Presentation is loading. Please wait.

Presentation is loading. Please wait.

Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.

Published byAnne Ford Modified over 8 years ago

Similar presentations

Presentation on theme: "Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010."— Presentation transcript:

1 Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010

2 Subgroups / Sub Topics WirelessIP ServicesNetworkPeopleLegacy Services Mobile Devices WIFI Cellular Emerging Devices Microwave / Satellite High Speed Broadband Internet VoIP Content on Demand IPv6 Cloud Services Access Control Availability Confidentiality Integrity Security Mgmt Security Audit & Alarm Security Policy & Standard Awareness SPAM Social Engineering Data Loss / Data Leakage Phishing SS7 Media Gateways Communication Assisted Law Enforcement (CALEA) Signal Control Points (SCP) Gateway to Gateway Protocol, interoperability, and security issues Scanning & Flooding Identity Mgmt Identity Management Human Entities and associated information attributes (e.g. roles, privileges, credentials), Non Human Entities (e.g. Physical Objects such as devices, network equipment, and Virtual Objects such as data and video content), Protection of Personal Identifiable Information Encryption Service Providers – Layered VPN and Encryption Strategies, Active Management Approach, Frequent Key Rotation, Use of Authentication Process as a Delivery Mechanism for Pushing Updates and Patches to Correct Encryption Breaches Consumer – Force the Use of Strong Passwords, Device Specified ID as a partial Key in the password and authentication process, Automating the Process of Encryption Patches Vulnerability Mgmt Alerting, Asset Inventory, Mitigation, Patch Mgmt, Risk & Vulnerability Assessment Incident Response Identifying & Categorizing Assets & Threats, Developing an Incident Plan, Reporting, Determining source, Responding, Recovering, Incident Governance

3 Current Events/Status  Overall Working Group 2A meets monthly  Sub-groups meeting weekly or bi-weekly  Sub-Topics within sub-groups assigned to members  5 of 9 Sub-group have provided a rough draft of the “best practices”  Review of rough draft underway  Final draft for sub-group best practices due November 12

4 Action Items Closed items:  Difficulties initially with participation. Adjustments made to sub-team memberships.  Until August, Encryption sub-group lacked members. Leadership was established and members added. The sub-group is several months behind the other sub-groups but will make the fall dates. Open items:  Co-chair position was vacated and will need to be filled

5 Next Steps  Remaining 4 subgroup to provide rough draft of “best practices”  Review of each subgroup’s best practice draft and provide feedback  Firm rough drafts and tie up outstanding research by November 12  Begin drafting overview and summary documents targeting completion by January 15, with deliverable to Steering Committee on January 31  Final Report to CSRIC Members will be February 10, 2011

Download ppt "Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010."

Similar presentations

The Need For Trust in Communications Networks Carlos Solari Bell Labs, Security Solutions May 2007.

The Need For Trust in Communications Networks Carlos Solari Bell Labs, Security Solutions May 2007.
Homeland Security at the FCC July 10, 2003. FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.

Homeland Security at the FCC July 10, FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.
David Cronkright Chuck Dudinetz Paul Jones Corporate Auditing The Dow Chemical Company February 16, 2012 Auditing Protection of Intellectual Property.

David Cronkright Chuck Dudinetz Paul Jones Corporate Auditing The Dow Chemical Company February 16, 2012 Auditing Protection of Intellectual Property.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
Working Group 2: Next Generation Alerting December 16, 2011 Co-Chairs: Damon Penn, Asst. Administrator, Nat’l Continuity Programs, DHS-FEMA Scott Tollefsen,

Working Group 2: Next Generation Alerting December 16, 2011 Co-Chairs: Damon Penn, Asst. Administrator, Nat’l Continuity Programs, DHS-FEMA Scott Tollefsen,
Security Controls – What Works

Security Controls – What Works
Working Group 2: Next Generation Alerting September 23, 2011 Co-Chairs: Damon Penn, Asst. Administrator, National Continuity Programs, DHS-FEMA Scott Tollefsen,

Working Group 2: Next Generation Alerting September 23, 2011 Co-Chairs: Damon Penn, Asst. Administrator, National Continuity Programs, DHS-FEMA Scott Tollefsen,
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
1 NETWORK PLANNING TASK FORCE FY’07 “ Setting the Rates” 11/20/06.

1 NETWORK PLANNING TASK FORCE FY’07 “ Setting the Rates” 11/20/06.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Enterprise Risk ManagementSeptember 2010Miami, FL © 2010 Enterprise Risk Management Information Security- Facing the Risks in Electronic Channels and Social.

Enterprise Risk ManagementSeptember 2010Miami, FL © 2010 Enterprise Risk Management Information Security- Facing the Risks in Electronic Channels and Social.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Social Media Jeevan Kaur, Michael Mai, Jing Jiang.

Social Media Jeevan Kaur, Michael Mai, Jing Jiang.
VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.

VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Similar presentations

Ads by Google