Cyber Security - PowerPoint PPT Presentation

1 / 7
About This Presentation
Title:

Cyber Security

Description:

OCS delegates to Echelon 2 ISO the Cyber Security input into the ... Office of Cyber Security. 6. Risks of not establishing Echelon 2 ISO Authorities ... – PowerPoint PPT presentation

Number of Views:26
Avg rating:3.0/5.0
Slides: 8
Provided by: va5
Category:
Tags: cyber | security

less

Transcript and Presenter's Notes

Title: Cyber Security


1
Department of Veterans Affairs CIO Conference
Cyber Security Report Out
August 15, 2002
2
Cyber Security Organization
4
ADAS
Government FTEs 95
10
8
25
8
10
20
10
Program Management
Business Assurance
Infrastructure Protection
Training Development
Policy, CHIS, Privacy
Technology
Field Operations
Echelon 2 ISO Office
VA-CIRC
Echelon 2 ISO Office
Echelon 2 ISO Office
Echelon 2 ISO Office
Echelon 2 ISO Office
Echelon 2 ISO Office
Echelon 2 ISO Office
SOC
SOC
  • Strengths
  • One VA organization - Functionally-based
  • Aligned / Responsive to Field - Unambiguous
    lines of authority
  • No increase in FTE

3
CONOPS Direction on Echelon 3 ISO Reporting
Relationship
OCS
Echelon 2 ISO
Echelon 2 CIO
Facility Director
Echelon 3 ISO
Facility IRM
4
Strengthen the Dotted Line Cyber Security
Requirements
  • Echelon 2 ISO Office Authorities include
  • Budget - Task Echelon 3 ISOs
  • Administrative - Echelon 3 ISO Appraisal Input
    / Endorsement
  • Training - Professionalization
  • Echelon 3 ISO rotation assignments to support
    career path to Echelon 2
  • Echelon 2 ISO Office has Concurrence on
  • Echelon 3 Spend Plans / Acquisitions for Cyber
    Security
  • Echelon 3 Local Cyber Security Policies
  • Echelon 3 ISO Hiring / Firing / Transfers
  • Echelon 2 ISO Office staffing gt 1 person
  • Administration - Training / Professionalization
  • Budget - Concurrence
  • Technical - Echelon 3 ISO Appraisal
    Endorsement
  • Centralized Baseline Security Standards for all
    Echelon 3 facilities

5
Strengthen the Dotted Line Cyber Security
Requirements (cont.)
  • Echelon 3 ISO can task Echelon 3 IRM
  • Echelon 2 ISO Office audits Echelon 3 IRM
  • Echelon 2 ISO Office Training / Travel Budget
  • Echelon 2 ISO Office Operations Budget
  • Penetration Testing - VA-CIRC task orders
  • Access to all Echelon 3 people and facilities as
    needed
  • Participate in Echelon 3 ISO Recruiting
  • Echelon 3 ISO reports directly to the Facility
    Director (not an
  • assistant Director or lower, or Facility
    IRM)
  • OCS delegates to Echelon 2 ISO the Cyber
    Security input into the
  • Facility Director Performance Appraisal

6
Risks of not establishing Echelon 2 ISO
Authorities
  • Inconsistent Local / OneVA Cyber Security
    Policies
  • Inconsistent baseline security standards across
    Facilities
  • Communications with IRM will not be Free and
    Open
  • Information filtering to Echelon 2 ISO because
    the Facility Director
  • does Echelon 3 ISO performance appraisal
  • Inadequate Resources / Training / Skills to
    perform ISO mission
  • Inadequate access to information, systems, and
    people to perform
  • ISO mission
  • Diversion of Security resources to non-Security
    spending
  • The Boundary of the VA Enterprise will not be
    secure
  • Confidentiality, Integrity, and Availability of
    Veteran data will be
  • compromised
  • Fraud, Waste, and Abuse of VA financial data

7
Cyber Security Action Plan August 2002 CIO
Conference
Write a Comment
User Comments (0)
About PowerShow.com