Welcome to Scribd!

Creating Value From Vulnerability

Uploaded by

0% found this document useful (0 votes)

31 views11 pages

Vulnerability analysis and operations group is the nation's most capable, influential, and trusted source of actionable information on network vulnerabilities and intrusions. NSA, dISA, nist, Center for Internet Security are some of our key stakeholders.

Original Description:

Original Title

2007 11 28 Tony Sager National Security Agencys Supply Chain Presentation for ISAs Secure Manufacturing in the Age of Globalization Workshop

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Attribution Non-Commercial (BY-NC)

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

31 views11 pages

Creating Value From Vulnerability

Uploaded by

isalliance

Copyright:

Attribution Non-Commercial (BY-NC)

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 11

Search inside document

Creating Value from Vulnerability

Tony Sager Chief, Vulnerability Analysis & Operations Group Information Assurance Directorate National Security Agency

Internet Security Alliance Conference November 28, 2007

NSA Information Assurance

Coming From Moving to

Protect classified information and real-time defense of information & systems Focus on GOTS crypto More products than services Avoid risk Find & mitigate vulnerability Broad spectrum of COTS IA & IT More services than products, and more influence than doing Manage risk and detect the threat

Vulnerability Analysis & Operations Group The nations most capable, influential, and trusted source of actionable information on network vulnerabilities and intrusions.

What We Do
Analyze vulnerabilities in
Emerging technologies Core concepts

Conduct operations and find vulnerabilities in

The operational environment Content (networking, signals, space)

Translate vulnerability knowledge

To understand root causes

Lead the Community

In the development of security guidance, training, education, and standards development

Stakeholders in Assurance

Authorities Suppliers Buyers Users Practitioners

Stakeholders in Assurance
DoD Policy, OMB, FISMA, Security Automation Program OS Vendors, Tool Vendors, Compliance Checklists

Authorities

Suppliers
Air Force, DoD, Standard Desktop Load

Buyers Users Practitioners

DISA STIGs, NIST Checklists, Corporate baselines NSA, DISA, NIST, Center for Internet Security

Vulnerability Plumbing
CONTENT New IT vulns Security Guides & benchmarks Red and Blue Team Reports Product tests Incident reports PLUMBING CVE OVAL CCE, CPE CVSS XCCDF FIXTURES Multiple tools to measure,fix, report Integrated reports Integrated tools Policy compliance Rapid vuln sharing, assessment, remediation
7

Towards Information Sharing Integrated Analysis & Reporting Security Sampling Community events,tools, standards, reporting, lessons, Red Team Blue Team OPSEC COMSEC TechSec
8

To gain assurance, we must

Organize the data generators Standardize the raw data Translate into something useful upstream Link to other business areas
e.g., network management, compliance

Community Activities
Federal Desktop Core Configuration (FDCC) ISAP/SCAP CND Data Strategy Pilot Assessment Methodology Cyber Defense Exercise (CDX) Red & Blue Boot Camps Red Blue Symposium

VAO in the News

Designing and Building Security Operations Center
From Everand
Designing and Building Security Operations Center
David Nathans
Rating: 3 out of 5 stars
3/5 (3)
Smart Data Cloud Security Alliance
Document49 pages
Smart Data Cloud Security Alliance
fewdisc
No ratings yet
Cybersecurity GRC Assessments 1712910184
Document14 pages
Cybersecurity GRC Assessments 1712910184
ellias22 Ellias
No ratings yet
Security Management: Module-2 Chapter 2: Security Laws and Standards
Document4 pages
Security Management: Module-2 Chapter 2: Security Laws and Standards
Swateja Mangle
No ratings yet
2.critical Characteristics of Information
Document29 pages
2.critical Characteristics of Information
Vairavel Chenniyappan
No ratings yet
Wireless Network Security 2
Document67 pages
Wireless Network Security 2
gnithin920
No ratings yet
A User-Centric Machine Learning Framework For
Document7 pages
A User-Centric Machine Learning Framework For
Saikiran
No ratings yet
Ethical Hacking
Document157 pages
Ethical Hacking
eduardo cerron
No ratings yet
Guide-4 Steps
Document8 pages
Guide-4 Steps
Aurelio Vázquez Alejo
No ratings yet
IT Asset Management
Document237 pages
IT Asset Management
Khallau Arauc
100% (1)
Security Audit Course Project
Document6 pages
Security Audit Course Project
maryam
No ratings yet
How To Conduct Security Audit
Document7 pages
How To Conduct Security Audit
ronics123
No ratings yet
Computer Security Activities
Document29 pages
Computer Security Activities
PANKAJ MANJHI
No ratings yet
Cisco Security Pocket Guide
Document24 pages
Cisco Security Pocket Guide
Emmanuel Zama
100% (1)
Splunk As A SIEM Tech Brief
Document3 pages
Splunk As A SIEM Tech Brief
Ahmed Elmasry
100% (1)
Data Security
Document23 pages
Data Security
simon26kurt
No ratings yet
Cips 2015 0267
Document35 pages
Cips 2015 0267
Dhirendra
No ratings yet
Deploying A Layered Visibility and Cybersecurity Architecture
Document18 pages
Deploying A Layered Visibility and Cybersecurity Architecture
roolmereyes
No ratings yet
Information Security Analyst Career Guide: What's Inside
Document9 pages
Information Security Analyst Career Guide: What's Inside
khangvd
No ratings yet
EducauseAnnualWebAppSecTutorial V3
Document161 pages
EducauseAnnualWebAppSecTutorial V3
rohitandani
No ratings yet
WP-Encryption Steps Checklist 060830
Document19 pages
WP-Encryption Steps Checklist 060830
deewanand
No ratings yet
6140 Net Witness Live
Document2 pages
6140 Net Witness Live
zeljko_simic8276
No ratings yet
Information Security Management
Document15 pages
Information Security Management
JOSHITHA
No ratings yet
Build Yourself A Risk Assessment Tool
Document23 pages
Build Yourself A Risk Assessment Tool
ketanms
100% (1)
Security Metrics: Sajendra Kumar Iimt, Iet, Meerut
Document33 pages
Security Metrics: Sajendra Kumar Iimt, Iet, Meerut
Sajendra Chaudhary
100% (1)
Cyber Security Activities at The
Document49 pages
Cyber Security Activities at The
Sakthi Kamal Nathan Sambasivam
No ratings yet
Visionary Innovation Leadership: Frost & Sullivan Best Practices Award
Document10 pages
Visionary Innovation Leadership: Frost & Sullivan Best Practices Award
Aparna
No ratings yet
2004 12 03 Larry Clinton Philadelphia Presentation About ISA and Coherent Program of Cyber Security Through Incentives
Document35 pages
2004 12 03 Larry Clinton Philadelphia Presentation About ISA and Coherent Program of Cyber Security Through Incentives
isalliance
No ratings yet
Program:B.Tech (BA+BD) Course Code:CSBD4070 Course Name:Big Data Security
Document23 pages
Program:B.Tech (BA+BD) Course Code:CSBD4070 Course Name:Big Data Security
Vairavel Chenniyappan
No ratings yet
It Asset Management How To Manage Your Information Technology Equipment 4 6
Document3 pages
It Asset Management How To Manage Your Information Technology Equipment 4 6
vanxim xoadum
No ratings yet
(ISC) Career Guide: Decoding The Information Security Profession
Document40 pages
(ISC) Career Guide: Decoding The Information Security Profession
Marco Antonio Martinez Andrade
No ratings yet
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
Document4 pages
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
360 BSI
No ratings yet
Cisco Global Threat Report 2q2011
Document15 pages
Cisco Global Threat Report 2q2011
Peyman Lotfi
No ratings yet
Understanding Cybersecurity Risk Assessment
Document15 pages
Understanding Cybersecurity Risk Assessment
him2000him
No ratings yet
09SS0059
Document2 pages
09SS0059
Phan Minh Duc
No ratings yet
Building Security Operation Center
Document37 pages
Building Security Operation Center
Muhdir Hisyam Abdul Karim
100% (1)
Security Information and Event Management (Siem) : Nebraskacert 2005
Document51 pages
Security Information and Event Management (Siem) : Nebraskacert 2005
Enrique Vega
No ratings yet
Di Detect Respond Nist sp1800 26a Draft
Document5 pages
Di Detect Respond Nist sp1800 26a Draft
erratic
No ratings yet
Research Paper On Information Security Management Systems
Document4 pages
Research Paper On Information Security Management Systems
fysfs7g3
No ratings yet
Company Profile: WWW - Secureroot.co - in
Document19 pages
Company Profile: WWW - Secureroot.co - in
Sumit Kumar
No ratings yet
Rapid7 Penetration Testing Services Brief
Document2 pages
Rapid7 Penetration Testing Services Brief
ellococareloco
No ratings yet
Cisco Secure Network Analytics (Formerly Stealthwatch) Data Sheet
Document14 pages
Cisco Secure Network Analytics (Formerly Stealthwatch) Data Sheet
Timucin DIKMEN
No ratings yet
Splunk For Security
Document2 pages
Splunk For Security
Ahmed Elmasry
No ratings yet
Top Free Cybersecurity Services and Tools PDF
Document100 pages
Top Free Cybersecurity Services and Tools PDF
Marcelo Junior
No ratings yet
SOC Building1
Document36 pages
SOC Building1
Van Nguyen
No ratings yet
Does IT Security Matter V 2
Document21 pages
Does IT Security Matter V 2
Luke O'Connor
No ratings yet
Who Has The Ball in (Cyber - IT - Information) Security?
Document40 pages
Who Has The Ball in (Cyber - IT - Information) Security?
Indumati Yadav
No ratings yet
Research Paper Web Security
Document8 pages
Research Paper Web Security
gz45tyye
100% (1)
CloudDefense - White Paper
Document42 pages
CloudDefense - White Paper
Binu
No ratings yet
Extended Model of Isolations and Boxing On Main Frame Computer Network Security Counter Measures Based On Big Data
Document5 pages
Extended Model of Isolations and Boxing On Main Frame Computer Network Security Counter Measures Based On Big Data
International Journal of Innovative Science and Research Technology
No ratings yet
Exam Summary SIO
Document10 pages
Exam Summary SIO
Scarlettoc
No ratings yet
Instructor Materials Chapter 12: Intrusion Data Analysis: Cybersecurity Operations
Document21 pages
Instructor Materials Chapter 12: Intrusion Data Analysis: Cybersecurity Operations
mfhamze
No ratings yet
CISA Communtiy Bulletin February 2024
Document15 pages
CISA Communtiy Bulletin February 2024
AzaelCarion
No ratings yet
Insident Response
Document8 pages
Insident Response
raghuram medapati
No ratings yet
Peter Cyber
Document4 pages
Peter Cyber
Megan
No ratings yet
Avijit Sood: Background
Document7 pages
Avijit Sood: Background
Ashwani kumar
No ratings yet
CSC-MASTER-VER 6.0 CIS Critical Security Controls 10.15.2015
Document94 pages
CSC-MASTER-VER 6.0 CIS Critical Security Controls 10.15.2015
James Cameron Cupps
No ratings yet
Cybersecurity Survival Guide
Document188 pages
Cybersecurity Survival Guide
Jett Paglinawan
No ratings yet
Rapid7 Penetration Testing Services Brief PDF
Document2 pages
Rapid7 Penetration Testing Services Brief PDF
ellococareloco
No ratings yet
Chapter One 1.1 Background of The Study
Document61 pages
Chapter One 1.1 Background of The Study
OkaroFrank
No ratings yet
2015-04-18 - Internet Security Alliance Comments To DHS Re ISAO Initiative
Document4 pages
2015-04-18 - Internet Security Alliance Comments To DHS Re ISAO Initiative
isalliance
No ratings yet
2011 06 29 Larry Clinton Supply Chain Presentation For The Software Assurance SwA Working Group
Document14 pages
2011 06 29 Larry Clinton Supply Chain Presentation For The Software Assurance SwA Working Group
isalliance
No ratings yet
2011 09 30 Larry Clinton Presentation To FERC Staff About Utility Cybersecurity
Document44 pages
2011 09 30 Larry Clinton Presentation To FERC Staff About Utility Cybersecurity
isalliance
No ratings yet
EU ISA CSCG Position Paper
Document12 pages
EU ISA CSCG Position Paper
isalliance
No ratings yet
2012 03 27 Larry Clinton Presentation To AIA CIO Members
Document28 pages
2012 03 27 Larry Clinton Presentation To AIA CIO Members
isalliance
No ratings yet
Larry Clinton President Internet Security Alliance 703-907-7028
Document9 pages
Larry Clinton President Internet Security Alliance 703-907-7028
isalliance
No ratings yet
The "Phi Project" - The Financial Impact of Breached Protected Health Information
Document29 pages
The "Phi Project" - The Financial Impact of Breached Protected Health Information
isalliance
No ratings yet
2009 10 23 Larry Clinton ISA Overview Presentation To NATO Personnel in Estonia
Document49 pages
2009 10 23 Larry Clinton ISA Overview Presentation To NATO Personnel in Estonia
isalliance
No ratings yet
2006 00 00 Larry Clinton PMI Presentation Covering Water and Control System Cyber Security
Document30 pages
2006 00 00 Larry Clinton PMI Presentation Covering Water and Control System Cyber Security
isalliance
No ratings yet
2008 06 07 Larry Clinton Rochester Presentation About Evolving Threat and Best Practices
Document38 pages
2008 06 07 Larry Clinton Rochester Presentation About Evolving Threat and Best Practices
isalliance
No ratings yet
2010 10 12 Larry Clinton CIONet Europe Keynote Address Including Commentary On APT
Document42 pages
2010 10 12 Larry Clinton CIONet Europe Keynote Address Including Commentary On APT
isalliance
No ratings yet
2010 06 30 Larry Clinton NATO Address at Global Commons Event in VA
Document23 pages
2010 06 30 Larry Clinton NATO Address at Global Commons Event in VA
isalliance
No ratings yet
2012 05 09 Larry Clinton SC Congress Toronto Canada Presentation About Cyber Economics
Document18 pages
2012 05 09 Larry Clinton SC Congress Toronto Canada Presentation About Cyber Economics
isalliance
No ratings yet
2009 10 02 Larry Clinton ISA Overview Geared To Estonian Foreign Affairs People
Document47 pages
2009 10 02 Larry Clinton ISA Overview Geared To Estonian Foreign Affairs People
isalliance
No ratings yet
2009 10 01 Larry Clinton ISA Overview For Estonian Businessmen
Document31 pages
2009 10 01 Larry Clinton ISA Overview For Estonian Businessmen
isalliance
No ratings yet
2004 02 02 Dave McCurdy India Presentation
Document48 pages
2004 02 02 Dave McCurdy India Presentation
isalliance
No ratings yet
Internet Security Alliance: Larry Clinton President
Document19 pages
Internet Security Alliance: Larry Clinton President
isalliance
No ratings yet
2007 11 08 Larry Clinton ISA Overview For International Businesses
Document17 pages
2007 11 08 Larry Clinton ISA Overview For International Businesses
isalliance
No ratings yet
2009 09 30 Larry Clinton Carnegie Cadet Academy Presentation For Estonia
Document42 pages
2009 09 30 Larry Clinton Carnegie Cadet Academy Presentation For Estonia
isalliance
No ratings yet
2008 11 19 Larry Clinton ISA Overview and International Outreach To Portugal
Document34 pages
2008 11 19 Larry Clinton ISA Overview and International Outreach To Portugal
isalliance
No ratings yet
2009 00 00 Larry Clinton Brussels Belgium Presentation
Document20 pages
2009 00 00 Larry Clinton Brussels Belgium Presentation
isalliance
No ratings yet
2005 04 08 Larry Clinton Presentation Concerning Japanese Nippon Keidanren Proposal
Document20 pages
2005 04 08 Larry Clinton Presentation Concerning Japanese Nippon Keidanren Proposal
isalliance
No ratings yet
Larry Clinton President 703-907-7028
Document20 pages
Larry Clinton President 703-907-7028
isalliance
No ratings yet
2003 11 13 Larry Clinton India Security Anchor Proposal
Document17 pages
2003 11 13 Larry Clinton India Security Anchor Proposal
isalliance
No ratings yet
2003 07 30 Larry Clinton ISA Overview and International Outreach To Japan
Document25 pages
2003 07 30 Larry Clinton ISA Overview and International Outreach To Japan
isalliance
No ratings yet
2003 07 24 Larry Clinton Presentation For Org of American States OAS About ISA and Information Sharing
Document21 pages
2003 07 24 Larry Clinton Presentation For Org of American States OAS About ISA and Information Sharing
isalliance
No ratings yet
2004 01 07 Larry Clinton Risk Management and Insurance Presentation For The Institute of Internal of Auditors IIA
Document38 pages
2004 01 07 Larry Clinton Risk Management and Insurance Presentation For The Institute of Internal of Auditors IIA
isalliance
No ratings yet
2004 01 30 Larry Clinton Hill Briefing On ISA and Insurance Industry Certification Program
Document15 pages
2004 01 30 Larry Clinton Hill Briefing On ISA and Insurance Industry Certification Program
isalliance
No ratings yet
2010 10 08 Ty Sagalow Public Private Partnership and Risk Tolerance and Insurance
Document5 pages
2010 10 08 Ty Sagalow Public Private Partnership and Risk Tolerance and Insurance
isalliance
No ratings yet
2003 10 00 Dave McCurdy Risk Management and Insurance Presentation To Manufacturers
Document35 pages
2003 10 00 Dave McCurdy Risk Management and Insurance Presentation To Manufacturers
isalliance
No ratings yet
The Ultimate Privacy Guide
Document34 pages
The Ultimate Privacy Guide
Pablo Castro
No ratings yet
The Snowden Files - The Inside Story of The World's Most Wanted Man by Luke Harding at TEDxAthens (Transcript)
Document10 pages
The Snowden Files - The Inside Story of The World's Most Wanted Man by Luke Harding at TEDxAthens (Transcript)
Athalla Rafi
No ratings yet
Edward Snowden
Document124 pages
Edward Snowden
LeFemme Nikita
No ratings yet
A Special Relationship America, Britain and The International Order Since The Second World War - DAVID REYNOLDS
Document21 pages
A Special Relationship America, Britain and The International Order Since The Second World War - DAVID REYNOLDS
pietrod21
100% (1)
Dominate - Conquer Your Fears. Become The Man You Want To Be. - David de Las Morenas, Apr, 2014 PDF
Document97 pages
Dominate - Conquer Your Fears. Become The Man You Want To Be. - David de Las Morenas, Apr, 2014 PDF
Paul Lteif
No ratings yet
Vote Machine Seizure Memo Dec 18
Document3 pages
Vote Machine Seizure Memo Dec 18
Daily Kos
No ratings yet
CATERBONE v. The United States of America, Et - Al., COMPLAINT July 20, 2016 Ver 2.0 Full
Document433 pages
CATERBONE v. The United States of America, Et - Al., COMPLAINT July 20, 2016 Ver 2.0 Full
Stan J. Caterbone
No ratings yet
DCL 302 Sem 4 Ethicsmsgsouthernj
Document9 pages
DCL 302 Sem 4 Ethicsmsgsouthernj
api-285323152
No ratings yet
Why Did Tommy, Sammy, and Samuel Caterbone All Die Out of The State of Pennsylvania - March 18, 2010
Document40 pages
Why Did Tommy, Sammy, and Samuel Caterbone All Die Out of The State of Pennsylvania - March 18, 2010
Stan J. Caterbone
No ratings yet
A Farewell To Arms - John Carlin
Document11 pages
A Farewell To Arms - John Carlin
swatasiddha
0% (1)
The Daily Union. January 18, 2014
Document22 pages
The Daily Union. January 18, 2014
DUNews
No ratings yet
11-02-2013 Edition PDF
Document32 pages
11-02-2013 Edition PDF
San Mateo Daily Journal
No ratings yet
1984 Argument Essay
Document6 pages
1984 Argument Essay
api-358956677
No ratings yet
The Problem With Philippine Sports
Document7 pages
The Problem With Philippine Sports
Leviña Ubay
No ratings yet
The BLACK SEAL N°2
Document84 pages
The BLACK SEAL N°2
Clint
No ratings yet
Illumanti Sites
Document4 pages
Illumanti Sites
Samad Islam
No ratings yet
March - The Torture Report
Document273 pages
March - The Torture Report
Emma Obrien
No ratings yet
Ron Paul America's Most Dangerous Nazi
Document574 pages
Ron Paul America's Most Dangerous Nazi
Alan Jules Weberman
0% (5)
Beyond Privacy and Security: The Role of The Telecommunications Industry in Electronic Surveillance, by Mieke Eoyang
Document24 pages
Beyond Privacy and Security: The Role of The Telecommunications Industry in Electronic Surveillance, by Mieke Eoyang
Hoover Institution
100% (5)
PHIL136 Answer Key 7
Document5 pages
PHIL136 Answer Key 7
Nato Caro
No ratings yet
Scientific Validity of Polygraph Testing
Document118 pages
Scientific Validity of Polygraph Testing
Ciuciulica
No ratings yet
2003-04-04 SIDToday - Read All About Us PDF
Document1 page
2003-04-04 SIDToday - Read All About Us PDF
Jon Street
No ratings yet
The National Security Agency: Missions, Authorities, Oversight and Partnerships
Document7 pages
The National Security Agency: Missions, Authorities, Oversight and Partnerships
Eric Lach
No ratings yet
Cuba - United States Secret Diplomacy Documents (1961-1977)
Document98 pages
Cuba - United States Secret Diplomacy Documents (1961-1977)
PaperlessArchives
No ratings yet
Sword Art Online 15 - Alicization Invading
Document246 pages
Sword Art Online 15 - Alicization Invading
Drakegon
95% (39)
Information Privacy Law Aspen Casseries 5Th Edition Full Chapter
Document41 pages
Information Privacy Law Aspen Casseries 5Th Edition Full Chapter
stephen.harris953
100% (25)
Survey On The Contribution of Nsa in West Africa
Document16 pages
Survey On The Contribution of Nsa in West Africa
timipre
No ratings yet
How The NSA's Surveillance Procedures Threaten Americans' Privacy
Document4 pages
How The NSA's Surveillance Procedures Threaten Americans' Privacy
jaleelh9898
No ratings yet
The Letters of Ron Price
Document125 pages
The Letters of Ron Price
RonPrice
100% (1)
Engineer / Developer / Analyst
Document23 pages
Engineer / Developer / Analyst
api-78039950
No ratings yet