An American perspective of Data Fighting.


56 views
Uploaded on:
Category: Home / Real Estate
Description
counting Title X, Subtitle G,
Transcripts
Slide 1

Address 6 Lecture 6 An American perspective of Information Warfare Mohamed Sharif

Slide 2

Review What is Internet? What do we have to ensure? Risk Motivation Attack Types Security Objectives Security components

Slide 3

United States United States is the staying super power on the planet and is focus for assaults by anybody in anyplace on the planet United States is data ward and data driven country state Heavily hand-off on high-innovation to meet the protection and offense needs of the military

Slide 4

United States (Conti.) United States is the pioneer in term data fighting techniques and strategies, and weapons frameworks and also vulnerabilities. A large number of world\'s country states have taken data fighting improvements in the unified states and embraced them to meet their own data fighting needs. Beds

Slide 5

US perspective of IW US philosophy of IW is as per the following: Offense Disrupt, misuse, degenerate foe data and data frameworks Defense Protect US data and data frameworks

Slide 6

US View of IW Offense Target Counter, upset foe\'s C 3 Disrupt, abuse, degenerate the foe\'s data frameworks Both military and regular citizen Techniques of assault Jamming Hacking into data frameworks Breaking Cryptography Physical Destruction Deception Psychological Operations

Slide 7

US IW Agencies National Security Council US Congress CIA DoD JCS, NSA, DIA, DISA, DoAF, DoN, DoA, DARPA DoHS FBI, NIPC, CG Department of Commerce NIST CERT

Slide 8

US View of IW Defense Protect Environment Threat Knowledge Identities and goals of conceivable assailants Techniques and strategies for conceivable assault Potential targets Indication and Warning Detection, Tracking, Identification, and Analysis of assaults Restoration Response Aimed at Attack Cooperation amongst government and private area

Slide 9

Sources of IT Policy Public Law Presidential Directives Office of Management and Budget OMB\'s transcendent mission is to help the President in administering the arrangement of the Federal spending plan and to regulate its organization in Executive Branch offices. OMB assesses the adequacy of office projects, arrangements, and methodology, surveys contending financing requests among organizations, and sets subsidizing needs.

Slide 10

Sources of IT Policy (Cont.) General Accounting Office GAO informs Congress and the heads with respect to official organizations about approaches to make government more viable and responsive. GAO assesses government programs, reviews elected consumptions, and issues legitimate sentiments. National Institute of Standards and Technology Founded in 1901, NIST is a non-administrative government office inside the U.S. Business Department\'s Technology Administration. NIST\'s main goal is to create and advance estimations, models, and innovation to upgrade profitability, encourage exchange, and enhance the personal satisfaction.

Slide 11

Major Legislation Computer Security Act of 1987 This statute set the phase for ensuring frameworks by classifying the prerequisite for vast IT security arranging and preparing. http://csrc.nist.gov/secplcy/csa_87.txt Paperwork Reduction Act of 1995. The PRA set up an extensive data assets administration structure including security and subsumed the security obligations of the Computer Security Act of 1987. http://www.rdc.noaa.gov/~pra/pralaw.htm Clinger-Cohen Act of 1996 . This Act connected security to organization capital arranging and spending forms, built up office Chief Information Officers, and re-systematized the Computer Security Act of 1987. http://www.cio.gov/docs/s1124_en.htm

Slide 12

Major Legislation Defense Authorization Act (P.L. 106-398) including Title X, Subtitle G, "Government Information Security Reform" (GISRA). Principally addresses the project administration and assessment parts of security http://csrc.nist.gov/arrangements/Subtitle-G2.pdf HIPAA - The Health Insurance Portability & Accountability Act of 1996 Public Law 104-191, which alters the Internal Revenue Service Code of 1986. Otherwise called the Kennedy-Kassebaum Act. Requires enhanced proficiency in human services conveyance by institutionalizing electronic information exchange, and assurance of privacy and security of wellbeing information through setting and authorizing norms . http://www.hcfa.gov/hipaa/hipaahm.htm

Slide 13

Presidential Directives Presidential Decision Directive 63, "Protecting America\'s Critical Infrastructures." This mandate determines organization obligations regarding securing the country\'s framework; evaluating vulnerabilities of open and private divisions; and killing vulnerabilities. http://www.cybercrime.gov/white_pr.htm Presidential Decision Directive 67, "Enduring Constitutional Government and Continuity of Government." Relates to guaranteeing protected government, coherence of operations (COOP) arranging, and congruity of government (COG) operations. http://www.fas.org/irp/offdocs/pdd/fpc-65.htm

Slide 14

OMB Policies Office of Management and Budget Circular A-130, "Management of Federal Information Resources", Appendix III, "Security of Federal Automated Information Resources." Establishes a base arrangement of controls to be incorporated into Federal IT security programs http://www.whitehouse.gov/omb/booklets/a130/a130.html OMB Memorandum 01-24, "Reporting Instructions for the Government Information Security Reform Act." This notice gives directions to organizations on the most proficient method to consent to the GISRA. http://www.whitehouse.gov/omb/memoranda/m01-24.pdf

Slide 15

OMB Policies (Cont.) OMB Memorandum 99-18, "Privacy Policies on Federal Web Sites." This notice guides Departments and Agencies to post clear security strategies on World Wide Web destinations, and gives direction to doing as such. http://www.whitehouse.gov/omb/memoranda/m99-18.html OMB Memorandum 00-13, "Privacy Policies and Data Collection on Federal Web Sites." The reason for this update is an update that every office is required by law and approach to set up clear security arrangements for its web exercises and to consent to those strategies. http://www.whitehouse.gov/omb/memoranda/m00-13.html

Slide 16

GAO Guidance General Accounting Office "Federal Information System Control Audit Manual" (FISCAM). The FISCAM procedure gives direction to examiners in assessing inside controls over the classification, respectability, and accessibility of information kept up in PC based data frameworks. http://www.gao.gov/special.pubs/ai12.19.6.pdf Best Practices Executive Guide: Information Security Management: Learning From Leading Organizations. GAO/AIMD-98-68. May, 1998. http://www.gao.gov/special.pubs/ai9868.pdf

Slide 17

GAO Guidance (Cont.) Information Security Risk Assessment: Practices of Leading Organizations. GAO/AIMD-00-33 November, 1999 http://www.gao.gov/special.pubs/ai00033.pdf

Slide 18

NIST Standards and Guidance NIST Special Publication 800-14, "Generally Accepted Principles and Practices for Security Information Technology Systems", September 1996. This production guides associations on the sorts of controls, destinations, and methodology that include a successful security program. http://csrc.nist.gov/productions/nistpubs/800-14/800-14.pdf NIST Special Publication 800-18, "Guide for Developing Security Plans for Information Technology Systems", December 1988. This distribution points of interest the particular controls that ought to be recorded in a security arrangement . http://csrc.nist.gov/productions/nistpubs/800-18/Planguide.PDF

Slide 19

NIST Standards and Guidance (Cont.) NIST Special Publication 800-27, " Engineering Principles for Information Technology Security (A Baseline for Achieving Security), June 2001. This production displays a rundown of framework level security standards to be considered in the configuration, improvement, and operation of a data framework. http://csrc.nist.gov/distributions/nistpubs/800-27/sp800-27.pdf Federal Information Processing Standards. These records contains administrative and official commands for enhancing the use and administration of PCs and IT frameworks in the Federal Government. http://csrc.nist.gov/productions/fips/index.html

Slide 20

Export Licensing During the Clinton organization, encryption was exchanged to control by the Commerce Dept. It had beforehand been controlled by Dept of State as ammo. This made it less demanding for worldwide companies to execute ecommerce applications (reserves exchange, online charge card information, and so on.) US Dept. of Commerce Exporting Basics Bureau of Industry and Security Export of Property having a place with Terrorists Technology Transfer Commercialization Act of 2000

Slide 21

The right of the general population to be secure in their people, houses, papers, and impacts, against outlandish ventures and seizures, should not be abused, and no warrants might issue, but rather upon reasonable justification, upheld by vow or insistence, and especially depicting the spot to be sought, and the people or things to be seized. US Constitution – Bill of Rights Fourth Amendment Law, Privacy, and the privileges of natives in a free society

Slide 22

What are the risks to a free society of over the top access to data by government organizations? For quite a few years political captures were recognized in our nation unequivocally by the way that the general population were captured who were blameworthy of nothing and were thusly ill-equipped to set up any resistance at all… . An accommodating sheep is a find for a wolf. - A. Solzhenitsyn, The Gulag Archipelago

Slide 23

USA Patriot Act (USAPA) Broadens wiretapping abilities by knowledge organizations. Branch libraries in Santa Cruz (CA) County have posted signs cautioning supporters that "although the Santa Cruz Library attempts to secure your protection, under the government USA PATRIOT ACT (Public Law 107-56)

Recommended
View more...