SAFEGUARD

1
SAFEGUARD

• The Lifecycle of Information Assurance

2
Safeguard The Concept
Protection of our nations critical
infrastructures and resources to ensure the
integrity and security of our nations
electronically interconnected government,
businesses, and citizens.
2
3

Government Directives

• Executive Order for Critical Infrastructure
  Protection in the Information Age (EO 13231)
• Government Information Security Reform Act
  (GISRA)
• OMB Circular A-130
• Presidential Decision Directives PDD-62 , 63,
  and 67
• Government Paperwork Elimination Act (GPEA)
• Computer Security Act of 1987
• Information Technology Management Reform Act of
  1996 (Clinger Cohen Act)

3
4

Emerging Threats

• Cyber-based Attacks
• Terrorist Acts
• Natural Causes
• Physical Destruction

4
5
Critical Infrastructure

• Telecommunications
• Energy
• Banking Finance
• Transportation
• Water Systems Emergency Services
• Essential Government Services

5
6

Information Assurance Lifecycle
Federal Agencies Frequent Change of Business
Models Adopt Structured, Comprehensive
Framework to Manage Security Risks. Agencies
Must Meet Reporting and Review Requirements Major
Phases Involved with Life Cycle
Assess
Monitor
Validate
Safeguard
Protect
Train
Implement
6
7

• Information Assurance Lifecycle

• Security Planning and Compliance
• Security Policy and
• Procedures
• Security
• Architecture
• Security Plans
• Security Audits
• COOP
• Assessment Services
• Vulnerability
• Assessment
• Threat-based Risk
• Assessment
• Information Security
• Program Review

Assess Identify Assets Assess
Vulnerabilities Measure Compliance
Assess
Safeguard
7
8

Information Assurance Lifecycle

• Validation Support
• Threat-based
• Vulnerability Updates
• Testing of Controls
• Management
• Administrative
• Technical
• Certification/Accreditation
• Solution-set
• Documentation
• Security Test Evaluation
• Disaster Recovery Testing
• Business Continuity Plan Testing

VALIDATE Effectiveness Ensure
Accountability Performance Measures

Validate
Safeguard
8
9

• Information Assurance Lifecycle

• Awareness Security Training
• Different Types
• Threat Briefings
• Awareness
• Technical
• Different delivery
• Mechanisms
• Classroom
• Online
• Handout
• Materials

TRAIN Management Administrative User Technical


Safeguard
Train
9
10
Information Assurance Lifecycle

• Secure Systems Engineering
• Secure Application Development and Integration
• Infrastructure
• Enhancement
• Operational Procedures
• Trusted Facilities Manual
• Security Users Guide
• Access Control
• Perimeter Protection
• Firewalls
• Virtual Private Networks

IMPLEMENT Procedures Enhancements Controls Pr
otection

Safeguard
Implement
10
11
Information Assurance Lifecycle

Systems Engineering - Operating System
Updates - Virus Protection - Partner
Connections - Interoperability Testing Public
Key Infrastructure/Cryptology - PKI
Certificate Authority - ACES - Secure
Messaging Access Control - Smart Media and
Biometrics - Single Sign On Perimeter
Protection - Firewalls - Virtual Private
Networks Business Continuity Planning
PROTECT Control Access Business
Integrity Managed Security
Safeguard
Protect
11
12
Information Assurance Lifecycle

• Intrusion Detection
• Analysis Response
• Host Based
• Network Based
• Managed Security
• Services
• Security Monitoring
• Management
• Configuration Control
• Managed PKI
• Virus/Malicious Code
• Network Security Mgmt.
• Firewalls
• Proactive Scanning
• Monitoring

MONITOR Maintain Analyze Prepare
CISS Safeguard Program Policies,
Standards and Procedures
Monitor
Safeguard
12
13
Information Assurance Lifecycle
Assess
Validate
Train
Implement
Protect
Monitor

• Risk Report
• Security
• Policy
• Procedures
• Review
• Report
• Security
• Architecture
• Analysis
• Report
• Security
• Plans
• Review
• Report
• COOP
• Report

• Enterprise
• Security
• Program
• Implementation
• Report
• Security
• Architecture
• Implementation
• Report

• Delivery Mechanisms
• Identification
• Report
• Training
• Reports
• End-user
• Security
• Manuals

• Perimeter
• Protection
• Methodologies
• Perimeter
• Protection
• Implementation
• Report

• Trends
• Analysis
• Attack
• Reports
• Intelligence
• Reports

• Technical
• Vulnerability
• Assessment
• Report
• STE
• Report
• Disaster
• Recovery
• Testing
• Report
• Business
• Continuity
• Plan Testing
• Report

13
14

• CLIENT BENEFITS
• Customer-focused Security
• Programs
• Enterprise-wide Security
• Solutions
• Leading Industry Partners
• Ultra-competitive
• Environment
• Technical Project
• Managers
• Efficient Acquisition Cycle

Your Future
Customer
Efficiency
Solutions
Partnership

Technical
Leading
Competitive
14
15
enter for Information Security Services (CISS)
Industry Partners

• ACS Defense, Inc.
• Anteon Corporation
• AverStar, Inc.
• BBNT Solutions, LLC
• BearingPoint, LLC
• Booz-Allen Hamilton, Inc.
• CACI Technologies, Inc.
• Computer Sciences Corp.
• DynCorp Information System, LLC
• EDS Corp.
• Electronic Warfare Associates, Inc.
• GRC International, Inc.
• IBM Corporation
• KEI Pearson, Inc.

• LE Associates, Inc.
• Litton/PRC, Inc.
• Litton/TASC, Inc.
• Lockheed Martin, Inc.
• Maximus
• Northrop Grumman Info. Tech., Inc.
• SAIC
• SRA International, Inc.
• STG, Inc.
• Telos Corporation
• TRW, Inc.
• Unisys Corporation
• Veridian Information Solutions, Inc.

15
16
Center for Information Security Services (CISS)
Contact Information
Business Development
Michael Campbell 202-708-7301
michael.campbell_at_gsa.gov
Safeguard Program Manager
Don Carlson 202-708-7531 donald.carlson_at_gsa.go
v
Safeguard Contracting Officer
Howard Parker 202-401-7139 howard.parker_at_gsa.g
ov
www.gsa.gov/safeguard
16
17
Thank You!
www.gsa.gov/safeguard
17