1 / 11

Agenda

Meeting and Sustaining the Standard US Army IA Compliance Inspection Information Exchange Forum Sessions: 1 and 3 IEF IA LTC Rob Turk U.S. Army Inspector General Agency (USAIGA). Agenda. Purpose DAIG Information Assurance Mission Information Assurance Actions

violet
Download Presentation

Agenda

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Meeting and Sustaining the Standard US Army IA Compliance InspectionInformation Exchange ForumSessions: 1 and 3IEF IALTC Rob TurkU.S. Army Inspector General Agency (USAIGA)

  2. Agenda • Purpose • DAIG Information Assurance Mission • Information Assurance Actions • What does DAIG IA Inspect? Army IA Functional Areas • Information Assurance Take-Aways • Panel Member Introduction • Forum Discussion/Question and Answer Period • Closing IEF Sessions: 1 and 3, USAIGA

  3. Purpose To provide insights from the Department of the Army Inspector General Information Assurance Team and organizations that have met the standard the last two years IEF Sessions: 1 and 3, USAIGA

  4. DAIG Information Assurance Mission • IA Establishment: 12 May 2005, the CSA directs The Inspector General (TIG) to establish an Information Assurance (IA) Inspection Division to conduct cyclical IA compliance inspections across the Army (Active, Guard and Reserve). • The purpose of IA Inspections: • Measure level of deviation from established Army IA polices, regulations, doctrine, and procedures (compliance) • Identify systemic IA problems, determine root causes, develop recommendations, and fix responsibilities for corrective action • Information Assurance Inspections conducted: • 74 inspections from FY 08 to 1 Aug 11 (57 Active, 12 ARNG, 3 USAR, 2 MWR) • Fiscal Year Annual Army Information Assurance (IA) Reports published (FY 08, 09 and 10 (Trends and Recommendations)) BLUF: DAIG IA Division is the eyes and ears for Army Senior Leaders in evaluating the Army’s IA posture IAW Army CIO/G-6 IA checklist, regulations, and policy IEF Sessions: 1 and 3, USAIGA

  5. Information Assurance Actions • Information Assurance key insights: - Establish command/leadership accountability - Establish the need for continuous oversight (Command Channels) - Formalize an acceptable level of risk/compliance for existing IA policies and standards • VCSA action Memorandum to Commanders (28 Nov 10)Subject: Commander and Leader Responsibilities for Information Assurance Capabilities and Standards Enforcement The VCSA memo directed: • Army CIO/G-6 & the CDR, ARCYBER to review & improve, where necessary, IA processes/policies • CDR, ARCYBER to monitor & assist commanders in the enforcement of IA compliance • Senior Installation Commanders are responsible for their organization’s complying with the Army Information Assurance Program • Commanders (Brigade equivalent and higher) will assess their organization’s IA program using the Army IA Self-Assessment Tool • Every organization will incorporate IA into its organizational inspection program at all levels IEF Sessions: 1 and 3, USAIGA

  6. What Does DAIG Inspect? Inspection Breakout (FY 08-11) Army Focus Areas are those that pose a significant risk to the Army LandWarNet (Army IA Functional Areas and Army Focus Areas are established by Army CIO/G-6) IEF Sessions: 1 and 3, USAIGA

  7. Information Assurance Take-Aways • Accountability: Information Assurance requires Command/Leader accountability and oversight in order to protect and defend operational information • Self Assessment: Conduct an honest self assessment – develop realistic goals and empower subordinates • Standard: Be willing to make hard decisions – enforce the standard otherwise you allow deviations to become the new baseline • Assets: Ensure assets are configured IAW current DISA STIGs (to include manual checks) • PII: Complete your PII assessment (DD Form 2930, Privacy Impact Assessments) and coordinate with your customer organizations • Audits: Conduct full audit scans and review audit logs - Retina/Q-Tip scans – all assets, vulnerabilities (conduct one week prior to inspection) • Document: Document your internal and command wide procedures • Record: Establish a formal record retention program (hard drive and media destruction, wireless scanning/war driving (5yrs / 1yr) IEF Sessions: 1 and 3, USAIGA

  8. Information Assurance Take-Aways • Identify: IT Contingency alternate site and document the results from the last contingency plan exercise • Develop: Build the IT Contingency Plan around supporting mission essential services • Ensure: - POA&M for all past due IAVAs are entered into NETCROP or VMS - Waivers are submitted for all deviations from the AGM and/or DISA STIGS - Incident Response Plans are complete and personnel are trained - Webmaster, OPSEC & PAO are trained in OPSEC WEB content vulnerability and web risk assessment training - Marking and labeling of media and peripheral devices are completed - Wireless security - complete scans (war drive, protocol analysis) are done - Register and track all IA Workforce personnel in ATCTS • Verify: SF700, SF701 forms are properly filled out (Safes/offices) A vulnerability allowed by one is a vulnerability assumed by all ! IEF Sessions: 1 and 3, USAIGA

  9. How to be Successful • Panel Member Introduction • Forum Discussion/Question and Answer Period IEF Sessions: 1 and 3, USAIGA

  10. Closing DAIG AKO Portal: https://www.us.army.mil/suite/page/475521 IEF Sessions: 1 and 3, USAIGA

  11. Contact Info DAIG Office Phone Number Commercial (703) 545-4398 DSN: 865-4398 IEF Sessions: 1 and 3, USAIGA

More Related