|
|
||||||||||||||||||
...
Training Feedback
Numerical calculations of LBNL staff cyber security training evaluations. Reported on demand with real time information to cyber security management and reported quarterly to cyber security management. Reported as the average of a rating number on a scale of 1-5.
Outcome | Assurance System | How we demonstrate the system is working? |
Systems are securely configured and meet requirements. | Vulnerability scanning, continuous and on demand, to identify insecurely configured or vulnerable systems with actions in response to a finding of vulnerability. | On request access to blocked host history lists, web site information with current scans. |
Systems are not infected or attacking other systems. | Monitoring systems provide indications of vulnerable systems. | On request access to Bro logs and incident investigation reports. |
Attackers cannot search for targets indiscriminately. | Monitoring systems (Bro, Syslog, Netflow) provide defenses against indiscriminate attackers. | On request access to Bro logs. |
Users are trained. | LBL Training Database | Report outputs on training rates and percentages as part of PEMP. |
Security systems are operational. | Monitoring and alerting systems to detect failures in critical cyber defense systems. | On request access to Nagios and related logging reports. |
DOE and LBL jointly understands residual risk. | Annual risk assessment and ongoing briefings as necessary. Cost-benefit analysis of cyber program. | Dialogue with site office. |
