Dr. Stephanie Carter CISM, CISSP, CISA

Similar documents
Forensics and Active Protection

Cyberspace : Privacy and Security Issues

THE POWER OF TECH-SAVVY BOARDS:

Cybersecurity, safety and resilience - Airline perspective

Gujarat Forensic Sciences University

Ensuring System Protection throughout the Operational Lifecycle

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Machine-Based Penetration Testing

Cyber Resilience. Think18. Felicity March IBM Corporation

Cyber Risk in the Marine Transportation System

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Machine-Based Penetration Testing

STUDENT GUIDE Risk Management Framework Step 1: Categorization of the Information System

Cybersecurity Planning Lunch and Learn

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

E-guide Getting your CISSP Certification

External Supplier Control Obligations. Cyber Security

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Predstavenie štandardu ISO/IEC 27005

EXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

Introduction Privacy, Security and Risk Management. What Healthcare Organizations Need to Know

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Understanding the Changing Cybersecurity Problem

The Confluence of Physical and Cyber Security Management

National Initiative for Cyber Education (NICE) and the Cybersecurity Workforce Framework: Attract and Retain the Best in InfoSec.

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

MIS Class 2. The Threat Environment

U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC)

CyBot Suite. Machine-based Penetration Testing

NIST Special Publication

Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation

INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

Tool-Supported Cyber-Risk Assessment

Information Technology Security Plan Policies, Controls, and Procedures Identify Risk Assessment ID.RA

CYBER RESILIENCE & INCIDENT RESPONSE

Assessing Your Incident Response Capabilities Do You Have What it Takes?

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

SOCIAL NETWORKING IN TODAY S BUSINESS WORLD

FFIEC Cybersecurity Assessment Tool

Enterprise D/DoS Mitigation Solution offering

Cybersecurity Auditing in an Unsecure World

Certified Information Security Manager (CISM) Course Overview

INTERNATIONAL CIVIL AVIATION ORGANIZATION ASIA and PACIFIC OFFICE ASIA/PAC RECOMMENDED SECURITY CHECKLIST

What We Can Learn from Other s Cybersecurity Failures. Keith Price BBus, MSc, CGEIT, CISM, CISSP

Cyber Security Program

MITIGATE CYBER ATTACK RISK

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

The NIST Cybersecurity Framework

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

American Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment

THE WHITE HOUSE. Office of the Press Secretary EXECUTIVE ORDER

CYBER SECURITY AIR TRANSPORT IT SUMMIT

COMPUTER NETWORK SECURITY

SOC for cybersecurity

The Cyber War on Small Business

NIST Security Certification and Accreditation Project

THE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER

Information Assurance 101

Cyber Criminal Methods & Prevention Techniques. By

CYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

New Guidance on Privacy Controls for the Federal Government

Information Technology Security Plan Policy, Control, and Procedures Manual Detect: Anomalies and Events

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Cybersecurity: Trust, Visibility, Resilience. Tom Albert Senior Advisor, Cybersecurity NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1

SYSTEMS ASSET MANAGEMENT POLICY

Designing and Building a Cybersecurity Program

Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

Information for entity management. April 2018

How to Conduct a Business Impact Analysis and Risk Assessment

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Cyber Security. The Question of the Day. Sylint Group, Inc. How did we come up with the company name Sylint and what does it mean?

STANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange

EXABEAM HELPS PROTECT INFORMATION SYSTEMS

Rethinking Cybersecurity from the Inside Out

Automotive Security Standardization activities and attacking trend

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

Hacking and Cyber Espionage

The Challenge of Cloud Security

Technical Reference [Draft] DRAFT CIP Cyber Security - Supply Chain Management November 2, 2016

Risk-Based Cyber Security for the 21 st Century

Fidelis Overview. 15 August 2016 ISC2 Cyber Defense Forum

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

TAN Jenny Partner PwC Singapore

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Global cybersecurity and international standards

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Inspector General. Report on the Peace Corps Information Security Program. Peace Corps Office of. Background FISCAL YEAR 2017

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

Cybersecurity and Hospitals: A Board Perspective

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

Cybersecurity Today Avoid Becoming a News Headline

How to Prepare a Response to Cyber Attack for a Multinational Company.

RSA NetWitness Suite Respond in Minutes, Not Months

Security. Protect your business from security threats with Pearl Technology. The Connection That Matters Most

Cybersmart Buildings: Securing Your Investments in Connectivity and Automation

Transcription:

Dr. Stephanie Carter CISM, CISSP, CISA

Learning Objectives (LO) LO1 Will learn the theological and practitioner definition of cybersecurity LO2 Will learn the dependency between physical and cyber security domains LO3 Will learn the constraints to physical and cyber security convergence LO4 Will learn pros and cons of physical and cyber security convergence

What is Cybersecurity?

Cybersecurity Cybersecurity The ability to protect or defend the use of cyberspace from cyber attacks (CNSSI 4009) Cyberspace A global domain within the information environment consisting of the interdependent network of information systems infrastructures including the Internet, telecommunications networks, computer systems, and embedded processors and controllers. (CNSSI 4009) Cyber Attack An attack, via cyberspace, targeting an enterprise s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information. (CNSSI 4009)

CYBERSECURITY DEFENDERS Legal Human Resource IT Accounting Acquisition Financial Marketing Sales & Services Research & Development Operations Auditor Analyst (Security, Forensic) Engineers (Network, Security) Architects (Enterprise, Network, Security) Forensics (Analysts) Intelligence (Analyst, Officers) Information Security Officer Security Officer/Security Guard ENFORCERS

When you think of cybersecurity, is physical security a part of that thought?

Security Objectives Confidentiality Ensuring no unauthorized access to data Integrity Ensuring no unauthorized modification of data Availability Ensuring data is always available to authorized subjects

Security Safeguards Operating Procedures Management Procedures Hardware and Software Physical Security Security measures used to meet security objectives (i.e., confidentiality, integrity, and availability) to protect the organization s most valuable asset data/information. These measures are translated in the form of security controls and countermeasures created for each area.

Controls Logical (Technical) -Preventive -Detective -Corrective Administrative -Preventive -Detective -Corrective Physical -Preventive -Detective -Corrective

Cybersecurity Deter Potential Threat Detect Threats Monitor/Record Threats Physical Security Deter Potential Threat Detect Threats Monitor/Record Threats Trigger Incident Response Assess Threat Contain Threat Report Threat Remediate Threat Assess Controls Update polices, procedures, security documentation Trigger Incident Response Assess Threat Contain Threat Report Threat Remediate Threat Assess Controls Update policies, procedures, security documentation

Security Interdependencies Physical threats have an impact on cyber operations Stealing, leaking, compromising information Cyber threats have an impact on physical operations Automated systems controlling physical access

Threats Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. (NIST SP 800-53; SP 800-53A; SP 800-27; SP 800-60; SP 800-37; CNSSI-4009) The potential source of an adverse event. (NIST SP 800-61) Threat Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability. (FIPS 200)

Bridging the Gap PROS Effective risk management Increased security Alignment of security processes/goals with business processes/goals Increased organization-wide information sharing Tips the scale of importance More thorough investigations Creates an organizational culture of diversity and appreciation CONS Inhibits identity of vulnerabilities Hinders proper risk management Increases useless investments in IT, security controls & countermeasures Difficult to identify physical intruders Poor detecting of cyber infiltration efforts Impedes information sharing Prevents transparency across the organization

Where do we go from here?

Security Safeguards Operating Procedures Management Procedures Hardware and Software Physical Security Security measures used to meet security objectives (i.e., confidentiality, integrity, and availability) to protect the organization s most valuable asset data/information. These measures are translated in the form of security controls and countermeasures created for each area.

CYBERSECURITY DEFENDERS Legal Human Resource IT Accounting Acquisition Financial Marketing Sales & Services Research & Development Operations Auditor Analyst (Security, Forensic) Engineers (Network, Security) Architects (Enterprise, Network, Security) Forensics (Analysts) Intelligence (Analyst, Officers) Information Security Officer Security Officer/Security Guard ENFORCERS

How is cybersecurity the real threat?

Cybersecurity Cybersecurity The ability to protect or defend the use of cyberspace from cyber attacks (CNSSI 4009) Cyberspace A global domain within the information environment consisting of the interdependent network of information systems infrastructures including the Internet, telecommunications networks, computer systems, and embedded processors and controllers. (CNSSI 4009) Cyber Attack An attack, via cyberspace, targeting an enterprise s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information. (CNSSI 4009)

Security Safeguards Operating Procedures Management Procedures Hardware and Software Physical Security Security measures used to meet security objectives (i.e., confidentiality, integrity, and availability) to protect the organization s most valuable asset data/information. These measures are translated in the form of security controls and countermeasures created for each area.

Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback