SlideShare une entreprise Scribd logo

Improving cyber-security through acquisition

Télécharger en tant que PPT, PDF
Christopher Dorobek
Christopher Dorobek

GSA's Emile Monette's presentation before the DOD/DHS/NIST software and supply chain assurance forum: Improving cyber-security through acquisition

Actualités & Politique
1  sur  13
U.S. General Services Administration Presentation to: Software and Supply Chain Assurance Forum Improving Cybersecurity through Acquisition Emile Monette Senior Advisor for Cybersecurity GSA Office of Mission Assurance emile.monette@gsa.gov March 18, 2014
2 Background: We Have a Problem  When the government purchases products or services with inadequate in-built “cybersecurity,” the risks created persist throughout the lifespan of the item purchased. The lasting effect of inadequate cybersecurity in acquired items is part of what makes acquisition reform so important to achieving cybersecurity and resiliency.  Currently, government and contractors use varied and nonstandard practices, which make it difficult to consistently manage and measure acquisition cyber risks across different organizations.  Meanwhile, due to the growing sophistication and complexity of ICT and the global ICT supply chains, federal agency information systems are increasingly at risk of compromise, and agencies need guidance to help manage ICT supply chain risks
Executive Order 13636  Section 8(e) of the EO required GSA and DoD to: “… make recommendations to the President, … on the feasibility, security benefits, and relative merits of incorporating security standards into acquisition planning and contract administration”  Report signed January 23, 2014 (http://gsa.gov/portal/content/176547)  Recommends six acquisition reforms: I. Institute Baseline Cybersecurity Requirements as a Condition of Contract Award for Appropriate Acquisitions II. Address Cybersecurity in Relevant Training III. Develop Common Cybersecurity Definitions for Federal Acquisitions IV. Institute a Federal Acquisition Cyber Risk Management Strategy V. Include a Requirement to Purchase from Original Equipment Manufacturers, Their Authorized Resellers, or Other “Trusted” Sources, Whenever Available, in Appropriate Acquisitions VI. Increase Government Accountability for Cyber Risk Management 3
NSCS Response to Recommendations  “DoD and GSA did an outstanding job engaging with public and private sector stakeholders to craft the report and provided realistic recommendations that will improve the security and resilience of the nation when implemented. Moving forward, we highlight that:  We view the core recommendation to be the focus on incorporating cyber risk management into enterprise acquisition risk management, built on “cybersecurity hygiene” baseline requirements for all IT contracts.  DoD and GSA must now move quickly to provide an implementation plan that includes milestones and specific actions to ensure integration with the various related activities like supply chain threat assessments and anti-counterfeiting.  DoD and GSA should ensure the highest level of senior leadership endorsement, accountability, and sustained commitment to implementing the recommendations through near and long term action. This should be communicated clearly to the Federal workforce, government contractors, and the oversight and legislative communities.” 4
Now What?  Implementation Plan – Translate recommendations into actions and outcomes Iterative process; sequential and concurrent implementation Address recommendations in order of implementation  Open, collaborative, stakeholder-centric process Request for public comment 45 days (Responses due 28 Apr) In-person meetings Press / Media coverage 5
Emile’s Implementation Buzzword Imperfect [im-pur-fikt] – of, pertaining to, or characterized by defects or weaknesses: Le mieux est l'ennemi du bien. 6
The first recommendation to be implemented… IV. Institute a Federal Acquisition Cyber Risk Management Strategy – From a government-wide cybersecurity perspective, identify a hierarchy of cyber risk criticality for acquisitions. To maximize consistency in application of procurement rules, develop and use “overlays” for similar types of acquisition, starting with the types of acquisitions that present the greatest cyber risk. – The government needs an interagency acquisition cyber risk management strategy that requires agencies to ensure their performance meets strategic cyber risk goals for acquisition and is part of the government’s enterprise risk management strategy. The strategy should be based on a government-wide perspective of acquisition, and be primarily aligned with the methodologies and procedures developed to address cyber risk in the Cybersecurity Framework. It should identify a hierarchy of cyber risk criticality for acquisitions and include a risk- based prioritization of acquisitions. The risk analysis should be developed in alignment with the Federal Enterprise Architecture and NIST Risk Management Framework (RMF). 7
About the Acquisition Cyber Risk Management Strategy • Why this one first? Provides necessary foundation for remaining recommendations • What is it? Draws from the sourcing practices of spend analysis, strategic categorization of buying activities, and category management, combined with application of information security controls and safeguards and procurement risk management practices like pricing methodology, source selection, and contract performance management. • How? Three-step process that produces: Category Definitions, Risk Prioritization, and Overlays 8
Category Definitions 1. Grouping similar types of acquisitions together based on characteristics of the product or service being acquired, supplier or market segments, and prevalent customer/buyer behavior. – Categories must be right-sized – broad enough to be understandable and provide economies of scale, but specific enough to enable development of Overlays that provide meaningful, adequate and appropriate safeguards for the types of risks presented by the products or services in the Category – Determine which Categories present potential cyber risk • “Do purchases made in this Category present cyber risk to any possible end user?” 9
Risk Assessment and Prioritization 3. Produce a hierarchy of Categories based on comparative cyber risk. – “Which of the Categories presents the greatest cyber risk as compared to the other Categories? – The Category that is determined to have the highest risk through a comparative assessment would be the first one for which an Overlay is developed. • Unless….there is a compelling opportunity to develop Overlays for a different Category first… – Risk hierarchy provides reasoning – where a Category is determined to have higher risk relative to other types of acquisitions, the level of resources expended to address those risks will also be justifiably higher. 10
Overlays 4. Develop Overlays – a tool for acquisition officials to use throughout the acquisition lifecycle, and include: – An articulation of the level of risk presented by the Category derived from the risk assessment; – A specific set of minimum controls that must be included in the technical specifications, acquisition plan, and during contract administration and performance for any acquisition in the Category; – The universe of additional controls that are relevant to the Category but are not required in the minimum (i.e., a “menu”), and – Examples of sets of the identified additional controls that apply to particular use cases (e.g., FIPS 199 High or Moderate system acquisition), as applicable. 11
Federal Register Notice & Request for Comment • Joint Working Group on Improving Cybersecurity and Resilience Through Acquisition, 79 Fed. Reg. 14042 (Mar. 12, 2014); responses due 28 Apr • Directs readers to http://gsa.gov/portal/content/176547 – Memo for Commenters – context and caveats – Draft Implementation Plan • Background, assumptions, constraints, etc., process map for implementation of recommendations • Will include an Appendix for each recommendation – Appendix I • Presents a notional “model” for category definitions, including taxonomy based on PSCs 12
A compelling opportunity…….. • Alliant II – The Alliant program office seeks to develop and implement a robust set of cybersecurity protections for the forthcoming Alliant II GWAC – Contract Overlays 1. Develop a “cross-walk” that maps the PSCs identified as within scope of Alliant 2 (https://interact.gsa.gov/document/interact-question-2- %E2%80%93-product-service-codes-pscs) to the Category definitions in the draft GSA-DoD Implementation Plan for the recommendations included in the joint report Improving Cybersecurity and Resilience through Acquisition (http://www.gsa.gov/portal/content/176547). 2. Identify Cybersecurity Framework controls applicable to the Alliant contract. 3. Identify acquisition safeguards/controls applicable to the Alliant contract 13

Recommandé

CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingPhil Agcaoili
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceSymantec
 
Cyber security
Cyber securityCyber security
Cyber securityVaibhav Jain
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudITDogadjaji.com
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber ResilienceIan-Edward Stafrace
 
Guide to high volume data sources for SIEM
Guide to high volume data sources for SIEMGuide to high volume data sources for SIEM
Guide to high volume data sources for SIEMJoseph DeFever
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015ITSM Academy, Inc.
 
Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?PECB
 

Recommandé

CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingPhil Agcaoili
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceSymantec
 
Cyber security
Cyber securityCyber security
Cyber securityVaibhav Jain
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudITDogadjaji.com
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber ResilienceIan-Edward Stafrace
 
Guide to high volume data sources for SIEM
Guide to high volume data sources for SIEMGuide to high volume data sources for SIEM
Guide to high volume data sources for SIEMJoseph DeFever
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015ITSM Academy, Inc.
 
Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?PECB
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapFireEye, Inc.
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity PredictionsMatthew Rosenquist
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
How Cyber Resilient are we?
How Cyber Resilient are we?How Cyber Resilient are we?
How Cyber Resilient are we?CIO Academy Asia Community
 
The VOHO Campaign: An In Depth Analysis
The VOHO Campaign: An In Depth AnalysisThe VOHO Campaign: An In Depth Analysis
The VOHO Campaign: An In Depth AnalysisEMC
 
Accountability for Corporate Cybersecurity - Who Owns What?
Accountability for Corporate Cybersecurity - Who Owns What?Accountability for Corporate Cybersecurity - Who Owns What?
Accountability for Corporate Cybersecurity - Who Owns What?Henry Draughon
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services OfferedRachel Anne Carter
 
Building Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyBuilding Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyAgus Wicaksono
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021Management Events
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for InsuranceAccenture Insurance
 
Cybersecurity 2020 the biggest threats to watch out for
Cybersecurity 2020 the biggest threats to watch out forCybersecurity 2020 the biggest threats to watch out for
Cybersecurity 2020 the biggest threats to watch out forCigniti Technologies Ltd
 
clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureLee Dalton
 
Symantec Intelligence Report - October 2014
Symantec Intelligence Report - October 2014Symantec Intelligence Report - October 2014
Symantec Intelligence Report - October 2014Symantec
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firmsJake Weaver
 
Industry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityIndustry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityEMC
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
 
What is cyber resilience?
What is cyber resilience?What is cyber resilience?
What is cyber resilience?Aaron Clark-Ginsberg
 
Merger & Acquisition integration
Merger & Acquisition integrationMerger & Acquisition integration
Merger & Acquisition integrationYves Zieba
 
M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017EQS Group
 

Contenu connexe

Tendances

M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapFireEye, Inc.
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity PredictionsMatthew Rosenquist
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
The VOHO Campaign: An In Depth Analysis
The VOHO Campaign: An In Depth AnalysisThe VOHO Campaign: An In Depth Analysis
The VOHO Campaign: An In Depth AnalysisEMC
 
Accountability for Corporate Cybersecurity - Who Owns What?
Accountability for Corporate Cybersecurity - Who Owns What?Accountability for Corporate Cybersecurity - Who Owns What?
Accountability for Corporate Cybersecurity - Who Owns What?Henry Draughon
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services OfferedRachel Anne Carter
 
Building Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyBuilding Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyAgus Wicaksono
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021Management Events
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for InsuranceAccenture Insurance
 
Cybersecurity 2020 the biggest threats to watch out for
Cybersecurity 2020 the biggest threats to watch out forCybersecurity 2020 the biggest threats to watch out for
Cybersecurity 2020 the biggest threats to watch out forCigniti Technologies Ltd
 
clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureLee Dalton
 
Symantec Intelligence Report - October 2014
Symantec Intelligence Report - October 2014Symantec Intelligence Report - October 2014
Symantec Intelligence Report - October 2014Symantec
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firmsJake Weaver
 
Industry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityIndustry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityEMC
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
 

Tendances (20)

M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security Gap
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity Predictions
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
 
How Cyber Resilient are we?
How Cyber Resilient are we?How Cyber Resilient are we?
How Cyber Resilient are we?
 
The VOHO Campaign: An In Depth Analysis
The VOHO Campaign: An In Depth AnalysisThe VOHO Campaign: An In Depth Analysis
The VOHO Campaign: An In Depth Analysis
 
Accountability for Corporate Cybersecurity - Who Owns What?
Accountability for Corporate Cybersecurity - Who Owns What?Accountability for Corporate Cybersecurity - Who Owns What?
Accountability for Corporate Cybersecurity - Who Owns What?
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services Offered
 
Building Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyBuilding Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital Economy
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance
 
Cybersecurity 2020 the biggest threats to watch out for
Cybersecurity 2020 the biggest threats to watch out forCybersecurity 2020 the biggest threats to watch out for
Cybersecurity 2020 the biggest threats to watch out for
 
clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochure
 
Symantec Intelligence Report - October 2014
Symantec Intelligence Report - October 2014Symantec Intelligence Report - October 2014
Symantec Intelligence Report - October 2014
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firms
 
Industry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityIndustry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven Security
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
 
What is cyber resilience?
What is cyber resilience?What is cyber resilience?
What is cyber resilience?
 

En vedette

Merger & Acquisition integration
Merger & Acquisition integrationMerger & Acquisition integration
Merger & Acquisition integrationYves Zieba
 
M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017EQS Group
 
M&A Framework for Success - short
M&A Framework for Success - shortM&A Framework for Success - short
M&A Framework for Success - shortSteve Coote
 
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHMergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHEQS Group
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
Mergers & Acquisitions in High Tech Industry
Mergers & Acquisitions in High Tech IndustryMergers & Acquisitions in High Tech Industry
Mergers & Acquisitions in High Tech IndustryAbhishek Breja
 
Post-acquisition integration (cross-border case)
Post-acquisition integration (cross-border case)Post-acquisition integration (cross-border case)
Post-acquisition integration (cross-border case)Virgilijus Dadonas
 
Creating A Due Diligence Framework
Creating A Due Diligence Framework Creating A Due Diligence Framework
Creating A Due Diligence Framework Now Dentons
 
Due Diligence for Merger & Acquisition, Corporate Restructuring and Takeover
Due Diligence for Merger & Acquisition, Corporate Restructuring and TakeoverDue Diligence for Merger & Acquisition, Corporate Restructuring and Takeover
Due Diligence for Merger & Acquisition, Corporate Restructuring and TakeoverPavan Kumar Vijay
 
Due Diligence Best Practices and Pitfalls
Due Diligence Best Practices and PitfallsDue Diligence Best Practices and Pitfalls
Due Diligence Best Practices and PitfallsFirmex
 
P&G’s Acquisition of Gillette
P&G’s Acquisition of GilletteP&G’s Acquisition of Gillette
P&G’s Acquisition of GilletteSanjaya Sanjaya
 

En vedette (11)

Merger & Acquisition integration
Merger & Acquisition integrationMerger & Acquisition integration
Merger & Acquisition integration
 
M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017
 
M&A Framework for Success - short
M&A Framework for Success - shortM&A Framework for Success - short
M&A Framework for Success - short
 
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHMergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
 
Mergers & Acquisitions in High Tech Industry
Mergers & Acquisitions in High Tech IndustryMergers & Acquisitions in High Tech Industry
Mergers & Acquisitions in High Tech Industry
 
Post-acquisition integration (cross-border case)
Post-acquisition integration (cross-border case)Post-acquisition integration (cross-border case)
Post-acquisition integration (cross-border case)
 
Creating A Due Diligence Framework
Creating A Due Diligence Framework Creating A Due Diligence Framework
Creating A Due Diligence Framework
 
Due Diligence for Merger & Acquisition, Corporate Restructuring and Takeover
Due Diligence for Merger & Acquisition, Corporate Restructuring and TakeoverDue Diligence for Merger & Acquisition, Corporate Restructuring and Takeover
Due Diligence for Merger & Acquisition, Corporate Restructuring and Takeover
 
Due Diligence Best Practices and Pitfalls
Due Diligence Best Practices and PitfallsDue Diligence Best Practices and Pitfalls
Due Diligence Best Practices and Pitfalls
 
P&G’s Acquisition of Gillette
P&G’s Acquisition of GilletteP&G’s Acquisition of Gillette
P&G’s Acquisition of Gillette
 

Similaire à Improving cyber-security through acquisition

Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAGovCloud Network
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Manuel Guillen
 
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...Patton Boggs LLP
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 
Improving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkImproving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkWilliam McBorrough
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelPaul Di Gangi
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit ProcessRam Srivastava
 
8242015 Combating cyber risk in the supply chain ­ Print Art.docx
8242015 Combating cyber risk in the supply chain ­ Print Art.docx8242015 Combating cyber risk in the supply chain ­ Print Art.docx
8242015 Combating cyber risk in the supply chain ­ Print Art.docxevonnehoggarth79783
 
Cyber security reguations: The shape of things to come for captives?
Cyber security reguations: The shape of things to come for captives?Cyber security reguations: The shape of things to come for captives?
Cyber security reguations: The shape of things to come for captives?Daniel Message
 
Six Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC ComplianceSix Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC ComplianceLumension
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
USA Information Security Compliance Market Overview
USA Information Security Compliance Market OverviewUSA Information Security Compliance Market Overview
USA Information Security Compliance Market OverviewNiraj Singhvi
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber Security Program Realization in the Mid Market - Executive Summary
Cyber Security Program Realization in the Mid Market - Executive SummaryCyber Security Program Realization in the Mid Market - Executive Summary
Cyber Security Program Realization in the Mid Market - Executive SummarySteve Leventhal
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxdewhirstichabod
 

Similaire à Improving cyber-security through acquisition (20)

Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
 
GSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through AcquisitionGSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through Acquisition
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020
 
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessments
 
Improving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkImproving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity Framework
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework Panel
 
Ffiec cat may_2017
Ffiec cat may_2017Ffiec cat may_2017
Ffiec cat may_2017
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit Process
 
8242015 Combating cyber risk in the supply chain ­ Print Art.docx
8242015 Combating cyber risk in the supply chain ­ Print Art.docx8242015 Combating cyber risk in the supply chain ­ Print Art.docx
8242015 Combating cyber risk in the supply chain ­ Print Art.docx
 
Cyber security reguations: The shape of things to come for captives?
Cyber security reguations: The shape of things to come for captives?Cyber security reguations: The shape of things to come for captives?
Cyber security reguations: The shape of things to come for captives?
 
Six Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC ComplianceSix Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC Compliance
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
USA Information Security Compliance Market Overview
USA Information Security Compliance Market OverviewUSA Information Security Compliance Market Overview
USA Information Security Compliance Market Overview
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19 Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19
 
Cyber Security Program Realization in the Mid Market - Executive Summary
Cyber Security Program Realization in the Mid Market - Executive SummaryCyber Security Program Realization in the Mid Market - Executive Summary
Cyber Security Program Realization in the Mid Market - Executive Summary
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docx
 

Plus de Christopher Dorobek

GSA CMMC implementation landscape - via AFFIRM
GSA CMMC implementation landscape - via AFFIRMGSA CMMC implementation landscape - via AFFIRM
GSA CMMC implementation landscape - via AFFIRMChristopher Dorobek
 
ACT-IAC Partners #GovDevOps: PTO - agile - and DevOps
ACT-IAC Partners #GovDevOps: PTO - agile - and DevOpsACT-IAC Partners #GovDevOps: PTO - agile - and DevOps
ACT-IAC Partners #GovDevOps: PTO - agile - and DevOpsChristopher Dorobek
 
2016.06 ACT-IAC Partners breakfast: GSA's 18F on DevOps delivery
2016.06 ACT-IAC Partners breakfast: GSA's 18F on DevOps delivery2016.06 ACT-IAC Partners breakfast: GSA's 18F on DevOps delivery
2016.06 ACT-IAC Partners breakfast: GSA's 18F on DevOps deliveryChristopher Dorobek
 
GSA Federal Acquisition Service: The Government Acquisition Marketplace
GSA Federal Acquisition Service: The Government Acquisition MarketplaceGSA Federal Acquisition Service: The Government Acquisition Marketplace
GSA Federal Acquisition Service: The Government Acquisition MarketplaceChristopher Dorobek
 
ACT-IAC MOC 2014 Open, Flexible Government Workshop report
ACT-IAC MOC 2014 Open, Flexible Government Workshop reportACT-IAC MOC 2014 Open, Flexible Government Workshop report
ACT-IAC MOC 2014 Open, Flexible Government Workshop reportChristopher Dorobek
 
John rucker keynote presentation 11-01-2011
John rucker keynote presentation 11-01-2011John rucker keynote presentation 11-01-2011
John rucker keynote presentation 11-01-2011Christopher Dorobek
 
MOC 2010: CXO Mixer voting results
MOC 2010: CXO Mixer voting resultsMOC 2010: CXO Mixer voting results
MOC 2010: CXO Mixer voting resultsChristopher Dorobek
 
Gsa infrastructure as a service briefing, 4-21-2010
Gsa infrastructure as a service briefing, 4-21-2010Gsa infrastructure as a service briefing, 4-21-2010
Gsa infrastructure as a service briefing, 4-21-2010Christopher Dorobek
 
March 2010: FedSources HUD CIO Jerry Williams
March 2010: FedSources HUD CIO Jerry WilliamsMarch 2010: FedSources HUD CIO Jerry Williams
March 2010: FedSources HUD CIO Jerry WilliamsChristopher Dorobek
 
10 Steps To Support Open Government
10 Steps To Support Open Government10 Steps To Support Open Government
10 Steps To Support Open GovernmentChristopher Dorobek
 
Cyber Policy Recommendations For The Federal Government
Cyber Policy Recommendations For The Federal GovernmentCyber Policy Recommendations For The Federal Government
Cyber Policy Recommendations For The Federal GovernmentChristopher Dorobek
 
Aug. 5, 2009 Federal CTO Chopra slides before the Churchill Club
Aug. 5, 2009 Federal CTO Chopra slides before the Churchill ClubAug. 5, 2009 Federal CTO Chopra slides before the Churchill Club
Aug. 5, 2009 Federal CTO Chopra slides before the Churchill ClubChristopher Dorobek
 
June 2009 Veterans Affairs Program Management Accountability System
June 2009 Veterans Affairs Program Management Accountability SystemJune 2009 Veterans Affairs Program Management Accountability System
June 2009 Veterans Affairs Program Management Accountability SystemChristopher Dorobek
 
Federal CIO Council's industructions on New Virtual Community Created to Shap...
Federal CIO Council's industructions on New Virtual Community Created to Shap...Federal CIO Council's industructions on New Virtual Community Created to Shap...
Federal CIO Council's industructions on New Virtual Community Created to Shap...Christopher Dorobek
 

Plus de Christopher Dorobek (18)

GSA CMMC implementation landscape - via AFFIRM
GSA CMMC implementation landscape - via AFFIRMGSA CMMC implementation landscape - via AFFIRM
GSA CMMC implementation landscape - via AFFIRM
 
ACT-IAC Partners #GovDevOps: PTO - agile - and DevOps
ACT-IAC Partners #GovDevOps: PTO - agile - and DevOpsACT-IAC Partners #GovDevOps: PTO - agile - and DevOps
ACT-IAC Partners #GovDevOps: PTO - agile - and DevOps
 
2016.06 ACT-IAC Partners breakfast: GSA's 18F on DevOps delivery
2016.06 ACT-IAC Partners breakfast: GSA's 18F on DevOps delivery2016.06 ACT-IAC Partners breakfast: GSA's 18F on DevOps delivery
2016.06 ACT-IAC Partners breakfast: GSA's 18F on DevOps delivery
 
GSA Federal Acquisition Service: The Government Acquisition Marketplace
GSA Federal Acquisition Service: The Government Acquisition MarketplaceGSA Federal Acquisition Service: The Government Acquisition Marketplace
GSA Federal Acquisition Service: The Government Acquisition Marketplace
 
ACT-IAC MOC 2014 Open, Flexible Government Workshop report
ACT-IAC MOC 2014 Open, Flexible Government Workshop reportACT-IAC MOC 2014 Open, Flexible Government Workshop report
ACT-IAC MOC 2014 Open, Flexible Government Workshop report
 
John rucker keynote presentation 11-01-2011
John rucker keynote presentation 11-01-2011John rucker keynote presentation 11-01-2011
John rucker keynote presentation 11-01-2011
 
MOC 2010: CXO Mixer voting results
MOC 2010: CXO Mixer voting resultsMOC 2010: CXO Mixer voting results
MOC 2010: CXO Mixer voting results
 
Gsa infrastructure as a service briefing, 4-21-2010
Gsa infrastructure as a service briefing, 4-21-2010Gsa infrastructure as a service briefing, 4-21-2010
Gsa infrastructure as a service briefing, 4-21-2010
 
March 2010: FedSources HUD CIO Jerry Williams
March 2010: FedSources HUD CIO Jerry WilliamsMarch 2010: FedSources HUD CIO Jerry Williams
March 2010: FedSources HUD CIO Jerry Williams
 
10 Steps To Support Open Government
10 Steps To Support Open Government10 Steps To Support Open Government
10 Steps To Support Open Government
 
Cyber Policy Recommendations For The Federal Government
Cyber Policy Recommendations For The Federal GovernmentCyber Policy Recommendations For The Federal Government
Cyber Policy Recommendations For The Federal Government
 
Opm Closed 02.08
Opm Closed 02.08Opm Closed 02.08
Opm Closed 02.08
 
AFFIRM Network panel slides
AFFIRM Network panel slidesAFFIRM Network panel slides
AFFIRM Network panel slides
 
080409 Churchill Club Slides
080409 Churchill Club Slides080409 Churchill Club Slides
080409 Churchill Club Slides
 
080409 Churchill Club Slides
080409 Churchill Club Slides080409 Churchill Club Slides
080409 Churchill Club Slides
 
Aug. 5, 2009 Federal CTO Chopra slides before the Churchill Club
Aug. 5, 2009 Federal CTO Chopra slides before the Churchill ClubAug. 5, 2009 Federal CTO Chopra slides before the Churchill Club
Aug. 5, 2009 Federal CTO Chopra slides before the Churchill Club
 
June 2009 Veterans Affairs Program Management Accountability System
June 2009 Veterans Affairs Program Management Accountability SystemJune 2009 Veterans Affairs Program Management Accountability System
June 2009 Veterans Affairs Program Management Accountability System
 
Federal CIO Council's industructions on New Virtual Community Created to Shap...
Federal CIO Council's industructions on New Virtual Community Created to Shap...Federal CIO Council's industructions on New Virtual Community Created to Shap...
Federal CIO Council's industructions on New Virtual Community Created to Shap...
 

Dernier

THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...
THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...
THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...Faga1939
 
Enjoy Night⚡Call Girls Iffco Chowk Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Iffco Chowk Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Iffco Chowk Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Iffco Chowk Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceDelhi Call girls
 
{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...
{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...
{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...hyt3577
 
BDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 46 (Gurgaon)
Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 46 (Gurgaon)Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 46 (Gurgaon)
Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 46 (Gurgaon)Delhi Call girls
 
Embed-4.pdf lkdiinlajeklhndklheduhuekjdh
Embed-4.pdf lkdiinlajeklhndklheduhuekjdhEmbed-4.pdf lkdiinlajeklhndklheduhuekjdh
Embed-4.pdf lkdiinlajeklhndklheduhuekjdhbhavenpr
 
₹5.5k {Cash Payment} Independent Greater Noida Call Girls In [Delhi INAYA] 🔝|...
₹5.5k {Cash Payment} Independent Greater Noida Call Girls In [Delhi INAYA] 🔝|...₹5.5k {Cash Payment} Independent Greater Noida Call Girls In [Delhi INAYA] 🔝|...
₹5.5k {Cash Payment} Independent Greater Noida Call Girls In [Delhi INAYA] 🔝|...Diya Sharma
 
China's soft power in 21st century .pptx
China's soft power in 21st century .pptxChina's soft power in 21st century .pptx
China's soft power in 21st century .pptxYasinAhmad20
 
Defensa de JOH insiste que testimonio de analista de la DEA es falso y solici...
Defensa de JOH insiste que testimonio de analista de la DEA es falso y solici...Defensa de JOH insiste que testimonio de analista de la DEA es falso y solici...
Defensa de JOH insiste que testimonio de analista de la DEA es falso y solici...AlexisTorres963861
 
1971 war india pakistan bangladesh liberation.ppt
1971 war india pakistan bangladesh liberation.ppt1971 war india pakistan bangladesh liberation.ppt
1971 war india pakistan bangladesh liberation.pptsammehtumblr
 
Kishan Reddy Report To People (2019-24).pdf
Kishan Reddy Report To People (2019-24).pdfKishan Reddy Report To People (2019-24).pdf
Kishan Reddy Report To People (2019-24).pdfKISHAN REDDY OFFICE
 
Enjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort ServiceDelhi Call girls
 
Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 47 (Gurgaon)
Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 47 (Gurgaon)Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 47 (Gurgaon)
Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 47 (Gurgaon)Delhi Call girls
 
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...narsireddynannuri1
 
06052024_First India Newspaper Jaipur.pdf
06052024_First India Newspaper Jaipur.pdf06052024_First India Newspaper Jaipur.pdf
06052024_First India Newspaper Jaipur.pdfFIRST INDIA
 
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreie
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreieGujarat-SEBCs.pdf pfpkoopapriorjfperjreie
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreiebhavenpr
 
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopko
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopkoEmbed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopko
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopkobhavenpr
 
AI as Research Assistant: Upscaling Content Analysis to Identify Patterns of ...
AI as Research Assistant: Upscaling Content Analysis to Identify Patterns of ...AI as Research Assistant: Upscaling Content Analysis to Identify Patterns of ...
AI as Research Assistant: Upscaling Content Analysis to Identify Patterns of ...Axel Bruns
 
Powerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost LoverPsychicRuben LoveSpells
 

Dernier (20)

THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...
THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...
THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...
 
Enjoy Night⚡Call Girls Iffco Chowk Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Iffco Chowk Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Iffco Chowk Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Iffco Chowk Gurgaon >༒8448380779 Escort Service
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
 
{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...
{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...
{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...
 
BDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort Service
 
Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 46 (Gurgaon)
Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 46 (Gurgaon)Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 46 (Gurgaon)
Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 46 (Gurgaon)
 
Embed-4.pdf lkdiinlajeklhndklheduhuekjdh
Embed-4.pdf lkdiinlajeklhndklheduhuekjdhEmbed-4.pdf lkdiinlajeklhndklheduhuekjdh
Embed-4.pdf lkdiinlajeklhndklheduhuekjdh
 
₹5.5k {Cash Payment} Independent Greater Noida Call Girls In [Delhi INAYA] 🔝|...
₹5.5k {Cash Payment} Independent Greater Noida Call Girls In [Delhi INAYA] 🔝|...₹5.5k {Cash Payment} Independent Greater Noida Call Girls In [Delhi INAYA] 🔝|...
₹5.5k {Cash Payment} Independent Greater Noida Call Girls In [Delhi INAYA] 🔝|...
 
China's soft power in 21st century .pptx
China's soft power in 21st century .pptxChina's soft power in 21st century .pptx
China's soft power in 21st century .pptx
 
Defensa de JOH insiste que testimonio de analista de la DEA es falso y solici...
Defensa de JOH insiste que testimonio de analista de la DEA es falso y solici...Defensa de JOH insiste que testimonio de analista de la DEA es falso y solici...
Defensa de JOH insiste que testimonio de analista de la DEA es falso y solici...
 
1971 war india pakistan bangladesh liberation.ppt
1971 war india pakistan bangladesh liberation.ppt1971 war india pakistan bangladesh liberation.ppt
1971 war india pakistan bangladesh liberation.ppt
 
Kishan Reddy Report To People (2019-24).pdf
Kishan Reddy Report To People (2019-24).pdfKishan Reddy Report To People (2019-24).pdf
Kishan Reddy Report To People (2019-24).pdf
 
Enjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort Service
 
Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 47 (Gurgaon)
Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 47 (Gurgaon)Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 47 (Gurgaon)
Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 47 (Gurgaon)
 
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...
 
06052024_First India Newspaper Jaipur.pdf
06052024_First India Newspaper Jaipur.pdf06052024_First India Newspaper Jaipur.pdf
06052024_First India Newspaper Jaipur.pdf
 
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreie
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreieGujarat-SEBCs.pdf pfpkoopapriorjfperjreie
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreie
 
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopko
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopkoEmbed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopko
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopko
 
AI as Research Assistant: Upscaling Content Analysis to Identify Patterns of ...
AI as Research Assistant: Upscaling Content Analysis to Identify Patterns of ...AI as Research Assistant: Upscaling Content Analysis to Identify Patterns of ...
AI as Research Assistant: Upscaling Content Analysis to Identify Patterns of ...
 
Powerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost Lover
 

Improving cyber-security through acquisition

  • 1. U.S. General Services Administration Presentation to: Software and Supply Chain Assurance Forum Improving Cybersecurity through Acquisition Emile Monette Senior Advisor for Cybersecurity GSA Office of Mission Assurance emile.monette@gsa.gov March 18, 2014
  • 2. 2 Background: We Have a Problem  When the government purchases products or services with inadequate in-built “cybersecurity,” the risks created persist throughout the lifespan of the item purchased. The lasting effect of inadequate cybersecurity in acquired items is part of what makes acquisition reform so important to achieving cybersecurity and resiliency.  Currently, government and contractors use varied and nonstandard practices, which make it difficult to consistently manage and measure acquisition cyber risks across different organizations.  Meanwhile, due to the growing sophistication and complexity of ICT and the global ICT supply chains, federal agency information systems are increasingly at risk of compromise, and agencies need guidance to help manage ICT supply chain risks
  • 3. Executive Order 13636  Section 8(e) of the EO required GSA and DoD to: “… make recommendations to the President, … on the feasibility, security benefits, and relative merits of incorporating security standards into acquisition planning and contract administration”  Report signed January 23, 2014 (http://gsa.gov/portal/content/176547)  Recommends six acquisition reforms: I. Institute Baseline Cybersecurity Requirements as a Condition of Contract Award for Appropriate Acquisitions II. Address Cybersecurity in Relevant Training III. Develop Common Cybersecurity Definitions for Federal Acquisitions IV. Institute a Federal Acquisition Cyber Risk Management Strategy V. Include a Requirement to Purchase from Original Equipment Manufacturers, Their Authorized Resellers, or Other “Trusted” Sources, Whenever Available, in Appropriate Acquisitions VI. Increase Government Accountability for Cyber Risk Management 3
  • 4. NSCS Response to Recommendations  “DoD and GSA did an outstanding job engaging with public and private sector stakeholders to craft the report and provided realistic recommendations that will improve the security and resilience of the nation when implemented. Moving forward, we highlight that:  We view the core recommendation to be the focus on incorporating cyber risk management into enterprise acquisition risk management, built on “cybersecurity hygiene” baseline requirements for all IT contracts.  DoD and GSA must now move quickly to provide an implementation plan that includes milestones and specific actions to ensure integration with the various related activities like supply chain threat assessments and anti-counterfeiting.  DoD and GSA should ensure the highest level of senior leadership endorsement, accountability, and sustained commitment to implementing the recommendations through near and long term action. This should be communicated clearly to the Federal workforce, government contractors, and the oversight and legislative communities.” 4
  • 5. Now What?  Implementation Plan – Translate recommendations into actions and outcomes Iterative process; sequential and concurrent implementation Address recommendations in order of implementation  Open, collaborative, stakeholder-centric process Request for public comment 45 days (Responses due 28 Apr) In-person meetings Press / Media coverage 5
  • 6. Emile’s Implementation Buzzword Imperfect [im-pur-fikt] – of, pertaining to, or characterized by defects or weaknesses: Le mieux est l'ennemi du bien. 6
  • 7. The first recommendation to be implemented… IV. Institute a Federal Acquisition Cyber Risk Management Strategy – From a government-wide cybersecurity perspective, identify a hierarchy of cyber risk criticality for acquisitions. To maximize consistency in application of procurement rules, develop and use “overlays” for similar types of acquisition, starting with the types of acquisitions that present the greatest cyber risk. – The government needs an interagency acquisition cyber risk management strategy that requires agencies to ensure their performance meets strategic cyber risk goals for acquisition and is part of the government’s enterprise risk management strategy. The strategy should be based on a government-wide perspective of acquisition, and be primarily aligned with the methodologies and procedures developed to address cyber risk in the Cybersecurity Framework. It should identify a hierarchy of cyber risk criticality for acquisitions and include a risk- based prioritization of acquisitions. The risk analysis should be developed in alignment with the Federal Enterprise Architecture and NIST Risk Management Framework (RMF). 7
  • 8. About the Acquisition Cyber Risk Management Strategy • Why this one first? Provides necessary foundation for remaining recommendations • What is it? Draws from the sourcing practices of spend analysis, strategic categorization of buying activities, and category management, combined with application of information security controls and safeguards and procurement risk management practices like pricing methodology, source selection, and contract performance management. • How? Three-step process that produces: Category Definitions, Risk Prioritization, and Overlays 8
  • 9. Category Definitions 1. Grouping similar types of acquisitions together based on characteristics of the product or service being acquired, supplier or market segments, and prevalent customer/buyer behavior. – Categories must be right-sized – broad enough to be understandable and provide economies of scale, but specific enough to enable development of Overlays that provide meaningful, adequate and appropriate safeguards for the types of risks presented by the products or services in the Category – Determine which Categories present potential cyber risk • “Do purchases made in this Category present cyber risk to any possible end user?” 9
  • 10. Risk Assessment and Prioritization 3. Produce a hierarchy of Categories based on comparative cyber risk. – “Which of the Categories presents the greatest cyber risk as compared to the other Categories? – The Category that is determined to have the highest risk through a comparative assessment would be the first one for which an Overlay is developed. • Unless….there is a compelling opportunity to develop Overlays for a different Category first… – Risk hierarchy provides reasoning – where a Category is determined to have higher risk relative to other types of acquisitions, the level of resources expended to address those risks will also be justifiably higher. 10
  • 11. Overlays 4. Develop Overlays – a tool for acquisition officials to use throughout the acquisition lifecycle, and include: – An articulation of the level of risk presented by the Category derived from the risk assessment; – A specific set of minimum controls that must be included in the technical specifications, acquisition plan, and during contract administration and performance for any acquisition in the Category; – The universe of additional controls that are relevant to the Category but are not required in the minimum (i.e., a “menu”), and – Examples of sets of the identified additional controls that apply to particular use cases (e.g., FIPS 199 High or Moderate system acquisition), as applicable. 11
  • 12. Federal Register Notice & Request for Comment • Joint Working Group on Improving Cybersecurity and Resilience Through Acquisition, 79 Fed. Reg. 14042 (Mar. 12, 2014); responses due 28 Apr • Directs readers to http://gsa.gov/portal/content/176547 – Memo for Commenters – context and caveats – Draft Implementation Plan • Background, assumptions, constraints, etc., process map for implementation of recommendations • Will include an Appendix for each recommendation – Appendix I • Presents a notional “model” for category definitions, including taxonomy based on PSCs 12
  • 13. A compelling opportunity…….. • Alliant II – The Alliant program office seeks to develop and implement a robust set of cybersecurity protections for the forthcoming Alliant II GWAC – Contract Overlays 1. Develop a “cross-walk” that maps the PSCs identified as within scope of Alliant 2 (https://interact.gsa.gov/document/interact-question-2- %E2%80%93-product-service-codes-pscs) to the Category definitions in the draft GSA-DoD Implementation Plan for the recommendations included in the joint report Improving Cybersecurity and Resilience through Acquisition (http://www.gsa.gov/portal/content/176547). 2. Identify Cybersecurity Framework controls applicable to the Alliant contract. 3. Identify acquisition safeguards/controls applicable to the Alliant contract 13