Links and items in parentheses below were provided by R. Perry.

Layers of the Problem

Personal - PCs, Individuals

PW (passwords), PIV (Personal Identity Verification *), virus protection, (personal certificates), etc.

Enterprise - Business, University

Domain Management, Community of Users, Policies, Active Monitoring and Control

Nation or State - Jurisdiction, Laws, Protection

Monitor Violations, Prosecute, Forensics

Global

Protect Nation or State against Agressors - passive protection against hackers, political groups, nation states

Cyber Warfare - actively fighting back

FIPS-201-1 - Personal Identity Verification (PIV) of Federal Employees and Contractors

SP-800-63 - Electronic Authentication Guideline

Table A.1 - Estimated Password Guessing Entropy in bits vs. Password Length

SP-800-73-3 - Interfaces for Personal Identity Verification (4 Parts)

SP-800-76-1 - Biometric Data Specification for Personal Identity Verification

SP-800-78-2 - Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV)

US Federal Cybersecurity Priorities

Identity Management

Access Control, PW, Biometrics, etc.

Real Time Monitoring

Perimeter firewalls, Traffic, Unusual Signatures, etc.

Situational Awareness

Visualization, State Representation, Modeling, etc.

Intrusion Detection

Pattern Recognition, Anomaly Detection, etc.

Vulnerability Scanning

Periodic Assessments of Compliance: Architecture, Operations, Policy, etc.

Application Security

Hardening Applications, Scanning, Testing, etc.

Education and Training

Threat Awareness, Best Practices, etc.