On the off chance that you did not think I could write about Information Assurance (IA) or cybersecurity, take a look at another one of my writing samples, below, dealing exactly with that subject matter. Thanks!
The client is an industry expert in providing Cyber Threat Analysis, Information Assurance (IA) Vulnerability Management, Host Based Security System (HBSS), Incident Response Analysis, Service Provider External Assessment, and IA Program Management. The IA Team’s senior-level Enterprise Architects, Engineers, and Subject Matter Experts (SMEs) are responsible for analyzing legacy and future enterprise IT Infrastructure, devices, systems, and software. The Team provides Risk Mitigation recommendations to secure devices and ensure the security of the critical Infrastructure and Architecture of the network enterprise. The IA Team operates standard scanning tools to assess the vulnerability state of a given environment. After receiving reports, the Team puts remediation efforts in place to address vulnerabilities, for the Information Assurance Manager (IAM) to accept the residual risk. The IA Team conducts penetration tests of both physical and logical IA controls to determine if the defense in-depth design, which includes but is not limited to Network Policy Server (NPS) and network security posture, is performing in a desired fashion.
The IA Team is well-versed in troubleshooting end-user application issues. As a standard process, all workstations have installed Host Based Security System (HBSS) modules and Microsoft’s System Center Configuration Manager (SCCM) client. At certain instances, issues may occur with the applications, with which IA Team deals quickly and efficiently. If a system is not getting patched, the experts check the SCCM client on the system. As a solution, IA Team may remove and reinstall it. In other instances, HBSS, Host Intrusion Prevention System (HIPS), or VirusScan can cause issues to user’s system, such as not allowing an application to work. In such cases the Team reviews the log file to determine what is being blocked by HIPS. From that point, the personnel correctly decide whether or not to allow the action to proceed.
The Team has established network and system baselines for managing and tracking system and network changes with a proactive approach to enhance performance. The Team ensures that corrective actions or updates do not adversely affect the customer’s systems and network. The IA Team monitors systems and networks using tools like SCCM to collect system-related changes or problems. Using system and network performance statistics, the Team also identifies and implements corrective actions to repair system or network problems and improve performance. As the Team identifies issues, they document a corrective plan of actions, and obtains the customer’s required approvals prior to change implementation.
In the Team’s present Navy Medicine efforts, they use Vulnerability Remediation Asset Manager (VRAM), a site that reports Information Assurance Vulnerability (IAV) compliance. The Cybersecurity team members have laid out a process on how to report compliance and how to remediate the systems. The process is as follows:
1. The VRAM will be updated with new Information Assurance Vulnerability Alerts (IAVAs) that are applicable to everyone within U.S. Navy
2. The Cybersecurity experts receive a notification of new IAVAs via email
3. Through VRAM, the Team acknowledges that they received the notification
4. Throughout the week, using the Nessus vulnerability scanner, the Cyber experts scan their network for vulnerabilities. They upload Nessus file into VRAM, which determines if any of the reported IAVAs are applicable
5. If applicable, the Team downloads the patch that will be applied to all of the systems via SCCM server. The SCCM server will then communicate with the SCCM client on the servers and workstations, applying the patch
6. The IA Team experts scan the systems again and upload the Nessus file to VRAM to determine what systems reported are still not compliant or patched. Considering that the majority of the systems are laptops, the Team may submit a mitigation plan to extend the deadline to patch the systems
7. Ultimately, the Team generates a report using the Nessus file to determine what systems are still not patched. If there are only a few left, the Team investigates further in order to determine whether the SCCM client is working
The IA Team maintains optimum security and system performance by ensuring all workstations and laptops are kept up to date and secured with all required DOD policies and guidelines i.e., Security Technical Implementation Guides (STIGs). The Team make sure to install system software configurations and patching the systems in accordance with latest Information Assurance Vulnerability Management (IAVM) process. The Team implements the security controls as defined by Committee on National Security Systems (CNSS), DoD Cybersecurity Directives, Security Technical Implementation Guides, and NIST Guidelines. Using these guides, the IA Team experts design and integrate the required technologies to protect Government networks. The Team registers and maintains the compliance status of all operational Network Protection (NP) related hardware and software, including NPS components deployed to Service MTFs, the MHS Intranet, and other MHS data centers supported.
The Team has proven knowledge and experience working with the Computer Network Defense team as well as a clear and professional knowledge of the Cyber Incident Handling Program. The Team handles and reports the incidents according to the Chairman of the Joint Chiefs of Staff Manual (CJCSM), DoD, DON, and Navy Medicine Enterprise reporting procedures. The Team has developed incident response standard operating procedures (SOPs) for the to ensure reporting requirements are met reporting directly to Navy Medicine Incident Response Team and Navy’s Computer Network Defense Service Provider (CNDSP). IA experts improve Cybersecurity awareness by providing information that is personally useful to the government staff, such as ways to avoid scams, fraud, phishing, and ID theft. The IA Team gathers information and generates reports on compliance of government-issued equipment using the HBSS, Assured Compliance Assessment Solution (ACAS), and the Online Compliance Reporting System (OCRS). These efforts involve the constant evaluation of the patch level of systems, coinciding with new IAVA and Communications Tasking Orders (CTO) releases. Using the ACAS tool, the Team identifies systems as deficient in patch level and then brings them up to date via a combination of automated and manual means. The Team then re-scans these systems with ACAS. Once the Team determines the systems to be compliant, the Team reports the environment as such in the OCRS website. The IA personnel control and validate security policy and track the existence of individual systems to determine if they are in fact authorized to connect to the network.
The IA Team continuously provides expert network design, analysis, engineering, integration, and technical services including IA and Cybersecurity. They are responsible for the deployment of thousands of compliant and productive workstations and laptops across dozens of DoD sites. The Team maintains expertise in relevant DoD guidance on topics including the DoD Architecture Framework (DoDAF); service-oriented architecture (SOA); the Federal Information Security Act (FISMA); Federal Enterprise Architecture (FEA) requirements; and evolving Global Information Grid (GIG) capabilities and interface requirements to ensure IA is embedded in every FORCEnet component. As Navy Medicine network security experts, the Team supports Information Security (INFOSEC) in the areas of Intrusion Detection Systems (IDS) and (Public Key Infrastructure) PKI technologies enabling single sign-on (SSO), as well as leading security architecture design and integration of firewall, IDS, and VPN technologies.
The Team has a proven record of supporting and troubleshooting DoD-mandated compliance software. Regarding HBSS, the Team experts are responsible for ensuring that all of the HBSS modules, such as VirusScan, DLP/DCM, ABM, ACCM, PA, HIPS, are current. These modules are a mandatory requirement on all DoD systems. The IA personnel utilize DLP/DCM module to block unauthorized USB devices, VirusScan for antivirus application, and HIPS as the firewall that also blocks malware. Within the HBSS ePO server, the experts can determine whether any of the modules are missing, if McAfee Agent has not communicated with ePO server, or if antivirus definition is not current. The Team emails the users if any of the systems need to be touched manually to determine the non-compliant issue.
Regarding SCCM, the IA Team has an SCCM server that they use to reimage the systems and push Microsoft and third-party application updates to servers and workstations. The Team also uses it to push new or remove obsolete applications. IA personnel are not currently using BitLocker, although they are approved to use this application for Data-at-Rest (DAR) and are currently testing this encryption option. Now, the IA Team are using Symantec Endpoint Encryption (SEE) for all DAR on all laptops. The purpose of SEE and BitLocker is to encrypt the hard drive, for data not to be retrieved if the equipment is stolen. Concerning compliance checker, ECS Team utilizes SCAP Compliance Checker (SCC) to validate the STIGs that are currently applied to servers and workstations. Anytime the team has a newly image system, they use SCC to check if the DoD STIGs are applied. If at any point there is a new version of any STIGs, the Team checks their current system for compliance. This is done to the purpose of hardening their systems, such as disabling Macros, disabling services, etc.
For antivirus purposes, the IA Team uses McAfee VirusScan, which is one of the HBSS Modules. The Team updates the antivirus definition on all systems when they communicate to the HBSS ePO server. As the HBSS administrator, the experts ensure that the most current version of the application and the most current version of the antivirus definition are pushed to servers and workstations.
The IA Team maintains optimum security and system performance by ensuring servers are kept up to date and secured with all required DoD policies and guidelines (i.e., STIGs). They install server software configurations and patched the systems according to the latest Information Assurance Vulnerability Management (IAVM) process. The Team has the required experience, technical knowledge, and understanding of the network to provide the leadership advisement and recommendations on network related issues whether architectural, performance, or security-related. The Team manages the network Cybersecurity requirements associated with the customer’s network responsibilities. The personnel have multiple years of experience with DoD network boundary and enclave protection design, deployment, and management. The Team implements the security controls as defined by Committee on National Security Systems (CNSS), DoD Cybersecurity Directives, STIG, and NIST Guidelines. Using these guides, IA experts design and integrate the required technologies to protect Government networks. IA personnel register and maintain the compliance status of all operational Network Protection (NP) related hardware and software.