Cybersecurity is a Journey and Not a Destination: Developing a risk management culture in your business. Thursday, May 21, 2015
Cybersecurity is a Journey and Not a Destination: Developing a risk management culture in your business. Thursday, May 21, 2015
German Nunez is the President and co-founder of NDP (Net-Centric Design Professionals), a Colorado-based engineering firm specializing in net-centric system design, cybersecurity and systems integration. He has served as the company s president since its founding in 2005. In 2013, NDP and Braxton Technologies merged under newly-created Braxton Science & Technology Group (BSTG), where he has expanded his role as an executive advisor. German has nearly twenty years of experience in telecommunications and network engineering, serving customers in both commercial and government sectors.
Agenda What is cybersecurity? What are the current cyber threats? What are the changes the DoD and intelligence community has seen and how has that influenced the private sector?
What is Cybersecurity? Cybersecurity - Definition Measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack Term first used in 1994 Cyberspace The notional environment in which communication over computer networks occurs Cybercrime is estimated to cost the global economy over $400 billion a year
What is Cybersecurity? (cont.) Fundamentals Is a security issue of unprecedented global scale Highly asymmetrical Protects four things: Secrets Assets Identity Perception Who is responsible for Cybersecurity in the US? The Office of Cybersecurity and Communications (CS&C), within the National Protection and Programs Directorate [DHS]
What are the current cyber threats? Data Breaches by Industry Emerging Threats Ransomware Mobile Malware IoT exploits Espionageware and cyberwar 5% 33% 7% 12% 43% Suggested places to stay current: National Cyber Awareness System https://www.uscert.gov/ncas/current-activity FireEye https://www.fireeye.com/currentthreats.html Finance Business Education Gov t Healthcare According to the Identity Theft Resource Center, the number of tracked data breaches in the United States increased by 27.5% from 2013 to 2014
DoD Influence in the Private Sector What are the changes the DoD and intelligence community has seen and how has that influenced the private sector? Advanced Persistent Threat Insider Threat Department of Defense DIRECTIVE 5205.16 The DoD Insider Threat Program Controlled Interfaces Influenced the Security Information and Event Management (SIEM) Market defined by the customer s need to analyze security event data in real-time for internal and external threat management, and to collect, store, analyze and report on log data for incident response, forensics and regulatory compliance.
Trends Superior Prescriptive Models Advanced Intermediate Vulnerability Control Correlations Systems Predictive Models Basic Log Management Monitoring Compliant Protection Monitor and Report Manage and Control Predict and Prescribe
Robb Reck is VP and Chief Information Security Officer for Pulte Financial Services. Robb is an information security and risk professional, with over 16 years of experience in IT, Compliance, and Information Security. He has created comprehensive security programs for multiple organizations in the financial and software industries. He serves as the Vice President of the Denver Chapter of the Information Systems Security Association (ISSA).
Security is not a technology problem - This is a brave new world - Are we secure? - Like any other risk
Where to Invest Strong foundations - Complete /accurate asset inventories - Updated and tuned network and end-point protections - Regular processes to review audit logs - Incident response process and tests Focus on - Process over technology - Training the individuals NOT the newest tools
What it Looks Like