Presentation is loading. Please wait.

Presentation is loading. Please wait.

Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security.

Published byCory Brown Modified over 9 years ago

Similar presentations

Presentation on theme: "Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security."— Presentation transcript:

1 Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security

2 The Self-Assessment purpose  Snapshot of where the nation is Educate participants  Identify strengths and weaknesses  Identify gaps  Allocate responsibilities  Establish priorities  Provide input to a national cyber security strategy 10/19/10

3 The self-assessment audience  All participants – the ultimate target But to ensure national action, the self-assessment must be addressed to key decision makers in  Government (executive and legislative)  Business and industry  Other organizations and institutions  Individuals and the general public 10/19/10

4 key elements 10/18/104 Legal Framework Culture of Cybersecurity Incident Management Collaboration and Information Exchange Key Elements of a National Cybersecurity Strategy

5 The Self-Assessment key elements D. Culture of Security:  Develop security awareness programs for and outreach to all participants, for example, children, small business, etc.  Enhance science and technology (S&T) and research and development (R&D)  Other initiatives 10/19/10

6 Yael Weinman Counsel for International Consumer Protection Office of International Affairs U.S. Federal Trade Commission September 2010 A Cultural Shift: Cybersecurity Gets Personal

7 Federal Trade Commission  General jurisdiction consumer protection agency  Enforcement through federal district court and administrative litigation  Small agency  www.ftc.gov

8 Federal Trade Commission Three-prong approach:  Individual Culture  Organizational Culture  FTC Enforcement Components of Cybersecurity  Privacy and Data Security  Spam  Spyware  Identity Theft How the FTC Can Help  Consumer and Business Education  Research and Consultation  International cooperation

9 Personal Culture Privacy and Data Security It is every individual’s responsibility You don’t need computer expertise or to be a member of IT to ensure data privacy and security

10 Organizational Culture Privacy and Data Security Build in privacy and data security from the ground up Privacy Impact Assessments Routine use of data security hardware and software

11 Enforcement Privacy and Data Security

12 Personal Culture Spam and Phishing Don’t open unknown emails Never open attachments unless you know the sender Type URLs into the address bar rather than clicking Don’t respond with account or personal information

13 Organizational Culture Spam and Phishing Let customers know how you will use their personal information—and stick to it Know the rules on sending unsolicited commercial email (UCE) Know how to communicate with your customers

14 Enforcement Spam and Phishing $2.5 Million court-ordered fine for weight loss spam $413,000 fine under a settlement with an X rated website

15 Personal Culture Spyware Don’t install software from an unknown source on your computer Be aware that games and other freeware can contain spyware Maintain virus protection software

16 Organizational Culture Spyware A consumer’s computer belongs to him or her, not software distributors Full disclosures must be clear and conspicuous A consumer must be able to uninstall or disable downloaded software

17 Enforcement Spyware Zango: $3 million disgorgement Seismic Entertainment ERG Ventures

18 Identity Theft

19

20 Identity Theft Task Force

21 Strategy – 4 key areas  keeping sensitive consumer data out of the hands of identity thieves through better data security and more accessible education;  making it more difficult for identity thieves who obtain consumer data to use it to steal identities;  assisting the victims of identity theft in recovering from the crime; and  deterring identity theft by more aggressive prosecution and punishment of those who commit the crime

22 Consumer and Business Education  Guidance to Business  Consumer Education  Communicating effectively

23 OnGuardOnline

24 En Español

25 Spam

26 Spyware

27 Identity Theft

28 1.Take stock. 2.Scale down. 3.Lock it. 4.Pitch it. 5.Plan ahead. "Protecting PERSONAL INFORMATION: A Guide for Business" Five Key Principles

29 Additional Resources National Institute of Standards and Technology (NIST) Computer Security Resource Center. www.csrc.nist.govwww.csrc.nist.gov NIST’s Risk Management Guide for Information Technology Systems. www.csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf www.csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf Department of Homeland Security’s National Strategy to Secure Cyberspace. www.dhs.gov/xlibrary/assets/National_Cyberspace_Strategy.pdf www.dhs.gov/xlibrary/assets/National_Cyberspace_Strategy.pdf SANS (SysAdmin, Audit, Network, Security) Institute’s Twenty Most Critical Internet Security Vulnerabilities. www.sans.org/top20www.sans.org/top20 United States Computer Emergency Readiness Team (US-CERT). www.us- cert.govwww.us- cert.gov Carnegie Mellon Software Engineering Institute’s CERT Coordination Center. http://www.cert.org/certcc.html http://www.cert.org/certcc.html Center for Internet Security (CIS). www.cisecurity.orgwww.cisecurity.org The Open Web Application Security Project. www.owasp.orgwww.owasp.org Institute for Security Technology Studies. www.ists.dartmouth.eduwww.ists.dartmouth.edu OnGuard Online. www.OnGuardOnline.govwww.OnGuardOnline.gov

30 Thank you Yael Weinman Counsel for International Consumer Protection Office of International Affairs U.S. Federal Trade Commissionyweinman@ftc.gov

31 Questions? Thank You Joseph Richardson 10/19/10

Download ppt "Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security."

Similar presentations

No Cop on the Beat: Underenforcement in E-Commerce and Cybercrime Peter P. Swire Ohio State University & Center for American Progress Fordham CLIP Information.

No Cop on the Beat: Underenforcement in E-Commerce and Cybercrime Peter P. Swire Ohio State University & Center for American Progress Fordham CLIP Information.
Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Transit Security: An Overview of Activities Since 9/11 Eva Lerner-Lam President Palisades Consulting Group, Inc. ITE 2003 Annual Meeting August 24-27,

Transit Security: An Overview of Activities Since 9/11 Eva Lerner-Lam President Palisades Consulting Group, Inc. ITE 2003 Annual Meeting August 24-27,
Protecting Personal Information Guidance for Business.

Protecting Personal Information Guidance for Business.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.

BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.
Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.

Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.
Cyber check Do you work safely and responsibly online? Do you know about the risks to your cyber security? What are your online responsibilities ? How.

Cyber check Do you work safely and responsibly online? Do you know about the risks to your cyber security? What are your online responsibilities ? How.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.

S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
IT Security Challenges In Higher Education Steve Schuster Cornell University.

IT Security Challenges In Higher Education Steve Schuster Cornell University.
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS

Similar presentations

Ads by Google