Upload
maximillian-adrian-wheeler
View
215
Download
0
Tags:
Embed Size (px)
Citation preview
INFORMATION SYSTEMS & GLOBAL SERVICES
Craig Solem , CISSP
Lockheed Martin Information Systems and Global ServicesProgram Manager, Joint Medical information Systems for
Naval Space and Warfare systems Center AtlanticJanuary 8, 2010
Lockheed MartinCyber Security
Ensuring Mission Integrity, Assurance, & Resilience To Fight Through The Attack
INFORMATION SYSTEMS & GLOBAL SERVICES
Outline
• Who We Are• Cyber Security Customers• Cyber Tradeoff Model• Characteristics of LM Solutions• Security Approach• Cyber Security Technology• Center for Cyber Security Innovation
INFORMATION SYSTEMS & GLOBAL SERVICES
Lockheed Martin Information Systems & Global Services
• The leading provider of Information System Solutions and Services for the US Government for 14 years
• Over $10Billion in annual sales
• 52,000 Employees across every state and 50 countries
• CMMI Level 5, ITIL v2/3, ISO 27001
• 4,000 Customer programs
• 80 – 120 Vendors Evaluated Yearly
INFORMATION SYSTEMS & GLOBAL SERVICES
• Security Operations
• Security Engineering
• Security R&D
• Across All Domains
• Policy Support
• Security Planning
• Defense in Depth
• Unique Solutions
Intel31%
Defense38%
Civil25%Int’l6%
Cyber Security Solutions & Operations For a Wide Range of Customers
INFORMATION SYSTEMS & GLOBAL SERVICES
Cyber Tradeoff Model - Decisions
Solution: “One Size Does Not Fit All”
INFORMATION SYSTEMS & GLOBAL SERVICES
Cyber Tradeoff Model
• Commercial SolutionsCommercial Solutions• SI Value: Integration of Commercial SI Value: Integration of Commercial
ProductsProducts
Solution: “One Size Does Not Fit All”
INFORMATION SYSTEMS & GLOBAL SERVICES
Cyber Tradeoff Model
Commercial SolutionsCommercial SolutionsSI value: Integration of Commercial SI value: Integration of Commercial
ProductsProducts
• Mission Critical Mission Critical • Leveraging R&D, National Labs and UniversitiesLeveraging R&D, National Labs and Universities
• SI Value: Integration + IPSI Value: Integration + IP
Solution: “One Size Does Not” Fit All”
INFORMATION SYSTEMS & GLOBAL SERVICES
Characteristics of LM Solutions - Approach
Integrated SolutionsIntegrated Solutions
Proactive ServicesProactive Services
Resilient SystemsResilient Systems
Trusted InformationTrusted Information
Cyber Security is all about providing Mission Assurance
Mission EnablersMission Enablers
HOWHOW
INFORMATION SYSTEMS & GLOBAL SERVICES
IS&GS NexGen Cyber Innovation & Technology Center
Accelerating Cyber Security Innovation To Ensure Mission Integrity, Assurance, & Resilience To Fight Through The Attack
• Native Design, Engineering, & Test Innovation Teams from across IS&GS and partners
• Extensive LIVE portfolio of LM R&D and current capabilities
• Extensive partner LIVE portfolios (COTS/Open Source)
• Real, Relevant, Rapid Availability of Our Current & Next Generation Integrated Capabilities
• Global Cyber Innovation Range for test, verification, offense /defense exercise, & partner collaboration
• Cloud enabled virtual and real onDemand compute/network/test capabilities
• Classified and unclassified labs
• High Definition Collaboration Networks & Tools across LM Innovation Centers & Partners
• Multiple network access: Direct Internet, LMI, HIWAE, Classified
• Rapid Prototypes and Proof of Concepts enablers
• Operational Team Access & Use of Solutions
Global Cyber Innovation RangeGlobal Cyber Innovation Range
Defense IC EIG GlobalCivil R&SO
LMCO IS&GS
INFORMATION SYSTEMS & GLOBAL SERVICES
TestRequirements
Security “built-in” the Life Cycle
Proposal Planning Design Operations
Program & TechnicalPlan
SystemDesignDocument
Development Deployment
Proposal Review PSCR SRRSDR
DDR TRR ORR PIR Annual
SystemRequirementsDocument
OperationalConceptDocument
TechnicalProposals
ConfigurationManagementPlan
Test Plans
SustainingEngineering Plan
Retirement Plans
EngineeringDeployment Plan
SystemComponentDesignDocument
SystemTestReport
•Security Requirements
•Security work products *
•Data/Info Criticality & Sensitivity
• Identify/Assess Threats & Vulnerabilities
•C&A Criteria•21 BFC
•Monitor & Sustain Approved
Security Baseline
•Resolve New Security Risks
•High Level Solution
•High Level Plan
• INFOSEC Plan
• INFOSEC Test Plan
• INFOSEC Test Procedures
• INFOSEC Test Cases
• INFOSEC Test Scenarios
•System Disposal -INFOSEC Requirements
•Develop Design
•Security Testing
•Certification
•Allocate Security Requirements
•Evaluate Alternatives
•COTS Selection
•Security Components
•Discrepancy Reporting/ Mitigation
•SRA Report•Accreditation
Security is part of every review (peer, technical, management)
•Security Architecture
•Secure Code
•INFOSEC Sustainment Strategy
• INFOSEC Plans & Procedures
INFORMATION SYSTEMS & GLOBAL SERVICES