FACE DOWN CYBERTHREATS WITH CDM INSIDE P2 CDM ROLLOUT PRESSURED BY INCREASING THREATS P3 WHAT S NEXT FOR CDM? P4 ALLIANT GWAC USED FOR SOME CDM NEEDS
|
|
- Piers Jefferson
- 5 years ago
- Views:
Transcription
1 ONLINE REPORT SPONSORED BY: FACE DOWN CYBERTHREATS WITH CDM INSIDE P2 CDM ROLLOUT PRESSURED BY INCREASING THREATS P3 WHAT S NEXT FOR CDM? P4 ALLIANT GWAC USED FOR SOME CDM NEEDS P5 PHASE 3 REQUIREMENTS FINALLY EMERGE P6 SUPPORT, SIGNATURES AND POLICIES WILL MATTER
2 CDM ROLLOUT PRESSURED BY INCREASING THREATS Sophisticated attacks on several agencies accelerate urgency of CDM program. T he Department of Homeland Security s Continuous Diagnostics and Mitigation (CDM) program was first launched several years ago. This was a major factor in the push to strengthen the overall security of government IT. Events of the past year have only increased the pressure for a faster rollout. There were several sophisticated attacks on government agencies this year, but the most damaging was clearly the one suffered by the Office of Personnel Management (OPM). It was officially reported by the agency in June Analysts now suspect it may have been present in OPM networks for at least a year prior to that, however, and perhaps even longer. By the time all attack assessments were complete, more than 20 million federal employee records are thought to have been compromised. Attacks at the Internal Revenue Service and other agencies also recently exposed hundreds of thousands of records. Attacks on the Rise In a recent report on the progress of the Federal Information Security Modernization Act (FISMA), the Office of Management and Budget (OMB) states that despite unprecedented improvements in securing federal information resources in FY 2015, greater numbers of attackers still managed to get into government networks and systems. Agencies reported more than 77,000 incidents, representing a 10 percent increase over the previous year. The OPM attack was suspected to have been launched by a Chinese, state-sponsored hacking group using OPM employee access credentials obtained through a phishing exploit. Part of the CDM program is designed to combat precisely that type of attack, providing agencies with tools to improve access controls. The CDM program was originally expected to deliver those tools to agencies by the end of Given the nature and extent of the 2015 breaches, though, and the expectation that those types of attacks will only increase in number and severity, this may not be fast enough. In an April 7 letter to Shaun Donovan, director of the OMB, Sen. Tom Carper (D. Del), ranking member of the Senate Committee on Homeland Security and Governmental Affairs, says that while federal agencies are under a constant, yet evolving threat from cyberattackers, flaws in the federal acquisition process can limit the tools agency defenders can obtain to counter these threats. In terms of the CDM program, he says, agencies can partner with the Department of Homeland Security (DHS) to deploy cybersecurity tools and services while saving taxpayer dollars by leveraging government-wide buying power and buying in bulk. It s starting to deliver those tools and services directly to agencies. The slow pace of the CDM program rollout has been a concern of many people almost from the beginning. In an interview on a comprehensive 2014 report put out by the SANS Institute, John Pescatore, director of emerging security trends at SANS, points out that from the procurement side; it s harder than it should be for agencies to buy tools from the CDM program. The bottom line is that capabilities are badly needed by government agencies, he says, but (the program) is not moving quickly enough. DHS secretary Jeh Johnson, in his final state-ofthe-agency speech earlier this year, says the program has provided needed sensors to some 97 percent of the civilian agencies during In 2016, he says, the second phase of the program will focus on providing tools to manage access privileges and device configuration to 100 percent of the federal civilian government. 2
3 WHAT S NEXT FOR CDM? I f the Department of Homeland Security s Continuous Diagnostics and Mitigation (CDM) program is as broadly implemented across federal agencies as was originally intended, government agencies should have far more sophisticated cybersecurity defenses in place over the next couple of years. That is still not a guaranteed outcome, however. The tools and services that will form the technology bedrock could most likely be in place, or at least getting to that point, by the end of There s still a lot of work to be done after that, though, to integrate those tools with agency networks and systems and deliver the right kind of data. The $6 billion CDM program was set up to be implemented over a five-year period starting in 2013, in three distinct phases: Endpoint integrity: The scope of this is the local computing environment. It focuses on identifying and managing agency hardware and software assets, listing known vulnerabilities and malware, and managing device configuration. Least privilege and infrastructure integrity: This is focused more on the people involved, managing their account and network privileges, and the configuration of network infrastructure devices and services. Boundary protection and event management: This encompasses such functions as event detection and response, encryption, remote access management and access control. It s aimed at ensuring security is built into networks, instead of being added on later as an after-thought. The tool delivery aspect of the first phase is more or less complete. Department of Homeland Security (DHS) secretary Jeh Johnson says the sensors needed for that phase had reached nearly all of the civilian agencies who had signed on to the CDM program by the end of The second phase, initially expected to be done in 2017, will get tools and services to 100 percent of agencies in 2016, he says, though bids covering the four functional areas of Phase 2 were only just due on March 30. In the meantime, the Defense Department is actually implementing its own CDM program. Awards for the eleven task areas needed to support agencies in installing, operating and managing the tools, and getting data from them to CDM user dashboards, are also in progress. There are several already made. Phase 3 requirements are still being ironed out. It covers seven of the program s overall 15 functional capabilities: Plan for Events Respond to Events Generic Audit/Monitoring Document Requirements, Policy, and so on Quality Management Risk Management Boundary Protection (Network, Physical, Virtual) In March 2016, the DHS issued initial draft requirements for boundary protection, listing Manage Network Filters and Boundary Controls (BOUND-F), Encryption (BOUND-E) and Physical Access Control Systems (BOUND-P) as the three boundary protections functions to be covered. Under the CDM program goals, all three phases need to be implemented in order to provide the kind of pervasive security envisioned by the Obama Administration and Congress. Not only would each agency be covered, but agencies would be able to share information about incidents, and coordinate with each other over a standardized security infrastructure. The first two phases aren t really meant to improve agencies security posture by themselves, says Ken Ammon, a senior advisor with CA Technologies. They re intended to improve agencies visibility into their networks and systems. It will also help them come up with plans that would improve security. However, he says, simply by virtue of what phases one and two bring (in terms of discovery of assets and vulnerabilities) that means agencies will have a significantly better security posture just by putting that better reporting in place. 3
4 ALLIANT GWAC USED FOR SOME CDM NEEDS T he Department of Homeland Security (DHS) took a different route with the last group of agencies covered under the second contract task order. It opted for a shared services strategy, instead of the direct order approach using the GSA BPA as it did with the previous five groups. GSA s Alliant government-wide acquisition contract (GWAC) will cover task order 2F, released in December This is a 10-year contract with a $50 billion ceiling awarded in May 2009 to replace several of GSA s expired GWACs. It supports a variety of IT services programs, and has proven particularly attractive to agencies looking for new and emerging technologies. Groups A through E cover either single large agencies or a number of mid-size agencies. Group F pools 42 of the remaining smaller agencies. This includes organizations such as the American Battle Monuments Commission, the Federal Trade Commission and the U.S. International Trade Commission. The needs of these agencies to comply with CDM program requirements vary widely. Many of them have little infrastructure in place and few IT resources. These agencies will be able to choose from any of the 80 or so vendors who hold Alliant contracts to fulfill their CDM needs. The other five groups awarded individual task order contracts under the GSA BPA to Knowledge Consulting Group, Booz Allen Hamilton (which was awarded two of the task order contracts), HP Enterprise Services and Northrop Grumman. In another departure from the norm, the agencies in Group F will be able to cover needs for both Phases 1 and 2 as a way of making up lost time in issuing the task order. Other groups of agencies will buy only tools and services to meet requirements for Phase 1 of the CDM program. The Alliant contractor shall design, build and operate a CMaaS (continuous monitoring as a service) solution for the agencies in Group F, states the task order RFP. The solution will include all necessary tools, sensors and integration support services. Secure shared services will be the platform for delivering these. That shared services solution must recognize and incorporate the IT governance models at participating agencies [that] may or may not have a centralized acquisition model, the RFP says. Small agencies may also leverage shared acquisition offices for cost savings purposes or utilize a centralizedlike model without having the benefit of an official acquisitions office. The GSA s Federal Systems Integration and Management Center expects this CDM shared service platform to yield significant benefits. The task order also says all tools and sensors have to be bought off the BPA contract, and provided for the 2F task order with no markup or fee beyond the purchase price. The GSA s Federal Systems Integration and Management Center (FEDSIM), which issued the task order, expects this CDM shared service platform to yield significant benefits for those Group F agencies. Those benefits will include cost savings, reduced impacts to infrastructure and reliable service levels, along with the intended security improvements. There had been earlier speculation that if the Group F task order were to use shared services, any viable solution to use that kind of a platform may also be used by vendors to deliver Phase 2 capabilities to Group A through E agencies. However, FEDSIM executives have shot that down. This is really about the unique requirements [for Group F] and how we are going to deliver something for that, says Chris Hamm, FEDSIM director, at a 2015 Federal Computer Week CDM conference. I don t see future activity moving outside of that. 4
5 PHASE 3 REQUIREMENTS FINALLY EMERGE W hile the entire Continuous Diagnostics and Mitigation (CDM) program is aimed at boosting the security of government agency IT, the contract itself can be separated into two primary areas of operational significance. Phase 1 and 2 provide the tools and services agencies will need to manage their hardware and software assets. Phase 3 is where this baseline capability data will help with security improvements. Managing network access controls will be a major part of those improvements. A first look at that came in March 2016 with the publication of detailed functional requirements for what the Department of Homeland Security (DHS) calls N-BOUND tools. These are sensors and other tools needed to monitor and manage both physical and logical access to department and agency networks and data. The draft addresses three requirements: BOUND-F: To monitor and manage network filters and boundary controls BOUND-E: To monitor and manage encryption (more generally defined, according to the document, as cryptography mechanism controls) BOUND-P: To monitor and manage physical access controls These boundary protection functions all have cross capability functions both within the BOUND application and other CDM tools. For example, BOUND-F tools employ encryption using data gathered by CDM sensors to describe attributes used for BOUND-E policies. BOUND-F network filters include firewalls and gateways that sit between various regions a network, such as a trusted internal network and a less trusted external network. The goals of these boundary devices include limiting or denying access by unauthorized users while simultaneously allowing access by authorized users; preventing undesired software such as viruses and other malware from getting into the trusted network; preventing undesired content from getting into the trusted network; and preventing, limiting, or monitoring the exfiltration of sensitive data or applications from the trusted to the less trusted network. BOUND-E is aimed at providing greater visibility into the risks associated with various cryptographic devices and mechanisms used on an organization s network. Failures at this level are behind many of the recent security breaches at government agencies. The BOUND-E function is divided into a cryptography category, which covers encryption techniques as well as monitoring and managing cryptographic keys and certificate authorities. The draft document also briefly examines requirements for BOUND-P, basically those needed to collect and verify all authentication and access control lists used to get authorized people through doors and gateways. DHS says more details on BOUND-P will come later. The document also mentions what it calls special considerations required for Internet-based connections to government-mandated security programs such as EINSTEIN. The EINSTEIN program provides integrated intrusion detection and prevention for agencies and Trusted Internet Connection (TIC), through which agencies can optimize external connection security. The latter two are important elements since the intent is for government to complement and eventually integrate CDM with these types of capabilities. While that would also stop many of the more common types of attacks hitting agency networks, the N-BOUND tools are aimed directly at the sort of advanced persistent threat (APT) attacks recently used against the Office of Personnel Management OPM and other agencies. These are expected to pose the greatest danger. The purpose of this section of the CMD program is to manage network access controls, the document says. The intent is to limit unauthorized access that would allow attackers to cross internal and external network boundaries and then pivot to gain deeper network access and/or capture network resident data at rest or in transit. 5
6 SUPPORT, SIGNATURES AND POLICIES WILL MATTER A s the Department of Homeland Security s Continuous Diagnostics and Mitigation (CDM) program continues to roll out, certain factors that aren t perhaps directly associated with the program could still have a big impact on how well it s taken up, and how effective it eventually becomes. Those include executive support, attack signatures, and policy revisions. Executive support: After the 2015 revelation of the systems breach at the Office of Personnel Management (OPM) and the potential compromise of millions of government employee records, the Obama Administration launched a 30-day Cybersecurity Sprint. This was intended to force federal agencies to take actions to immediately boost security. These actions include patching critical vulnerabilities and tightening up on authentication and privileged access practices. It seemed to work. In one dramatic measure, the number of known critical vulnerabilities in federal systems dropped from 363 to just three just a few months. A big reason for that was public support from a number of senior executives, says Ken Ammon, a senior advisor with CA Technologies. Not every agency shared the same commitment to the Cybersprint, he says, but those that did had that kind of support. Problems that before would have taken months to solve ended up being dealt with in hours, says Ammon. As Stage 2 of CDM rolls out, those organizations that want to be successful with it will find they ll have to have that same level of executive backing. Beyond signatures: One major problem looming for the CDM program, that has also afflicted the DHS EINSTEIN intrusion detection/prevention program, is the available incident and intrusion detection tools have only used known attack signatures. That s useless against more stealthy attacks, such as Advanced Persistent Threats. The DHS is moving to resolve that by putting socalled reputation-based tools onto these programs. DHS said in February it is piloting reputation scoring. This will prioritize threats by their likely severity, as a part of EINSTEIN. It will also be able to identify potential new threats. That kind of capability will also be added to the tools available under the CDM program, which will eventually be integrated with EINSTEIN. The agency and federal dashboards that will be installed as part of the CDM program will also provide data that can be used for reputation scoring and emerging threat detection. Circular A-130: The Office of Management and Budget (OMB) has proposed a revision to the federal government s Circular A-130. This is the central governing document for policies affecting federal information resource management. The revision is meant to reflect changes prompted by IT that evolve faster than the last A-130 revision in One central motivation of the revision is the federal workforce managing IT must have the flexibility to address known and emerging threats while implementing continuous improvements, according to the OMB. Revision proposals include the need to implement a risk management framework to guide and inform the categorization of Federal information and information systems; the selection, implementation, and assessment of security and privacy controls; the authorization of information systems and common controls; and the continuous monitoring of information systems and environments of operation. Other parts of the OMB s suggested revisions, which also fit the goals of the CDM program, stress the need to focus on risk management as a central plank of government IT security. The larger goal of current government IT security improvements is to replace the bolted-on approach of the past with a more expansive and dynamic risk-oriented approach. This is also something the CDM program is intended to address. 6
UNDERSTANDING CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)
ONLINE REPORT SPONSORED BY: CONTRACT GUIDE UNDERSTANDING CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) INSIDE 2 3 4 5 6 WHAT IS CDM AND WHY DO YOU NEED IT? CDM COULD BE A GAME-CHANGER HOW DOES CDM WORK? WITH
More informationModernizing Cyber Defense: Embracing CDM. Okta Inc. 301 Brannan Street, Suite 300 San Francisco, CA
Modernizing Cyber Defense: Embracing CDM Okta Inc. 301 Brannan Street, Suite 300 San Francisco, CA 94107 info@okta.com 1-888-722-7871 The Department of Homeland Security s (DHS) Continuous Diagnostic and
More informationCDM DEFEND. Continuous Diagnostics and Mitigation (CDM) Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) Industry Day May 15, 2017
Continuous Diagnostics and Mitigation (CDM) Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) CDM DEFEND Industry Day May 15, 2017 2 Agenda Introductions Administrative Announcements CDM
More informationBUYER S GUIDE: MFA BUYER S GUIDE. Evaluating and getting started with modern MFA solutions
BUYER S GUIDE: MFA BUYER S GUIDE Evaluating and getting started with modern MFA solutions NEW CAPABILITIES One-size-fits-all authentication is a relic of the past, and the days of hard tokens as the default
More informationContinuous Diagnostic and Mitigation and Continuous Monitoring as a Service. CMaaS TASK AREAS
Continuous Diagnostic and Mitigation and Continuous Monitoring as a Service CMaaS TASK AREAS CMaaS TASK AREAS The contractor shall provide functional, strategic, and managerial business consulting and
More informationVULNERABILITY MANAGEMENT BUYER S GUIDE
VULNERABILITY MANAGEMENT BUYER S GUIDE VULNERABILITY MANAGEMENT BUYER S GUIDE 01 Introduction 2 02 Key Components 3 03 Other Considerations 10 About Rapid7 11 01 INTRODUCTION Exploiting weaknesses in browsers,
More informationBUYER S GUIDE: MFA BUYER S GUIDE. Evaluating and getting started with modern MFA solutions
BUYER S GUIDE: MFA BUYER S GUIDE Evaluating and getting started with modern MFA solutions NEW CAPABILITIES One-size-fits-all authentication is a relic of the past, and the days of hard tokens as the default
More informationContinuous Diagnostics and Mitigation (CDM) and Mobile Security. ATARC Federal Mobile Technology Summit August 30, 2018
Continuous Diagnostics and Mitigation (CDM) and Mobile ATARC Federal Mobile Technology Summit August 30, 2018 Moving to Stronger Risk Management Threat-based Approach Cyber Hygiene Compliance Pre-CDM Risk
More informationIBM Security Investor Briefing 2018
IBM Security Investor Briefing 2018 Marc van Zadelhoff General Manager, IBM Security Michael Jordan Distinguished Engineer, IBM Z Security 1 2018 IBM Corporation Forward looking statements and non-gaap
More informationTOP 6 SECURITY USE CASES
Solution Brief: Top 6 Security Use Cases for Automated Asset Inventory page 1 SOLUTION BRIEF TOP 6 SECURITY USE CASES for Automated Asset Inventory Solution Brief: Top 6 Security Use Cases for Automated
More informationSupplier Security Directives
Page 1 (8) Supplier Directives 1 Description This document (the Directives ) describes the security requirements applicable to Suppliers (as defined below) and other identified business partners to Telia
More informationDemystifying and Applying the DHS Continuous Diagnostic Mitigation (CDM) Program for Physical Security. Mark Steffler and Ross Foard
Demystifying and Applying the DHS Continuous Diagnostic Mitigation (CDM) Program for Physical Security Mark Steffler and Ross Foard Mark Steffler VP Government Practice for Quantum Secure, part of HID
More informationFulfilling CDM Phase II with Identity Governance and Provisioning
SOLUTION BRIEF Fulfilling CDM Phase II with Identity Governance and Provisioning SailPoint has been selected as a trusted vendor by the Continuous Diagnostics and Mitigation (CDM) and Continuous Monitoring
More informationConfiguresoft RSCA Program. Security and Compliance Assessment Provides Immediate Business Value. Abstract TECHNICAL BRIEF
Security, Compliance and Control for the Virtualized World TECHNICAL BRIEF Configuresoft RSCA Program Security and Compliance Assessment Provides Immediate Business Value Abstract According to analysts,
More informationThe Business Benefits of Managed IT Services
The Business Benefits of Managed IT Services WHAT ARE MANAGED IT SERVICES? WE DEFINE IT AS REMOTE MONITORING AND MANAGEMENT OF IT SYSTEMS AND DEVICES BY A THIRD-PARTY CONTRACTOR. THE MANAGED SERVICE PROVIDER
More informationVULNERABILITY MANAGEMENT BUYER S GUIDE
VULNERABILITY MANAGEMENT BUYER S GUIDE CONTENTS Introduction 2 Key Components 3 Other Considerations 11 About Rapid7 12 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems, and other third-party
More informationTURN YOUR OPERATION S GOALS INTO AN ACTIONABLE PLAN
TURN YOUR OPERATION S GOALS INTO AN ACTIONABLE PLAN MOTOROLA PROFESSIONAL SERVICES FOR MANUFACTURERS THE CHALLENGE CONFLICTING NEEDS. CHANGING TECHNOLOGIES. COMPLEX CHALLENGES. Whether you are a local
More informationRSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, anti-virus, intrusion prevention systems, intrusion
More informationEnterprise Infrastructure Solutions
i March 31, 2017November 4, 2016 TABLE OF CONTENTS Letter of Commitment... iii Executive Summary... 1 Standard Form 33 (L.32.1) and Amendments... 1 Representations and Certifications (L.32.2)... 23 Corporate
More informationGUIDEBOOK ADAPTIVE INSIGHTS
GUIDEBOOK ADAPTIVE INSIGHTS December 2013 July 2013 Document NX THE BOTTOM LINE Although corporate performance management (CPM) solutions have been in the market for some time, a new set of vendors such
More informationForeScout Professional Services Overview OUR TEAM OF EXPERT CONSULTANTS WILL HELP YOU ACHIEVE FULL VALUE FROM YOUR FORESCOUT IMPLEMENTATION
ForeScout Professional Services Overview OUR TEAM OF EXPERT CONSULTANTS WILL HELP YOU ACHIEVE FULL VALUE FROM YOUR FORESCOUT IMPLEMENTATION The Challenge When it comes to securing the enterprise in the
More informationSECTION 2 DESCRIPTION / SPECIFICATIONS / STATEMENT OF WORK
SECTION 2 DESCRIPTION / SPECIFICATIONS / STATEMENT OF WORK 2.1 BACKGROUND The Department of Homeland Security (DHS) has responsibility for overseeing and assisting Government-wide and agency-specific efforts
More informationModernize Your Device Management Practices Using The Cloud
A Forrester Consulting Thought Leadership Paper Commissioned By Microsoft June 2017 Modernize Your Device Management Practices Using The Cloud New Cloud-Enabled Operating Systems Deliver Ease And Flexibility
More informationSecurely Enabling the Enterprise of Things
Securely Enabling the Enterprise of Things Trust in BlackBerry Almost every product in Blackberry s bag of tricks directly or by extension is addressing the challenges of managing a diverse set of IoT
More informationDATA SHEET RSA IDENTITY GOVERNANCE & LIFECYCLE SERVICES ACCELERATE TIME-TO-VALUE WITH PROFESSIONAL SERVICES FROM RSA IDENTITY ASSURANCE PRACTICE
DATA SHEET RSA IDENTITY GOVERNANCE & LIFECYCLE SERVICES ACCELERATE TIME-TO-VALUE WITH PROFESSIONAL SERVICES FROM RSA IDENTITY ASSURANCE PRACTICE EXECUTIVE SUMMARY Managing identities and related risks
More informationCisco s Digital Transformation Supply Chain for the Digital Age
Cisco s Digital Transformation Supply Chain for the Digital Age The Cisco Supply Chain: Global, Complex, and Diverse Cisco s global supply chain extends across 13 countries and more than 25 locations.
More informationWHITE PAPER SPLUNK SOFTWARE AS A SIEM
SPLUNK SOFTWARE AS A SIEM Improve your security posture by using Splunk as your SIEM HIGHLIGHTS Splunk software can be used to build and operate security operations centers (SOC) of any size (large, med,
More informationMaking the SoA an Information Security Governance Tool
Making the SoA an Information Security Governance Tool Do you have something to say about this article? Visit the Journal pages of the ISACA website (www.isaca. org/journal), find the article and click
More informationWHITE PAPER RSA RISK FRAMEWORK FOR DYNAMIC WORKFORCE MANAGING RISK IN A COMPLEX & CHANGING WORK ENVIRONMENT
RSA RISK FRAMEWORK FOR DYNAMIC WORKFORCE MANAGING RISK IN A COMPLEX & CHANGING WORK ENVIRONMENT INTRODUCTION Digital Transformation is a journey underway in organizations across the globe. Defined as an
More informationThe U.S. Department of Homeland Security
Sample Order Under The Contractor s Basic GSA Schedule contract is applicable to the Order that is awarded under this BPA ISSUED BY: General Services Administration Federal Systems Integration and Management
More informationACHIEVING TOTAL COMPLIANCE IN THE CLOUD
WHITE PAPER ACHIEVING TOTAL COMPLIANCE IN THE CLOUD Ensure Your Cloud Infrastructure is Audit-Ready for 35 Regulatory Standards with Cloud Management www.cloudcheckr.com ACHIEVING TOTAL COMPLIANCE IN THE
More informationPrince George s County
INDUSTRY Public sector ENVIRONMENT County-wide network serving approximately 20,000 endpoints, guests and IoT devices. Connected systems include desktops, laptops and mobile devices, along with printers,
More informationPrepare for GDPR today with Microsoft 365
Prepare for GDPR today with Microsoft 365 2 Table of contents 01. 02. 03. 04. 05. Executive Sumary Landscape Assess and manage your compliance risk Protect your most sensitive data Closing 3 01. Executive
More informationBUYER S GUIDE: MFA BUYER S GUIDE. Evaluating and Getting Started with Multi-factor Authentication Solutions
BUYER S GUIDE: MFA BUYER S GUIDE Evaluating and Getting Started with Multi-factor Authentication Solutions NEW CAPABILITIES One-size-fits-all authentication is a relic of the past, and the days of hard
More informationTHE CLOUD: HOW CISOS CAN EMBRACE IT (WISELY), NOT FEAR IT
THE CLOUD: HOW CISOS CAN EMBRACE IT (WISELY), NOT FEAR IT 01 INTRODUCTION Cloud computing is one of the great transformational shifts in corporate information technology. It allows businesses to manage
More informationStrategic Plan
Information Technology Strategic Plan 2019-2021 Presented by Darin King Vice Chancellor for Information Technology/CIO Strategic Plan 2019-2021 Contents Executive Summary... 3 Goals...4 GOAL ONE...4 GOAL
More informationBanking in the Balance: Security vs. Convenience. IBM Trusteer s Valerie Bradford on How to Assess Digital Identities
Banking in the Balance: Security vs. Convenience IBM Trusteer s Valerie Bradford on How to Assess Digital Identities In an interview about overcoming these challenges, Bradford discusses: The fundamental
More informationSOLUTION BRIEF HELPING ADDRESS GDPR CHALLENGES WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE
HELPING ADDRESS GDPR CHALLENGES WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE PREPARATION FOR GDPR IS ESSENTIAL ACROSS THE GLOBE The EU GDPR imposes interrelated obligations for organizations
More information10 ways to raise your users cybersecurity IQ. By Alison DeNisco Rayome COPYRIGHT 2018 CBS INTERACTIVE INC. ALL RIGHTS RESERVED.
10 ways to raise your users cybersecurity IQ By Alison DeNisco Rayome INTRODUCTION Employees are a company s greatest asset, but also its greatest security risk. If we look at security breaches over the
More informationSOLUTION BRIEF RSA ARCHER PUBLIC SECTOR SOLUTIONS
RSA ARCHER PUBLIC SECTOR SOLUTIONS INTRODUCTION Federal information assurance (IA) professionals face many challenges. A barrage of new requirements and threats, a need for better risk insight, silos imposed
More informationThe Hybrid Enterprise: Working Across On-premises, IaaS, PaaS and SaaS
The Hybrid Enterprise: Working Across On-premises, IaaS, PaaS and SaaS Rob Aragao & Stan Wisseman #MicroFocusCyberSummit Primary Goal of Businesses Today Drive Digital Transformation!! 2 For Most Organizations,
More informationIntelligence Report. Enterprise IT and Services NICE Systems Pushes the Envelope with a Real-Time Customer Engagement Platform
Enterprise IT and Services NICE Systems Pushes the Envelope with a Real-Time Customer Engagement Platform Europe +33 (0) 1 41 14 83 15. Or visit our Web site: www.currentanalysis.com 1 Enterprise IT and
More informationKNIGHT POINT S NETWORK MANAGED SERVICES DELIVERING COMMUNICATIONS AS A SERVICE TO THE FEDERAL GOVERNMENT
KNIGHT POINT S NETWORK MANAGED SERVICES DELIVERING COMMUNICATIONS AS A SERVICE TO THE FEDERAL GOVERNMENT Background: A Changing Environment Current trends in government and industry are driving dramatic
More informationKey Benefits of Novell ZENworks 10 Configuration Management. Enterprise Edition
Key Benefits of Novell ZENworks 10 Configuration Management Enterprise Edition ZENworks 10 Configuration Management Enterprise Edition Manage your endpoint devices: ZENworks Configuration Management supercedes
More informationUnderstanding IDIQs: Get to Know GSA s OASIS. Dec. 15, 2016
Understanding IDIQs: Get to Know GSA s OASIS Dec. 15, 2016 Speaking Today Brian Friel is a leading federal contracts market analyst with two decades of experience analyzing the business of government.
More informationFraud Controls to Tackle the Mobile Revolution
Fraud Controls to Tackle the Mobile Revolution TABLE OF CONTENTS Overview... 3 Today s Challenges for Financial Institutions... 3 Mobile-Enabled Fraud Mitigation... 5 Identify & Combat Mobile-Enabled Fraud
More informationVendor Security Risk Management and Benchmarking
Executive Summary Mitigating vendor security risk has always been a major challenge for organizations. Typically, there s no insight into the true nature of a vendor s best practices and overall cybersecurity
More informationTechnicalPitch Cibersegurança. Rui Barata Ribeiro Security Software Sales da IBM Portugal
TechnicalPitch Cibersegurança Rui Barata Ribeiro Security Software Sales da IBM Portugal IBM SECURITY STRATEGY SECURING THE THREATS OF TOMORROW, TODAY Rui Barata Ribeiro IBM Security June 2018 We exist
More informationMaintaining PC Refresh Cycles While Leveraging PC Innovations. PC Refresh Cycles: The State of Play
WHITE PAPER PRESENTED BY Maintaining PC Refresh Cycles While Leveraging PC Innovations Security, productivity, and efficiency enhanced by hardware-based breakthrough features 40% In the U.S., 40% of survey
More informationAsset Inventory. Key Features. Maintain full, instant visibility of all your global IT assets.
AI Asset Inventory Maintain full, instant visibility of all your global IT assets. Digital transformation has made inventorying IT assets more challenging. Web apps and software-defined infrastructure
More informationWe re not just good on paper.
IT Services We re not just good on paper. You might know us as a print company. That s only part of the story. We re big on IT too, with products and services that can help your business thrive. ricoh.co.uk
More information1 P a g e. IT Tailored to Your Needs
1 P a g e IT Tailored to Your Needs Bluescope Technologies is a leading provider of IT services to businesses of all sizes in a wide range of industries. Bluescope s headquarters are situated in Limerick,
More informationHow to Tackle Core (Legacy) System Challenges using APIs
How to Tackle Core (Legacy) System Challenges using APIs Reduce backlog and release digital services faster with automated API integration and management for core (legacy) systems Allow your back-end systems
More informationAn Overview of the AWS Cloud Adoption Framework
An Overview of the AWS Cloud Adoption Framework Version 2 February 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes
More informationGovernment Enterprise Cloud Acquisition Practical Help for Contracting Professionals
Government Enterprise Cloud Acquisition Practical Help for Contracting Professionals Mun-Wai Hon, CISSP, CSSLP, PMP Session E10 Tuesday July 25, 2017 2 Noblis Inc. 2002 Edmund Halley Drive Reston, VA 20191
More informationAdvanced Analytics in Cyber Security
Advanced Analytics in Cyber Security Michael McFadden Fraud, Security & Compliance August 1, 2017 2017 Fair Isaac Corporation.. This presentation is provided 2017 Fair for the Isaac recipient Corporation.
More informationTHIRD-PARTY REMOTE ACCESS: CHALLENGES FOR ENTERPRISES AND TECHNOLOGY VENDORS
THIRD-PARTY REMOTE ACCESS: CHALLENGES FOR ENTERPRISES AND TECHNOLOGY VENDORS Overview According to data from the nonprofit ID Theft Resource Center, there have been more than 500 data breaches and more
More informationMainframe Development Study: The Benefits of Agile Mainframe Development Tools
A Hurwitz white paper Mainframe Development Study: The Benefits of Agile Mainframe Development Tools Judith Hurwitz President and CEO Daniel Kirsch Principal Analyst and Vice President Sponsored by Compuware
More informationVol. 2 Management RFP No. QTA0015THA General Services Administration (GSA) Enterprise Infrastructure Solutions (EIS)
General Services Administration (GSA) Enterprise Infrastructure Solutions (EIS) or more test data sets provided by GSA and demonstrate how we meet the specified BSS acceptance criteria through the test
More informationUNIFIED UTILITY INTELLIGENCE INTERNET OF THINGS INTRODUCTION. FierceMarkets Custom Publishing
share: UNIFIED UTILITY INTELLIGENCE INTERNET OF THINGS PAIN POINT: HOW TO MAKE SENSE OF GRID DEVICE DATA SO THE INTERNET OF THINGS CAN PROVIDE RELEVANT AND ACTIONABLE INFORMATION ON DEMAND INTRODUCTION
More informationSOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?
SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY How Can I Both Enable and Protect My Organization in the New Application Economy? CA Security solutions can help you enable and protect your business
More informationMID-MARKET IT PRIORITIES IN 2018
MID-MARKET IT PRIORITIES IN 2018 How mid-market companies have changed their priorities over the last year to simultaneously drive growth and mitigate risks UK RESEARCH-BASED STUDY 2018 INTRODUCTION The
More informationTop 5 Must Do IT Audits
Top 5 Must Do IT Audits Mike Fabrizius, Sharp HealthCare, VP, Internal Audit DJ Wilkins, KPMG, Partner, IT Advisory 2011 AHIA Annual Conference www.ahia.org Background on Sharp HealthCare Sharp s Co-sourcing
More informationAchieving Competitive Advantage Through Supply Chain Management Challenges of a Services Organization
Achieving Competitive Advantage Through Supply Chain Management Challenges of a Services Organization Edward J. Sheehan, Jr. President & Chief Executive Officer Concurrent Technologies Corporation March
More informationRedesigning Computing
Redesigning Computing for the Cloud Worker and Digital Workplace July 2018 In conjunction with Contents Summary Introduction Competitive uncertainty, changing employee work styles and increasing demands
More informationAsset Management Oversight is Essential to Effective Governance
Asset Management Oversight is Essential to Effective Governance Terri Hart-Sears ISG WHITE PAPER 2012 Information Services Group, Inc. All Rights Reserved INTRODUCTION Asset Management is a set of business
More informationHoneywell Software Service Tools Help Manage Control System Performance, Security and Process Plant Outcomes
Honeywell Software Service Tools Help Manage Control System Performance, Security and Process Plant Outcomes Today s Honeywell LSS software service tools portfolio and the vision to optimize software tool
More informationComparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software
WHITE PAPER: COMPARING TCO: SYMANTEC MANAGED PKI SERVICE........ VS..... ON-PREMISE........... SOFTWARE................. Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software
More informationNetwork Optimization Handbook. Your Guide to a Better Network
Network Optimization Handbook Your Guide to a Better Network Who is this book for? This e-book is for IT leaders who are ready to adopt a proactive approach to optimizing their networks and who want insights
More informationARE YOU GOING DIGITAL WITHOUT A NET?
ARE YOU GOING DIGITAL WITHOUT A NET? Whether your business is embracing new digital technologies or moving to the cloud, your network needs to be up to the task. 2 ARE YOU GOING DIGITAL WITHOUT A NET?
More informationThe Client. The Challenge
& CASE STUDY SecurityScorecard.com info@securityscorecard.com 2016 SecurityScorecard Inc. 214 West 29th St, 5th Floor New York, NY 10001 1.800.682.1707 The Client Founded 1988 Headquarters San Leandro,
More informationThe Top 5 Questions CIOs Ask About Moving to the Cloud
The Top 5 Questions CIOs Ask About Moving to the Cloud THE TOP 5 QUESTIONS CIOs ASK ABOUT MOVING TO THE CLOUD CONTENTS Is the Cloud Secure?... 3 Will I Own the Software and Data?... 5 Can I Capitalize
More information2017 Global Information Security Workforce Study. Benchmarking Workforce Capacity and Response to Cyber Risk. A Frost & Sullivan Executive Briefing
Benchmarking Workforce Capacity and Response to Cyber Risk A Frost & Sullivan Executive Briefing INTRODUCTION Cybersecurity professionals worldwide face an ever-evolving threat landscape that many feel
More informationProtecting your critical digital assets: Not all systems and data are created equal
JANUARY 2017 Hoxton/Tom Merton/Getty Images R i s k Protecting your critical digital assets: Not all systems and data are created equal Top management must lead an enterprise-wide effort to find and protect
More informationVoIP Solution How to Make the Best Choice for Your Business
Choosing the Right VoIP Solution How to Make the Best Choice for Your Business Section Title - 1 TABLE OF CONTENTS Introduction 3 CH. 1 What is VoIP? Why Do I Need It? 4 CH. 2 What Type of VoIP Solutions
More informationBIGFIX. Maintaining Continuous Compliance with BigFix. Executive Summary
Maintaining Continuous Compliance with BigFix Executive Summary Meeting regulatory and internal compliance guidelines is a de facto standard practice for IT operations and IT security teams in public and
More informationIdentity and Access Management. Program Primer
Identity and Access Program Primer Executive Summary The role of identity in the modern enterprise has been steadily growing in importance over the last decade. As the enterprise technology stack continues
More informationUnderstanding Supply Chain Risks
Understanding Supply Chain Risks Brent Wildasin August 2016 HCHB IT Security Day Supply Chain Risk Management 2 What is information and communications technology supply chain risk management (ICT SCRM)?
More informationThe Optanix Platform. Service Predictability. Delivered. Optanix Platform Overview. Overview. 95% 91% proactive incidents first-time fix rate
The Optanix Platform Service Predictability. Delivered. Overview The Optanix Platform is a complete SaaS-based IT operations management solution, delivering integrated monitoring, event management, incident
More informationCertified Identity Governance Expert (CIGE) Overview & Curriculum
Overview Identity and Access Governance (IAG) provides the link between Identity and Access Management (IAM) rules and the policies within a company to protect systems and data from unauthorized access,
More informationEnterprise Infrastructure Solutions (EIS) Risk Management Framework Plan (RMFP) Systems in accordance with (IAW) C.1.8.7
Enterprise Infrastructure Solutions Volume 1 Technical Volume EIS Risk Management Framework Plan Enterprise Infrastructure Solutions (EIS) Risk Management Framework Plan (RMFP) Systems in accordance with
More informationBreaking Out of the Security Metrics Matrix: Steps in the Right Direction
SESSION ID: LAB2-W11 Breaking Out of the Security Metrics Matrix: Steps in the Right Direction Tim Crothers Vice President, Security Solutions Target @soinull James Stanger Chief Technology Evangelist
More informationManaged Services and the Bottom Line
Sentia Solutions Inc. 1550 16th Avenue Building C North Richmond Hill, ON L4B 3K9 Canada A Sentia Solutions White Paper Managed Services and the Bottom Line The Dollars and Sense of Outsourced IT Services
More informationNetwork Access Control (NAC) Market, Global, Forecast to 2022
NEXT STEPS Network Access Control (NAC) Market, Global, Forecast to 2022 NAC Evolving as Enterprise Networks Expand Beyond Secure Walls A Frost & Sullivan White Paper www.frost.com 50 Years of Growth,
More informationFlexible IT: Contracting Strategies for Infrastructure as-a-service White Paper
Flexible IT: Contracting Strategies for Infrastructure as-a-service White Paper About this Paper: ViON Corporation has provided technology Infrastructure as a Service (IaaS) to government agencies since
More informationBuying IoT Technology: How to Contract Securely. By Nicholas R. Merker, Partner, Ice Miller LLP
Buying IoT Technology: How to Contract Securely By Nicholas R. Merker, Partner, Ice Miller LLP More and more products are shipping with sensors and network connectivity to capitalize on the currency of
More informationInfor Risk and Compliance for CDM Phase 2: Automate, integrate, manage, and report across your enterprise
Public Sector Infor Risk and Compliance for CDM Phase 2: Automate, integrate, manage, and report across your enterprise Now in its Phase 2 rollout, The Department of Homeland Security (DHS) and General
More information5 Tips for Improving Collaboration
5 Tips for Improving Collaboration Introduction 2 As a business leader, you re constantly anticipating and responding to the evolving needs of your employees. Because of that, you may be under pressure
More informationInternational Journal of Scientific & Engineering Research, Volume 6, Issue 3, March-2015 ISSN
1650 The Future of Cloud Computing for Banking Industry Meshal Alabdulwahab Cloud computing, being a need of today has become more and more popular because of the fact that it deploys groups of remote
More informationAutomating the Defense: Really Taking Advantage of Automated Sharing
Automating the Defense: Really Taking Advantage of Automated Sharing Michael Vermilye The Johns Hopkins University Applied Physics Laboratory 2017 by The Johns Hopkins Applied Physics Laboratory. Material
More informationIBM Data Security Services for activity compliance monitoring and reporting log analysis management
Improving your compliance posture and reducing risk through log analysis management IBM Data Security Services for activity compliance monitoring and reporting log analysis management Highlights Provide
More informationSUBJECT: SEE BELOW DATE: Information Technology Projects Status and Future Technology Investment Strategies Semi-Annual Report
CITY OF. SAN JOSE CAPITAL OF SILICON VALLEY TO: HONORABLE MAYOR AND CITY COUNCIL COUNCIL AGENDA: 10-06-15 ITEM: 3.7 Memorandum FROM: Toni J. Taber, CM' City Clerk SUBJECT: SEE BELOW DATE: 9-24-2015 SUBJECT:
More informationWHITE PAPER. Top Three Use Cases for Automated OT Asset Discovery and Management
WHITE PAPER Top Three Use Cases for Automated OT Asset Discovery and Management Introduction Most Industrial Control Systems (ICS) networks were designed and implemented decades ago. Cyber security was
More informationFlexible IT: Contracting Strategies for Infrastructure as-a-service White Paper
Flexible IT: Contracting Strategies for Infrastructure as-a-service White Paper About this Paper: ViON Corporation has provided technology Infrastructure as a Service (IaaS) to government agencies since
More informationEhi Ethical Hacking and Countermeasures Version 6. Security Convergence
Ehi Ethical Hacking and Countermeasures Version 6 Module LXVI Security Convergence Module Objective This module with familiarize you with: Security Convergence Challenges on Security Convergence RAMCAP
More informationRemoving the risks of online testing. Breakthrough
Removing the risks of online testing Breakthrough The new approach Breakthrough Removing the risks of online testing Testing job applicants online today is full of risks and compromise. SHL has removed
More informationComparing Cost of Ownership: Symantec Managed PKI Service vs. On-Premise Software
Comparing Cost of Ownership: Symantec Managed PKI Service vs. On-Premise Software Who should read this paper Deploying and managing a PKI solution can be a complex undertaking. This is particularly the
More informationMoving to the cloud: A guide to cloud business management technology
Moving to the cloud: A guide to cloud business management technology 2 Contents This guide is for companies considering moving to a cloud business management system or cloud ERP. Using researched evidence,
More information