Mike Davis
.******@
858-537-8778
Information Assurance (IA) �What Every Manager Should Know
5 March 2008
Presented by the IA Technical Authority
SecureIT - 2008 conference
“EASY”
button
Statement A: Approved for public release; distribution is unlimited (10 JANUARY 2008)
1
What’s Wrong With This Picture?
What level of security is provided here? I couldn’t get through the gate because it pletely locked. It was properly installed and configured. I could not get through it. But....
2
Summary�(Preview)
“Gotchas”
“Assuming” you don’t need IA (Standalone, have a firewall, etc…)
Not adding in IA cost, schedule and performance
Major resources
/
/
/lib/
KEY ess elements
Build IA in up front (Requirements, ISSE, SEP, ISP, IAS, TEMP, etc)
Start C&A early (C&A plan, CRR)
Risk Management, Risk Management, Risk Management
CAC cards needed,
You will be, or already are, rated – are you prepared?
3
“Measures that Protect and Defend Information and Information Systems by Ensuring Their Availability, Integrity, Authentication, Confidentiality, and Non-Repudiation. This Includes Providing for Restoration of Information Systems by Incorporating Protection, Detection, and Reaction Capabilities.”
Timely, Reliable Access to Data and Information Services for Authorized Users
Availability
Quality of Information System Reflecting Logical Correctness and Reliability of Operating System
Integrity
Security Measure Designed to Establish Validity of Transmission, Message, or Originator
Authentication
Assurance that Information is Not Disclosed to Unauthorized Entities or Processes
Confidentiality
Assurance Sender of Data is Provided with Proof of Delivery and Recipient with Proof of Sender’s Identity
Non-Repudiation
What is�Information Assurance (IA)?
INFOSEC
Information Assurance
DATA is your most critical asset – is it adequately protected?
4
IA is a Critical National Issue
Presidential Dec
Information Assurance IA - What Every Manager Should Know - DAU 来自淘豆网m.daumloan.com转载请标明出处.
