TSA's Dan Daly on Security Operation Best Practices

Special Thanks to Dan Daly for addressing the ACT-IAC Cybersecurity Community of Interest. Dan is the Deputy Director of the Information Assurance and Cybersecurity Division, Transportation Security Administration (TSA) . At the meeting, Dan shared his seasoned advice and progress made at the Transportation Security Administration with integrating key governance and risk management practices with the Security Operations practices. Defining manageable boundaries around your IT systems helps ensure risk management practices are properly aligned with business objectives, priorities and project sensitivities. Ensuring a business context within your risk management practices also helps the SOC avoid a siloed approach that often occurs when analyst's simply chase after the countless alerts most organizations deal with. Dan highlighted his success with performing tabletop and threat emulation exercises to enhance cyber readiness and to continually expand the knowledge and experience of SOC analyst's dealing with an ever-evolving threat landscape.

I especially appreciate Dan's recommended 'Must Have' list for any cyber organization.

• First, MFA is essential to interrupt a hacker's goal to access an organization.
• Second, the Security Operations Center requires full visibility of all organizational IT assets. This might require some candid conversations regarding what is and what isn't IT. Leverage the definition of Cyberspace in this conversation.
• Third, having a mission focused risk management framework is essential.
• Lastly, know that all technology is vulnerable and there's no such thing as 'perfect protection'. This makes incident response capabilities critical to any organization.

Beau Houser is the Chief Information Security Officer at the US Census Bureau. He is also a Federal advisor to the American Council for Technology - Industry Advisory Council (ACT-IAC) Cybersecurity COI .