Agency Security Update Service (ASUS) - PowerPoint PPT Presentation

1 / 9
About This Presentation
Title:

Agency Security Update Service (ASUS)

Description:

Mike Bolger KSC CIO ASUS Data Collection The ASUS Project collects Enterprise IT Security Data: Patch Management 80,000+ devices Software Inventory 80,000 ... – PowerPoint PPT presentation

Number of Views:27
Avg rating:3.0/5.0
Slides: 10
Provided by: LMIT4
Learn more at: https://www.nasa.gov
Category:

less

Transcript and Presenter's Notes

Title: Agency Security Update Service (ASUS)


1
Agency Security Update Service (ASUS)
Mike Bolger KSC CIO
2
ASUS Data Collection
  • The ASUS Project collects Enterprise IT Security
    Data
  • Patch Management 80,000 devices
  • Software Inventory 80,000 devices
  • Federal Desktop Core Configuration (FDCC)
    60,000 devices
  • Network Vulnerability 120,000 devices
  • Network Inventory 120,000 devices
  • Data is stored in IT Security Enterprise Data
    Warehouse (ITSEC-EDW)
  • Provides centralized one-stop-shop for IT
    Security Data

3
Continuous Monitoring / Reporting
Example Data
4
Continuous Monitoring / Reporting
List of Vulnerabilities By Center Or Security Plan
Drill down to a list of Workstation/server
with vulnerabilities
  • Interactive website provides searchable reports

5
Continuous Monitoring
  • The Agency is focusing on expanded Continuous
    Monitoring in alignment to proposed FISMA changes
  • ASUS Team is currently providing Continuous
    Monitoring for
  • Patch Management
  • Software Inventory
  • Network Inventory
  • Network Vulnerabilities
  • Developing automated methods to Continuously
    Monitor NIST 800-53 Controls (IT System Security
    Plans)

6
IT Security Risk-Based Reporting
  • Continuous Monitoring will feed NASA IT Security
    Risk Score
  • Provide overall Risk score for a Security Plan,
    Center and the Agency
  • Helps focus workforce to problem areas
  • Puts focus on reducing risk, not just meeting
    metrics

7
Collaboration with other NASA projects
  • ASUS Project is working to add IT Security Data
    Sources
  • Incident data from the NASA SOC
  • Antivirus data from ODIN
  • DHCP data from IPAM
  • Application data from Agency Data Center
    Consolidation (ADCC)
  • The ASUS Project is a preventative tool in NASAs
    IT Security arsenal

8
Patch Management Solution
  • Agency is moving to a new Patch Management
    Solution
  • Reached the potential of the PatchLink product
  • Selected product
  • Benefits
  • More robust Agent
  • Scalable to meet NASAs complex architecture
  • Follows OVAL standards
  • Provides additional functionality
  • Agent on a USB Stick
  • Network Inventory to locate machines missing an
    Agent
  • Appliance reduces costs and maintenance for the
    Agency

9
Agency Data Center Consolidation (ADCC)
  • Collaborating with the Agency Data Center
    Consolidation (ADCC) Project
  • OMB has come out with the Federal Data Center
    Consolidation Initiative
  • Goal is to reduce overall costs and energy
    consumption
  • ADCC is preparing to deploy an Inventory and
    Application Mapping tool in all NASA Data Centers
  • Application Mapping tells us what is required
    to move a service (i.e. Tech Doc)
  • ASUS team will be providing the technical
    expertise to coordinate the deployment of the
    automated tool across the Agency
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Agency Security Update Service (ASUS)" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!