Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.

Published byAmberly Lynch Modified over 8 years ago

Similar presentations

Presentation on theme: "Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation."— Presentation transcript:

1 Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation

2 IT/Telecom Energy Transportation Banking/Finance Govt Services Cybersecurity Critical Infrastructures Critical Information Infrastructure Cross-cutting ICT interdependencies among all sectors Non-essential IT systems Enterprises Consumers Those practices and procedures that enable the secure use and operation of cyber tools and technologies

3 Policy Concerns Policy Responses War Terrorism Convergence Cyber Attacks Globalization Natural Disasters Laws and Regulations Emergency Response Plans Directives/Policies National Strategies

4 1. 1. Define Goals and Roles 2. 2. Identify and Prioritize Critical Functions 3. 3. Continuously Assess and Manage Risks 4. 4. Build Operational Response Frameworks 5. 5. Create Public-Private Partnerships 6. 6. Build Security/Resiliency into Operations 1. 1. Define Goals and Roles 2. 2. Identify and Prioritize Critical Functions 3. 3. Continuously Assess and Manage Risks 4. 4. Build Operational Response Frameworks 5. 5. Create Public-Private Partnerships 6. 6. Build Security/Resiliency into Operations Government and infrastructure owners/operators: Collaboratively pursue these core enablers of resiliency and infrastructure security Government and infrastructure owners/operators: Collaboratively pursue these core enablers of resiliency and infrastructure security

5

6 Incidences, emerging issues, & changing conditions : constantly update risk assessment

7 Establish an Open Dialog Understand the critical functions, infrastructure elements, and key resources necessary for: delivering essential services, maintaining the orderly operations of the economy, and helping to ensure public safety. Critical Function Key Resource Infrastructure Element Critical Function Key Resource Infrastructure Element Supply Chain Understand Interdependencies

8 Protection is the Continuous Application of Risk Management Assess Risks Identify Controls and Mitigations Implement Controls Measure Effectiveness Define Functional Requirements Evaluate Proposed Controls Estimate Risk Reduction/Cost Benefit Select Mitigation Strategy Define Functional Requirements Evaluate Proposed Controls Estimate Risk Reduction/Cost Benefit Select Mitigation Strategy Seek Holistic Approach. Organize by Control Effectiveness Implement Defense-in-Depth Seek Holistic Approach. Organize by Control Effectiveness Implement Defense-in-Depth Evaluate Program Effectiveness Leverage Findings to Improve Risk Management Evaluate Program Effectiveness Leverage Findings to Improve Risk Management Identify Key Functions Assess Risks Evaluate Consequences Identify Key Functions Assess Risks Evaluate Consequences Incidences, emerging issues, & changing conditions : constantly update risk assessment

9 Goal: Improve Operational Coordination Public- and private-sector organizations alike can benefit from developing joint plans for managing emergencies, including recovering critical functions in the event of significant incidents Unified Concept of Operations for Public and Private Sector CERTs Emergency response plans can mitigate damage and promote resiliency. Effective emergency response plans are generally short and highly actionable so they can be readily tested, evaluated, and implemented. Testing and exercising emergency response plans promotes trust, understanding, and greater operational coordination among public- and private- sector organizations. Exercises also provide an important opportunity to identify new risk factors that can be addressed in response plans or controlled through regular risk management functions.

10 Voluntary public-private partnerships  Promote trusted relationships needed for information sharing and collaborating on difficult problems  Leverage the unique skills of government and private sector organizations  Provide the flexibility needed to collaboratively address today’s dynamic threat environment  Provide a Value Proposition to the private sector Collaboration is key to protecting critical infrastructure

11 Security is a continuous process InfrastructureOperations Management Technical Operational SecurityControls Critical Functions (Global, National, Local) Fosters increased security and resiliency for the critical functions that support safety, security, and commerce at all levels Building security and resiliency into infrastructure operations

12

Download ppt "Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation."

Similar presentations

A strategy for a Secure Information Society –

A strategy for a Secure Information Society –
Shared Services Vision

Shared Services Vision
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.
National Infrastructure Protection Plan

National Infrastructure Protection Plan
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
David Kaufman Associate Administrator for Policy, Program Analysis, and International Affairs Toward More Resilient Futures: Putting Strategic Foresight.

David Kaufman Associate Administrator for Policy, Program Analysis, and International Affairs Toward More Resilient Futures: Putting Strategic Foresight.
SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.

SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.
Business Crisis and Continuity Management (BCCM) Class Session 3 3 - 1.

Business Crisis and Continuity Management (BCCM) Class Session
Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015.

Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015.
PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.

PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.
Community Planning & Capacity Building Recovery Support Function Presented By: Michelle Diamond Community Planning & Capacity Building Coordinator FEMA.

Community Planning & Capacity Building Recovery Support Function Presented By: Michelle Diamond Community Planning & Capacity Building Coordinator FEMA.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.

James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.
National Cybersecurity Management System

National Cybersecurity Management System
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Session 5Slide 5-1 Risk Management In the Private Sector Session 5 Slide Deck.

Session 5Slide 5-1 Risk Management In the Private Sector Session 5 Slide Deck.
National Disaster Recovery Framework. National Disaster Recovery Framework Reasons for establishing the Framework Past large-scale recovery efforts revealed.

National Disaster Recovery Framework. National Disaster Recovery Framework Reasons for establishing the Framework Past large-scale recovery efforts revealed.
Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.

Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.

Similar presentations

Ads by Google