How much security is enough..and where should investments be applied? John Gilligan thinks it is time to require that IT vendors deliver “locked down” configurations and employ standards as well as automated tools to “enforce” continued security compliance.
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Security In The Supply Chain
1. Leveraging Purchase Power and Standards to Improve Security in the IT Supply Chain John M. Gilligan Gilligan Group, Inc. December 10, 2008
2.
3.
4.
5. From National Institute of Standards and Technology briefing--http://nvd.nist.gov/scap.cfm NIST provides a lot of guidance in security—is it addressing the right problem? (c) 2008, All Rights Reserved. Gilligan Group Inc.
6.
7. How to Assess Effective Security GAO Reports? Congressional FISMA Grades? Percentage of Systems Certified? Number of Systems with Contingency Plans? Agency Auditor Reports? The threat is increasing! Are we focusing on the right things? "Pentagon Shuts Down Systems After Cyber - Attack " Malicious scans of DoD increase 300%! (c) 2008, All Rights Reserved. Gilligan Group Inc.
8.
9.
10.
11.
12. Security As Part of IT Commodity Life Cycle Management Enterprise Client PC Hardware Step 1: USAF Quarterly Enterprise Buy (QEB) Standards – 700K purchased since Aug 2003; $200M+ avoidance Enterprise Licensing and Services Step 2: USAF Enterprise License Agreements – Implemented in Jul – Sep 2004 $100M+ savings by 2010 Enterprise Client, Server, and Active Directory Configurations Step 3: USAF Standard Desktop Configuration – AF wide implementation in 2006; Servers 2008 Enterprise Configuration and Patch Management Step 4: USAF Enterprise Configuration Management processes – Implementation 2006-2008 Comply and Connect Enforcement Step 5: USAF Comply, Connect and Remediate policy and processes – Incremental improvements 2006-2009 (c) 2008, All Rights Reserved. Gilligan Group Inc. Incremental Improvements in End Point and Server Capability and Security
13.
14.
15. Security Standards Efforts: Security Content Automation Protocol (SCAP) (c) 2008, All Rights Reserved. Gilligan Group Inc.
16. Security Standards Efforts: Next Steps* * Making Security Measurable – The MITRE Corporation (c) 2008, All Rights Reserved. Gilligan Group Inc.