Post on 25-Dec-2015
Commonwealth Information Security Officers
Advisory Group (ISOAG) Meeting
JULY 11, 2007
www.vita.virginia 1
WELCOME
Peggy Ward, VITA
www.vita.virginia 2
ISOAG July 2007 Agenda I. Welcome Peggy Ward, VITA
II. E-Discovery Julie Whitlock, OAG III. Identity Management Roadmap Tony Shoot, NG
IV. CESC - Security Operations Linda Smith, NG
V. Commonwealth Information Security Council Update!Encryption Committee Steve WerbyMaking Security an Executive Management Priority John KarabaicSmall Agency Outreach Robert JenkinsIdentity and Access Management Patricia Paquette
VI. Keylogging Malware Tripp Sims, VITA
VII. COV IT Security Policies, Standards and Guidelines Update Cathie Brown, VITA
IX. MS-ISAC Peggy Ward, VITA
X. Upcoming Events Peggy Ward, VITA
XI. Other Business Peggy Ward, VITA
An Overview ofE-Discovery
July 11, 2007
Julie Whitlock,Assistant Attorney General
Technology and Procurement Law Section
What is discovery?
Discovery is the process by which parties to a lawsuit exchange information, or request it from third parties
Requests for production of documents Subpoenas Depositions Etc.
What is e-discovery?
Process by which parties request “electronically stored information” = ESI
Includes:Emails Metadata
Voice mails Spreadsheets
Word files Text messages
Calendars Videos
Information on jump drives, PDAs, and Blackberries
Information stored on home or personal computers and devices, and in personal e-mail accounts
What has changed?
Statewide document retention schedules have not changed
Duty to preserve evidence has not changed Federal Rules of Civil Procedure
Amendments became effective December 2006 Specifically address e-discovery Specifically allow for sanctions Require early conference to discuss availability,
cost, and timing of producing data
What is individual agency’s responsibility? Compliance with document retention schedules,
including documentation of destruction Preservation of all evidence in its original electronic
form, so that all information contained within it, whether visible or not, is also available for inspection (e.g. metadata)
Notification to VITA early on, to enable efficient responses and coordinate any necessary litigation holds
Notification to your agency counsel at the AG’s Office when you anticipate litigation, in order to receive advice specific to the situation
Effective Records Management
Ensures compliance with document retention schedules
Provides the foundation for compliance with discovery rules
Enables efficient review of ESI Reduces cost of storage, cost of searching, cost of
retrieval Library of Virginia retention schedules address both
physical records and virtual records
Virginia Code
§ 42.1-86.1. Disposition of public records. — ***
C. Each agency shall ensure that records created after July 1, 2006 and authorized to be destroyed or discarded in accordance with subsection A, are destroyed or discarded in a timely manner in accordance with the provisions of this chapter; provided, however, such records that contain identifying information as defined in clauses (iii) through (ix), or clause (xii) of subsection C of § 18.2-186.3, shall be destroyed within six months of the expiration of the records retention period.
*** (iii) social security number (iv) driver's license number(v) bank account numbers (vi) credit or debit card numbers(vii) PIN numbers (viii) electronic identification codes(ix) automated or electronic signatures (xii) passwords
What can my agency do now?
Review current document retention schedules and practices
Watch for formal advice from the OAG Become familiar with what you have electronically,
where it is stored, in what formats, and who is responsible for it (don’t forget personal devices)
Become familiar with your automatic backup and archiving functions
Begin to understand what would be necessary to perform a search or to retrieve archived documents
What can my agency do now? (con’t)
Begin to identify positions within your agency that are involved in data retention – this includes your document retention/records management officer
Encourage the segregation of personal or proprietary information before data is archived – to reduce the time spent segregating when responding to a request
Things to consider when preparing for e-discovery
Individual privacy of user Prevention of data loss, whether inadvertent
or intentional Minimizing individual disruptions while
searching and responding to discovery requests
Operational efficiencies to ensure timely preservation and processing of data
Consistency of process
Conclusion
Security Operations Center
Identity Management Support
June 11, 2007
Security Operations Center
Identity Management• Definition:
– Management of the identity life cycle of entities (subjects or objects) during which:
• the identity is established
• the identity is described
• the identity is destroyed
• Transformation Objectives:– User consolidation across multiple directories and e-mail system
• Single domain Active Directory (COV.VIRGINIA.GOV)
– Role-Based Access Control
– Provisioning and de-provisioning
– Self Service Password Management
– Auditing and Reporting
Security Operations Center
Components
Confidential
Security Operations Center
Active Directory
• Primary Identity Repository
• Authentication and Access Control
• Single domain Active Directory – COV.VIRGINIA.GOV
• User consolidation from Agency directories and e-mail system
Security Operations Center
ADAM (Active Directory Application Mode)
Confidential
Security Operations Center
MIIS (Microsoft Identity Integration Server)
Confidential
Security Operations Center
Quest Management Tools
Confidential
Security Operations Center
P-Synch
Confidential
Security Operations Center
Pegasus / Dogwood
Confidential
Security Operations Center
Identity Management Transformation Roadmap
Confidential
Security Operations Center
Enabling Identity Management
2007 20082006 2009
MIIS
Test & Development In Place
Base Core H/W Build Out Complete
CESC Build Out Complete
Directory Service Implementation and Alignment Complete
Directory Sync / MIIS Installed
Global E-Mail Address List Complete
End-User Migrations complete
Active Directory
Quest Tools installed at RPB
Quest Tools installed at CESC
Quest Management Tools
P-Synch Updated at RPB
P-Synch Installed at CESC
P-Synch
Pegasus V2 Installed (Dogwood)
Pegasus / Dogwood
· Identity synchronization with other systems
· Identity Repository· Authentication & Access
Control
· Administration· Roles· Resource Provisioning· Identity AuditingRole-Base Access Control
Delegated Administration
Account Provisioning & De-Provisioning
· Password Management· Self Service Password ResetSelf Service Password Resets
· Automated Account Provisioning
• Central Identity Repository
• Identity Synchronization
• Self-Service– Authorization
– Access
– Passwords
– Profile
• Workflow
• Centralized User Management
• Delegated Administration
• Automated Provisioning and De-Provisioning
• Single Sign On
• Consolidated Auditing
Security Operations Center
Enabling Identity Management
• Central Identity Repository
– Consolidation of user identities into one centralized repository
– Integrate other systems authorization and authentication of users
• External and internal web apps leverage primary identity store
• Internal enterprise apps leverage primary identity store
Security Operations Center
Enabling Identity Management
• Identity Synchronization
– Automatic propagation of changes to other managed systems (Synchronization)
– Collects identity data from other systems
– Enables provisioning across wide range of systems and applications
Security Operations Center
Enabling Identity Management
• Self Service
– Password Resets
– Profile Updates
– Account and Access request
Security Operations Center
Enabling Identity Management
• Centralized User Management
– Role-Based Access Control
– Rule-Based Access Control
– Centralized provisioning and de-provisioning
– Password Management
• Uniform Password Policy
• Password Initialization
• Spans multiple systems
Security Operations Center
Enabling Identity Management
• Delegated Administration
– Non-technical users perform granular administration
Security Operations Center
Enabling Identity Management
• Resource Provisioning
– Automated provisioning and de-provisioning
– Workflow automates approval process
Security Operations Center
Enabling Identity Management
• Single Sign-On (SSO)
– Reduced Sign On
• Authenticate once to gain access to many systems
• A single identity source is used for authentication
– Reduced Credentials
• User credentials gain access to multiple systems (each requiring sign on)
• Password is synchronized between multiple systems
Security Operations Center
Enabling Identity Management
• Identity Auditing and Reporting
– Automatic ticket generation for follow-up and reporting
– Automatic E-Mail for interaction with users, administrators, and authorizers
– Real-time auditing of all AD changes
Security Operations Center
Questions ?
Security Operations Center
Security Operations Center toolsLinda Smith
Manager Transformation Security Services
July 11, 2007
Security Operations Center
Table of Contents
Confidential
Security Operations Center
Blue Coat
Confidential
Security Operations Center
Blue Coat default deny policy
Confidential
Confidential
Security Operations Center
Blue Coat configuration
Confidential
Security Operations Center
Blue Coat Reporter
Confidential
Security Operations Center
Internet Security Systems
Confidential
Security Operations Center
ID Management
Confidential
Security Operations Center
Antivirus Management
Confidential
Security Operations Center
Firewall / VPN
Confidential
Security Operations Center
Firewall / VPN
Confidential
Security Operations Center
Questions?
www.vita.virginia.gov 47
Peggy Ward, VITA
47
Commonwealth Information Security Council
Encryption CommitteeEncryption CommitteeJesse Crim (VCU)Jesse Crim (VCU)John Palese (DSS)John Palese (DSS)
Michael McDaniel (VRS)Michael McDaniel (VRS)Tripp Simms (VITA/NG)Tripp Simms (VITA/NG)
Steve Werby (DOC)Steve Werby (DOC)Craig Goeller (DMAS) NEW MEMBER!Craig Goeller (DMAS) NEW MEMBER!
Making Security an Executive Management Priority
Committee MembersShirley Payne, Chair, University of VirginiaJoe Hubbard, Virginia LotteryBeth Nelson, State Board of ElectionsJudy Napier, Office of the GovernorJohn Karabaic, CISSP, Dept. Medical Assistance Services
Deliverables
Plan and develop Executive Security Awareness events, either stand-alone or as riders on other planned executive-level events.
Present effective Executive Security Awareness practices from agencies as models other agencies might follow.
Deliverables
Collect and make available Security Awareness presentations designed for executives.
Form a speakers bureau of ISO and Managers teams to give presentations to executives within Secretariat.
Recommendations
Include Information Security as a part of the agency strategic plan and performance measurement.
Create a Commonwealth of Virginia Information Security Officer (ISO) to lead the Executive Security Awareness from the Governor’s Office.
www.vita.virginia.gov 53
Small Agency Outreach
Robert Jenkins
www.vita.virginia.gov 53
www.vita.virginia.gov 54
Current Members
– Robert Jenkins (DJJ)– Aaron Mathes (OAG)– Goran Gustavsson (APA)– Ross McDonald (DSS)– Bob Auton (DJJ)– Doug Mack (DJJ)
www.vita.virginia.gov 55
Status Update• Contact & survey small agencies and benchmark
where they are in the process – Identify agencies classified as small– Conduct Needs Analysis (which agencies need assistance)– Offer guidance with the security level process to those
agencies with a documented need (high level)– Perform Gap Analysis of present state versus desired state (if
resources are available)– Recommend strategies and resources to close gaps– Recommend strategies and resources to maintain compliance
www.vita.virginia.gov 56
Status Update (con’t)• Identify a pool of available talent available to
work in a shared service capacity to provide ISO or Audit functions to Small Agencies – Determine which small agencies have trained personnel
to perform ISO and/or Internal Audit responsibilities– Query larger agencies to determine if they have ISO or
IA resources that may available to assist small agencies– Match needs with skill sets when possible– Provide support to maintain relationships between small
agencies and those who volunteered to support them
www.vita.virginia.gov 57
Status Update (con’t)• Develop “Canned Solutions” i.e. quick fixes using
best practices from those with success in the areas such as policy, practice or procurement. – Establish repository of completed sample policies,
process, and best practices– Make available Security Awareness training options– Develop distribution list of subject matter experts in the
areas of information security and audit– Investigate tools to increase communications such as a
message board that has shared access and with knowledge base capabilities
www.vita.virginia.gov 58
Status Update (con’t)• Create network of Subject Matter Experts (SME)
to offer advice and guidance on relevant topics such as – ARMICS and implementation options– Resources to talk with Agency Management who may be
reluctant or unfamiliar with required actions needed for compliance matters
– VITA IT Security Policies and Standards (Business Impact Analysis, Risk Assessment, Breaches/Detections, etc.)
– Other IT Services, such as possible tests/reviews/audits
www.vita.virginia.gov 59
QUESTIONS
Identity and Access Management and Account Management
Committee Members
Patricia Paquette – DHP, pat.paquette@dhp.virginia.govMike Garner – Tax, mike.garner@tax.virginia.govMarie Greenberg – DMV, marie.greenberg@dmv.virginia.govJim Rappe – ABC, james.rappe@abc.virginia.govMaria Batista, DMV, maria.batista@dmv.virginia.govJoel McPherson, DSS, joel.mcpherson@dss.virginia.govDavid Hines, Supreme Court, dhines@courts.state.va.us
Identity and Access Managementand Account Management
Challenges- Up-front task of ensuring there is a single
identity for each person numerous agencies and literally hundreds of
systems which have information about people scattered throughout those systems
Number of instances where data is not readily matched
no easy way to identify whether Bob Smith in one system is or is not the same person as Bob Smith in another
Identity and Access Managementand Account Management
Challenges- ID management ability to scale, compatibility
with existing applications, and ease of use Changing business processes Buy-in from agencies
demonstrating the value of identity management systems.
Effort extended entering initial information about employees and various access rights.
Identity and Access Managementand Account Management
Initial Direction Research COV existing methodologies
Understand what we have Investigate partnership methodology/capability Research market solutions
Understand what’s available Impact Analysis
Cost Capability Expansion Effectiveness
Proposals
www.vita.virginia.gov 64
Tripp Sims, VITACommonwealth of Virginia Security Architect
July 11, 2007
64
Keylogging Malware• Threats •
• Infection Methods • • Defenses •
www.vita.virginia.gov 65
Content
• What is Malware?• Keylogging Threats• Common Infection Methods
– Browsers, Network Services, and Users
• Defenses– Desktop & Patch Management, AntiVirus,
Firewall/IDS/IPS, Behavior Based HIDS, and Education and Solutions
• Questions and Answers
www.vita.virginia.gov 66
What is Malware?The term malware is a fusion of the words “malicious” and “software”. The generally accepted definition is: a piece of software specifically designed and distributed with malicious intent by the author.
• Earliest examples of malware were common computer viruses.
• Today, with virtually every computer being a “network” connected computer running dozens of applications, the threats of malware have expanded significantly.
• Malware has evolved in lockstep with the evolution of information technologies.
In a very real sense the “Arms Race” analogy fits all too well - and we are losing that race. Fortunately, we still own most of the battlefield.
www.vita.virginia.gov 67
Malware: Keyloggers and Password Stealers
• Keyloggers steal passwords and other personal information
• Infrastructure and tools are readily available that allow for remote control of malware and remote reception of keylog and password data
• COV Citizens have been keylogged when using applications offered by agencies of the Commonwealth
COV IT Security Standard, Section 4.5.2 – “Prohibit all IT system users from intentionally developing or experimenting with malicious programs (e.g., viruses, worms, spyware, keystroke loggers, phishing software, Trojan horses, etc.).”
www.vita.virginia.gov 68
Keylogging Threats
Confidential
www.vita.virginia.gov 69
Keylogging Threats
Confidential
www.vita.virginia.gov 70
Keylogging Threats
Confidential
www.vita.virginia.gov 71
Common Methods of Infection
Web BrowsersOne of the fastest growing developments in malware distribution is the utilization of web-browser exploit packs Secretly inserted into legitimate websites.
• Miami Dolphins Super Bowl Incident
www.vita.virginia.gov 72
Miami Dolphins Super Bowl IncidentOn or about January 26th, 2007 the Dolphins Stadium & the official Miami Dolphins website were hacked. Dolphins Stadium would be hosting that years Super Bowl in less than 10 days so traffic to both sites were high.
The offending exploit, and malware installed through vulnerable browsers, were not removed from the sites for almost a week.
The malware installed through the exploit was classified as an Agent/PWS, meaning that it was a password stealer with the ability to be updated to a newer version remotely via HTTP.
www.vita.virginia.gov 73
Network Services
Network ServicesIf you port scan almost any network device, you will discover at least one open port. This is expected because a network asset is one to be directly used (a printer, a server) by a user or directly managed (a router, a laptop) by an administrator via the network.
History has proven:• Even core operating system programmers have difficulty in generating bulletproof network services.• Vendors, while getting better, allow too much lag time between exploit announcement and patch issuance.• Users, and to a lesser extent system administrators, continue to operate insecure systems due to lack of education or willingness.
Likely future:• Zero-day hits will have the potential to be devastating in a targeted attack.
www.vita.virginia.gov 74
Users • Malicious e-mail attachments
– highly utilized methodology– Vulnerable application formats are variable
• .doc; .zip; .rar; .ppt; .xls; .jpg; .msi; etc…
• Peer-to-Peer File sharing– P2P propagation is viable
• Pirated Software and “Cracks”– Bittorrent, Newsgroups, and other forms of pirated software distribution
are shown to contain a high quantity of malicious code.– Most pirated software cannot be updated for security vulnerabilities.
• Instant Messenger Mal-Links– “Did you see this picture of you on MySpace?”
www.vita.virginia.gov 75
Malware Defense
• Desktop & Patch Management• AntiVirus• Behavior Based Intrusion Detection• Firewalls/IDS/IPS• Customer Education and Solutions
www.vita.virginia.gov 76
Malware Defense
• Layered approach to Security (Defense in Depth)
• In situations where it’s not cost effective to support the best possible security posture, keep in mind that every layer of protection utilized is another security hurdle for the “bad guys” to circumvent.
• As security representatives of the citizens of Virginia’s data we are not only required to keep our own resources secure, but we are also bound to educate and offer solutions to the citizens to better protect their own data.
www.vita.virginia.gov 77
Desktop and Patch Management
• Apply Principle of Least Authority (POLA) to home computers as well as work.– Can your home users install software themselves?– Do you use separate user accounts on your home computers? And
does your primary account have Administrator privileges?• Keep up with OS & application patching.
– Managed enterprise infrastructure has documented plans for testing and deploying security patches.
– Home users should be advised to turn on automated updates and respect the importance of these updates to their computers.
A strong desktop policy and patch management can be one of the easiest and most effective layers of security
IT Security Standard, Section 5.2.2 – “Requires that local administrator rights, or the equivalent on non-Microsoft Windows-based IT systems, be granted only to authorized IT staff.”
www.vita.virginia.gov 78
Anti-Virus
• Anti-Virus is an essential first line of defense
• Use solutions from well known vendors
• Be aware of malicious offerings that distribute malware posing as Anti-Virus
For enterprise workers consider using the standard Anti-Virus used in the enterprise for your home computer.
www.vita.virginia.gov 79
Firewalls/IDS/IPS
• Network Firewalls are another layer of defense
• Firewalls features can include Intrusion Detection/Prevention features
• Recommend a ‘default deny’ policy for outbound traffic, then selectively open for user traffic as needed
www.vita.virginia.gov 80
Firewalls/IDS/IPS• Network Intrusion Detection & Prevention Systems as an additional layer of defense
• Most IDS/IPS solutions are signature based and must be updated and current (same as Anti-Virus)
• There are ‘security center’ solutions for home users that include host-based personal firewalls with IDS/IPS features built in.
www.vita.virginia.gov 81
Behavior-Based Intrusion DetectionBehavior-based intrusion detection systems exist that rely on the premise that an intrusion can be detected by a deviation from the normal behavior of a system or a user. More typically deployed in the Enterprise today.
Advantages Disadvantages• When properly configured over time, and in a managed environment it can be highly effective• Can detect and defend against zero-day malware for which no signatures exist• Can defend against abuse which might not normally be associated with an “exploit”
• Can produce numerous false positives in an unmanaged environment, such as a home system• Generally requires constant supervision to ensure its knowledge expands as users behavior changes
www.vita.virginia.gov 82
User Education• Customer Education is the most important line of defense!
• The citizen’s computer is much more likely to be the source of leaking personal information than legitimate websites
• What can you do to help keep citizens’ data secure?
• Banner type notification when citizens visit your site to do business• Offer security resource pages that can help a customer understand what they can do to increase their own security.
www.vita.virginia.gov 83
User Education
Customer SolutionsThere are practices you can consider for inclusion on your customer facing applications. There are also a number of free resources online that can help a customer understand the security posture of their computer.
• Many AntiVirus vendors offer free web based AntiVirus and security scans which run through the web browser. Point your customers to them as a resource for their personal data security
• There is also a free browser security testing site available @ http://www.scanit.be/browser-security-test.html
• Consider maintaining a black-list of known insecure browser user-agents. Browsers which identify themselves as known insecure to your applications could be warned before gaining entry to your applications.
www.vita.virginia.gov 84
The Current State of Malware
Questions
www.vita.virginia.gov 85
Information Technology Security Policy, Standards and Guidelines
Cathie Brown, CISM, CISSP
www.vita.virginia.gov 85
www.vita.virginia.gov 86
Compliance: IT Security Policy & Standard
• Blanket 90 Day Exception – September 28, 2007• Key Steps to Compliance include:
– Designate an ISO– Inventory all systems– Perform Risk Assessment on sensitive systems – Perform Security Audits on sensitive systems– Document and exercise Contingency & DR Plans– Implement IT systems security standards – Document formal account management practices– Define appropriate data protection practices– Establish Security Awareness & Acceptable Use policies– Safeguard physical facilities– Report & Respond to IT Security Incidents– Implement IT Asset Controls
www.vita.virginia.gov 87
Compliance - Wall of Honor Accountancy, Board of
Accounts, Department of
Aging, Department for the
Agriculture and Consumer Services, Department of
Alcoholic Beverage Control
Aviation, Department of
Blind and Vision Impaired, Department for the
Business Assistance, Virginia Department of
Center for Behavioral Rehab
Center for Innovative Technology
Christopher Newport University
Conservation and Recreation, Department of
Correctional Education, Department of
Corrections, Department of
Criminal Justice Services, Department of
Deaf and Hard of Hearing, Department for the
Department of Charitable Gaming
Department of Forensic Sciences
Economic Development Partnership, Virginia
Education, Department of
Elections, State Board of
Employment Dispute Resolution, Department of
Environmental Quality, Department of
Fire Programs, Department of
Forestry, Department of
Frontier Culture Museum of Virginia
Game and Inland Fisheries, Department of
General Services, Department of
Governor, Office of the
Gunston Hall
Health Professions, Department of
Health, Department of
Historic Resources, Department of
Housing and Community Development, Department of
www.vita.virginia.gov 88
Wall of Honor – CONTINUED!Human Resource Management, Department of
James Madison University
Juvenile Justice, Department of
Library of Virginia, The
Longwood University
Marine Resources Commission
Mary Washington University
Medical Assistance Services, Department of
Mental Health, Mental Retardation & Substance Abuse Svcs, Dept of
Mines, Minerals and Energy, Department of
Minority Business Enterprise, Department of
Motor Vehicle Dealer Board
Motor Vehicles, Department of
Museum of Fine Arts, Virginia
Museum of Natural History, Virginia
Norfolk State University
Old Dominion University
People With Disabilities, Virginia Board for
Planning and Budget, Department of
Professional & Occupational Regulation, Department of
Racing Commission, Virginia
Rail and Public Transportation, Department of
Rehabilitative Services, Department of
Science Museum of Virginia
Social Services, Department of
State Police, Department of
Taxation, Department of
Tourism Commission, Virginia
Transportation, Department of
Treasury, Department of the
VA School for the Deaf and Blind-Staunton
Virginia Commonwealth University
Virginia Employment Commission
Virginia Information Technologies Agency
Virginia Lottery
Woodrow Wilson Rehabilitation Center
www.vita.virginia.gov 89
Status Update• Publication Pending ITIB Review/Approval
– IT Security Policy & Standard Revised– IT Standard Use of Non-Commonwealth Computing
Devices to Telework ITRM SEC511-00 NEW!– IT Threat Management Guideline NEW!
• Guidelines in Draft COMING SOON!– IT Security Audit Guideline– IT Systems Security Guideline– Personnel Security Guideline
www.vita.virginia.gov 90
Revisions - IT Security Policy & Std• Highlights
– Expanded scope to include Legislative, Judicial, Independent and Higher Education
– System Security Plans for sensitive systems– Additional considerations for account management– Additional considerations for protection of data on
mobile storage media including encryption– Additional requirements for specialized IT security
training – Data Breach Notification
• Compliance date – 7/01/2008 CHANGE! (FROM 1/01/2008)
• Exception Form period extended from 6 months to 1 year – CHANGE!
www.vita.virginia.gov 91
New! IT Std Using Non-COV Devices to Telework• Purpose
– Establish a standard to protect COV data while teleworking with Non-COV Devices
• Acceptable Solutions– Standalone Computer– Internet Access to Web-Based Applications– Internet Access to Remote Desktop Applications
• Requirements– Storing COV data on a non-COV device is prohibited– Network traffic containing sensitive data must be encrypted– Provide training on remote access policies
• Security Incident Response– Non-COV device may be necessary during forensics or
investigation of a Security Incident– Acknowledgement form signed NO LONGER REQUIRED!
www.vita.virginia.gov 92
QUESTIONS
www.vita.virginia.gov 93
Peggy Ward, VITA
93
MS-ISAC
Multi-State Information Sharing & Analysis Center (MS-ISAC)
William F. Pelgrin, State of New YorkChair
• Recognizing the need for collaboration and communication between and among the states, the MS-ISAC was established in January 2003.
• The MS-ISAC began with New York and the Northeast states, and quickly expanded. Participation includes representatives from all 50 states and DC.
• The MS-ISAC is recognized by the US Department of Homeland Security as the national ISAC for the states and local government to coordinate cyber readiness and response.
Background
The mission of the MS-ISAC, consistent with the objectives of the National Strategy to Secure Cyberspace, is to provide a common mechanism for raising the level of cyber security readiness & response in each state.
The MS-ISAC provides a central resource for gathering information on cyber threats to critical infrastructure from the states & providing two-way sharing of information between & among the states and with local governments.
Mission
AlabamaAlaska
Arizon
a Arkansas Califo
rnia
ColoradoCon
nect
icut
Delaware
District of
Columbia
Florida Georg
iaHawaii
Idaho
Illinois
Indiana
Iowa
Kansas
Kent
ucky Louisiana
Maine
Maryland
MassachusettsMichigan Minnesota
Mississippi Missouri Mon
tana
Nebraska
Nevada
New Hampshire Ne
w Je
rsey
New Mexico
New York
North Carolina
North Dakota
Ohi
o
Oklah
oma
OregonPennsylvania
Rho
de Is
land
South CarolinaSouth D
akota
TennesseeTexas
Uta
h Vermont
Virgin
ia
Wash
ing
ton
West Virginia
WisconsinWyoming
TransformingThe Culture
Sharing Information…
• Monthly Conference Calls
• 24/7 Cyber Security Analysis Center
• Cyber Security Alerts and Advisories
• Public and Secure MS-ISAC Websites
• Participation in cyber exercises
• Common cyber alert level map
• National Webcast Initiative
• National Cyber Security Awareness Month
• Ensuring collaboration with all necessary parties
Multi-State ISAC
The MS-ISAC provides high-level descriptions of what the issue is and why you should be concerned…
MS-ISAC Public WebsiteMS-ISAC Public Websitewww.msisac.orgwww.msisac.org
The MS-ISAC provides a risk rating based on specific environments…
MS-ISACCollaborating with Others
• While the major focus of MS-ISAC is cyber security, there is also recognition of the relationship between physical and cyber security; membership includes representation from both the physical and cyber arenas.
• Close relationship with federal government
• Other partners
Endorsement by major national entities…
• Cyber Exercise• Metrics & Compliance• Education & Awareness• Legislative• Operations• State and Local Government
Outreach & Marketing• Procurement
MS-ISAC Workgroups
National Cyber Security Awareness Month
October
Kids Safe Online Webcast
Governors’ Proclamations
Cyber Security Toolkit Calendars
Posters
Brochures
Other materials
• The Multi-State Information Sharing and Analysis Center (MS-ISAC) in cooperation with the Department of Homeland Security's National Cyber Security Division, have launched a partnership to deliver a series of national webcasts which examine critical and timely cyber security issues. Embracing the concept that security is everyone’s responsibility, these webcasts are available to a broad audience to help raise awareness and knowledge levels.
• The webcasts provide practical information and advice that users can apply immediately. Webcasts are conducted every other month.
• Webcasts are free and open to the public.
• Visit www.msisac.org for more information about upcoming sessions.
National Webcast Initiative
Cyber Security Center
7 X 24 OperationsMonitoring for Cyber Attacks
Cyber Alerts, Advisories and Informational Bulletins
Cyber Security CenterAlerts are provided to State designated representatives whenever an apparent attack of a state or local government entity has been detected.
For the Commonwealth of Virginia the two representatives are:
Constance McGeorge, Office of Commonwealth Preparedness
Peggy Ward, Virginia Information Technologies Agency
Working Together to Secure Cyberspace
Multi-State Information Sharing and Analysis Centerwww.msisac.org
www.vita.virginia.gov 112
UPCOMING EVENTS!
VITA OFFICE MOVE – Friday, July 27
ISOAG - Wednesday, August 89:00 - 12:00 @ CESC
COVITS – September 16 -18 Chantilly, Vahttp://www.covits.org/
www.vita.virginia.gov
113
Any Other Business ?
www.vita.virginia.gov 114
ADJOURN
THANK YOU FOR YOUR TIME AND
THOUGHTS!!!