Enterprise Cybersecurity Strategy LaVerne H. Council Assistant Secretary for Information and Technology.

  • Published on

  • View

  • Download


<p>Sales Overview 31March2011</p> <p>Enterprise Cybersecurity StrategyLaVerne H. CouncilAssistant Secretary for Information and Technology</p> <p>1Creating an IT Organization that Supports Tomorrows VA</p> <p>Facing Our Challenges with TrAITs</p> <p>Closer Look: VAs Enterprise Cybersecurity Strategy</p> <p>Topics#2</p> <p>OI&amp;Ts Leadership is Moving VA into the Future</p> <p>#3Facing Our Challenges with TrAITs</p> <p>Its our mission that the Veteran will be the vocal initiator driving every project, every decision for OI&amp;T</p> <p>#4Why TrAITs</p> <p>TrAITs remind us to ask: </p> <p>How will the Veteran benefit from this piece of technology or this new decision? </p> <p>What benefit will this bring to a Veteran or their family?</p> <p>#5Facing Our Challenges with TrAITs</p> <p>Transparency#6Facing Our Challenges with TrAITs</p> <p>InnovationTeamwork</p> <p>#7VA continues to face significant challenges in complying with the requirements of FISMA due to the nature and maturity of its information security program.- Office of Inspector General, Federal Information Security Management Act AuditsCloser Look: VAs Cybersecurity Strategy</p> <p>#8Todays IT security organizations operate under tremendous threat Recent OPM attacks demonstrate significant risk to VAOI&amp;T is leading the way with aggressive strategic planning and emphasis on Veteran-focused initiatives</p> <p>Cyber Strategy Summary#9Enterprise Cybersecurity Strategy TeamNothing in IT is more important than protecting VA data and the information entrusted to us by Veterans.</p> <p>LaVerne Council, Assistant Secretary for Information and Technology and Chief Information Officer</p> <p>#</p> <p>#11</p> <p>Enterprise Cybersecurity Strategy Team#Governance, Program Management, and Risk ManagementKey supporting disciplines for decision-making across VA within context of cybersecurity and privacyBalances needs of VAs mission with protecting high value assetsIncludes continuous scanning of cybersecurity landscape to proactively position VA to address emerging threatsAddresses risks, deficiencies, breaches, and lessons learned</p> <p>#Operations, Telecommunication, and Network SecurityKey supporting disciplines for securing VA information, data, and computing assets Includes people, products, and procedures to ensure data confidentiality, integrity, availability, assured delivery, and auditability of VA systemsAddresses network, platform, and data security #Application and Software DevelopmentDisciplines needed to ensure applications used during provision of services to Veterans utilize the most secure practices for data storage, access, manipulation, and transmissionEncompasses entire software lifecycleSoftware assurance, that is, the level of confidence VA software is free of vulnerabilities or defects that could lead to vulnerabilities, is a critical concern#Access Control (AC), Identification and Authentication (IA)Disciplines for reducing likelihood and impact of security incidentsAC combines authentication and authorization processes that allow access to VA networks, hardware computing devices, and applicationsIA verifies a user, process, or device through specific credentials such as passwords, tokens, and biometrics as a prerequisite for granting access to system resources </p> <p>#Medical CyberFocuses on devices not traditionally considered IT that can be networked or accessed electronicallyMust be protected from exploitation and from becoming operable vectors for cyberattacks as they collect and transmit PII and PHI Includes medical devices and cyber physical systems with similar electronic characteristics, such as HVAC and elevator systems#Security ArchitectureKey supporting disciplines for developing an enterprise information security architectureSupports business optimizationIncludes design and engineering skills needed to fully integrate security into VAs overall business, applications, and IT systems architecture#PrivacyPolicy and legislatively driven requirements for PII and PHIFocused on implementing the Best Practices: Elements of a Federal Privacy Program, published by the Federal CIO Privacy Committee</p> <p>#Cybersecurity Training and Human CapitalHiring practices and skills maturation needed to create a workforce steeped in a culture of cybersecurity to proactively protect all data and information of the Veterans we serve#ECST will construct an accountable, actionable, near-, mid-, and long-range cybersecurity strategic plan that continuously considers and adapts to the newest technologies to secure VAs IT enterprise. Identifying and addressing:Strengths WeaknessResourcesConstraintsCapabilities, Drivers, Known and unknown threats</p> <p>Enterprise Cybersecurity Strategy Team #21Questions?#22</p>


View more >