SlideShare ist ein Scribd-Unternehmen logo

Security In The Supply Chain

Als PPT, PDF herunterladen
John Gilligan
John Gilligan

How much security is enough..and where should investments be applied? John Gilligan thinks it is time to require that IT vendors deliver “locked down” configurations and employ standards as well as automated tools to “enforce” continued security compliance.

Technologie
1 von 18
Leveraging Purchase Power and Standards to Improve Security in the IT Supply Chain John M. Gilligan Gilligan Group, Inc. December 10, 2008
Topics ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],(c) 2008, All Rights Reserved. Gilligan Group Inc.
Relevant Background ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],(c) 2008, All Rights Reserved. Gilligan Group Inc.
Air Force CIO Observations Regarding Software Security ,[object Object],[object Object],[object Object],[object Object],COTS software business model is fundamentally broken! (c) 2008, All Rights Reserved. Gilligan Group Inc.
From National Institute of Standards and Technology briefing--http://nvd.nist.gov/scap.cfm NIST provides a lot of guidance in security—is it addressing the right problem? (c) 2008, All Rights Reserved. Gilligan Group Inc.
The Cyber Security Dilemma ,[object Object],[object Object],[object Object],How much security is enough, and where should investments be applied? (c) 2008, All Rights Reserved. Gilligan Group Inc.
How to Assess Effective Security GAO Reports? Congressional FISMA Grades? Percentage of Systems Certified? Number of Systems with Contingency Plans? Agency Auditor Reports? The threat is increasing! Are we focusing on the right things? "Pentagon Shuts Down Systems After Cyber - Attack " Malicious scans of DoD increase 300%! (c) 2008, All Rights Reserved. Gilligan Group Inc.
An “Aha” Moment! ,[object Object],[object Object],[object Object],[object Object],Let “Offense Inform Defense”! (c) 2008, All Rights Reserved. Gilligan Group Inc.
AF Standard Desktop Concept ,[object Object],[object Object],[object Object],Address the source of the biggest problem—and do it in the supply chain! (c) 2008, All Rights Reserved. Gilligan Group Inc.
Secure Desktop Configuration ,[object Object],[object Object],[object Object],[object Object],[object Object],Software delivered from hardware vendors in “locked down” configuration (c) 2008, All Rights Reserved. Gilligan Group Inc.
AF Standard Desktop Configuration Results ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],* SDC Linked with Enterprise License Agreement and Commodity Purchasing Efforts (c) 2008, All Rights Reserved. Gilligan Group Inc.
Security As Part of IT Commodity Life Cycle Management Enterprise Client PC Hardware Step 1: USAF Quarterly Enterprise Buy (QEB) Standards – 700K purchased since Aug 2003; $200M+ avoidance Enterprise Licensing and Services Step 2: USAF Enterprise License Agreements – Implemented in Jul – Sep 2004 $100M+ savings by 2010 Enterprise Client, Server, and Active Directory Configurations Step 3: USAF Standard Desktop Configuration – AF wide implementation in 2006; Servers 2008 Enterprise Configuration and Patch Management Step 4: USAF Enterprise Configuration Management processes – Implementation 2006-2008 Comply and Connect Enforcement Step 5: USAF Comply, Connect and Remediate policy and processes – Incremental improvements 2006-2009 (c) 2008, All Rights Reserved. Gilligan Group Inc. Incremental Improvements in End Point and Server Capability and Security
AF Standard Desktop Configuration FDCC ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Expanded across Federal government and extended automation support (c) 2008, All Rights Reserved. Gilligan Group Inc. ( XCCDF-CCE-OVAL) (CVE-OVAL) ( CPE) (NVD-CVE-CVSS)
Next Steps--Cyber Security Commission Recommendation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Expand FDCC Concept to all Software Products (c) 2008, All Rights Reserved. Gilligan Group Inc.
Security Standards Efforts: Security Content Automation Protocol (SCAP) (c) 2008, All Rights Reserved. Gilligan Group Inc.
Security Standards Efforts: Next Steps* * Making Security Measurable – The MITRE Corporation (c) 2008, All Rights Reserved. Gilligan Group Inc.
Summary ,[object Object],[object Object],[object Object],[object Object],[object Object],(c) 2008, All Rights Reserved. Gilligan Group Inc.
Contact Information ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],(c) 2008, All Rights Reserved. Gilligan Group Inc.

Empfohlen

Ensuring Effective Security The CIOs Dilemma 11 17 08
Ensuring Effective Security The CIOs Dilemma 11 17 08Ensuring Effective Security The CIOs Dilemma 11 17 08
Ensuring Effective Security The CIOs Dilemma 11 17 08
John Gilligan
 
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
John Gilligan
 
Robert Carey, Principal Deputy CIO, DOD Insight session
Robert Carey, Principal Deputy CIO, DOD Insight sessionRobert Carey, Principal Deputy CIO, DOD Insight session
Robert Carey, Principal Deputy CIO, DOD Insight session
Government Technology and Services Coalition
 
GSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through AcquisitionGSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through Acquisition
Government Technology and Services Coalition
 
Nist
NistNist
Nist
penetration Tester
 
Cybersecurity Application Installation with no Shutdown Required webinar Slides
Cybersecurity Application Installation with no Shutdown Required webinar SlidesCybersecurity Application Installation with no Shutdown Required webinar Slides
Cybersecurity Application Installation with no Shutdown Required webinar Slides
Yokogawa1
 
Securing the Supply Chain
Securing the Supply ChainSecuring the Supply Chain
Securing the Supply Chain
Ignyte Assurance Platform
 
Prioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controlsPrioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controls
EnclaveSecurity
 

Empfohlen

Ensuring Effective Security The CIOs Dilemma 11 17 08
Ensuring Effective Security The CIOs Dilemma 11 17 08Ensuring Effective Security The CIOs Dilemma 11 17 08
Ensuring Effective Security The CIOs Dilemma 11 17 08
John Gilligan
 
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
John Gilligan
 
Robert Carey, Principal Deputy CIO, DOD Insight session
Robert Carey, Principal Deputy CIO, DOD Insight sessionRobert Carey, Principal Deputy CIO, DOD Insight session
Robert Carey, Principal Deputy CIO, DOD Insight session
Government Technology and Services Coalition
 
GSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through AcquisitionGSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through Acquisition
Government Technology and Services Coalition
 
Nist
NistNist
Nist
penetration Tester
 
Cybersecurity Application Installation with no Shutdown Required webinar Slides
Cybersecurity Application Installation with no Shutdown Required webinar SlidesCybersecurity Application Installation with no Shutdown Required webinar Slides
Cybersecurity Application Installation with no Shutdown Required webinar Slides
Yokogawa1
 
Securing the Supply Chain
Securing the Supply ChainSecuring the Supply Chain
Securing the Supply Chain
Ignyte Assurance Platform
 
Prioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controlsPrioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controls
EnclaveSecurity
 
Practical Federal Compliance Strategies and Examples
Practical Federal Compliance Strategies and ExamplesPractical Federal Compliance Strategies and Examples
Practical Federal Compliance Strategies and Examples
Amazon Web Services
 
NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010
Donald E. Hester
 
The NIST Cybersecurity Framework
The NIST Cybersecurity FrameworkThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework
EMMAIntl
 
Implementing ID Governance in Complex Environments-HyTrust & CA Technologies
Implementing ID Governance in Complex Environments-HyTrust & CA Technologies Implementing ID Governance in Complex Environments-HyTrust & CA Technologies
Implementing ID Governance in Complex Environments-HyTrust & CA Technologies
HyTrust
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to Many
ControlCase
 
Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2
Smart Grid Interoperability Panel
 
Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity Fr...
Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity Fr...Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity Fr...
Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity Fr...
David Sweigert
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security Management
Christophe Briguet
 
Securing Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy SectorSecuring Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy Sector
Smart Grid Interoperability Panel
 
Insight Session with Dr. Daniel Gerstein, Deputy Under Secretary, S&T, DHS
Insight Session with Dr. Daniel Gerstein, Deputy Under Secretary, S&T, DHSInsight Session with Dr. Daniel Gerstein, Deputy Under Secretary, S&T, DHS
Insight Session with Dr. Daniel Gerstein, Deputy Under Secretary, S&T, DHS
Government Technology and Services Coalition
 
Process_to_Produce_Secure_Software-DHS_White-House_Geoff-Shively
Process_to_Produce_Secure_Software-DHS_White-House_Geoff-ShivelyProcess_to_Produce_Secure_Software-DHS_White-House_Geoff-Shively
Process_to_Produce_Secure_Software-DHS_White-House_Geoff-Shively
Curious Geoff (Shively)
 
White Paper Aaci Data Center Physical Security Mc Donald
White Paper Aaci Data Center Physical Security Mc DonaldWhite Paper Aaci Data Center Physical Security Mc Donald
White Paper Aaci Data Center Physical Security Mc Donald
James McDonald
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability Management
Tuan Phan
 
CMMC for Contractors and Manufacturers – What to Know for 2023
CMMC for Contractors and Manufacturers – What to Know for 2023CMMC for Contractors and Manufacturers – What to Know for 2023
CMMC for Contractors and Manufacturers – What to Know for 2023
Withum
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Ignyte Assurance Platform
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6
Mukesh Chinta
 
Hdcs Overview Final
Hdcs Overview FinalHdcs Overview Final
Hdcs Overview Final
rjt01
 
risk assessment 27.docx
risk assessment 27.docxrisk assessment 27.docx
risk assessment 27.docx
write5
 
ControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdfControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdf
AmyPoblete3
 
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171
Ignyte Assurance Platform
 
Network Configuration and Audit Simplified
Network Configuration and Audit SimplifiedNetwork Configuration and Audit Simplified
Network Configuration and Audit Simplified
Christopher Willard
 
Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)
NoCodeHardening
 

Weitere ähnliche Inhalte

Was ist angesagt?

Implementing ID Governance in Complex Environments-HyTrust & CA Technologies
Implementing ID Governance in Complex Environments-HyTrust & CA Technologies Implementing ID Governance in Complex Environments-HyTrust & CA Technologies
Implementing ID Governance in Complex Environments-HyTrust & CA Technologies
HyTrust
 
Insight Session with Dr. Daniel Gerstein, Deputy Under Secretary, S&T, DHS
Insight Session with Dr. Daniel Gerstein, Deputy Under Secretary, S&T, DHSInsight Session with Dr. Daniel Gerstein, Deputy Under Secretary, S&T, DHS
Insight Session with Dr. Daniel Gerstein, Deputy Under Secretary, S&T, DHS
Government Technology and Services Coalition
 
Process_to_Produce_Secure_Software-DHS_White-House_Geoff-Shively
Process_to_Produce_Secure_Software-DHS_White-House_Geoff-ShivelyProcess_to_Produce_Secure_Software-DHS_White-House_Geoff-Shively
Process_to_Produce_Secure_Software-DHS_White-House_Geoff-Shively
Curious Geoff (Shively)
 

Was ist angesagt? (13)

Practical Federal Compliance Strategies and Examples
Practical Federal Compliance Strategies and ExamplesPractical Federal Compliance Strategies and Examples
Practical Federal Compliance Strategies and Examples
 
NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010
 
The NIST Cybersecurity Framework
The NIST Cybersecurity FrameworkThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework
 
Implementing ID Governance in Complex Environments-HyTrust & CA Technologies
Implementing ID Governance in Complex Environments-HyTrust & CA Technologies Implementing ID Governance in Complex Environments-HyTrust & CA Technologies
Implementing ID Governance in Complex Environments-HyTrust & CA Technologies
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to Many
 
Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2
 
Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity Fr...
Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity Fr...Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity Fr...
Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity Fr...
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security Management
 
Securing Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy SectorSecuring Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy Sector
 
Insight Session with Dr. Daniel Gerstein, Deputy Under Secretary, S&T, DHS
Insight Session with Dr. Daniel Gerstein, Deputy Under Secretary, S&T, DHSInsight Session with Dr. Daniel Gerstein, Deputy Under Secretary, S&T, DHS
Insight Session with Dr. Daniel Gerstein, Deputy Under Secretary, S&T, DHS
 
Process_to_Produce_Secure_Software-DHS_White-House_Geoff-Shively
Process_to_Produce_Secure_Software-DHS_White-House_Geoff-ShivelyProcess_to_Produce_Secure_Software-DHS_White-House_Geoff-Shively
Process_to_Produce_Secure_Software-DHS_White-House_Geoff-Shively
 
White Paper Aaci Data Center Physical Security Mc Donald
White Paper Aaci Data Center Physical Security Mc DonaldWhite Paper Aaci Data Center Physical Security Mc Donald
White Paper Aaci Data Center Physical Security Mc Donald
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability Management
 

Ähnlich wie Security In The Supply Chain

Hdcs Overview Final
Hdcs Overview FinalHdcs Overview Final
Hdcs Overview Final
rjt01
 

Ähnlich wie Security In The Supply Chain (20)

CMMC for Contractors and Manufacturers – What to Know for 2023
CMMC for Contractors and Manufacturers – What to Know for 2023CMMC for Contractors and Manufacturers – What to Know for 2023
CMMC for Contractors and Manufacturers – What to Know for 2023
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6
 
Hdcs Overview Final
Hdcs Overview FinalHdcs Overview Final
Hdcs Overview Final
 
risk assessment 27.docx
risk assessment 27.docxrisk assessment 27.docx
risk assessment 27.docx
 
ControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdfControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdf
 
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171
 
Network Configuration and Audit Simplified
Network Configuration and Audit SimplifiedNetwork Configuration and Audit Simplified
Network Configuration and Audit Simplified
 
Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life Cycle
 
NIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdfNIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdf
 
Shield db data security
Shield db data securityShield db data security
Shield db data security
 
Shield db data security
Shield db data securityShield db data security
Shield db data security
 
Shield db data security
Shield db data securityShield db data security
Shield db data security
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Security
 
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
 
Cyber Resilience Summit Briefing March 15, 2016
Cyber Resilience Summit Briefing March 15, 2016Cyber Resilience Summit Briefing March 15, 2016
Cyber Resilience Summit Briefing March 15, 2016
 
Cyber Resilience Summit Briefing
Cyber Resilience Summit Briefing Cyber Resilience Summit Briefing
Cyber Resilience Summit Briefing
 
CMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationCMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organization
 
SGSB Webcast 4: Smart Grid Security Standards in Mid 2010
SGSB Webcast 4: Smart Grid Security Standards in Mid 2010SGSB Webcast 4: Smart Grid Security Standards in Mid 2010
SGSB Webcast 4: Smart Grid Security Standards in Mid 2010
 

Mehr von John Gilligan

Mehr von John Gilligan (7)

Understanding Technology Stakeholders
Understanding Technology StakeholdersUnderstanding Technology Stakeholders
Understanding Technology Stakeholders
 
Cyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed ActionsCyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed Actions
 
Automating Enterprise IT Management
Automating Enterprise IT ManagementAutomating Enterprise IT Management
Automating Enterprise IT Management
 
Cyber Security: Past and Future
Cyber Security: Past and FutureCyber Security: Past and Future
Cyber Security: Past and Future
 
Solving the CIO’s Cybersecurity Dilemma
Solving the CIO’s Cybersecurity DilemmaSolving the CIO’s Cybersecurity Dilemma
Solving the CIO’s Cybersecurity Dilemma
 
Cyber Security - the 21st Century Domain
Cyber Security - the 21st Century DomainCyber Security - the 21st Century Domain
Cyber Security - the 21st Century Domain
 
Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008
 

Kürzlich hochgeladen

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Kürzlich hochgeladen (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Security In The Supply Chain

  • 1. Leveraging Purchase Power and Standards to Improve Security in the IT Supply Chain John M. Gilligan Gilligan Group, Inc. December 10, 2008
  • 2.
  • 3.
  • 4.
  • 5. From National Institute of Standards and Technology briefing--http://nvd.nist.gov/scap.cfm NIST provides a lot of guidance in security—is it addressing the right problem? (c) 2008, All Rights Reserved. Gilligan Group Inc.
  • 6.
  • 7. How to Assess Effective Security GAO Reports? Congressional FISMA Grades? Percentage of Systems Certified? Number of Systems with Contingency Plans? Agency Auditor Reports? The threat is increasing! Are we focusing on the right things? "Pentagon Shuts Down Systems After Cyber - Attack " Malicious scans of DoD increase 300%! (c) 2008, All Rights Reserved. Gilligan Group Inc.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12. Security As Part of IT Commodity Life Cycle Management Enterprise Client PC Hardware Step 1: USAF Quarterly Enterprise Buy (QEB) Standards – 700K purchased since Aug 2003; $200M+ avoidance Enterprise Licensing and Services Step 2: USAF Enterprise License Agreements – Implemented in Jul – Sep 2004 $100M+ savings by 2010 Enterprise Client, Server, and Active Directory Configurations Step 3: USAF Standard Desktop Configuration – AF wide implementation in 2006; Servers 2008 Enterprise Configuration and Patch Management Step 4: USAF Enterprise Configuration Management processes – Implementation 2006-2008 Comply and Connect Enforcement Step 5: USAF Comply, Connect and Remediate policy and processes – Incremental improvements 2006-2009 (c) 2008, All Rights Reserved. Gilligan Group Inc. Incremental Improvements in End Point and Server Capability and Security
  • 13.
  • 14.
  • 15. Security Standards Efforts: Security Content Automation Protocol (SCAP) (c) 2008, All Rights Reserved. Gilligan Group Inc.
  • 16. Security Standards Efforts: Next Steps* * Making Security Measurable – The MITRE Corporation (c) 2008, All Rights Reserved. Gilligan Group Inc.
  • 17.
  • 18.