enterprise cybersecurity strategy laverne h. council assistant secretary for information and...
TRANSCRIPT
![Page 1: Enterprise Cybersecurity Strategy LaVerne H. Council Assistant Secretary for Information and Technology](https://reader035.vdocuments.us/reader035/viewer/2022062409/5697bf8f1a28abf838c8d9a8/html5/thumbnails/1.jpg)
Enterprise Cybersecurity Strategy
LaVerne H. CouncilAssistant Secretary for Information and Technology
![Page 2: Enterprise Cybersecurity Strategy LaVerne H. Council Assistant Secretary for Information and Technology](https://reader035.vdocuments.us/reader035/viewer/2022062409/5697bf8f1a28abf838c8d9a8/html5/thumbnails/2.jpg)
2
• Creating an IT Organization that Supports Tomorrow’s VA
• Facing Our Challenges with TrAITs
• Closer Look: VA’s Enterprise Cybersecurity Strategy
Topics
![Page 3: Enterprise Cybersecurity Strategy LaVerne H. Council Assistant Secretary for Information and Technology](https://reader035.vdocuments.us/reader035/viewer/2022062409/5697bf8f1a28abf838c8d9a8/html5/thumbnails/3.jpg)
3
OI&T’s Leadership is Moving VA into the Future
![Page 4: Enterprise Cybersecurity Strategy LaVerne H. Council Assistant Secretary for Information and Technology](https://reader035.vdocuments.us/reader035/viewer/2022062409/5697bf8f1a28abf838c8d9a8/html5/thumbnails/4.jpg)
4
Facing Our Challenges with TrAITs
“It’s our mission that the Veteran will be the vocal initiator driving every project, every decision for
OI&T”
![Page 5: Enterprise Cybersecurity Strategy LaVerne H. Council Assistant Secretary for Information and Technology](https://reader035.vdocuments.us/reader035/viewer/2022062409/5697bf8f1a28abf838c8d9a8/html5/thumbnails/5.jpg)
5
Why TrAITs
• TrAITs remind us to ask:
– How will the Veteran benefit from this piece of technology or this new decision?
– What benefit will this bring to a Veteran or their family?
![Page 6: Enterprise Cybersecurity Strategy LaVerne H. Council Assistant Secretary for Information and Technology](https://reader035.vdocuments.us/reader035/viewer/2022062409/5697bf8f1a28abf838c8d9a8/html5/thumbnails/6.jpg)
6
Facing Our Challenges with TrAITs
Transparency
![Page 7: Enterprise Cybersecurity Strategy LaVerne H. Council Assistant Secretary for Information and Technology](https://reader035.vdocuments.us/reader035/viewer/2022062409/5697bf8f1a28abf838c8d9a8/html5/thumbnails/7.jpg)
7
Facing Our Challenges with TrAITs
Innovation
Teamwork
![Page 8: Enterprise Cybersecurity Strategy LaVerne H. Council Assistant Secretary for Information and Technology](https://reader035.vdocuments.us/reader035/viewer/2022062409/5697bf8f1a28abf838c8d9a8/html5/thumbnails/8.jpg)
8
“VA continues to face significant challenges in complying with the requirements of FISMA due to the
nature and maturity of its information security program.”
- Office of Inspector General, Federal Information Security Management Act Audits
Closer Look: VA’s Cybersecurity Strategy
![Page 9: Enterprise Cybersecurity Strategy LaVerne H. Council Assistant Secretary for Information and Technology](https://reader035.vdocuments.us/reader035/viewer/2022062409/5697bf8f1a28abf838c8d9a8/html5/thumbnails/9.jpg)
9
• Today’s IT security organizations operate under tremendous threat
• Recent OPM attacks demonstrate significant risk to VA
• OI&T is leading the way with aggressive strategic planning and emphasis on Veteran-focused initiatives
Cyber Strategy Summary
![Page 10: Enterprise Cybersecurity Strategy LaVerne H. Council Assistant Secretary for Information and Technology](https://reader035.vdocuments.us/reader035/viewer/2022062409/5697bf8f1a28abf838c8d9a8/html5/thumbnails/10.jpg)
10
Enterprise Cybersecurity Strategy Team
“Nothing in IT is more important than protecting VA data and the information entrusted to us by Veterans.”
– LaVerne Council, Assistant Secretary for Information and Technology and Chief Information Officer
![Page 11: Enterprise Cybersecurity Strategy LaVerne H. Council Assistant Secretary for Information and Technology](https://reader035.vdocuments.us/reader035/viewer/2022062409/5697bf8f1a28abf838c8d9a8/html5/thumbnails/11.jpg)
11
![Page 12: Enterprise Cybersecurity Strategy LaVerne H. Council Assistant Secretary for Information and Technology](https://reader035.vdocuments.us/reader035/viewer/2022062409/5697bf8f1a28abf838c8d9a8/html5/thumbnails/12.jpg)
12
Enterprise Cybersecurity Strategy Team
![Page 13: Enterprise Cybersecurity Strategy LaVerne H. Council Assistant Secretary for Information and Technology](https://reader035.vdocuments.us/reader035/viewer/2022062409/5697bf8f1a28abf838c8d9a8/html5/thumbnails/13.jpg)
13
Governance, Program Management, and Risk Management
• Key supporting disciplines for decision-making across VA within context of cybersecurity and privacy
• Balances needs of VA’s mission with protecting high value assets
• Includes continuous scanning of cybersecurity landscape to proactively position VA to address emerging threats
• Addresses risks, deficiencies, breaches, and lessons learned
![Page 14: Enterprise Cybersecurity Strategy LaVerne H. Council Assistant Secretary for Information and Technology](https://reader035.vdocuments.us/reader035/viewer/2022062409/5697bf8f1a28abf838c8d9a8/html5/thumbnails/14.jpg)
14
Operations, Telecommunication, and Network Security
• Key supporting disciplines for securing VA information, data, and computing assets
• Includes people, products, and procedures to ensure data confidentiality, integrity, availability, assured delivery, and auditability of VA systems
• Addresses network, platform, and data security
![Page 15: Enterprise Cybersecurity Strategy LaVerne H. Council Assistant Secretary for Information and Technology](https://reader035.vdocuments.us/reader035/viewer/2022062409/5697bf8f1a28abf838c8d9a8/html5/thumbnails/15.jpg)
15
Application and Software Development
• Disciplines needed to ensure applications used during provision of services to Veterans utilize the most secure practices for data storage, access, manipulation, and transmission
• Encompasses entire software lifecycle• Software assurance, that is, the level of
confidence VA software is free of vulnerabilities or defects that could lead to vulnerabilities, is a critical concern
![Page 16: Enterprise Cybersecurity Strategy LaVerne H. Council Assistant Secretary for Information and Technology](https://reader035.vdocuments.us/reader035/viewer/2022062409/5697bf8f1a28abf838c8d9a8/html5/thumbnails/16.jpg)
16
Access Control (AC), Identification and Authentication (IA)
• Disciplines for reducing likelihood and impact of security incidents
• AC combines authentication and authorization processes that allow access to VA networks, hardware computing devices, and applications
• IA verifies a user, process, or device through specific credentials such as passwords, tokens, and biometrics as a prerequisite for granting access to system resources
![Page 17: Enterprise Cybersecurity Strategy LaVerne H. Council Assistant Secretary for Information and Technology](https://reader035.vdocuments.us/reader035/viewer/2022062409/5697bf8f1a28abf838c8d9a8/html5/thumbnails/17.jpg)
17
Medical Cyber
• Focuses on devices not traditionally considered IT that can be networked or accessed electronically
• Must be protected from exploitation and from becoming operable vectors for cyberattacks as they collect and transmit PII and PHI
• Includes medical devices and “cyber physical” systems with similar electronic characteristics, such as HVAC and elevator systems
![Page 18: Enterprise Cybersecurity Strategy LaVerne H. Council Assistant Secretary for Information and Technology](https://reader035.vdocuments.us/reader035/viewer/2022062409/5697bf8f1a28abf838c8d9a8/html5/thumbnails/18.jpg)
18
Security Architecture
• Key supporting disciplines for developing an enterprise information security architecture
• Supports business optimization• Includes design and engineering skills
needed to fully integrate security into VA’s overall business, applications, and IT systems architecture
![Page 19: Enterprise Cybersecurity Strategy LaVerne H. Council Assistant Secretary for Information and Technology](https://reader035.vdocuments.us/reader035/viewer/2022062409/5697bf8f1a28abf838c8d9a8/html5/thumbnails/19.jpg)
19
Privacy
• Policy and legislatively driven requirements for PII and PHI
• Focused on implementing the “Best Practices: Elements of a Federal Privacy Program,” published by the Federal CIO Privacy Committee
![Page 20: Enterprise Cybersecurity Strategy LaVerne H. Council Assistant Secretary for Information and Technology](https://reader035.vdocuments.us/reader035/viewer/2022062409/5697bf8f1a28abf838c8d9a8/html5/thumbnails/20.jpg)
20
Cybersecurity Training and Human Capital
• Hiring practices and skills maturation needed to create a workforce steeped in a culture of cybersecurity to proactively protect all data and information of the Veterans we serve
![Page 21: Enterprise Cybersecurity Strategy LaVerne H. Council Assistant Secretary for Information and Technology](https://reader035.vdocuments.us/reader035/viewer/2022062409/5697bf8f1a28abf838c8d9a8/html5/thumbnails/21.jpg)
21
• ECST will construct an accountable, actionable, near-, mid-, and long-range cybersecurity strategic plan that continuously considers and adapts to the newest technologies to secure VA’s IT enterprise. o Identifying and addressing:
• Strengths • Weakness• Resources• Constraints• Capabilities, • Drivers, • Known and unknown threats
Enterprise Cybersecurity Strategy Team
![Page 22: Enterprise Cybersecurity Strategy LaVerne H. Council Assistant Secretary for Information and Technology](https://reader035.vdocuments.us/reader035/viewer/2022062409/5697bf8f1a28abf838c8d9a8/html5/thumbnails/22.jpg)
22
Questions?