Executive Order 13636, "Improving Critical Infrastructure Cybersecurity," gave the National Institute of Standards and Technology (NIST) the responsibility to work with industry to develop a voluntary "framework"—incorporating existing standards, guidelines and best practices—that institutions could use to reduce the risk of cyber attacks. Critical infrastructure includes those industries vital to the nation's economy, security and health such as finance, energy, transportation, food and agriculture, and health care.
SDSC hosts a wide range of IT Systems and important services that rely on Cyber Security for protection from an ever-increasing Cyber threat. These threats include those posed by individual “black hat” hackers seeking publicity, Nation State professionals exploring methods to disrupt our national infrastructure, and criminals who exploit private data for their illegal business activities. Cyber Security includes important security controls that provide a layered approach to combat these hacker activities. As these threats change and evolve, the role of Cyber Security must anticipate and react in order to stay ever vigilant.
The Sherlock Security Group is responsible for the IT security of a broad range of IT Systems that are used for general computing, research, HPC, and compliance with regulations such as the Federal Information Security Management Act (FISMA) and the Health Insurance Portability and Accountability Act (HIPAA). Security Services performed by the Sherlock Security Group include secure architecture development, intrusion detection, vulnerability assessments, central log collection, event alerting, system hardening, security assessments, configuration of firewalls rules, security lifecycle documentation development, risk assessments, etc.