Information Security Group DSD & E-Security DSD and E-Security Tim Burmeister Information Security Policy Defence Signals Directorate

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

Module 1 Evaluation Overview © Crown Copyright (2000)
Homeland Security at the FCC July 10, FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.
UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Effective Design of Trusted Information Systems Luděk Novák,
1 Continuity Planning for transportation agencies.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
1 Telstra in Confidence Managing Security for our Mobile Technology.
Security Controls – What Works
COEN 351: E-Commerce Security Public Key Infrastructure Assessment and Accreditation.
Bruce Schneier Lanette Dowell November 25, Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.
(Geneva, Switzerland, September 2014)
Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.
National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm.
Australia’s Experience in Utilising Performance Information in Budget and Management Processes Mathew Fox Assistant Secretary, Budget Coordination Branch.
UNCLASSIFIED Strategies for leading crisis command across organisations for greater interoperability Superintendant Michael Chew AFP ACTP – Counter Terrorism.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
SEC835 Database and Web application security Information Security Architecture.
Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
1 Anthony Apted/ James Arnold 26 September 2007 Has the Common Criteria Delivered?
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Network Security Resources from the Department of Homeland Security National Cyber Security Division.
Joseph Ferracin Director IT Security Solutions Managing Security.
PREVENTION & RESPONSE “ARE YOU PREPARED” Security & Emergency Management Conference 1 June 2006 FA Frank Prendergast National Manager Counter Terrorism.
Assessment Presentation Philip Robbins - July 14, 2012 University of Phoenix Hawaii Campus Fundamentals of Information Systems Security.
Association of Defense Communities June 23, 2015
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Australia Cybercrime Capacity Building Conference April 2010 Brunei Darussalam Ms Marcella Hawkes Director, Cyber Security Policy Australian Government.
NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and Resiliency Policy Framework” Scenario for Discussion.
Doc.: IEEE 802 ec-12/0006r0 Submission Liaison presentation to SC6 regarding Internet Security Date: 2012-February-13 Authors: IEEE 802 LiaisonSlide 1.
Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.
Communications-Electronics Security Group. Excellence in Infosec.
Confidence Building Measures Anatoly A.Streltsov D.Tech., D.J., prof. deputy director of the IPII MSU named by M.V.Lomonosov.
1 Governance, accountability and performance reporting in the public sector Des Pearson Executive in Residence August 2013.
Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.
Recent Cyber Attacks and Countermeasures September 2006.
Cyber Terrorism Shawn Carpenter Computer Security Analyst
BILL MASSEY- HURRICANE PROGRAM MANAGER FEMA REGION IV National Hurricane Center Hurricane Liaison Team Federal Emergency Management Agency National Hurricane.
Seeking a National Standard for Security: Developing a Systematic Crosswalk of the Final HIPAA Security Rule, the NIST SP , NIST SP Security.
1 State Homeland Security: Priorities and Funding R. Chris McIlroy Homeland Security and Technology Division National Governors Association.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
Fighting eCrime Agencies and other involved parties Investigative and procedural powers affecting computers.
DEFENCE POLICY AND PLANNING DIVISION
SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:
Develop your Legal Practice using “Cloud” applications, but … Make sure your data is safe! Tuesday 17 November 2015 The Law Society, London Allan Carton,
Tom Lenart & John Field CT DEMHS Region 2.  Department of Emergency Services and Public Protection (DESPP)  Commission on Fire Prevention and Control.
Regional Telecommunications Workshop on FMRANS 2015 Presentation.
Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.
eGovernment Forum Electronic Procurement - the Commonwealth Perspective Mary Gorman Government Interoperability Facilitation Team 19 March 2003.
BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.
Information Security Crisis Management Daryl Goodwin.
Oregon DMV Fraud Prevention Program Tom McClellan, DMV Administrator.
Presentation title QCEC Student Protection In-Service Day.
SEC 440 OUTLET The learning interface/sec440outletdotcom.
March 23, 2015 Missouri Public Service Commission | Jefferson City, MO.
Law Firm Data Security: What In-house Counsel Need to Know
Information Technology Sector
California Cybersecurity Integration Center (Cal-CSIC)
Cyber Attacks on Businesses 43% of cyber attacks target small business Only 14% of small business rate their ability to mitigate cyber risk highly.
Presentation transcript:

Information Security Group DSD & E-Security DSD and E-Security Tim Burmeister Information Security Policy Defence Signals Directorate

Information Security Group DSD & E-Security E-security in Government Today Risk Management Greater prevalence of mixed environments Service delivery vs. secure operating environments

Information Security Group DSD & E-Security The Future …

Information Security Group DSD & E-Security The Information Security Business DSD has been doing it for over 50 years But we no longer have a monopoly Government used to provide its own solutions Now everyone seems to be in on the act

Information Security Group DSD & E-Security Costs Melissa: $80 million damage I Love You: $10 billion damage Software piracy: $ 7.5 billion

Information Security Group DSD & E-Security Diverse Sources of ‘Attack’ Chernobyl: June 1998, Taiwan Melissa: March 1999, US I love You: May 2000, The Philippines Kournikova: Feb 2001, The Netherlands

Information Security Group DSD & E-Security Infrastructure Attacks Services, Florida regional airport disruption, US threat to power supplies, Belgium

Information Security Group DSD & E-Security An alleged computer hacker caused raw sewage to overflow on Queensland's Sunshine Coast by using radio transmissions to alter council sewage pump stations, police said today. The charges include stealing, computer hacking and using radio communications equipment without authority. Police will allege the man caused the overflows of sewage into Maroochy Shire waterways late last year and early this year using radio transmissions to alter council sewage pump stations. (Australian Associated Press, 23/5/2000) Computer Hacker Caused Sewage Overflows, Police Say

Information Security Group DSD & E-Security More Coordinated Attacks The so-called Israeli/Palestinian Cyberwar

Information Security Group DSD & E-Security Infrastructure Attacks But what don’t we know about?

Information Security Group DSD & E-Security ‘We’re in Trouble…’ Sources: attrition, alldas

Information Security Group DSD & E-Security ‘Or maybe not…’ Sources: attrition, alldas

Information Security Group DSD & E-Security DSD’s Functions From the 1986 government directive: — Provide material, advice and assistance to Commonwealth Government Departments and authorities and the Defence Force on matters relevant to the security and integrity of official information, and or loss or compromise of which could adversely affect National Security; and — Provide advice on request to Commonwealth Government Departments and authorities in relation to other sensitive official information unrelated to National Security.

Information Security Group DSD & E-Security Functions of DSD 7…7… (c)to provide material, advice and other assistance to Commonwealth and State authorities on matters relating to the security and integrity of information that is processed, stored or communicated by electronic or similar means; and (d)to provide assistance to Commonwealth and State authorities in relation to cryptography and communications technologies. Intelligence Services Bill, 2001

Information Security Group DSD & E-Security DSD and E-Security The Australasian Information Security Evaluation Program (AISEP) Advice and Assistance Computer Network Vulnerability Team Protection of the National Information Infrastructure

Information Security Group DSD & E-Security AISEP Evaluation Evaluation is the thorough examination of a product’s security claims using a defined criteria. Australia uses two evaluation criteria — Common Criteria — ITSEC Common Criteria is the more recent evaluation criteria — Broad scope of mutual recognition internationally

Information Security Group DSD & E-Security Concept of Assurance Assurance is: — The degree of confidence in the claimed security features of a product or system. — Defined by a Security Target.

Information Security Group DSD & E-Security The EPL DSD lists products that have completed evaluation on the EPL (certified) — Certification Reports available — Use in conjunction with the published Security Target Products that are ‘In-Evaluation’ are also listed on the EPL — Buyer beware — Can not provide the same level of assurance

Information Security Group DSD & E-Security And this is good because … there are products available which are known to perform appropriately not just for government use — use in the private sector can help to promote a more secure IT environment

Information Security Group DSD & E-Security Advice and Assistance establishing IT security policy guidance on setting up IT networks providing assistance to departments in securing their IT systems performing internet gateway certifications for government whole of Government infrastructure — Gatekeeper (a public key infrastructure) — Fedlink (secure network connecting all departments)

Information Security Group DSD & E-Security Computer Network Vulnerability Team keep abreast of known vulnerabilities in software and equipment research, test software and equipment for potential new problems perform security audits on client's systems and networks incident response capability

Information Security Group DSD & E-Security National Information Infrastructure two broad roles — intelligence (threat and vulnerability assessments, other products) — incident response, together with ASIO and the AFP incident reporting scheme for commonwealth government agencies — ISIDRAS currently — Onsecure Website, in concert with NOIE

Information Security Group DSD & E-Security Conclusion Known threats and unknown threats DSD helps government prepare itself for both

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.