Defense Security Service Industrial Security Field Operations Green.pdf · DSS Industrial Security...
Transcript of Defense Security Service Industrial Security Field Operations Green.pdf · DSS Industrial Security...
DSS Industr ia l Secur i ty F ield Operations
Defense Security Service Industrial Security Field Operations
DoD Industrial Security
April 5, 2016
Gus Greene
Director, IO
DSS Industr ia l Secur i ty F ield Operations
Overview
▌ Where We Have Been
▌ Where We Currently Are
▌ Where We Are Going
▌ Industry’s Role
2
DSS Industr ia l Secur i ty F ield Operations
Responsibilities for Managing Risk
The Field
ISR
IO CI FIL
Industry
DSS Industr ia l Secur i ty F ield Operations
Responsibilities for Managing Risk
CI
CFIUS
NID
FCL
CI
CFIUS
DSS Industr ia l Secur i ty F ield Operations
Responsibilities for Managing Risk
• Integrated
• Supported
• Empowered
CISA
The Field
ISSP ISR
CI
IO CI FIL
Industry
• Integrated
• Supported
• Empowered
CI
NID
FCL
CFIUS
Risk Assessment
Development
Policy Requirements
Threat /Value Analysis
Financial and Business Intelligence
Analysis
“Policy – Driven
Partner – Enabled
Security – Focused”
R I S K - B A S E D
A N A L Y S I S A N D
M I T I G A T I O N
M O D E L
Stakeholder Partner Integration
Risk Assessment Mitigation Strategy
R B A M C O N C E P T O F F R A M E W O R K
Security Posture/Consequence
Analysis
Education and Training (Learning)
Information Technology
DSS Industr ia l Secur i ty F ield Operations
Imp
ac
t
Facility Posture in Context
Impact
Thre
at
0 100
Impact
Vu
lne
rab
ility
0 100
Score 0 100
Or…
Or…
Facility Posture is a filter for the assessment, but Threat and Impact drive
the effort, moving from compliance-focused to risk-focused
DSS Industr ia l Secur i ty F ield Operations
Risk Management Framework (RMF) is…
▌ …a key component of an organization’s information security program used in the overall management of organizational risk
▌ …a unified information security framework for the entire federal government that replaces legacy Certification and Accreditation (C&A) Processes applied to information systems
8
DSS Industr ia l Secur i ty F ield Operations
RMF is a Six-Step Process
9
Security Lifecycle
(1)
CATEGORIZE SYSTEM
(2)
SELECT SECURITY
CONTROLS
(3) IMPLEMENT SECURITY
CONTROLSS
(4)
ASSESS SECURITY
CONTROLS
(5) AUTHORIZE
SYSTEM
(6)
MONITOR SECURITY
CONTROLS
DSS Industr ia l Secur i ty F ield Operations
Questions
10
DSS Industr ia l Secur i ty F ield Operations
Back-Ups
11
DSS Industr ia l Secur i ty F ield Operations
RMF Training Already Provided by CDSE
12
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Introduction to RMF (CS124.16)
Continuous Monitoring (CS200.16)
Categorization of the System (CS102.16)
Selecting Security Controls (CS103.16)
Implementing Security Controls (CS104.16)
Monitoring Security Controls (CS107.16)
Authorizing Systems (CS106.16)
Assessing Security Controls (CS105.16)
DSS Industr ia l Secur i ty F ield Operations
PSMO-I PSI Processing Delays
• Industry E-QIP Processing –
– PSI-I funding constraints are significantly impacting steady state
– Submissions are being prioritized by KMP status, Initial PCLs and Overdue PRs based on mission critical needs and risk
DSS Industr ia l Secur i ty F ield Operations
OPM Cybersecurity Breach
• OPM started sending notification letters and PIN codes out to individuals who's Social Security Number and other personal information was stolen in a cyber intrusion involving background investigation records. • https://www.opm.gov/cybersecurity
• Notification process is expected to take up to 3 months
• Posted on OPM site: "While we are not aware of any misuse of your information, we are offering you, and any of your dependent minor children who were under the age of 18 as of July 1, 2015, credit and identity monitoring, identity theft insurance, and identity restoration services for the next three years through ID Experts, a company that specializes in identity theft protection.“
• List of Names and Address (no longer required) • Obtained through Third Party Vendor
• Thanks to Industry Companies for providing
DSS Industr ia l Secur i ty F ield Operations
Statistics on Security Violations for past four years
15
67%
13%
7%
7%
4% 3%
Security Violation Type
1 Jan 12- 21 Mar 16
IT Contamination
Improper Storage
Physical Transfer
Other
Physical Loss
Access Breach
54% 25%
21%
Security Violation Culpability
1 Jan 12- 21 Mar 16
Employee
Other Contractor
Government