Abstract image of a woman sitting on books and studying on a laptop

Cybersecurity: More than A DoD Issue

Download as PPTX, PDF
Robert E Jones, profile picture
Robert E Jones

The document outlines a presentation on cybersecurity compliance, particularly for government contractors, led by Robert E. Jones, an expert with over 15 years of experience in defense contracts. It covers cybersecurity requirements, basic standards such as NIST SP 800-171, and essential compliance steps like employee training and device inventory. Additionally, it introduces the Cybersecurity Maturity Model Certification (CMMC), which will be required for defense contractors by mid-2020.

Government & Nonprofit
Related topics:
Government Contracts
1 of 29
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Cybersecurity: More than a DoD Issue
Robert E. Jones Government Contracts & Accounting Expert CPA, CPCM, NCMA Fellow Meet your presenter: • Robert has over 15 years of Department of Defense contract and accounting experience. • He has successfully managed over $400 million in federal contracts.
About us Left Brain Professionals is a boutique accounting firm that serves government contractors. We specialize in accounting system design, implementation, and audit support.
Our Services
Cybersecurity: More than A DoD Issue
Why we’re here To learn the basics of cybersecurity compliance for your business.
Learning Objectives • Identify the cybersecurity requirements in your contracts • Define the basic cybersecurity requirements • List simple steps you can take towards compliance • Get certified!
Identify Requirements in Your Contracts FAR 52.204-21 • Basic Safeguarding of Covered Contractor Information Systems DFARS 252.204-7012 • Safeguarding Covered Defense Information and Cyber Incident Reporting Focus on Systems vs Data
Identify Requirements • Other agency • Commercial requirements
Room Poll What cybersecurity requirements exist in your contracts? • FAR 52.204-21 • DFARS 252.204-7012 • Another agency • Other/commercial • I don’t know
Define Basic Cybersecurity Reqs • NIST (SP) 800-171 • COBIT 5 • SANS 20 • ISO/IEC 27001
NIST (SP) 800-171 • Access Control • Awareness and Training • Audit and Accountability • Configuration Management • Identification and Authentication • Incident Response • Maintenance • Media Protection • Personnel Security • Physical Protection • Risk Assessment • Security Assessment • System and Communications Protection • System and Information Integrity
Other Frameworks • COBIT 5 • SANS 20 • ISO/IEC 27001
Room Poll How many requirements are listed in NIST (SP) 800-171? • 14 • 110 • 171 • 222
Simple Steps Towards Compliance • Train all employees • Use multifactor authentication • Inventory all devices and software • Allow only certain devices to connect • Remote wipe devices • Utilize cloud storage
Train All Employees • Provide annual cybersecurity awareness training to all employees • Provide periodic threat updates • Utilize phishing test services • Provide advanced training to IT and other key individuals
Use Multifactor Authentication • Enable multifactor authentication on all PCs and servers • Enable multifactor authentication on all email, VPN, and networks • Enable multifactor authentication on as many software and accounts as possible
Inventory All Devices and Software • Take an inventory of all devices (PCs, servers, phones, tablets, printers, scanners) • Take an inventory of all software (including version and licenses) • Take an inventory of all users and access
Allow Only Certain Devices to Connect • Block access to all emails, networks, and servers by default • Allow access by exception
Remote Wipe Devices Setup remote access with wipe capability on all devices (laptops, phones, tablets)
Utilize Cloud Storage Take advantage of the security built into cloud applications and storage • FedRAMP for CUI on government contracts  Not required for commercial contracts
Room Poll Which of the following is not a step towards compliance? • Training a select few employees • Taking an inventory of devices • Setting up remote wipe of devices • Utilizing cloud storage
Get Certified • New CMMC from DoD • Cybersecurity Maturity Model Certification • 5 levels • Will be required by mid-2020
CMMC 18 domains that mimic 14 categories in NIST (SP) 800- 171
CMMC 5 levels of certification
Room Poll Cybersecurity certification will soon be required for all defense contractors? • True • False
Discussion and Q & A
Connect with us Download the presentation Left Brain Professionals Inc. @LeftBrainPro @LeftBrainPro Email: support@leftbrainpro.com
Melissa R. Metzger MAFM melissa@leftbrainpro.com Robert E. Jones CPA, CPCM, NCMA Fellow robert@leftbrainpro.com

More Related Content

PPTX
Essential Layers of IBM i Security: System-Access Security
Precisely
 
PPTX
An Introduction to South Seas Corporation
Ed Mohr
 
PPT
Idps technology starter v2.0
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
PPTX
Functions and features network management
Flightcase1
 
PDF
I aspire instant call center
Hamid Kaber
 
PPTX
10 Quick Cybersecurity Wins for Small Business
SYMBIONT, INC.
 
PDF
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Carl Blume
 
PPTX
BalaBit 2015: Control Your IT Staff
Sectricity
 
Essential Layers of IBM i Security: System-Access Security
Precisely
 
An Introduction to South Seas Corporation
Ed Mohr
 
Idps technology starter v2.0
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Functions and features network management
Flightcase1
 
I aspire instant call center
Hamid Kaber
 
10 Quick Cybersecurity Wins for Small Business
SYMBIONT, INC.
 
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Carl Blume
 
BalaBit 2015: Control Your IT Staff
Sectricity
 

What's hot (20)

PDF
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...
Black Duck by Synopsys
 
PDF
Cybersecurity
nado-web
 
PPTX
Post Wannacry Update
Thomas Springer
 
PPTX
3 steps to 4x the risk coverage of CA ControlMinder
ObserveIT
 
PPT
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
John Gilligan
 
PDF
CyberArk Cleveland Defend End Point Infection and Lateral Movement
Chad Bowerman
 
PDF
Step Into Security Webinar - Physical Security Integration & Access Control -...
Keith Harris
 
PPTX
Combatting Intruders on IBM i with IDS
HelpSystems
 
PPTX
Sophos synchronized security in action @Netpluz CS Event Nov 2017
Netpluz Asia Pte Ltd
 
PPTX
OwnYIT CSAT + SIEM
NCS Computech Ltd.
 
PDF
Virtual Security
F-Secure Corporation
 
PPTX
6 Steps to Secure Network Devices
Lisa Kearney
 
PDF
New VIPRE_DS_EndpointSecurity_2016
Cyd Isaak Francisco
 
PPT
Check mate Barcode Tracking Solutions
Dynamic Systems
 
PDF
Mobile payments and PCI DSS
Manish Mahapatra
 
PPT
UTM Basic Rev 1.2 (Modified)
NCS Computech Ltd.
 
PPTX
SecureTower General Info
Anton Lishchuk
 
PDF
MITRE ATT&CK and 2017 FSB Indictment
Digital Shadows
 
PPTX
BOTNET
SOHITGOBINDAMSHAW
 
PPTX
Managing and securing mobile devices
Softchoice Corporation
 
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...
Black Duck by Synopsys
 
Cybersecurity
nado-web
 
Post Wannacry Update
Thomas Springer
 
3 steps to 4x the risk coverage of CA ControlMinder
ObserveIT
 
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
John Gilligan
 
CyberArk Cleveland Defend End Point Infection and Lateral Movement
Chad Bowerman
 
Step Into Security Webinar - Physical Security Integration & Access Control -...
Keith Harris
 
Combatting Intruders on IBM i with IDS
HelpSystems
 
Sophos synchronized security in action @Netpluz CS Event Nov 2017
Netpluz Asia Pte Ltd
 
OwnYIT CSAT + SIEM
NCS Computech Ltd.
 
Virtual Security
F-Secure Corporation
 
6 Steps to Secure Network Devices
Lisa Kearney
 
New VIPRE_DS_EndpointSecurity_2016
Cyd Isaak Francisco
 
Check mate Barcode Tracking Solutions
Dynamic Systems
 
Mobile payments and PCI DSS
Manish Mahapatra
 
UTM Basic Rev 1.2 (Modified)
NCS Computech Ltd.
 
SecureTower General Info
Anton Lishchuk
 
MITRE ATT&CK and 2017 FSB Indictment
Digital Shadows
 
BOTNET
SOHITGOBINDAMSHAW
 
Managing and securing mobile devices
Softchoice Corporation
 
Ad

Similar to Cybersecurity: More than A DoD Issue (20)

PPTX
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Ignyte Assurance Platform
 
PPTX
CMMC DFARS/NIST SP 800-171
Ignyte Assurance Platform
 
PPTX
Practical Cybersecurity Compliance for Small Business Contractors
Robert E Jones
 
PPTX
CMMC rollout: How CMMC will impact your organization
Infosec
 
PPTX
CMMC Breakdown
Ignyte Assurance Platform
 
PPTX
GACO Webinar: Practical Cybersecurity Compliance for Small Business Contractors
Robert E Jones
 
PDF
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
JSchaus & Associates
 
PPTX
Webinar: Critical Steps For NIST Compliance
Withum
 
PPTX
Government Contracting- The Dawn of the CMMC - Win Federal Contracts
JSchaus & Associates
 
PPTX
Performing PCI DSS Assessments Using Zero Trust Principles
ControlCase
 
PPTX
How I Woke Up from the CMMC Compliance Nightmare
Ignyte Assurance Platform
 
PDF
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
Jack Nichelson
 
PPTX
CMMC Certification
ControlCase
 
PPTX
Cybersecurity Compliance in Government Contracts
Robert E Jones
 
PPTX
Supporting your CMMC initiatives with Sumo Logic
CloudHesive
 
PPTX
MCGlobalTech CMMC Managed Compliance Service
William McBorrough
 
PPTX
Analyzing Your Government Contract Cybersecurity Compliance
Robert E Jones
 
PDF
The Legal Case for Cybersecurity
Shawn Tuma
 
PPTX
CTEK Summer Series Session 3: Understanding CMMC Requirements for Healthcare ...
CTEKMarketing
 
PDF
Beyond NIST, CMMC certification_webinar.pdf
babuml691
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Ignyte Assurance Platform
 
CMMC DFARS/NIST SP 800-171
Ignyte Assurance Platform
 
Practical Cybersecurity Compliance for Small Business Contractors
Robert E Jones
 
CMMC rollout: How CMMC will impact your organization
Infosec
 
CMMC Breakdown
Ignyte Assurance Platform
 
GACO Webinar: Practical Cybersecurity Compliance for Small Business Contractors
Robert E Jones
 
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
JSchaus & Associates
 
Webinar: Critical Steps For NIST Compliance
Withum
 
Government Contracting- The Dawn of the CMMC - Win Federal Contracts
JSchaus & Associates
 
Performing PCI DSS Assessments Using Zero Trust Principles
ControlCase
 
How I Woke Up from the CMMC Compliance Nightmare
Ignyte Assurance Platform
 
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
Jack Nichelson
 
CMMC Certification
ControlCase
 
Cybersecurity Compliance in Government Contracts
Robert E Jones
 
Supporting your CMMC initiatives with Sumo Logic
CloudHesive
 
MCGlobalTech CMMC Managed Compliance Service
William McBorrough
 
Analyzing Your Government Contract Cybersecurity Compliance
Robert E Jones
 
The Legal Case for Cybersecurity
Shawn Tuma
 
CTEK Summer Series Session 3: Understanding CMMC Requirements for Healthcare ...
CTEKMarketing
 
Beyond NIST, CMMC certification_webinar.pdf
babuml691
 
Ad

Recently uploaded (20)

PDF
The GDP double bind- Anders Wijkman Honorary President Club of Rome
Energy for One World
 
PDF
CXPA Finland Webinar - Modern Components of Service Quality - Alec Dalton - ...
Customer Experience Professionals Association
 
PPTX
Neurons.pptx and the family in London are you chatgpt
iammedico23
 
PPTX
SUKANYA SAMRIDDHI YOJANA RESEARCH REPORT AIMS OBJECTIVES ITS PROVISION AND IM...
NishiSinha18
 
PPTX
Presentation on CGIAR’s Policy Innovation Program _18.08.2025 FE.pptx
Ahmed Ali
 
PPTX
CHS rollout Presentation by Abraham Lebeza.pptx
Abraham Lebeza
 
PPTX
3.-Canvassing-Procedures49for election.pptx
clydebegonia
 
PDF
AAAAAAAAAAAAAAAAAaaaaaaaAAAAAAAt - ĐV.pdf
nguyenthihamy2003aa
 
PPTX
Part II LGU Accreditation of CSOs and Selection of Reps to LSBs ver2.pptx
Irish521933
 
PPTX
BHARATIYA NAGARIKA SURAKSHA SAHMITA^J2023 (1).pptx
drpuspanjalipanda
 
PPTX
Parliamentary procedure in meeting that can be use
MarizaSandaCollado
 
PPTX
Introduction to the NAP Process and NAP Global Network
NAP Global Network
 
PDF
4_Key Concepts Structure and Governance plus UN.pdf okay
chris10pher
 
PDF
Introducrion of creative nonfiction lesson 1
pleaselangbabyilovey
 
PPTX
Workshop introduction and objectives. SK.pptx
Ahmed Ali
 
PPTX
cpgram enivaran cpgram enivaran cpgram enivaran
deep876511
 
PPTX
DFARS Part 253 - Forms - Defense Contracting Regulations
JSchaus & Associates
 
PDF
Item # 8 - 218 Primrose Place variance req.
ahcitycouncil
 
PDF
ESG Alignment in Action - The Abhay Bhutada Foundation
Harsh Mishra
 
PDF
Item # 10 -- Set Proposed 2025 Tax Rate
ahcitycouncil
 
The GDP double bind- Anders Wijkman Honorary President Club of Rome
Energy for One World
 
CXPA Finland Webinar - Modern Components of Service Quality - Alec Dalton - ...
Customer Experience Professionals Association
 
Neurons.pptx and the family in London are you chatgpt
iammedico23
 
SUKANYA SAMRIDDHI YOJANA RESEARCH REPORT AIMS OBJECTIVES ITS PROVISION AND IM...
NishiSinha18
 
Presentation on CGIAR’s Policy Innovation Program _18.08.2025 FE.pptx
Ahmed Ali
 
CHS rollout Presentation by Abraham Lebeza.pptx
Abraham Lebeza
 
3.-Canvassing-Procedures49for election.pptx
clydebegonia
 
AAAAAAAAAAAAAAAAAaaaaaaaAAAAAAAt - ĐV.pdf
nguyenthihamy2003aa
 
Part II LGU Accreditation of CSOs and Selection of Reps to LSBs ver2.pptx
Irish521933
 
BHARATIYA NAGARIKA SURAKSHA SAHMITA^J2023 (1).pptx
drpuspanjalipanda
 
Parliamentary procedure in meeting that can be use
MarizaSandaCollado
 
Introduction to the NAP Process and NAP Global Network
NAP Global Network
 
4_Key Concepts Structure and Governance plus UN.pdf okay
chris10pher
 
Introducrion of creative nonfiction lesson 1
pleaselangbabyilovey
 
Workshop introduction and objectives. SK.pptx
Ahmed Ali
 
cpgram enivaran cpgram enivaran cpgram enivaran
deep876511
 
DFARS Part 253 - Forms - Defense Contracting Regulations
JSchaus & Associates
 
Item # 8 - 218 Primrose Place variance req.
ahcitycouncil
 
ESG Alignment in Action - The Abhay Bhutada Foundation
Harsh Mishra
 
Item # 10 -- Set Proposed 2025 Tax Rate
ahcitycouncil
 

Cybersecurity: More than A DoD Issue

  • 2. Robert E. Jones Government Contracts & Accounting Expert CPA, CPCM, NCMA Fellow Meet your presenter: • Robert has over 15 years of Department of Defense contract and accounting experience. • He has successfully managed over $400 million in federal contracts.
  • 3. About us Left Brain Professionals is a boutique accounting firm that serves government contractors. We specialize in accounting system design, implementation, and audit support.
  • 6. Why we’re here To learn the basics of cybersecurity compliance for your business.
  • 7. Learning Objectives • Identify the cybersecurity requirements in your contracts • Define the basic cybersecurity requirements • List simple steps you can take towards compliance • Get certified!
  • 8. Identify Requirements in Your Contracts FAR 52.204-21 • Basic Safeguarding of Covered Contractor Information Systems DFARS 252.204-7012 • Safeguarding Covered Defense Information and Cyber Incident Reporting Focus on Systems vs Data
  • 9. Identify Requirements • Other agency • Commercial requirements
  • 10. Room Poll What cybersecurity requirements exist in your contracts? • FAR 52.204-21 • DFARS 252.204-7012 • Another agency • Other/commercial • I don’t know
  • 11. Define Basic Cybersecurity Reqs • NIST (SP) 800-171 • COBIT 5 • SANS 20 • ISO/IEC 27001
  • 12. NIST (SP) 800-171 • Access Control • Awareness and Training • Audit and Accountability • Configuration Management • Identification and Authentication • Incident Response • Maintenance • Media Protection • Personnel Security • Physical Protection • Risk Assessment • Security Assessment • System and Communications Protection • System and Information Integrity
  • 13. Other Frameworks • COBIT 5 • SANS 20 • ISO/IEC 27001
  • 14. Room Poll How many requirements are listed in NIST (SP) 800-171? • 14 • 110 • 171 • 222
  • 15. Simple Steps Towards Compliance • Train all employees • Use multifactor authentication • Inventory all devices and software • Allow only certain devices to connect • Remote wipe devices • Utilize cloud storage
  • 16. Train All Employees • Provide annual cybersecurity awareness training to all employees • Provide periodic threat updates • Utilize phishing test services • Provide advanced training to IT and other key individuals
  • 17. Use Multifactor Authentication • Enable multifactor authentication on all PCs and servers • Enable multifactor authentication on all email, VPN, and networks • Enable multifactor authentication on as many software and accounts as possible
  • 18. Inventory All Devices and Software • Take an inventory of all devices (PCs, servers, phones, tablets, printers, scanners) • Take an inventory of all software (including version and licenses) • Take an inventory of all users and access
  • 19. Allow Only Certain Devices to Connect • Block access to all emails, networks, and servers by default • Allow access by exception
  • 20. Remote Wipe Devices Setup remote access with wipe capability on all devices (laptops, phones, tablets)
  • 21. Utilize Cloud Storage Take advantage of the security built into cloud applications and storage • FedRAMP for CUI on government contracts  Not required for commercial contracts
  • 22. Room Poll Which of the following is not a step towards compliance? • Training a select few employees • Taking an inventory of devices • Setting up remote wipe of devices • Utilizing cloud storage
  • 23. Get Certified • New CMMC from DoD • Cybersecurity Maturity Model Certification • 5 levels • Will be required by mid-2020
  • 24. CMMC 18 domains that mimic 14 categories in NIST (SP) 800- 171
  • 25. CMMC 5 levels of certification
  • 26. Room Poll Cybersecurity certification will soon be required for all defense contractors? • True • False
  • 28. Connect with us Download the presentation Left Brain Professionals Inc. @LeftBrainPro @LeftBrainPro Email: support@leftbrainpro.com
  • 29. Melissa R. Metzger MAFM melissa@leftbrainpro.com Robert E. Jones CPA, CPCM, NCMA Fellow robert@leftbrainpro.com