Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Published bySherman McCormick Modified over 8 years ago

Similar presentations

Presentation on theme: "Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation."— Presentation transcript:

1 Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation

2 © 2008 Unisys Corporation. All rights reserved. Page 2 Discussion topics Global sector threats The global response Protection plan The future

3 © 2008 Unisys Corporation. All rights reserved. Page 3 Global Cyber Threats Impact Every Sector Electrical grid attacks – Brazil power sector attacks, 2003 US outage (Energy sector) The Morphing of the Mafia – slicing, spaming and phishing -Zeus (Financial Sector) Data extractions and data losses – loss of sensitive DoD data from Centcom and Estonia (Government Sector) Counterfeit equipment inserted into the supply chain (Manufacturing sector) Airline systems taken off line by a computer glitch crippling the air travel (Transportation sector) Hackers steal data pharmaceutical records of thousands of VA residents and encrypt it – holding it for ransom (Healthcare sector) Google hacked by the Chinese (Technology sector)

4 © 2008 Unisys Corporation. All rights reserved. Page 4 Keeping Pace The Public Sector needs better ways to protect assets and citizens Global criminal activity has increased the need for sophisticated tools to protect financial assets and avoid service interruptions Enterprises want cost effective solutions such as cloud and virtualization without giving up privacy and security Leaders must ensure continuity of operations for key infrastructure services and customer service, avoid negative economic impact The private sector needs to take a leadership role in securing their own infrastructure as well as their clients. We can’t wait for legislation and regulation. We need to act now.

5 © 2008 Unisys Corporation. All rights reserved. Page 5 US Leadership Direction “Protecting this infrastructure will be a national security priority. We will ensure that these networks are secure, trustworthy and resilient.” ~Obama May 29, 2009 May 27, 2010 – White House releases a new National Security Strategy

6 © 2008 Unisys Corporation. All rights reserved. Page 6 © 2009 Unisys Corporation. All rights reserved. Page 6 Our Cyber Dependency Today both public and private sector rely on information systems to perform their missions and business function Enterprise systems must be protected from cyber threats to ensure they are available Significant cyber attacks have overwhelmed security professionals – Attacks are aggressive and targeted; many are extremely sophisticated – Our adversaries are nation states, terrorist groups, hackers, and those with intentions of compromising critical systems – Malicious software deployments making it nearly impossible to protect critical systems and information

7 © 2008 Unisys Corporation. All rights reserved. Page 7 Protection begins with planning Strong governance models and organizational structure critical to success Assessing your current risk posture based on proven frameworks Build a strategic plan integrated into the overall corporate model Security is a business enabler and must not appear to be stand alone Policies are critical however worthless without enforcement tools Auditing, assessments and continuous monitoring

8 © 2008 Unisys Corporation. All rights reserved. Page 8 © 2009 Unisys Corporation. All rights reserved. Page 8 Determine Your Risk Profile Identify your assets Determine the assurance level Assess based on the risk level Identify your vulnerabilities Begin the remediation process When connecting system or sharing data ensure you know the security vulnerabilities before you connect The Objective: achieve visibility into your system security level, develop a plan to remediate and execute on those plans

9 © 2008 Unisys Corporation. All rights reserved. Page 9 © 2009 Unisys Corporation. All rights reserved. Page 9 Links in the security chain Management, Operational, and Technical Controls Risk assessment Security planning, policies, procedures Configuration management and control Contingency planning Incident response planning Security awareness and training Security in acquisitions Physical security Personnel security Security assessments Certification and accreditation Access control mechanisms Identification & authentication mechanisms (Biometrics, tokens, passwords) Audit mechanisms Encryption mechanisms Boundary and network protection devices (Firewalls, guards, routers, gateways) Intrusion protection/ detection systems Security configuration settings Anti-viral, anti-spyware, anti-spam software Smart cards Adversaries attack the weakest link…where is yours? – NIST

10 © 2008 Unisys Corporation. All rights reserved. Page 10 Where are we heading Advanced persistent threats and vulnerability sophistication Cyber crime will increase Continued disruption in the supply chain Attacks on critical infrastructure Cyber defense options – who pushes the button first

11 © 2008 Unisys Corporation. All rights reserved. Page 11 Contact Patricia Titus, CISO Patricia.titus@unisys.com 703-439-5406 desk 703-895-1492 cell

Download ppt "Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation."

Similar presentations

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
State of NASA Cyber Security Valarie Burks August, 2011.

State of NASA Cyber Security Valarie Burks August, 2011.
Through the cyber looking glass The perspective from a US federal CISO turned private sector CISO Patricia Titus Chief Information Security Officer (CISO)

Through the cyber looking glass The perspective from a US federal CISO turned private sector CISO Patricia Titus Chief Information Security Officer (CISO)
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.

16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Dr. Ron Ross Computer Security Division

Dr. Ron Ross Computer Security Division
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.

Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Similar presentations

Ads by Google