Through the cyber looking glass The perspective from a US federal CISO turned private sector CISO Patricia Titus Chief Information Security Officer (CISO)

Slides:

Advertisements

Similar presentations

European Consumer Summit 2014 On-line and mobile payments Dr Florent Frederix Trust & Security Unit, DG CONNECT, European Commission 1 th of April 2014.

Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.

Danish Resource Efficiency Strategy Conference Dr Mervyn Jones Head of Collaborative Programmes.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

Cyber Security: Past and Future John M. Gilligan CERT’s 20 th Anniversary Technical Symposium Pittsburgh, PA March 10, 2009.

Information Security Governance

1 Telstra in Confidence Managing Security for our Mobile Technology.

Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.

Current Information Technology Issues Norbert Mika NJ Mika Consulting Inc.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

ELECTRICAL CRITICAL INFRASTRUCTURE SECURITY Charles Hookham, P.E., M.ASCE, VP, Utility Projects HDR Engineering 1.

Findly Leads the World in Talent Innovation with Its Enterprise-Cloud for Global Talent Acquisition COMPANY PROFILE: FINDLY Findly is a SaaS ISV founded.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.

CAPPS II: A Case Study of Homeland Security Computer Applications Marcia Hofmann Staff Counsel Electronic Privacy Information Center Computer Freedom &

Demand Driven VET System for ASEAN Tourism Professor Chris Cooper.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

Prepared by: Dinesh Bajracharya Nepal Security and Control.

STANDARD 5.3 Objective 3 Students will explain and understand the need for confidentiality.

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.

Student data Privacy and security in a Connected Learning world

Assessment Presentation Philip Robbins - July 14, 2012 University of Phoenix Hawaii Campus Fundamentals of Information Systems Security.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.

INGOTs Computer Security Name: Elliot Haran. Introduction  Staying safe on the internet  Learning to deal with Cyber Bullying, Stalking and grooming.

Information Security: It’s Everyone’s Business September 16, 2003 Greg Garcia, Vice President, Information Security ITAA.

Frankfurt (Germany), 6-9 June 2011 Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210 COMMUNICATION & DATA SECURITY.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Kamran Didcote.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.

ISPAB Panel on Usable Security Mary Frances Theofanos - NIST Ellen Cram Kowalczyk - Microsoft.

CIBC Global Services © 2006, Echoworx Corporation Ubiquity of Security Compliance and Content Management Stephen Dodd Director – Enterprise Accounts.

Nov 22/26 Tech Forum 2015 Roberto Trinconi Cloud the New Path to the Business Leadership.

Training for Rebuilding Europe Retrofitting buildings, training and improved skills, and financing energy efficiency in buildings. 10 December 2010 – 10.

Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.

Alliance Key Manager for Windows Azure Puts Encryption Key Management and Data Breach Security at Your Fingertips COMPANY PROFILE: TOWNSEND SECURITY Townsend.

Power LogOn® Adds Card-Based, Multi- Factor Authentication to Microsoft Azure Logon, Plus Password Management for All Other Logons MICROSOFT AZURE ISV.

1© Copyright 2015 EMC Corporation. All rights reserved. FEDERATION ENTERPRISE HYBRID CLOUD OPERATION SERVICES FULL RANGE OF SERVICES TO ASSIST YOUR STAFF.

Zentera Guardia Fabric ™ Securely Connects Client-Server Apps between Microsoft Azure, Enterprise Datacenters & Other Public Clouds MICROSOFT AZURE ISV.

DenyAll Delivering Next-Generation Application Security to the Microsoft Azure Platform to Secure Cloud-Based and Hybrid Application Deployments MICROSOFT.

CYBER SECURITY & ITS IMPACT ON FINANCIAL STATEMENTS AUDITS BOB WAGNER TUESDAY, NOVEMBER FLORIDA SCHOOL FINANCE OFFICERS ASSOCIATION CONFERENCE.

WHAT WE OFFER Go-To-Market Services MICROSOFT AZURE APP BUILDER PROFILE: MxHero MxHero, launched in 2012 in New York, is a cloud-based application that.

Built on the Powerful Microsoft Azure Platform, Forensic Advantage Helps Public Safety and National Security Agencies Collect, Analyze, Report, and Distribute.

Powered by the Microsoft Azure Platform, Truck Tin Helps Your Sales Consultants Improve Efficiency, Information Sharing, Client Relations MICROSOFT AZURE.

Information Security January What is Information Security?  Information Security is about the physical security of our equipment and networks as.

Microsoft Azure and ServiceNow: Extending IT Best Practices to the Microsoft Cloud to Give Enterprises Total Control of Their Infrastructure MICROSOFT.

Your Cyber Security: The scope of your risk is broad and growing To understand the nature of the risk landscape look at the presentations here today-begin.

WHAT WE OFFER Go-To-Market Services Microsoft Azure Brings to Life Citizen Assistance, the Tech Solution That Improves Communication Between the People.

© DataCard Corporation. All rights reserved. TRENDS IN eGOVERNMENT Drivers, applications and technologies.

EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.

Recommissioning cancer services for a credit-crunched, energy-crunched, climate-crunched world Dr Angela E Raffle, Consultant in Public Health NHS Bristol.

Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.

Task Performance Group Provides Cutting-Edge E-Commerce B2B EDI Integration Using MegaXML SaaS Solution on Microsoft Azure Cloud Platform MICROSOFT AZURE.

Broadband Challenges 2017 Christopher Tamarin

Information Security Program

3 Do you monitor for unauthorized intrusion activity?

Ralleo Enterprise-Grade Solution for Managing Change and Business Transformation Provides Opportunities to Better Analyze Real-Time Data MICROSOFT AZURE.

Navigating Security Seas in a Small Ship with a Limited Crew

Datacastle RED Delivers a Proven, Enterprise-Class Endpoint Data Protection Solution that Is Scalable to Millions of Devices on the Microsoft Azure Platform.

Crypteron is a Developer-Friendly Data Breach Solution that Allows Organizations to Secure Applications on Microsoft Azure in Just Minutes MICROSOFT AZURE.

dotmailer: A Marketing Automation Platform with at its Core

Keeping your data, money & reputation safe

Protect data in core business applications

Presentation transcript:

Through the cyber looking glass The perspective from a US federal CISO turned private sector CISO Patricia Titus Chief Information Security Officer (CISO) Unisys Federal Systems

© 2008 Unisys Corporation. All rights reserved. Page 2 Abstract Security breeches, data extractions and data losses from within highly regulated public and private sector entity networks make the news nearly every day. Cyber crime revenue has now surpassed drug trafficking—and identity theft continues to rise at alarming rates. Add all of this to President Obama’s landmark announcement that cyber security a national priority, and all of the buzz about cyber security makes a lot of sense. From data globalization to web 2.0 technologies, the CISO’s job is more daunting than ever—both in the public and private sectors. The interconnections and interdependencies that have been accelerated by cloud computing, virtualization and the extended use of the World Wide Web have introduced cyber security risks that span the public and private spheres. Now, new cyber security regulation focused on compliance looms, threatening to impact everyone. Still, as these worlds converge, misconceptions run wild on both sides. Public sector CISO’s believe that the private sector is flush with security funding. The private sector CISO dreams of regulations and mandates that the public sector has. Delve into the cyber worlds lived by both in an in-depth discussion about the view through the “cyber looking glass.”

© 2008 Unisys Corporation. All rights reserved. Page 3 Impacting us all – are we serious about fixing it? The Morphing of the Mafia – slicing, spaming and phishing (Financial Sector) Data extractions and data losses – loss of the F35 war craft plans, private citizen data losses at VA (Federal Sector) Electrical grid attacks – worms effecting power systems (Energy Sector) Counterfeit equipment inserted into the supply chain (Manufacturing sector) Airline systems taken off line by a computer glitch crippling the air travel (Transportation sector) Hackers steal data pharmaceutical records of thousands of VA residents and encrypt it – holding it for ransom (Healthcare sector)

© 2008 Unisys Corporation. All rights reserved. Page 4 What’s stopping us???

© 2008 Unisys Corporation. All rights reserved. Page 5 CISO’s are we all the same When I was a Fed, I spoke like a Fed, I understood like a Fed, I thought like a Fed. But when I left Federal service I couldn’t put away those Federal ways…… (freely adopted from I Cor xiii) TSA CISOUnisys CISO Then and now! Taking it to the private sector is not an easy task!!

© 2008 Unisys Corporation. All rights reserved. Page 6 Where’s our leadership taking us! “Protecting this infrastructure will be a national security priority. We will ensure that these networks are secure, trustworthy and resilient.” ~Obama May 29, 2009

© 2008 Unisys Corporation. All rights reserved. Page 7 Where’s the Global leadership taking us! UK Gets its own Cyber Czar! “Just as in the nineteenth century we had to secure the seas for our national safety and prosperity, and in the twentieth century we had to secure the air, in the twenty first century we also have to secure our position in cyber space in order to give people and businesses the confidence they need to operate safely there. That is why today I am announcing - alongside our updated National Security Strategy - the UK’s first strategy for cyber security”.

© 2008 Unisys Corporation. All rights reserved. Page 8 Compliance issues – a view point "[FISMA] is a real paper drill that means nothing when it comes to information security," ~Bruce Brody, former Federal CISO

© 2008 Unisys Corporation. All rights reserved. Page 9 Another view point! “FISMA is a framework that gives you flexibility based on your risk profile and based on a full risk management program. Part of the reason people look at it as a paper drill is because they’re focusing on the wrong parts of it. They are focusing on counting how many systems are certified an accredited and how they get graded.” ~ Titus, former Federal CISO

© 2008 Unisys Corporation. All rights reserved. Page 10 Compliance paperwork verses remediation A balancing act between stockholders and regulators “I told you that complaint didn’t mean secure.” CISO ….call HR and get rid of her. If we’re compliant how did that data breach happen?

© 2008 Unisys Corporation. All rights reserved. Page 11 Social networking and the fear –It’s like legalizing marijuana –Enables communications –Comments unfiltered –Corporate guidance and training Cloud computing –Losing control but gaining efficiency –Requiring your own transparency –Trust but verify Social networking and Cloud

© 2008 Unisys Corporation. All rights reserved. Page 12 Blocking and tackling It’s the same old issue that still not being addressed.

© 2008 Unisys Corporation. All rights reserved. Page 13 Being successful Watching your language -- “Did you understand a word she said?” the CFO. Trying to think like the CEO -- “We haven’t been hacked yet so let’s hold off until next quarter. We need that money for our marketing campaign.” the CEO. Communication is the key -- “Can you believe it. She says we can’t install that wireless router without following security policy. Who in the heck knew there was a policy to follow.” the IT Operations Manager.

© 2008 Unisys Corporation. All rights reserved. Page 14 Questions 1.What joint goals are there in public and private sector that can be reached? 2.How do we get past the compliance is a paper work drill and get to leveraging compliance to drive security? 3.In a world of data on demand what capabilities can be implemented to lower data loss, breaches and vulnerabilities?