Financial Sector Cybersecurity R&D Priorities The Members of the FSSCC R&D Committee November 2014.

Slides:

Advertisements

Similar presentations

1 Michael Siegel James Houghton Advancing Cybersecurity Using System Dynamics Simulation Modeling For System Resilience, Patching, and Software Development.

Advertisements

BENEFITS OF SUCCESSFUL IT MODERNIZATION

 Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

David A. Brown Chief Information Security Officer State of Ohio

Prepared for: DISA September 17, 2003 Establishing a Government Information Security System Presented to the IT AND COMMUNICATIONS SYSTEMS SECURITY CONFERENCE.

Cyber Security R&D Challenges: A Homeland Security Perspective Simon Szykman, Ph.D. Director, Cyber Security R&D

DHS, National Cyber Security Division Overview

OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.

Closing the CIP Technology Gap in the Banking and Finance Sector Treasury Department Office of Critical Infrastructure Protection and Compliance Policy.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,

Cloud Usability Framework

Capabilities Briefing

1 Panda Malware Radar Discovering hidden threats Technical Product Presentation Name Date.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

SEC835 Database and Web application security Information Security Architecture.

[Name / Title] [Date] Effective Threat Protection Strategies.

Information Security Issues at Casinos and eGaming

1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

11 Canal Center Plaza, Alexandria, VA T F Enterprise Computing Conference (ECC) Workshop Alma R. Cole,

By Hafez Barghouthi. Agenda Today Attack. Security policy. Measuring Security. Standard. Assest. Vulnerability. Threat. Risk and Risk Mitigation.

1 Panda Malware Radar Discovering hidden threats Channel Presentation Name Date.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,

PAGE Intelligence Meets Vulnerability Management NYC ISSA January 24, 2013.

Wrap-up. Goals Have fun! Teach you about Cyber Defense so that you can: –Interest your students in Cyber Defense –Teach your students about Cyber Defense.

IS Network and Telecommunications Risks Chapter Six.

Network security Product Group 2 McAfee Network Security Platform.

Grid Security and Advancements in Smart Grid Technology Dr. Veronika A. RABL Chair, IEEE-USA Energy Policy Committee Principal, Vision & Results Washington,

Enterprise Cybersecurity Strategy

Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.

Safe’n’Sec IT security solutions for enterprises of any size.

University of Wyoming Financial Reporting Initiative Update April 2016.

Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

By. Andrew Largent COSC-480. Upstream Intelligence (UI) is data about IP’s, domains and Autonomous System Numbers (ASN) acting or representing the presence.

CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

1  Carnegie Mellon University Overview of the CERT/CC and the Survivable Systems Initiative Andrew P. Moore CERT Coordination Center.

Welcome Information Security Office Services Available to Counties Security Operations Center Questions.

CompTIA Security+ Certification Exam SY COMPTIA SECURITY+SY0-401 Q&A is a straight forward,efficient,and effective method of preparing for the new.

6/24/2016Financial Services Sector Coordinating Council For Critical Infrastructure Protection R&D Committee 1 Financial Cybersecurity in Complex, Heterogeneous.

IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.

Blue Coat Cloud Continuum

Protect your Digital Enterprise

Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.

CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.

Cybersecurity - What’s Next? June 2017

Intercept X Early Access Program Root Cause Analysis

Compliance with hardening standards

DISA Global Operations

U.S. COAST GUARD CYBERSECURITY POLICY and CYBERSECURITY PLANNING

Advanced Threat Protection

Detection and Analysis of Threats to the Energy Sector (DATES)

Cybersecurity EXERCISE (CE) ATD Scenario intro

Wenjing Lou Complex Networks and Security Research (CNSR) Lab

Forensics Week 11.

5G Security Training

I have many checklists: how do I get started with cyber security?

Threat Landscape for Data Security

Strong Security for Your Weak Link:

Securing the Threats of Tomorrow, Today.

The MobileIron® Threat Detection difference:

Microsoft Data Insights Summit

In the attack index…what number is your Company?

Presentation transcript:

Financial Sector Cybersecurity R&D Priorities The Members of the FSSCC R&D Committee November 2014

The FSSCC Research and Development Committee: Overview FSSCC  FSSCC is the Cybersecurity Coordinating Committee for the Financial sector  FSSCC members represent a broad cross-section of Financial sector institutions of all types FSSCC R&D Committee Mission and Purpose:  Identify research needs and priorities of the Financial Services Sector  Identify, influence and help transition promising research  Educate researchers to financial sector unique needs and constraints Current FSSCC R&D Committee Chairs: Bob Blakley, Citigroup Joseph Schatz, US Department of Treasury,

The Financial Sector Cybersecurity Landscape: Challenges Secrets and personal information are declining in utility as authenticators. We need new methods, not based on secrets, for establishing identities of users. Perimeter-based, prevention-oriented security architectures are less and less successful at thwarting attackers. We need new architectures which enable quick detection of and effective response to attacks in progress and attacks in preparation. We have insufficient real-time awareness of the state of our systems and the activities of users in those systems. We need analytics which provide accurate, detailed information about who’s doing what to which resources on our networks, and we need powerful, sensemaking visualization tools which allow security analysts to understand the significance of the information the analytics provide. Attackers are increasingly exploiting human rather than technical weaknesses We need a better understanding of how education and user experience design can be used to defend users against getting conned into participating in malicious activity without their knowledge or against their will. Attackers can cheaply mount attacks which are very costly (in losses or in resources spent on countermeasures) to defenders.. We need ways to drive up the costs and risks of an attack, even in cases in which attackers use automated tools.

Financial Sector Cybersecurity R&D Priorities 1.Identity Assurance - Need to identify and authenticate people, organizations, devices, services, application software in real-time, at the level of assurance commensurate with the risk, at assurance levels an order of magnitude greater than currently. 2.Analysis and Intelligence - Need for more effective real-time identification of malware, infected devices, and suspicious activities of people and organizations, capable of forecasting, learning and adapting to changing threats and tactics through feedback from real-time and after-the-fact forensic analysis. 3.Human Behavior - Need for human-computer interactions models which reduce the risks of social- engineering attacks, reduce security-relevant errors and omissions, and actively discourage malicious acts by outside attackers and insiders alike. 4.Proactive Measures - Need for a suite of proactive measures that provides demonstrative success over current purely defensive measures, including a set of tools and analyses that justify these measures, taking into account the unique regulatory and compliance environment of the financial services sector. 5.Architecture and Infrastructure - Need for new system structures, communications protocols, and security controls designed to be effective in an increasingly distributed, richly-connected, highly- virtualized, mobile computing environment.

The full FSSCC R&D Agenda is available at the following URL. Note that there are blank spaces in the URL. RD Agenda April pdf The FSSCC Research and Development Agenda