Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Slides:



Advertisements
Similar presentations
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Advertisements

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
State of NASA Cyber Security Valarie Burks August, 2011.
Through the cyber looking glass The perspective from a US federal CISO turned private sector CISO Patricia Titus Chief Information Security Officer (CISO)
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
1 Telstra in Confidence Managing Security for our Mobile Technology.
Security Controls – What Works
Information Security Policies and Standards
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Lecture 11 Reliability and Security in IT infrastructure.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Dr. Ron Ross Computer Security Division
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Lessons Learned in Smart Grid Cyber Security
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
HIPAA COMPLIANCE WITH DELL
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Information Security Standards Promoting Trust, Transparency, and Due Diligence E-Gov Washington Workshop.
1 NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY Federal Government Perspectives on Secure Information Sharing Technology Leadership Series August 14,
Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.
C8- Securing Information Systems
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Chapter 8 Technology and Auditing Systems: Hardware and Software Defenses.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Integrated Enterprise-wide Risk Management Protecting Critical Information Assets and Records FIRM Forum.
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Managing Risk in New Computing Paradigms Applying FISMA Standards and Guidelines to Cloud Computing Workshop.
1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.
Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.
CyberDefenses Information Assurance In God we trust, in all else, CyberDefenses, Inc.
Scott Charney Cybercrime and Risk Management PwC.
Enterprise Cybersecurity Strategy
Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.
CategorizeSelectImplementAssessAuthorizeMonitor.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.
Information Security Framework Regulatory Compliance and Reporting Auditing and Validation Metrics Definition and Collection Reporting (management, regulatory,
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
The Art of Information Security: A Strategy Brief Uday Ali Pabrai, CISSP, CHSS.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
The NIST Special Publications for Security Management By: Waylon Coulter.
Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
Risk Assessments in Many Flavors George J. Dolicker, CISA, CISSP.
Advanced Planning Brief to Industry Jerry L. Davis DAS, Office of Information Security June 9, 2011.
Securing Information Systems
Cloud Security for eHealth – Study Validation
Information Security Program
Risk management.
Information Technology Sector
U.S. COAST GUARD CYBERSECURITY POLICY and CYBERSECURITY PLANNING
Introduction to the Federal Defense Acquisition Regulation
Securing Information Systems
Securing Your Digital Transformation
Chapter 9 E-Commerce Security and Fraud Protection
How to Mitigate the Consequences What are the Countermeasures?
IT Management Services Infrastructure Services
Presentation transcript:

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation

© 2008 Unisys Corporation. All rights reserved. Page 2 Discussion topics Global sector threats The global response Protection plan The future

© 2008 Unisys Corporation. All rights reserved. Page 3 Global Cyber Threats Impact Every Sector Electrical grid attacks – Brazil power sector attacks, 2003 US outage (Energy sector) The Morphing of the Mafia – slicing, spaming and phishing -Zeus (Financial Sector) Data extractions and data losses – loss of sensitive DoD data from Centcom and Estonia (Government Sector) Counterfeit equipment inserted into the supply chain (Manufacturing sector) Airline systems taken off line by a computer glitch crippling the air travel (Transportation sector) Hackers steal data pharmaceutical records of thousands of VA residents and encrypt it – holding it for ransom (Healthcare sector) Google hacked by the Chinese (Technology sector)

© 2008 Unisys Corporation. All rights reserved. Page 4 Keeping Pace The Public Sector needs better ways to protect assets and citizens Global criminal activity has increased the need for sophisticated tools to protect financial assets and avoid service interruptions Enterprises want cost effective solutions such as cloud and virtualization without giving up privacy and security Leaders must ensure continuity of operations for key infrastructure services and customer service, avoid negative economic impact The private sector needs to take a leadership role in securing their own infrastructure as well as their clients. We can’t wait for legislation and regulation. We need to act now.

© 2008 Unisys Corporation. All rights reserved. Page 5 US Leadership Direction “Protecting this infrastructure will be a national security priority. We will ensure that these networks are secure, trustworthy and resilient.” ~Obama May 29, 2009 May 27, 2010 – White House releases a new National Security Strategy

© 2008 Unisys Corporation. All rights reserved. Page 6 © 2009 Unisys Corporation. All rights reserved. Page 6 Our Cyber Dependency Today both public and private sector rely on information systems to perform their missions and business function Enterprise systems must be protected from cyber threats to ensure they are available Significant cyber attacks have overwhelmed security professionals – Attacks are aggressive and targeted; many are extremely sophisticated – Our adversaries are nation states, terrorist groups, hackers, and those with intentions of compromising critical systems – Malicious software deployments making it nearly impossible to protect critical systems and information

© 2008 Unisys Corporation. All rights reserved. Page 7 Protection begins with planning Strong governance models and organizational structure critical to success Assessing your current risk posture based on proven frameworks Build a strategic plan integrated into the overall corporate model Security is a business enabler and must not appear to be stand alone Policies are critical however worthless without enforcement tools Auditing, assessments and continuous monitoring

© 2008 Unisys Corporation. All rights reserved. Page 8 © 2009 Unisys Corporation. All rights reserved. Page 8 Determine Your Risk Profile Identify your assets Determine the assurance level Assess based on the risk level Identify your vulnerabilities Begin the remediation process When connecting system or sharing data ensure you know the security vulnerabilities before you connect The Objective: achieve visibility into your system security level, develop a plan to remediate and execute on those plans

© 2008 Unisys Corporation. All rights reserved. Page 9 © 2009 Unisys Corporation. All rights reserved. Page 9 Links in the security chain Management, Operational, and Technical Controls Risk assessment Security planning, policies, procedures Configuration management and control Contingency planning Incident response planning Security awareness and training Security in acquisitions Physical security Personnel security Security assessments Certification and accreditation Access control mechanisms Identification & authentication mechanisms (Biometrics, tokens, passwords) Audit mechanisms Encryption mechanisms Boundary and network protection devices (Firewalls, guards, routers, gateways) Intrusion protection/ detection systems Security configuration settings Anti-viral, anti-spyware, anti-spam software Smart cards Adversaries attack the weakest link…where is yours? – NIST

© 2008 Unisys Corporation. All rights reserved. Page 10 Where are we heading Advanced persistent threats and vulnerability sophistication Cyber crime will increase Continued disruption in the supply chain Attacks on critical infrastructure Cyber defense options – who pushes the button first

© 2008 Unisys Corporation. All rights reserved. Page 11 Contact Patricia Titus, CISO desk cell

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.