David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment?

•Download as PPTX, PDF•

0 likes•723 views

Government Technology and Services Coalition

Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership Presentation: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment Presenter: David Knox, Vice President of National Security Solutions, Oracle Description: With all the constant innovation in cyber, what is “cutting edge”? What constraints hinder innovation? How is technology being used to address the Executive Orders, comply to standards, and other meet other mandates? What areas still need resources, ideas and innovation? Join us to hear advances in cyber security technology and ways to protect and monitor systems that will provide for resilient infrastructures and incorporate new solutions.

Government & Nonprofit

A Pragmatic Approach to a Secure
Information Environment
David Knox
VP Technology
Oracle National Security Group

Three Things to Think About
Security Drivers & Governance
Protecting Our Systems
Cutting-edge Innovations
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
1
2
3
2

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

“A” is for Assets
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

NIST FIPS 140-1 & 201
OFAC
21CFR Part 11 CA SB 1386
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Sarbanes-Oxley
FTC 16 CFR 314
Patriot Act
PCAOB Audit
WA SB 6043
ND SB 2251
IL SB 1479
PA SB 705
PIPEDA
HSPD-12
FERPA FISMA PL107-347
EU Privacy
GLB
Basel II
BSA
HIPAA
Compliance

Getting a Handle on Compliance
Ensuring Reality is in line with Theory
Discover Classify Assess Monitor
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
• Automated Asset Discovery and Grouping
• Patch Management
• Configuration Controls
• Enterprise Compliance
• Continuous Monitoring
Monitor
Configuration
Management
& Audit
Vulnerability
Management
Fix
Analysis &
Analytics
Prioritize
Policy
Management
Asset
Management

• Mitigating Insider Threats requires
mandatory controls and auditing
• Cloud (Administrators) introduce new
risks
• Persistent threats from Cyber attacks is
the new normal
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
9
Leverage Protections for the Cyber, Insider Threats & Cloud

Network
uthenticate
KING 18031
SCOTT 14220
PIERMAR 17170
KNOX 12029
KYTE 17045
CAREY 12032
HOECHST 18029
Org 30
Authentication Access
sfING
SCOjd
ByAgE
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Data
Protection in Context
Privacy &
integrity of
data
Monitoring &
auditing
Privacy &
integrity of
communications
control
SMITH
gAMES
fONES
MIER
Org 10
Org 20
Admin

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Continuous Monitoring
High Ingest with Query
• Approaching 200,000 EPS; 3 Billon (4TB) rows/day
• From 12 users to > 100; Query response 70X faster
– Most queries sub-second, longest query < 60 seconds
• 14 Days of data retained expanded to 5 years
– Enabled new queries which give needed insight
• Data Compression 14X
• 7:1 Reduction in Floor Space: Cost Savings 10X

Innovations in Infrastructure Create New Capabilities
Software
in Silicon
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Performance
In-Memory Acceleration
Engines
Reliability &
Security
Application Data
Integrity
Capacity
Encryption &
Compression
Engines

Reliability & Security: Application Data Integrity
Revolutionary Change to Memory Architecture
• Database In-memory places terabytes of data in memory
– More vulnerable to corruption by bugs/attacks than storage
• SPARC M7 Application Data Protection stops memory
corruptions with no impact on performance
• Hidden “color” bits added to pointers (key), and content (lock)
• Pointer color (key) must match content color or program is aborted
• Prevents access off end of structure, stale pointer access,
malicious attacks, etc. plus improves developer productivity Memory
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Pointers
Memory
Content

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Concluding Points
• Security in-depth with practical governance
– Security is more than authentication and firewalls
– Apply proven, natural and intuitive practices
• Protection techniques mitigate all risks
– Cloud
– Cyber
– Insider threats
• Innovations in technology, innovations in thinking

Safe Harbor Statement
The preceding is intended to outline our general product direction. It is intended for
information purposes only, and may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or functionality, and should not be relied upon
in making purchasing decisions. The development, release, and timing of any features or
functionality described for Oracle’s products remains at the sole discretion of Oracle.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
16

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 17

David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment?

What's hot

How to Comply with NIST 800-171

Corserva

Join our webinar hosted by MAGNET: The Manufacturing Advocacy and Growth Network. As the NIST and Ohio MEP program advocates, we’ve invited a leader of our technological and educational cybersecurity partner, Ignyte Institute, for a conversation on how to get on board with the emerging Cybersecurity Maturity Model Certification (CMMC). This webinar will give a detailed and realistic overview of all cybersecurity frameworks and regulations required to continue working on existing projects or bid on future contracts as Department of Defense (DoD) prime and subcontractor. Our goal is to help you assess your current state of Governance, Risk Management, and Compliance (GRC), and provide you overall guidance on a smooth transition to the new regulatory norms in order to ensure that Ohio-based businesses maintain their competitive edge in the Defense Industrial Base (DIB).

Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors

Ignyte Assurance Platform

In this webinar, Adam Rosenbaum, who leads our Federal System Integrator program here at SolarWinds, was joined by Jason Spezzano, Senior Director of Cybersecurity, and Dave Gray, Senior Cybersecurity Analyst, both of CyberDefenses, Inc., for a panel discussion about preparing for CMMC Compliance and what can be done now to get ready. During this interactive webinar, attendees learned from this panel: How to leverage NIST 800-171 compliance reports to track progress or support audits How to use tools like SolarWinds’ solutions to maintain IT hygiene How to leverage configuration and patch management tools to satisfy security controls or help implement and manage controls How to use configuration and log management to verify controls are implemented correctly[SWL1] How to navigate the process of obtaining certification How an assessment, from security services firms like CyberDefenses, can make the process more efficient

Government Webinar: Preparing for CMMC Compliance Roundtable

SolarWinds

Vulnerability Testing Services Case Study

Nandita Nityanandam

It and-cyber-module-2

Marneil Sanchez

Cybersecurity for modern industrial systems

Itex Solutions

Tyler Technology Expo

Tony DeGonia (LION)

The Future of Cyber Security - Matthew Rosenquist

Matthew Rosenquist

24/7 coverage and skills shortages for post breach detection and response are driving the need for Managed Detection and Response (MDR) Services. Analysts are predicting 15X growth for MDR services over the next few years as security leaders shift their focus from prevention to detection knowing attacks are evading existing defenses, often without malware by using macros and scripts. Managed services often use MDR marketing messages and this sometimes results in their security monitoring services not meeting expectations. Buyers must learn what to look for in an MDR solution to avoid falling into this trap.

Critical Capabilities for MDR Services - What to Know Before You Buy

Fidelis Cybersecurity

Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...

TheAnfieldGroup

Should I Patch My ICS?

Digital Bond

Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...

John Gilligan

ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010 in Orlando, FL. What Stimulates Cyber Security Activity? For Industrial Control Systems (ICS) 􀂍 Risk Management • Business: Safety, Environmental, Reliability, Financial … • National: Terrorism, Rapidly emerging “Cyber Warfare” 􀂍 Regulation & Compliance (Must Do) • Government, Customers, Partners, Suppliers … 􀂍 Cost Reduction • People & Infrastructure • Skills & Practices Cyber Security is a National, Business and Personal Issue

ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010

ARC Advisory Group

Cyber Security Strategies and Approaches

vngundi

In 2011, Marc Andreessen said "software is eating the world." Today, that statement is truer than ever. Businesses in every industry - from retail, to energy, to financial - are essentially software companies, with millions of lines of custom source code being written and managed in-house. Additionally, advances in the Software Development Life Cycle (SDLC) and the emergence of DevOps have allowed some organizations to deploy new code from development to production dozens of time each day. Traditional approaches to securing such large quantities of code, especially at the speed of current development, have proven to be ineffective, as is evident by recent public data breaches of both public and private sector organizations; as well as the resulting legislation, like Presidential Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity. The only way for cybersecurity teams to keep up with their development counterparts is to automate, but where should they start? The NIST Cybersecurity Framework provides guidance for organizations interested in establishing or improving a cybersecurity program. Today, a security automation plan is a crucial aspect of any cybersecurity program. This talk will describe how the NIST Cybersecurity Framework can be used to establish and implement a plan for integrating security-automation activities into any security program. We'll describe the latest trends in security-automation and DevOps, including how to automatically identify security-best practices being followed, and anti-patterns that indicate a potential risk. Attendees will learn how to consolidate this data in a centralized dashboard of their choosing, and how such information can be automatically distributed to stakeholders throughout their organization. In the coming years, with the growth of Internet of Things (IoT) and Cloud, organizations will become more and more reliant on custom software. Cybersecurity teams who fail to begin automating soon will only continue to fall further behind and put their organizations at greater risk. The NIST Cybersecurity Framework provides the foundation for such teams to establish their roadmap to security, and this talk will build on that foundation to highlight some potential paths.

Achieving Visible Security at Scale with the NIST Cybersecurity Framework

Kevin Fealey

Hardware Security on Vehicles

Priyanka Aash

Kevin Wheeler, Founder and Managing Director, InfoDefense Securing Industrial Control Systems Our nation’s critical infrastructure is controlled by SCADA and other industrial control technologies. Water utilities, petroleum refineries, oil pipelines, food processors, manufacturers and power companies all use SCADA systems to control and monitor operations. The vast majority of these industrial control systems have been in place for decades with few, if any, enhancements to effectively protect against today’s advanced threats. As a result, industrial control system vulnerabilities are currently a major concern. Legacy SCADA systems can be secured using many of the same best practices that are used to protect the enterprise. This presentation provides an overview of SCADA threats as well as practical solutions for protecting industrial control systems.

NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler

North Texas Chapter of the ISSA

The RIPE Experience

Digital Bond

PCI DSS Compliance in the Cloud

ControlCase

The development of the Critical Security Controls is transforming the way companies measure and monitor the success of their security programs while drastically reducing the cost of security. Fifteen of the twenty controls can be automated, some at limited cost to the organization, and the data is readily available to be presented in conference rooms and board rooms. Upon implementing, hospitals will have the ability to measure compliance, track progress, and know when they’ve reached certain goals. They were developed and agreed upon by a consortium including NSA, US Cert, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center as well as the top commercial forensics experts and pen testers serving the banking and critical infrastructure communities. Since the US State Department implemented these controls they have demonstrated “more than 80% reduction in ‘measured’ security risk through the rigorous automation and measurement of the Top 20 Controls.”

Utilizing the Critical Security Controls to Secure Healthcare Technology

EnclaveSecurity

What's hot (20)

How to Comply with NIST 800-171

Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors

Government Webinar: Preparing for CMMC Compliance Roundtable

Vulnerability Testing Services Case Study

It and-cyber-module-2

Cybersecurity for modern industrial systems

Tyler Technology Expo

The Future of Cyber Security - Matthew Rosenquist

Critical Capabilities for MDR Services - What to Know Before You Buy

Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...

Should I Patch My ICS?

Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...

ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010

Cyber Security Strategies and Approaches

Achieving Visible Security at Scale with the NIST Cybersecurity Framework

Hardware Security on Vehicles

NTXISSACSC2 - Securing Industrial Control Systems by Kevin Wheeler

The RIPE Experience

PCI DSS Compliance in the Cloud

Utilizing the Critical Security Controls to Secure Healthcare Technology

Viewers also liked

Network Security in a Virtualized Environment

LiveAction Next Generation Network Management Software

Security environment

Jay Choudhary

The Evolving Security Environment For Web Services

Qanita Ahmad

GTSC's National Preparedness Month Symposium Presentation: The Evolving Threats: What Does the Future Hold? A Local Government Perspective Presenter: Brian Usher, President-Elect, American Public Works Association; Director of Public Works, Largo, Florida Description: From more violent and frequent weather incidents to long-term recovery efforts and mitigation, FEMA faces greater threats than ever. This panel will identify some of the overarching factors contributing to their increasing challenges and discuss mitigation, response and recovery trends.

Brian Usher: The Evolving Threats: A Local Government Perspective

Government Technology and Services Coalition

Information security challenges in today’s banking environment

Evan Francen

Risk management in e banking

Amer Mushtaq

Security issues in e business

Rahul Kumar

Security in E-commerce

m8817

A project report on e business

Verma Pramod

Viewers also liked (9)

Network Security in a Virtualized Environment

Security environment

The Evolving Security Environment For Web Services

Brian Usher: The Evolving Threats: A Local Government Perspective

Information security challenges in today’s banking environment

Risk management in e banking

Security issues in e business

Security in E-commerce

A project report on e business

Similar to David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment?

Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud

MarketingArrowECS_CZ

A5 cloud security_now_a_reason_to_move_to_the_cloud

Dr. Wilfred Lin (Ph.D.)

Best Practices for implementing Database Security Comprehensive Database Secu...

Kal BO

Oracle Sparc Cloud

Ernest Jones

Oracle Database 11g Security and Compliance Solutions - By Tom Kyte

Edgar Alejandro Villegas

Cyber security event

Tryzens

Securing data in Oracle Database 12c - 2015

Connor McDonald

The EU General Protection Regulation and how Oracle can help

Niklas Hjorthen

PCI DSS v 3.0 and Oracle Security Mapping

Troy Kitch

IBM Relay 2015: Securing the Future

IBM

Enterprise Mobility: Secure Containerization

Domenico Catalano

Information is the world’s new currency. Databases are the digital banks that store and retrieve valuable information. The growing number of high-profile incidents in which customer records, confidential information and intellectual property are leaked, lost or stolen has created an explosive demand for solutions that protect against the deliberate or inadvertent release of sensitive information.Oracle is the global leader in relational database technology, and has built a rich set of database security products and database features within its product portfolio.

Best Practices in Implementing Oracle Database Security Products

Estuate, Inc.

While security is a top concern in every organization these days, it often gets a bad rap. In many minds, security has the reputation of the bothersome villain who attempts to hinder performance or restrain agility. In this session we will outline three strategies to protect your valuable workloads, without falling into traditional security traps. We will walk through three stories of EC2 security superheroes who saved the day by overcoming compliance and design challenges, using a (not so) secret arsenal of AWS and Trend Micro security tools. Key takeaways from this session include how to: - Design a workload-centric security architecture - Improve visibility of AWS-only or hybrid environments - Stop patching live instances but still prevent exploits Speaker: Sasha Pavlovic, Director, Cloud & Datacentre Security, Asia Pacific, Trend Micro

Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...

Amazon Web Services

AWS Summit Auckland Platinum Sponsor presentation - Trend Micro

Amazon Web Services

Data, People and Software security: how does them relate to the GDPR security principles? In this new attack landscape, network-centric security is no longer enough because threats come from inside and outside the network. Oracle Identity SOC is an identity-centric, context-aware intelligence and automation framework for security operations centers, backed by advanced user behavior analytics and machine learning to spot compelling events that require automated remediation.

The Enablement of an Identity-Centric SOC in the Regulatory Rumba Era

Luca Martelli

Understanding Database Encryption & Protecting Against the Insider Threat wit...

MongoDB

Scalar Security Roadshow - Ottawa Presentation

Scalar Decisions

Oracle Data Protection - 1. část

MarketingArrowECS_CZ

Managing SCADA Operations and Security with Splunk Enterprise

Splunk

We are in the midst of a fundamental shift in the way in which organizations protect themselves from the modern adversary. Traditional rules based cybersecurity applications of the past are not able to protect organizations in the new mobile, social, and hyper-connected world they now operate within. However, the convergence of big data technology, analytic advancements, and a variety of other factors have sparked a cybersecurity renaissance that will forever change the way in which organizations protect themselves. Join Rocky DeStefano, Cloudera's Cybersecurity subject matter expert, as he explores how modern organizations are protecting themselves from more frequent, sophisticated attacks. During this webinar you will learn about: The current challenges cybersecurity professionals are facing today How big data technologies are extending the capabilities of cybersecurity applications Cloudera customers that are future proofing their cybersecurity posture with Cloudera’s next generation data and analytics management system

Preparing for the Cybersecurity Renaissance

Cloudera, Inc.

Similar to David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment? (20)

Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud

A5 cloud security_now_a_reason_to_move_to_the_cloud

Best Practices for implementing Database Security Comprehensive Database Secu...

Oracle Sparc Cloud

Oracle Database 11g Security and Compliance Solutions - By Tom Kyte

Cyber security event

Securing data in Oracle Database 12c - 2015

The EU General Protection Regulation and how Oracle can help

PCI DSS v 3.0 and Oracle Security Mapping

IBM Relay 2015: Securing the Future

Enterprise Mobility: Secure Containerization

Best Practices in Implementing Oracle Database Security Products

Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...

AWS Summit Auckland Platinum Sponsor presentation - Trend Micro

The Enablement of an Identity-Centric SOC in the Regulatory Rumba Era

Understanding Database Encryption & Protecting Against the Insider Threat wit...

Scalar Security Roadshow - Ottawa Presentation

Oracle Data Protection - 1. část

Managing SCADA Operations and Security with Splunk Enterprise

Preparing for the Cybersecurity Renaissance

More from Government Technology and Services Coalition

GTSC 5th Anniversary Annual Report: Steady in a Sea of Change

Government Technology and Services Coalition

Government Technology & Services Coalition 2015 Annual Report

Government Technology and Services Coalition

Robert Nichols: Cybersecurity for Government Contractors

Government Technology and Services Coalition

GTSC Annual Meeting 2014: Michelle Mrdeza: What to Expect When You Are Expect...

Government Technology and Services Coalition

GTSC Annual Meeting 2014: Chani Wiggins: 114th Congress: Big Picture

Government Technology and Services Coalition

GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...

Government Technology and Services Coalition

GTSC Annual Meeting 2014: BD Exchange

Government Technology and Services Coalition

The Government Technology & Services Coalition's Annual Report, covering the period of June 2013 - November 2014. The Government Technology & Services Coalition (GTSC) is a nonprofit, non-partisan association of innovative, agile small and mid-sized company CEOs that create, develop, and implement solutions for the Federal homeland and national security sector. These companies founded the Coalition to band together to work with their Federal partners to achieve their mission despite significant budget challenges by bringing the innovation, creativity and exceptionalism of successful small businesses to the homeland and national security mission. These CEOs — many former government officials — joined together to share best practices, information and resources to lead the initiatives and solutions that would bring the best of our community together to protect our homeland. Our vision is to provide an ethical, effective platform for information exchange between the public and private sector on homeland and national security ideas, technologies and innovations that will achieve mission. Our mission is to provide exceptional advocacy, capacity building, partnership opportunities and marketing in the Federal security space for small and mid-sized companies. We do this to support and assist our government partners achieve their critical missions with the highest integrity; best and most innovative technologies; and results-based, quality products and services to prevent, protect against, mitigate, respond to, and recover from, any terrorist attack or natural disaster.

GTSC June 2013 - November 2014 Annual Report

Government Technology and Services Coalition

Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey

Government Technology and Services Coalition

Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership Presentation: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment Presenter: Sean McCloskey, Program Manager, Cyber Security Evaluations Program, DHS Description: With all the constant innovation in cyber, what is “cutting edge”? What constraints hinder innovation? How is technology being used to address the Executive Orders, comply to standards, and other meet other mandates? What areas still need resources, ideas and innovation? Join us to hear advances in cyber security technology and ways to protect and monitor systems that will provide for resilient infrastructures and incorporate new solutions.

Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...

Government Technology and Services Coalition

GTSC's National Preparedness Month Symposium Presentation: Alert/Notification Technologies: The Integrated Public Alert and Warning System (IPAWS) Presenter: Antwayne Johnson, Director, IPAWS, FEMA Description: FEMA has been on the cutting edge of supporting and developing technologies and social media to advance alerts and notifications of severe events. IPAWS provides public safety officials with an effective way to alert and warn the public about serious emergencies using the Emergency Alert System (EAS), Wireless Emergency Alerts (WEA), the National Oceanic and Atmospheric Administration (NOAA) Weather Radio, and other public alerting systems from a single interface. Join us to learn more about how these technologies are aiding in preparedness, earlier alerts and advanced communication platforms to assure interoperability and improved communication to forward FEMA’s mission.

Antwayne Johnson: Alert/Notification Technologies: The Integrated Public Aler...

Government Technology and Services Coalition

GTSC's National Preparedness Month Symposium Presentation: Government Contracts & Insurance Issues: How Prepared is Your Company? Presenter: Justin Chiarodo, Partner, Dickstein Shapiro LLP; John Gibbons, Partner, Dickstein Shapiro LLP Description: Disasters require advance planning to protect your business. Beyond physical preparedness for a disaster or terrorist attack, your firm should pay close attention to its assets – and how your company can best leverage them. This panel will discuss both government contracts and insurance considerations relating to disasters.

Justin Chiarodo: Government Contracts & Insurance Issues: How Prepared is You...

Government Technology and Services Coalition

GTSC's National Preparedness Month Symposium Presentation: How Can We Leverage Technology to Improve Performance: Social Media in Emergency Management Presenter: Todd Jasper, Director of Homeland Security & Emergency Management, Man-Machine Systems Assessment (MSA) Description: Technological advances are allowing FEMA to integrate people, processes and information better than ever before. Social media apps and tools are transforming the way people communicate before, during and after a disaster. These technologies afford FEMA unique opportunities to analyze and crowd share data, communicate alerts and information about disasters and increase FEMA's situational awareness on the ground faster and more efficiently.

Todd Jasper: How Can We Leverage Technology to Improve Performance: Social Me...

Government Technology and Services Coalition

GTSC's National Preparedness Month Symposium Presentation: How Can We Leverage Technology to Improve Performance? Presenter: Dr. Kevin Delin, CEO, SensorWare Systems Description: Technological advances are allowing FEMA to integrate people, processes and information better than ever before. Social media apps and tools are transforming the way people communicate before, during and after a disaster. These technologies afford FEMA unique opportunities to analyze and crowd share data, communicate alerts and information about disasters and increase FEMA's situational awareness on the ground faster and more efficiently.

Kevin Delin: How Can We Leverage Technology to Improve Performance: The Senso...

Government Technology and Services Coalition

GTSC's National Preparedness Month Symposium Presentation: The Evolving Threats: GAO's Report on DOD's Infrastructure Adaptation for Climate Change Presenter: Brian Lepore, Director of Defense Capabilities and Management, GAO Description: From more violent and frequent weather incidents to long-term recovery efforts and mitigation, FEMA faces greater threats than ever. This panel will identify some of the overarching factors contributing to their increasing challenges and discuss mitigation, response and recovery trends.

Brian Lepore: The Evolving Threats: GAO's Report on DOD's Infrastructure Adap...

Government Technology and Services Coalition

GTSC's National Preparedness Month Symposium Keynote: FEMA’s Preparedness: A Leading, Agile, Focused Agency Presenter: David J. Kaufman, Associate Administrator, Policy, Program Analysis, and International Affairs, U.S. Department of Homeland Security/FEMA Description: FEMA’s Office of Policy & Program Analysis is tasked with shaping FEMA and strengthening its ability to fulfill its mission by becoming a more agile, results oriented organization. This keynote will describe the efforts to achieve that vision and how the Office is working to strengthen public private partnerships to incorporate best practices from the lessons learned from previous disasters.

David Kaufman: FEMA's Preparedness: A Leading, Agile, Focused Agency

Government Technology and Services Coalition

the Defense Department and General Services Administration report on improving cyber security and resilience through acquisition. This report, developed as part of the President’s Executive Order on Cyber Security, forms the baseline for a fundamental shift in federal procurement policy. In short, going forward cyber security is going to be a core consideration in federal procurements. Contractors will likely find cyber security obligations embedded in their contracts, and may even find themselves excluded from the procurement process if certain cyber security benchmarks are not met. The report spells out six key recommendations: 1) Institute Baseline Cybersecurity Requirements as a Condition of Contract Award for Appropriate Acquisitions 2) Address Cybersecurity in Relevant Training 3) Develop Common Cybersecurity Definitions for Federal Acquisitions 4) Institute a Federal Acquisition Cyber Risk Management Strategy 5) Include a Requirement to Purchase from Original Equipment Manufacturers, Their Authorized Resellers, or Other “Trusted” Sources, Whenever Available, in Appropriate Acquisitions 6) Increase Government Accountability for Cyber Risk Management

GSA's Presentation on Improving Cyber Security Through Acquisition

Government Technology and Services Coalition

Homeland Security: Understanding Funding and Spending

Government Technology and Services Coalition

Homeland Security Funding 2013

Government Technology and Services Coalition

The Cyber Threat Landscape

Government Technology and Services Coalition

More from Government Technology and Services Coalition (20)