Presentation is loading. Please wait.

Presentation is loading. Please wait.

AGENDA NCSIP Mandate IT Security Threats Specific Action Items Additional Initiatives.

Published byCatherine Cobb Modified over 8 years ago

Similar presentations

Presentation on theme: "AGENDA NCSIP Mandate IT Security Threats Specific Action Items Additional Initiatives."— Presentation transcript:

1

2

3 AGENDA NCSIP Mandate IT Security Threats Specific Action Items Additional Initiatives

4 NCSIP Mandate: Create and champion policies, standards, procedures and tools to ensure all jurisdictions in Canada maintain the highest standards of information infrastructure protection Exchange information, share best practices, and recommend programs and priorities on information protection for the governments of Canada

5 IT Security Threats Malicious code up 500 % in last 6 months Web application attacks increasing Average time between announcement of vulnerability and the exploit code last year was 5.8 days - now approaching ‘zero day’ Malicious code is morphing as it propagates Spyware and botnets are widespread 33% rise in phishing in 2004 over 2003

6 Spyware Keystroke Loggers (a.k.a., Keyloggers or Snoopware) –software that runs in background, recording all keystrokes of user, potentially stealing passwords and other confidential data Remote Access Trojans (RATS) –allows an attacker to remotely control user’s computer

7 Phishing Sites Increasing Source: www.antiphishing.org

8 First comes the e-mail…

9 Then a redirection to a false site…

10 Spam is increasing

11 However: The threat picture is not unique to Canada Regular contact with NCSIP members re: –Emerging vulnerabilities, viruses, threats, incidents, best practices –Weekly collaboration through GovIRT sponsored by PSEPC, alerts/advisories, trends, incident management coordination, Qs & As etc –Operational cooperation with EMOs, other committees Industry is working aggressively to combat threats through iimproved products such as SPAM filtering, Spyware cleaning tools etc.

12 Specific Action Items

13 Common Self Assessment Tool PURPOSE: Assess current state of security Create a cross country, high level report on the state of IT Security Establish a base line for determining required improvements and measuring future progress Identify gaps and set priorities Assist in developing an improvement plan

14 Common Self Assessment Tool STATUS: High level tool developed as planned, based on the Quebec model Alberta, PEI and MISA will pilot the tool and report results Delayed due to copyright issues related to the Quebec model Concurrently, jurisdictions are building on the growing ISO 17799 tools being produced

15 Education and Awareness PURPOSE: Support Continuing Education and Awareness of IT Security issues at all levels across all jurisdictions

16 Education and Awareness STATUS: Quebec Videos have been re-taped and support material is being translated Exploration with CSE college re: training courses available/to be developed Increased collaboration with municipalities (MISA) Additional resources identified in some jurisdictions National Awareness Framework planned Ongoing work is required here as we are all dealing with the same citizen

17 Coordinate ITS Standards PURPOSE: Coordinate ITS standards, including adoption of national and international standards (e.g. NIST, ISO 17799)

18 NCSIP linkage with PSEPC National Security Policy –Government Operations Centre National Emergency Response System –Cyber Security Task Force National Cyber Security Strategy Canadian Cyber Incident Response Centre –Federal/National focal point and coordination centre Cyber Incident Response 7X24 Threat monitoring Enhanced readiness and response to cyber events nationally

19 National Emergency Response Structure Prime Minister Cabinet Ministerial Committee with DM participation as required for National Policy Direction Minister( s) Regional Interface Strategic Coordination National Policy Direction OGDs EOCs Including Agencies Regional federal offices Simple Incident Complex Incident Government Operations Centre (GOC) Department (s) DMs/ADMs ADM Public Safety Committee with DG participation as required for National Policy Direction

20 Emergency Response PURPOSE: Liaise and coordinate with emergency response organizations

21 Emergency Response STATUS: Call out exercise February 2004 Meeting with EMO officials April 2004 Effective CISO/EMO relationships developed Inter-jurisdictional cyber exercise group working expanded to include more EMO staff NCSIP exercise conducted October 2004 Briefing with EMOs November 2004 Joint exercise planned Fall 2005

22 Additional Initiatives Security clearance policies and practices Liaison with ITAC through GOC-TBS Spam, Spyware Wireless Security Mobile Devices

23

Download ppt "AGENDA NCSIP Mandate IT Security Threats Specific Action Items Additional Initiatives."

Similar presentations

STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION

STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION
Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
SL21 Information Security Board Mission, Goals and Guiding Principles.

SL21 Information Security Board Mission, Goals and Guiding Principles.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Statistical Metadata Strategy Elham M. Saleh - Acting Director of Economic Statistics - Director of Technical Resources Central Informatics Organisation.

Statistical Metadata Strategy Elham M. Saleh - Acting Director of Economic Statistics - Director of Technical Resources Central Informatics Organisation.
1 July 08, 2010 Information Security Officer Meeting.

1 July 08, 2010 Information Security Officer Meeting.
Asia Pacific Economic Cooperation Transportation Working Group ITS Experts Group Chicago, Illinois September 2002 Walter Kulyk, P.E. Director, Office of.

Asia Pacific Economic Cooperation Transportation Working Group ITS Experts Group Chicago, Illinois September 2002 Walter Kulyk, P.E. Director, Office of.
OU INFORMATION SECURITY & RISK MANAGEMENT ISA – February 4, 2015.

OU INFORMATION SECURITY & RISK MANAGEMENT ISA – February 4, 2015.
Inter-jurisdictional Service Delivery Initiatives Overview of Key Potential Opportunities Victor Abele Public Sector Service Delivery Council February.

Inter-jurisdictional Service Delivery Initiatives Overview of Key Potential Opportunities Victor Abele Public Sector Service Delivery Council February.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.

Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.
An Accord Between the Government of Canada and the Voluntary Sector Training Deck provided by: The Non-Profit and Voluntary Sector Affairs Division Social.

An Accord Between the Government of Canada and the Voluntary Sector Training Deck provided by: The Non-Profit and Voluntary Sector Affairs Division Social.
1 May 2006 … Identity management - Internet - Data controller - PKI - Vulnerabilities - Fingerprint - Critical Information Infrastructure - Privacy and.

1 May 2006 … Identity management - Internet - Data controller - PKI - Vulnerabilities - Fingerprint - Critical Information Infrastructure - Privacy and.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
JPCERT/CC May. 2003. Fixed-Point Auto Data Collecting System Getting more accurate Scan and Prove data to provide more accurate network traffic analysis.

JPCERT/CC May Fixed-Point Auto Data Collecting System Getting more accurate Scan and Prove data to provide more accurate network traffic analysis.
NGAC Interagency Data Sharing and Collaboration Spotlight Session: Best Practices and Lessons Learned Robert F. Austin, PhD, GISP Washington, DC March.

NGAC Interagency Data Sharing and Collaboration Spotlight Session: Best Practices and Lessons Learned Robert F. Austin, PhD, GISP Washington, DC March.

Similar presentations

Ads by Google