1. Track 2, Session 4 ��DAIG �Information Assurance (IA) Update��COL Frederick Henry�Chief, DAIG-IA Division��August 2008
2. � 2
3. Role of the Inspector General
4. Information Assurance (IA)
Measures that protect and defend information and information systems by ensuring their Integrity, Confidentiality, Availability, Authentication, and Non-repudiation. These measures include providing for restoration of information systems by incorporating Protection, Detection, and Reaction capabilities.
5. 5 1. Conduct IA Compliance Inspections IG IA Division Mission
6. Organizational Structure 6
7. Re-Engineering IA Compliance
8. 8 4 Phase IA Compliance Model
9. 4 Phase IA Compliance Model �Phase 1 (Conduct IA Self Assessment)
10. 4 Phase IA Compliance Model�Phase 2 (Assistance)
11. 4 Phase IA Compliance Model �Phase 3 (Compliance Validation)
12. Army IA Compliance Checklist Incident Handling�
IA Training and Certification�
Information Assurance Vulnerability Management (IAVM) Wireless Security�
Portable Electronic Devices (PED)�
Army Web Risk�Content Management�
Personally Identifiable Information (PII) Protection
13. 4 Phase IA Compliance Model �Phase 4 (Follow Up)
14. IA Compliance Strategy Reference Guide Senior Army Leadership
The Adjutant Generals
Commanders
Garrison Commanders
DOIMs
Inspectors General
IA and non-IA Community
16. FY08 Inspections
17. Inspection Activities 1st , 2nd and 3rd Qtr FY 08
Total Inspections: 14
AC: 10
RC: 3
ARNG: 2
USAR: 1
MWR: 1
DOIM: 9
Tenant Unit: 5
Units to Pass Inspection: 0
18. Functional Area Trends
19. Functional Area Risk Exposure
20. Interesting Trends
21. IA Program Management
Not validating personnel security requirements
Lack awareness of CIO/G-6 IA Best Business Practices (BBPs)
Unfunded requirements in BBPs
General lack of awareness and understanding of IA policy and procedures Systemic Findings
22. Systemic Findings IA Training & Certification
DOD 8570.01-M
Lack of understanding about IA position and personnel designation, certification, and training requirements
Difficult to identifying proper amounts of funding
Not using Army Training and Certification Tracking System (ATCTS)
23. FISMA
No functional COOP
COOP personnel not properly trained
Portable Electronic Device (PED)
Limited knowledge of Data At Rest (DAR) and Personnel Identifiable Information (PII) requirements
Use of personal devices on Army systems Systemic Findings
24. Emerging Concerns
Certification and Accreditation
DIACAP requirements not understood
Lack of guidance for the DIACAP Implementation Plan (DIP)
Not allowing enough time for DIACAP process
Not conducting annual review of IA controls
Not following up on POA&Ms
Wireless Security
Misunderstanding and misuse of new wireless technologies and policies Systemic Findings
25.
26. Way Ahead IA Self Assessments
Trend data shows strong correlation between risk exposure and completion of the self assessment (Phase 1)
Practical exercise at the new DOIM Course (Phase 1 & 2)
DOIM Survey
Approved for release by IMCOM; data compiled by DAIG
Planning for FY 09 Inspection Schedule
Align several inspections with the SDOIM Implementation effort
Cover down in each component
Annual IA Report
Present IA findings/trends to SA
Show correlation of findings from DOIM survey and systemic trends
Target: 1 QTR FY 09
27. Contact Information COL Frederick Henry
Chief, IA Division
Cell (BB): 703 677-5713
Voice: 703 602-5992
NIPR: frederick.henry@us.army.mil
SIPR: frederick.henry@hdqa-s.army.smil.mil
Mr Don Watson
Deputy Chief, IA Division
Cell (BB): 703 459-3265
Voice: 703 602-8496
NIPR: don.watson@us.army.mil
SIPR: don.watson@hdqa-s.army.smil.mil
28. Questions
29. 29
30. IA Personnel Structure
31. IA De-Confliction WG
32. IG IA Strategic Communications Stand-To articles (15 May 07)
Interviews
Inserts to publications
TIG Bulletin
IG IA Compliance Strategy Reference Guide
DAIG IA Newsletter
Briefings (conferences)
LandWarNet Conference
Tactical IA Conference
Garrison CDR/CSM Conference
NGB IT Conference
IG Regional Conferences
Working Groups (HQDA, DoD, and Joint)
