col (r) michael f. brown director, information systems security cyber security: an educator’s...
TRANSCRIPT
![Page 1: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/1.jpg)
COL (R) Michael F. Brown
Director, Information Systems Security
Cyber Security:
An Educator’s Challenge
![Page 2: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/2.jpg)
2
TSD REPLAY, SEPTEMBER 11, 2001TSD REPLAY, SEPTEMBER 11, 2001
Prepared By: Prepared By:
Air Traffic Tactical OperationsAir Traffic Tactical Operations
LOWER 48 STATESLOWER 48 STATES
![Page 3: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/3.jpg)
3
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 4: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/4.jpg)
4
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 5: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/5.jpg)
5
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 6: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/6.jpg)
6
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 7: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/7.jpg)
7
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 8: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/8.jpg)
8
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 9: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/9.jpg)
9
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 10: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/10.jpg)
10
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 11: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/11.jpg)
11
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 12: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/12.jpg)
12
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 13: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/13.jpg)
13
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 14: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/14.jpg)
14
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 15: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/15.jpg)
15
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 16: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/16.jpg)
16
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 17: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/17.jpg)
17
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 18: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/18.jpg)
18
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 19: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/19.jpg)
19
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 20: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/20.jpg)
20
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 21: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/21.jpg)
21
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 22: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/22.jpg)
22
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 23: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/23.jpg)
23
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 24: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/24.jpg)
24
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 25: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/25.jpg)
25
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 26: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/26.jpg)
26
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 27: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/27.jpg)
27
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 28: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/28.jpg)
28
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 29: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/29.jpg)
29
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 30: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/30.jpg)
30
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 31: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/31.jpg)
31
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 32: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/32.jpg)
32
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 33: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/33.jpg)
33
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 34: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/34.jpg)
34
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 35: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/35.jpg)
35
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 36: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/36.jpg)
36
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 37: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/37.jpg)
37
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 38: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/38.jpg)
38
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 39: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/39.jpg)
39MENU
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
![Page 40: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/40.jpg)
40
PMAPMA
FISMAFISMA
Sarbains OxleySarbains Oxley
Business RequirementsBusiness Requirements
Business StrategyBusiness Strategy
National Cyber Strategy
“CALL TO ACTION”
•Federal Regulations
•Customer Requirements
•Strategy
![Page 41: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/41.jpg)
41
WELCOME TO THE EXCITING WORLD OF HPVAC
HACKINGHACKINGPHREAKINGPHREAKING
VIRIVIRIANARCHYANARCHYCARDING/CARDING/CELLULARCELLULAR
![Page 42: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/42.jpg)
42
HACKED WWW HOMEPAGES
CIA HOMEPAGE
DOJ HOMEPAGE
USAF HOMEPAGE
![Page 43: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/43.jpg)
43
The mission of the Information Security department is to protect the information assets, the information systems, and the networks that deliver theinformation from damage resulting from failures of confidentiality, integrity, andavailability.
Security’s objective is to enhance the productivity of the business by reducingprobability of loss through the design and implementation of policy, standards,procedures, and guidelines that enhance the protection of business assets.
Defining the Role
“Departmentally” Specific ……
Business Objective ……
![Page 44: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/44.jpg)
44
Resou
rces
Resou
rces
NationalNational
CyberCyber
SecuritySecurity
StrategyStrategyRequirements
Requirements
Strategy Determines Requirements and
Requirements Drive Resources
TOA
Strategy
StrategyStrategyStrategy
OperationalOperational
RequirementsRequirements
Mission NeedsMission Needs
The Business PlanThe Business Plan
The Flight Plan The Flight Plan GoalsGoals
ObjectivesObjectives
Sub-ObjectivesSub-Objectives
Prioritized TasksPrioritized Tasks
FA
A C
ybe r S
ec urit y
FA
A C
yber S
e cur ity
Str ate g
yS
t rat egy
Fed
era l Info
r ma tio
nF
e de ral In
form
ati on
Sec u
r ity Man
agem
ent A
c tS
e curity M
a na g
emen
t Act
LOB Participation and Influence
ExternalInternalDrivers
![Page 45: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/45.jpg)
45
Prioritizing Constrained Resources
BoundaryProtection
Vulnerability Scanning
Insider/Outsider ThreatIntrusion Detection
and Prevention
SystemCertification
Transport/Application LayerVPNs
Firewalls
Anti-viral
![Page 46: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/46.jpg)
46
A Case Study
The FAA Information
Systems Security
Program
![Page 47: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/47.jpg)
47
System of Systems
Internet Access Points
Messaging
Systems
Finance
and Budget
Personnel and PayrollAsset Management
Flight Procedures
Security
Inspection
Safety
Analysis
Accident / Incident Investigation
![Page 48: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/48.jpg)
48
• Manage more than 30,000 commercial flights to move 2,000,000 passengers safely each day
• Support more than 35,000 general aviation flights on a daily basis
• Regulate and certify the people and aircraft that use our airspace
FAA’s Job
National Airspace System (NAS)
![Page 49: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/49.jpg)
49
The Evolving Landscape of Cyber Security
![Page 50: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/50.jpg)
50
The Evolving Landscape of Cyber Security
![Page 51: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/51.jpg)
51
The Evolving Landscape of Cyber Security
![Page 52: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/52.jpg)
52
The Evolving Landscape of Cyber Security
•Standardized Certification
![Page 53: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/53.jpg)
53
A New Look at Cyber Defense
The “Android” Approach
![Page 54: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/54.jpg)
54
The “Android” Cyber Defense –Emulates the most resilient system in the world
![Page 55: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/55.jpg)
55
Enterprise Architecture
Admin Equip.
PPIMS
Admin Equip.
LIS
Admin Equip.
USD
Admin Equip.
MVS2000-AWP
Contracts
FAST
Contracts
ACQUIRE
Finance
Retirement
Finance
DTF
Finance
DAFIS-MIR
Finance
SPMA
Finance
TAS
Finance
FIRS-AWP
Finance
FAMIS
Finance
NPIAS
Finance
OPS FMS
Finance
AUTOGEN
Finance
ACE-MIR
Finance
ACT
Finance
RTP
Finance
MRPFinance
FED/MIL
Finance
REGIS
Finance
ATS
Finance
FEBMS
Finance
FIRS
Finance
RPMMSFinance
DAFIS
Finance
FIRS-ASW
Finance
BPCY-PCS
Finance
JF-SLH
Finance
LEASES
Finance
CHECKTRAC
Finance
PB-ICE
Finance
OIG32-9F
Finance
TRANVOUC
Finance
FEDEX
Finance
ORB-FIN
Finance
FECA
Finance
ORL
Finance
LDR
Finance
VFADMS
Finance
RED-MAR
Finance
PA
Finance
FRAN
Finance
FECS
Finance
FEDTRIP
Finance
CTS
Finance
FMS
Finance
IFAS
Finance
RPMMS-ASW
Finance
FIMS
Finance
BOSS
Finance
SPIRE
Finance
TMS
Finance
NATS
Finance
T-SERVE
Finance
OARMIS
Finance
BFM
Finance
CAS
Finance
DAFIS-ASW
Finance
MED BILL
Finance
CUPS
Finance
GTR
Finance
FMS-AHR
Finance
FAIM
Finance
DARTS
Finance
BXM
Finance
BAS
Finance
BAM
Finance
ABS
Finance
MM-SDG
Finance
WT-TVT
Finance
NACCS
Finance
C
FETS-ASO
Finance
C
MSEXCEL-FIN
Finance
C
MSWORD-FIN
Finance
CFACTS-
FIGURES
Finance
CQUICKEN-FIN-
TOOL
Finance
C
CUFF-FIN
Finance
C
CUPS-AWP
Finance
C
DAFIS-AWP
Finance
C
BU-SBP
Finance
C
QB-SAP
Finance
C
FETS-ASW
Finance
E
HHS
Finance
E
IRS
Finance
EBank ofAmerica
Finance
E
NFC
Finance
E
SSA
Finance
E
ATA
Finance
E
Treasury
Finance
E
OPM
HR
CPMIS
HR
SSAS
HR
IPPS
HR
CTTMS
HR
EE
HR
C
CUPS-LOCAL
IT Services
NASPAS
IT Services
TIMS
Assets
PMSRS
Assets
PMMS
Assets
FSEP
Av. Training
A/C TRAINING
Space
LIMS
Space
ESIS
Space
REMS
Finance Services
As Is To Be
Finance Services
• Reduction in applications and interfaces• Improved connectivity• Simplified architecture• Reduced potential vulnerabilities
![Page 56: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/56.jpg)
56
The “Android” Cyber Defense –Emulates the most resilient system in the world
![Page 57: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/57.jpg)
57
Element Hardening and Boundary Protection
Element Hardening
– 96% of IT systems certified and authorized
– Vulnerability scanning of public facing and internal servers on a regular basis
– Patch management to facilitate timely remediation of discovered vulnerabilities
Boundary Protection
– Security a major component of Federal Telecommunications Infrastructure, IAPs limited to 8 and hardened, e-mail post offices reduced from 850 to 12 and hardened
– Defense in-depth approach—firewalls, encryption, virtual private networks, and anti-viral software
![Page 58: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/58.jpg)
58
The “Android” Cyber Defense –Emulates the most resilient system in the world
![Page 59: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/59.jpg)
59
Computer Security Incident Response Center (CSIRC)
![Page 60: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/60.jpg)
60
Cyber Fusion Center
![Page 61: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/61.jpg)
61
The Keystone to Making this all Work is a Trained
and Ready Workforce
![Page 62: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/62.jpg)
62
Purpose of Awareness and Training
The two goals of the ISS Awareness and Training Program are:
• To make all users aware of FAA ISS responsibilities
• To provide each line of business (LOB) and staff office (SO) with the training necessary to obtain the knowledge, skills, and abilities required to maintain information systems, implement ISS policies, and offer training opportunities to named key personnel.
![Page 63: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/63.jpg)
63
Awareness and Training Program
The Federal Information Security Management Act of 2002 (FISMA)
• Requires each federal agency to “provide for the
mandatory periodic training in computer security
awareness and accepted computer practices of all
employees who are involved in the management, use or operation of each federal computer system
within or under the supervision of that agency.”
• Requires training under OMB, A130, Appendix III, and in accordance with guidelines co-developed by NIST.
![Page 64: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/64.jpg)
64
Awareness and Training Program
In support of FISMA, the Office of Information Systems Security (AIS) Training Program shall:
• Establish an ISS awareness and training program• Provide awareness refresher briefings• Provide training to those who design, implement, or
maintain information systems• Provide specialized training to key personnel who have
been designated by their LOB/SO
![Page 65: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/65.jpg)
65
Awareness
The purpose of the FAA Awareness Program is:
- To focus attention on security
- To create sensitivity to the threats and vulnerabilities of
information systems
- To recognize the need to protect data, information and systems
![Page 66: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/66.jpg)
66
Awareness Methods
- Broadcast Email Messages
- Web-based activity: Security Awareness Virtual Initiative (SAVI)
- Warning Banners
- Information Security Newsletters
- Awareness Events (briefings, conferences, expositions)
- Meetings/Lectures related to ISS topics
- Interactive Kiosk
![Page 67: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/67.jpg)
67
Training
Develop relevant and needed skills that map to defined responsibilities for each role.
Methods of Training
– Instructor-led training or face-to-face communications is the most personal method of training. The type of training is the most effective in the FAA.
– Computer Based Training (CBT) is offered at the FAA. CBT is utilized by a small percentage of FAA employees.
– System Administrator Simulation Training
![Page 68: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/68.jpg)
68
Training
As part of the Training Program the FAA’s 2005 IT/ISS Conference was held February 28 through March 4 in San Diego, California.
Technical Training Sessions Held:
– Patch Management– Public Key Infrastructure– FAA Telecommunications Infrastructure– Enterprise License Agreement– Web Security– Vulnerability
The training classes were video taped to be provided as a learning tool for
those key personnel who were unable to attend. The tapes will be taken to
each Region and used in conjunction with other training.
![Page 69: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/69.jpg)
69
Outreach Program
Technology is accelerating and changing complexity daily
To keep up with technology FAA must:
- Seek new talent through colleges and universities
- Use the Scholarship for Students Program sponsored
by OPM
- FAA (AIS) will utilize internship programs
- FAA will leverage research and development efforts at
colleges and universities that can be adapted to FAA’s
ISS program goals and objectives
![Page 70: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/70.jpg)
70
Academia Outreach
Program Roles and Responsibilities
- Ensure success of overall ISS efforts and promote the exchange of information with colleges and universities.
- FAA will use academia in the area of research and development.
Program Goals for 2005
- Work with institutions of higher learning who have been designated as Academic Centers of Excellence by the National Science Foundation that are participants in the Scholarship for Services Program.
- Leverage knowledge students have gained and place them in the information security field.
![Page 71: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/71.jpg)
71
Federal Efforts
The National Strategy to Secure Cyberspace
– Need to build foundations for the development of security certification programs that will be broadly accepted by the public and private sectors. DHS and other federal agencies can aid these efforts by effectively articulating the needs of the federal IT security community.
![Page 72: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/72.jpg)
72
Current IT Security ProfessionalCertification Environment:
Challenge:
Need to identify highly qualified people to develop, maintain, and secure our information systems and networks
No nationally recognized certification for IT security professionals
![Page 73: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/73.jpg)
73
IT Security Professional Certification
- Goal: Set up nationally recognized, privately administered certifications at appropriate levels
- Scope: Vendor-neutral certifications
- Product: Industry led IT Security Professional Certification structure/ process in place
- Outcome: National IT security professional certifications
![Page 74: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/74.jpg)
74
Notional IT Security Professional Certification Process
1
![Page 75: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/75.jpg)
75
Expected Outcomes
- Standard position categories
- Standard position levels- How many- Nomenclature (e.g., I, II, III; entry, intermediate,
advanced)
- Standard functions within categories and levels- Nomenclature (what are the functions; what are they
called)
- Skill Standards- By category and level: performance standards that
delineate what a person must know and be able to do in order to successfully perform roles related to a specific job, an occupational cluster or across an industry sector
![Page 76: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/76.jpg)
76
Certification Related Issues
- Governance structure Stakeholder participation
- Common body of knowledge & standardsJob task analysis, competencies
- Training, testing & accreditationAdjudication: evaluation and feedback
- Continuing education
- Mapping current IT security certifications and transitioning current certificate holders
- Business Models
![Page 77: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/77.jpg)
77
Status and Next Steps
- Working with Government and private sectors to leverage ongoing efforts
- Working with the Federal CIO Council, Workforce and Human Capital Committee to leverage existing structure
- Exploring options for setting up nationally recognized, privately administered IT security professional certifications at appropriate levels
- Others?
![Page 78: COL (R) Michael F. Brown Director, Information Systems Security Cyber Security: An Educator’s Challenge](https://reader037.vdocuments.us/reader037/viewer/2022110321/56649cd75503460f9499f4c5/html5/thumbnails/78.jpg)
78
AN OPPORTUNITY TO DO “ISS” RIGHT
Who says trains can’t fly?