Prolog to Lecture 16 CS 236 On-Line MS Program Networks and - - PowerPoint PPT Presentation

prolog to lecture 16 cs 236 on line ms program networks
SMART_READER_LITE
LIVE PREVIEW

Prolog to Lecture 16 CS 236 On-Line MS Program Networks and - - PowerPoint PPT Presentation

Mar 07, 2023 174 likes •266 views

Prolog to Lecture 16 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 16 Page 1 CS 236 Online Security Evaluations and the US Government The US government runs lots of computers and networks Its a

slide-1
SLIDE 1

Lecture 16 Page 1 CS 236 Online

Prolog to Lecture 16 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

slide-2
SLIDE 2

Lecture 16 Page 2 CS 236 Online

Security Evaluations and the US Government

  • The US government runs lots of

computers and networks

  • It’s a big, obvious target

– And does get attacked a lot

  • We obviously want its systems to be

secure

  • How to evaluate their system security?
slide-3
SLIDE 3

Lecture 16 Page 3 CS 236 Online

Something That Didn’t Work

  • FISMA (Federal Information Security

Management Act of 2002)

  • Result of law intended to improve

security of government systems – Passed in 2002

  • Required NIST to set standards
  • Other gov’t agencies needed to

document what they did to meet them

slide-4
SLIDE 4

Lecture 16 Page 4 CS 236 Online

What Happened With FISMA

  • Turned into an exercise in generating

reports

  • All agencies had to do was write

lengthy reports

  • Small companies went into business

writing the reports

  • But most government systems’ security

was not actually improved

slide-5
SLIDE 5

Lecture 16 Page 5 CS 236 Online

What’s the Lesson For Us?

  • Not just that government tends to

useless bureaucracy

  • Rather, be sure to ask for the right

thing from security reviews

  • What you really want is to know

whether you’re secure

  • And what to do to become more so
slide-6
SLIDE 6

Lecture 16 Page 6 CS 236 Online

What Was the Problem With FISMA?

  • Did not force agencies to actually

improve security – You just had to write reports

  • Did not focus on practical methods of

improving security

  • Did not take into account dynamic and

changing nature of threats

slide-7
SLIDE 7

Lecture 16 Page 7 CS 236 Online

How Can You Do Better?

  • If you’re involved in a security

evaluation, keep your eye on the ball

  • Look at things that strongly affect real

security – In ways relevant to your situation

  • Consider the real threats you’re facing
  • Think about and report on where the

system needs to be improved

slide-8
SLIDE 8

Lecture 16 Page 8 CS 236 Online

The New Government Approach

  • FISMA 2.0
  • Passed by House of Representatives (2012)
  • Intended to place more emphasis on actually

securing systems – Automated security reporting – Mandating security requirements in contracts – Continuous security monitoring – Legislates federal CTO