Information Assurance ' ' ' An Integrated Approach To Security

1
Information Assurance . . . An Integrated
Approach To Security

• An integrated approach to mission support
• Steve Haynes, Director Federal Security
  Solutions, CSC
• June 10 11, 2004

2
Agenda

• Background Information
• Information Assurance . . . An Integrated
  Approach To Security
• Risk Management . . . Net-Centric Enterprise
  Approach

3
Background Information


4
Background Information
5
Background Information

• Tip of Iceberg
• External Malicious Acts
• Up 26
• Employee Malicious Acts
• Up 13
• Victims of Industrial Espionage
• up 32
• Insider Human Resources As An Obstacle
• up 55

IS IT SAFE?
6
Background Information
7
Information Assurance . . . An Integrated
Approach To Security

• Information Assurance
• Measures taken to protect and defend our
  information and our information systems by
  ensuring confidentiality, integrity, availability
  and accountability extended to restoration with
  protect, detect, monitor, and react capabilities

8
Risk Management . . . An Integrated Approach to
Security

• Policy
• Assets
• Technology
• Physical
• Personnel
• Environmental

The sum of these areas of security is how CSC
approaches Risk Management.
9
Risk Management . . . Netcentric Enterprise
Approach
Threat - The likelihood that someone will attack
an operating environment using a given scenario.
Threat is a function of the attackers means and
motivation. An attack may not be deliberate, but
may be as simple as a mistake.
Risk Assessment - An analysis of an operating
environment including policies, assets, threats,
vulnerabilities and countermeasures and including
return on investments (ROI) to establish a
metrics based expectation of a loss from
certain events based on estimated probabilities
of occurrence.
Information Assurance
10
Risk Management . . . Netcentric Enterprise
Approach
11
Risk Management . . . Netcentric Enterprise
Approach
12
Risk Management . . . Netcentric Enterprise
Approach
13
Experience. Results.