This is the last in a series of profiles featuring 2012 U.S. Government Information Security Leadership Award (GISLA) winners. The winners received the awards in October from (ISC)2 a nonprofit serving certified information security professionals and administrators.
As the systems that support space missions continue to grow in scale and complexity, so does the need to keep improving the processes used to assess system vulnerabilities. At the same time, those processes have to remain flexible, reliable and still meet a host of complex continuous monitoring guidelines.
One example where that is taking place is the enterprise-wide implementation of the McAfee Host Based Security System (HBSS) by the Defense Information Systems Agency and its Military Satellite Communications (MILSATCOM) Systems Directorate. The initiative is an effort to reduce security risks by integrating legacy certification and accreditation decisions with future information system (IS) continuous monitoring requirements.
The process, like many within the Defense Department must follow a strict set of guidelines (specifically DODI 8510.01 DoD Information Assurance Certification and Accreditation Process (DIACAP); DODI 8500.2 Information Assurance Implementation, and NIST Special Publication (SP) 800Ã¢Â€Â53 Recommended Security Controls for Federal Information Systems and Organizations.)
Implementing new security systems, while navigating those rules, all within a tight time schedule is no easy task.
The fact that Steven Martin, CISM, Information Assurance Manager, U.S. Air Force, and his team was able to accomplish this effort in less than two months, was just one of the reasons, Martin team was recently recognized by the 2012 (ISC)2 U.S. Government Information Security Leadership Award (GISLA) in the Technology Improvement Category.
By formulating, documenting, and completing a proof of concept, Martin and his team not only demonstrated a fast-track approach to implementing a complicated security implementation, but also developed a pathfinder model for future implementations.
They did that in part by forging a diverse partnership between U.S. government, contractor, and industry to overcome the significant challenge of integrating the HBSS baseline on a Space Mission System.
The key to making this type of effort successful is to, “Find a good team and empower them and entrust them to do some creative thinking,” said Martin.
What the distinguished the HBSS Pilot Integration team, according to GISLA judges, was its innovative approach in applying a “Threat Lifecycle Management (TLM)” model map and tying it back to the portion of the continuous monitoring process that the HBSS provides.
This collaborative work between the operational community and the HBSS developer serves as a benchmark example of how to successfully migrate from an enclave to enterprise approach for implementing, monitoring, and reporting IA security of our systems, according to Martin.