Overview Incident Handling & Response (PTOCIRT)
The Incident Handling and Response (PTOCIRT)service area concentrates on responding to IT security related events, determining the cause of the event and extent of damage caused to IT systems and their associated data, preventing further damage to PTO IT systems/data, reporting to the Department of Commerce CIRT and Department f Homeland Security US-CERT.
Audit & Measurement
NSOD provides the following services for Audit and Measurement:
-
Ensure compliance of all systems and their components with logging requirements.
-
Conduct reviews on periodic basis. Report exceptions as a security incident.
-
Report exceptions to established baseline transaction profile. Audit systems and personnel for compliance with C&A criteria and PTO policies, report non-compliance.
-
Coordinate and conduct vulnerability testing.
Identity & Account Management
NSOD provides the following services for Identity and Account Management:
-
Administer credential allocation and distribution for various systems of PTO (PTONet, PKI, badge access, etc).
-
Identify guidelines for usage of credentials and report violations of credential usage.
-
Identify guidelines and procedures commensurate with access privilege for granting access or access membership.
-
Ensure authorizations are modified/deleted in accordance with new role.
-
Provide first level service provision as arranged with security service provider and documented scripts.
Intrusion Detection System
NSOD provides the following services for Intrusion Detection Systems:
-
Protect the operating system (OS) by monitoring all incoming and outgoing traffic to and from the servers.
-
Collect data and evidence for investigation and possible prosecution.
-
Minimize computer-related security incidents and mitigate the impact of security incidents.
-
Defending USPTO mission-critical systems from attacks or preventing unauthorized entities from accessing sensitive data has galvanized the movement to implement and integrate a host-based IDS (HIDS) into the current network security infrastructure.
-
The enterprise IDS architecture will consist of centralized IDS management, host, network, wireless and desktop IDS, as well as vulnerability assessment capabilities.
-
The HIDS shall improve the overall security infrastructure of USPTO servers.
-
Agents residing on the servers will monitor security events and report to the centralized security management server.
NSOD provides the following services for Monitoring and Investigations:
-
Monitor system usage and access is most effective in uncovering abuse or attack.
-
Comply with Human Resource and Legal requirements regarding monitoring and evidence gathering.
-
Establish relationships and expertise regarding administrative actions and law enforcement including evidence containment.
-
Conduct detailed forensics analysis of systems and present conclusions and recommendations in an actionable format.
Risk Analysis
NSOD provides the following services for Risk Analysis:
-
Consider PTO sensitivity ratings, architecture, and operations as likelihood of exploit.
-
Qualify estimate of impact regarding the proposal or capability with references, industry, observation, and attacker tools/skill requirements.
-
Provide recommendations that maximize the protection of confidentiality, integrity, and availability while ensuring functionality, usability and cost-effectiveness of the security control.
Firewall
NSOD provides the following services for Firewalls:
Anti-Virus
NSOD provides the following services for Anti-Virus Protection:
-
Maintain and support anti-virus software.
-
Ensure up to date anti-virus signatures.
-
Monitoring of virus trends.
-
Investigation and analysis of virus outbreaks in coordination with USPTO CIRT team.
-
Entails investigating and report all suspected and actual viruses, breaches, incidents, violations, or attempts to gain unauthorized access or misuses of IT resources.
-
Also entails ensuring that appropriate security features are implemented in new systems and that they meet the minimum-security requirements as defined in USPTO security related policies and procedures.
Public Key Infrastructure (Internal)
NSOD provides the following services for the Internal Public Key Infrastructure:
-
Create and manage digital certificates to be used by USPTO employees and contractors for local and remote system access.
-
These certificates will be stored on Smart Card ID badges.
-
The Public Key Infrastructure will be cross-certified with the Federal Bridge Certificate Authority.
Public Key Infrastructure (External)
NSOD provides the following services for the External Public Key Infrastructure:
-
Create PKI Certificates for external customers for e-Business.
-
Administer credential allocation and distribution for PKI system.
-
Identify guidelines for usage of credentials and report violations of credential usage.
-
Identify guidelines and procedures commensurate with access privilege for granting access or access membership.
-
Ensure authorizations are modified/deleted in accordance with new role.
|
Yüklə 41.5 Kb.