured and coded data Quality assurance of downstream processes (including data security and integrity) Quality assurance of population counts,

129 views • 12 slides
yxwvutsrponmlkihgfedcbaYWUTSRPONMLKIHFEDCBA How Big is Your Digital Footprint? Can U Help?

yxwvutsrponmlkihgfedcbaYWUTSRPONMLKIHFEDCBA How Big is Your Digital Footprint? Can U Help?

yxwvutsrponmlkihgfedcbaYWUTSRPONMLKIHFEDCBA How Big is Your Digital Footprint? Can U Help? FISSEA Mark Loepker Defense-wide Information Assurance Program Office of the DoD Chief Information Officer Office of the Secretary of Defense

435 views • 27 slides
Session 13 INFM 603 Bugs, process, assurance Software assurance: quality assurance for

Session 13 INFM 603 Bugs, process, assurance Software assurance: quality assurance for

Software Assurance Session 13 INFM 603 Bugs, process, assurance Software assurance: quality assurance for software Particularly assurance of security Bad (buggy, insecure software) comes not from discrete, unpredictable,

561 views • 18 slides
SeeTest Quality Assurance Platform On-premise Digital Assurance Lab On-premise Digital Assurance

SeeTest Quality Assurance Platform On-premise Digital Assurance Lab On-premise Digital Assurance

SeeTest Quality Assurance Platform On-premise Digital Assurance Lab On-premise Digital Assurance Lab Centrally manage browsers & mobile devices (physical/emulated), and allow your team to remotely access them from anywhere at anytime Run

534 views • 17 slides
Xen Security Modules (XSM) George Coker National Information Assurance Research Lab National

Xen Security Modules (XSM) George Coker National Information Assurance Research Lab National

Xen Security Modules (XSM) George Coker National Information Assurance Research Lab National Security Agency (NSA) gscoker@alpha.ncsc.mil National Information Assurance Research Lab 1 UNCLASSIFIED What is XSM? A generalized

342 views • 33 slides
SeeTest Quality Assurance platform SaaS Digital Assurance Lab SaaS Digital Assurance Lab Access

SeeTest Quality Assurance platform SaaS Digital Assurance Lab SaaS Digital Assurance Lab Access

SeeTest Quality Assurance platform SaaS Digital Assurance Lab SaaS Digital Assurance Lab Access hundreds of browsers & mobile devices (physical/emulated) Hosted in Experitest data centers, from anywhere at anytime Run your tests across

288 views • 18 slides
What's New with SELinux Stephen D. Smalley sds@tycho.nsa.gov National Information Assurance

What's New with SELinux Stephen D. Smalley sds@tycho.nsa.gov National Information Assurance

What's New with SELinux Stephen D. Smalley sds@tycho.nsa.gov National Information Assurance Research Laboratory National Security Agency National Information Assurance Research Laboratory 1 Advances in SELinux Deploying new

440 views • 25 slides
Software Quality Assurance Software Quality Assurance Dr. Linda H. Rosenberg Assistant Director

Software Quality Assurance Software Quality Assurance Dr. Linda H. Rosenberg Assistant Director

Software Quality Assurance Software Quality Assurance Dr. Linda H. Rosenberg Assistant Director For Information Sciences Goddard Space Flight Center, NASA 301-286-5710 Linda.Rosenberg@gsfc.nasa.gov V&V 10/2002 Slide 1 Agenda

267 views • 26 slides
FEBRUARY 2016 WEBINAR Quality Assurance Visit Information Critical Elements 1-3 Re-Accreditation

FEBRUARY 2016 WEBINAR Quality Assurance Visit Information Critical Elements 1-3 Re-Accreditation

FEBRUARY 2016 WEBINAR Quality Assurance Visit Information Critical Elements 1-3 Re-Accreditation Planning Danielle Morago HFO QA/TA Specialist 2016 Quality Assurance Visits Self-Study Reminders Critical Element 1 AGENDA Critical

535 views • 16 slides
CMI QUALITY ASSURANCE. The role of the Approved Centre is to ensure: That all administration

CMI QUALITY ASSURANCE. The role of the Approved Centre is to ensure: That all administration

CMI QUALITY ASSURANCE. The role of the Approved Centre is to ensure: That all administration and assurance processes are to a quality standard. All information received is communicated to the relevant people. Effective marketing and

137 views • 11 slides
The Bureau of Diplomatic Security Diplomatic Security Training Center(DSTC) Information Assurance

The Bureau of Diplomatic Security Diplomatic Security Training Center(DSTC) Information Assurance

U.S. DEPARTMENT OF STATE The Bureau of Diplomatic Security Diplomatic Security Training Center(DSTC) Information Assurance (IA) and Cybersecurity Training Program UNCLASSIFIED CyberSec_Training@state.gov Information Assurance Training

142 views • 11 slides
ruth and Consequences: Information T Clouds and Virtualization Assurance Peter Rajnak,

ruth and Consequences: Information T Clouds and Virtualization Assurance Peter Rajnak,

People First, Ministry of Science, Performance Now Technology and Innovation ruth and Consequences: Information T Clouds and Virtualization Assurance Peter Rajnak, Guardtime 14 November 2013 Data trust and Audit Status Quo For 40

673 views • 27 slides
CS 356 Lecture 8 Malicious Code Spring 2013 Review Chapter 1: Basic Concepts and

CS 356 Lecture 8 Malicious Code Spring 2013 Review Chapter 1: Basic Concepts and

CS 356 Lecture 8 Malicious Code Spring 2013 Review Chapter 1: Basic Concepts and Terminology Integrity, Confidentiality, Availability, Authentication, and Accountability Types of threats: active vs. passive, insider/outsider

638 views • 16 slides
Lecture 13 - Network Security CSE497b - Spring 2007 Introduction Computer and Network Security

Lecture 13 - Network Security CSE497b - Spring 2007 Introduction Computer and Network Security

Lecture 13 - Network Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

397 views • 23 slides
Take a deep breath: a Stealthy, Resilient and Cost-Effective Botnet Using Skype Antonio Nappa -

Take a deep breath: a Stealthy, Resilient and Cost-Effective Botnet Using Skype Antonio Nappa -

Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Take a deep breath: a Stealthy, Resilient and Cost-Effective Botnet Using Skype Antonio Nappa - Universit`

483 views • 16 slides
The Symbol Grounding Problem Qi Huang Department of Computer Science February 3, 2020 1 / 31

The Symbol Grounding Problem Qi Huang Department of Computer Science February 3, 2020 1 / 31

The Symbol Grounding Problem Qi Huang Department of Computer Science February 3, 2020 1 / 31 Table of Contents Introduction Symbol System The Symbol Grounding Problem Hybrid symbol grounding system Conclusion & Discussion 2 / 31

421 views • 31 slides
Agenda 9.00 - 9.15: APNIC Presentation 9.15 10.30: Danny McPherson 10.30 -11.00:

Agenda 9.00 - 9.15: APNIC Presentation 9.15 10.30: Danny McPherson 10.30 -11.00:

Network Security: The Principles of Threats, Attacks and Intrusions APRICOT Tutorial Perth Australia 28 February, 2006 Danny McPherson, Arbor Networks Ray Hunt, Associate Professor University of Canterbury, New Zealand 1 Agenda 9.00 -

959 views • 52 slides
Research on attitudes to veterinary medicines Online survey among European citizens July 2016 1

Research on attitudes to veterinary medicines Online survey among European citizens July 2016 1

29.09.2016 Research on attitudes to veterinary medicines Online survey among European citizens July 2016 1 Awareness: Farm animals are vaccinated to prevent them becoming sick. n = 1000 n = 6013 11% 12% 15% 17% 71% 74% Yes, I am aware

223 views • 21 slides
Session 4 Malware and Protection Sbastien Combfis Fall 2019 This work is licensed under a

Session 4 Malware and Protection Sbastien Combfis Fall 2019 This work is licensed under a

I5020 Computer Security Session 4 Malware and Protection Sbastien Combfis Fall 2019 This work is licensed under a Creative Commons Attribution NonCommercial NoDerivatives 4.0 International License. Objectives Discovering the

563 views • 54 slides
Handouts on CNSC website 2 HOW TO SUBMIT YOUR FEEDBACK ABOUT TODAYS SESSION Survey Monkey

Handouts on CNSC website 2 HOW TO SUBMIT YOUR FEEDBACK ABOUT TODAYS SESSION Survey Monkey

01/04/2015 VIDEOCONFERENCE EVENT ID: 42769572 1 Handouts on CNSC website 2 HOW TO SUBMIT YOUR FEEDBACK ABOUT TODAYS SESSION Survey Monkey Questionnaire QR Code 3 1 01/04/2015 EMOTION REGULATION The Cornerstone of Emotional, Psychiatric and

217 views • 19 slides

More recommend