Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.

Slides:

Advertisements

Similar presentations

A strategy for a Secure Information Society –

Advertisements

Shared Services Vision

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.

National Infrastructure Protection Plan

DHS, National Cyber Security Division Overview

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

David Kaufman Associate Administrator for Policy, Program Analysis, and International Affairs Toward More Resilient Futures: Putting Strategic Foresight.

SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.

Business Crisis and Continuity Management (BCCM) Class Session

Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015.

PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.

Community Planning & Capacity Building Recovery Support Function Presented By: Michelle Diamond Community Planning & Capacity Building Coordinator FEMA.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.

National Cybersecurity Management System

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Session 5Slide 5-1 Risk Management In the Private Sector Session 5 Slide Deck.

National Disaster Recovery Framework. National Disaster Recovery Framework Reasons for establishing the Framework Past large-scale recovery efforts revealed.

Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.

Cybersecurity nexus (CSX)

The U. S. National Strategy for Global Supply Chain Security Neema Khatri Office of International Affairs U.S. Department of Homeland Security.

Jeju, 13 – 16 May 2013Standards for Shared ICT CYBERSECURITY-RELATED STANDARDS ACTIVITY IN THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION Eric Barnhart, Fellow.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

1 Robert S. Webb and Roger S. Pulwarty NOAA Climate Service.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

1 © 2003 Cisco Systems, Inc. All rights reserved. CIAG-HLS Security For Infrastructure Protection: Public-Private Partnerships KEN WATSON 15 OCT.

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

Association of Defense Communities June 23, 2015

Critical Infrastructure Protection Overview Building a safer, more secure, more resilient America The National Infrastructure Protection Plan, released.

Critical Infrastructure Protection: Program Overview

Australia Cybercrime Capacity Building Conference April 2010 Brunei Darussalam Ms Marcella Hawkes Director, Cyber Security Policy Australian Government.

A National approach to Cyber security/CIIP: Raising awareness.

2 ictQATAR “ Information and Communication Technology (ICT) improves how we live and work in countless ways.”  The Ministry of Information Communication.

Business Continuity Program Orientation (insert presentation date) (This presentation is a template that requires adjustments to meet your needs)

Randy Beavers CS 585 – Computer Security February 19, 2009.

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 1 The content is based on New OECD Guidelines.

Exercise 3 What is Necessary to build a Framework NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and.

SA AIDS Conference Pre Conference session 06 June 2011 Strategic Partnerships through Social Dialogue in implementing HIV and AIDS Policies and Programmes:

Page 1 Strategic Foresight Initiative Summary Briefing Emergency Management Higher Education Conference June 6, :30 – 11:30 am.

International Recovery Forum 2014 ~ The Role of Private Sector in Disaster Recovery ~ 21 January 2014 Kobe, Japan Dr Janet L. Asherson THE LINK BETWEEN.

Title: U.S. National Strategy to Secure the Flow of Commerce in the Global Supply Chain Presenter’s Name: Sean K. Moon Economy: United States of America.

1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.

Business Crisis and Continuity Management (BCCM) Class Session

CYBER SECURITY in UKRAINE NATO LIAISON OFFICE, KYIV

OAS Secretariat for Multidimensional Security CICTE Secretariat Disasters and Critical Infrastructure Protection.

Business Continuity Disaster Planning

Homeland Security, First Edition © 2012 Pearson Education, Inc. All rights reserved. Overview of National Infrastructure Protection CHAPTER 3.

U N I T E D S T A T E S D E P A R T M E N T O F C O M M E R C E N A T I O N A L O C E A N I C A N D A T M O S P H E R I C A D M I N I S T R A T I O N.

Protection of Transportation Infrastructure from Cyber Attacks EXECUTIVE BRIEFING.

EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.

Financial Services Sector Coordinating Council (FSSCC) 2011 KEY FSSCC INITIATIVES 2011 Key FSSCC Initiatives Project Name: Project Description: All-Hazards.

UNCLASSIFIED Homeland Security 2016 TRB Annual Meeting Cyber Risk Management CAPT Verne Gifford (CG-5PC) 1.

ANSI – ESOs meeting Washington February 2017

Community Health Centers of Arkansas Hazard Vulnerability Assessment Workshop August 11, 2017 Mark Fuller.

5 OCTOBER 2015 MANILA, PHILIPPINES

Information Technology Sector

United States Coast Guard Office of Port and Facility Compliance (CG-FAC) Cybersecurity and the Marine Transportation System.

8 Building Blocks of National Cyber Strategies

National Cyber Strategy Preparedness: 8 Preparatory Questions

2017 Health care Preparedness and Response Draft Capabilities

6th ITU Green Standards Week 5-9 September 2016, Montevideo, Uruguay

AVI AFRIQUE October 2018 Tshepo Peege

Presentation to the INTOSAI Working Group on IT Audit Systems assurance and data analytics for continued audit quality and improved efficiency of audits.

Continuity Guidance Circular Webinar

The U.S. Department of Homeland Security

Cybersecurity ATD technical

Emergency Management and Utilities

MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further

Presentation transcript:

Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation

IT/Telecom Energy Transportation Banking/Finance Govt Services Cybersecurity Critical Infrastructures Critical Information Infrastructure Cross-cutting ICT interdependencies among all sectors Non-essential IT systems Enterprises Consumers Those practices and procedures that enable the secure use and operation of cyber tools and technologies

Policy Concerns Policy Responses War Terrorism Convergence Cyber Attacks Globalization Natural Disasters Laws and Regulations Emergency Response Plans Directives/Policies National Strategies

1. 1. Define Goals and Roles Identify and Prioritize Critical Functions Continuously Assess and Manage Risks Build Operational Response Frameworks Create Public-Private Partnerships Build Security/Resiliency into Operations Define Goals and Roles Identify and Prioritize Critical Functions Continuously Assess and Manage Risks Build Operational Response Frameworks Create Public-Private Partnerships Build Security/Resiliency into Operations Government and infrastructure owners/operators: Collaboratively pursue these core enablers of resiliency and infrastructure security Government and infrastructure owners/operators: Collaboratively pursue these core enablers of resiliency and infrastructure security

Incidences, emerging issues, & changing conditions : constantly update risk assessment

Establish an Open Dialog Understand the critical functions, infrastructure elements, and key resources necessary for: delivering essential services, maintaining the orderly operations of the economy, and helping to ensure public safety. Critical Function Key Resource Infrastructure Element Critical Function Key Resource Infrastructure Element Supply Chain Understand Interdependencies

Protection is the Continuous Application of Risk Management Assess Risks Identify Controls and Mitigations Implement Controls Measure Effectiveness Define Functional Requirements Evaluate Proposed Controls Estimate Risk Reduction/Cost Benefit Select Mitigation Strategy Define Functional Requirements Evaluate Proposed Controls Estimate Risk Reduction/Cost Benefit Select Mitigation Strategy Seek Holistic Approach. Organize by Control Effectiveness Implement Defense-in-Depth Seek Holistic Approach. Organize by Control Effectiveness Implement Defense-in-Depth Evaluate Program Effectiveness Leverage Findings to Improve Risk Management Evaluate Program Effectiveness Leverage Findings to Improve Risk Management Identify Key Functions Assess Risks Evaluate Consequences Identify Key Functions Assess Risks Evaluate Consequences Incidences, emerging issues, & changing conditions : constantly update risk assessment

Goal: Improve Operational Coordination Public- and private-sector organizations alike can benefit from developing joint plans for managing emergencies, including recovering critical functions in the event of significant incidents Unified Concept of Operations for Public and Private Sector CERTs Emergency response plans can mitigate damage and promote resiliency. Effective emergency response plans are generally short and highly actionable so they can be readily tested, evaluated, and implemented. Testing and exercising emergency response plans promotes trust, understanding, and greater operational coordination among public- and private- sector organizations. Exercises also provide an important opportunity to identify new risk factors that can be addressed in response plans or controlled through regular risk management functions.

Voluntary public-private partnerships  Promote trusted relationships needed for information sharing and collaborating on difficult problems  Leverage the unique skills of government and private sector organizations  Provide the flexibility needed to collaboratively address today’s dynamic threat environment  Provide a Value Proposition to the private sector Collaboration is key to protecting critical infrastructure

Security is a continuous process InfrastructureOperations Management Technical Operational SecurityControls Critical Functions (Global, National, Local) Fosters increased security and resiliency for the critical functions that support safety, security, and commerce at all levels Building security and resiliency into infrastructure operations