SUBTITLE 2015 GenCyber Cybersecurity Workshop In-class Exercise: Components of Cybersecurity Andreea Cotoranu, Vinnie Monaco, and Chuck Tappert Seidenberg.

Slides:



Advertisements
Similar presentations
EMS Checklist (ISO model)
Advertisements

David A. Brown Chief Information Security Officer State of Ohio
DHS, National Cyber Security Division Overview
National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
1 Telstra in Confidence Managing Security for our Mobile Technology.
Security Controls – What Works
Information Security Policies and Standards
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
(Geneva, Switzerland, September 2014)
Stephen S. Yau CSE , Fall Security Strategies.
© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Network security policy: best practices
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Information Systems Security Computer System Life Cycle Security.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
NIST Special Publication Revision 1
Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.
Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.
“Integrating Property Management with Emergency Recovery” Ivonne Bachar, CPPM CF Director, Property Management Office Stanford University
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Catawba County Board of Commissioners Retreat June 11, 2007 It is a great time to be an innovator 2007 Technology Strategic Plan *
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Enterprise Cybersecurity Strategy
SecSDLC Chapter 2.
1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
IS3220 Information Technology Infrastructure Security
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Information Security tools for records managers Frank Rankin.
Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Best Cyber Security Practices for Counties An introduction to cybersecurity framework.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
Physical Security Governance Model
ISSeG Integrated Site Security for Grids WP2 - Methodology
Cybersecurity - What’s Next? June 2017
Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.
Computer-User-Input Behavioral Biometrics The Biometrics we focus on at Pace University Dr. Charles C. Tappert Seidenberg School of CSIS, Pace University.
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Cybersecurity EXERCISE (CE) ATD Scenario intro
I have many checklists: how do I get started with cyber security?
8 Building Blocks of National Cyber Strategies
How to Mitigate the Consequences What are the Countermeasures?
Cybersecurity ATD technical
Cybersecurity Threat Assessment
Data Security and Privacy Techniques for Modern Databases
IT Management Services Infrastructure Services
Presentation transcript:

SUBTITLE 2015 GenCyber Cybersecurity Workshop In-class Exercise: Components of Cybersecurity Andreea Cotoranu, Vinnie Monaco, and Chuck Tappert Seidenberg School of CSIS, Pace University

2015 GenCyber Cybersecurity Workshop Cybersecurity Fun Things for Students?  Images:  CanStockPhoto Images CanStockPhoto Images  Images from Google Images from Google  Videos:  CBS News - June 9, 2015 CBS News - June 9, 2015  Courses:  Coursera: Cybersecurity - Video Coursera: Cybersecurity - Video  Stanford: Computer Security Stanford: Computer Security  Introduction to Cybersecurity – Video Introduction to Cybersecurity – Video  Cybersecurity 101 – YouTube Video Cybersecurity 101 – YouTube Video

2015 GenCyber Cybersecurity Workshop Terminology: Information Security, Information Assurance, Cyber Security  Cyber Security versus Information Security  Gov Info Security: Cybersecurity Vs. Information Security Gov Info Security: Cybersecurity Vs. Information Security  Florida Tech: Cybersecurity vs. Information Security Florida Tech: Cybersecurity vs. Information Security  Cyber Security versus Information Assurance  Which One is Right for You? Which One is Right for You?  Cybersecurity isn’t the same thing as information assurance Cybersecurity isn’t the same thing as information assurance  Florida Tech: Cybersecurity vs. Information Assurance Florida Tech: Cybersecurity vs. Information Assurance

2015 GenCyber Cybersecurity Workshop Biometrics and Cyber Security  Obama’s cybersecurity adviser: Biometrics will replace passwords for safety’s sake Obama’s cybersecurity adviser: Biometrics will replace passwords for safety’s sake  Biometrics and Cyber Security Biometrics and Cyber Security  White House Event Focuses on Cyber Security and Biometrics White House Event Focuses on Cyber Security and Biometrics

2015 GenCyber Cybersecurity Workshop Wikipedia: Computer Security  Computer security, also known as cybersecurity or IT security, is security applied to computing devices such as computers and smartphones, and private and public computer networks, including the whole Internet.securitycomputerssmartphonescomputer networksInternet  It includes physical security to prevent theft of equipment and information security to protect the data on that equipment.physical securityinformation security  Cybersecurity is the process of applying security measures to ensure confidentiality, integrity, and availability of data.  Assure the protection of assets, which includes data, desktops, servers, buildings, and most importantly, humans.  Protect data both in transit and at rest. Countermeasures can be put in place in order to increase the security of data. Some of these measures include access control, awareness training, audit and accountability, risk assessment, penetration testing, vulnerability management, and security assessment and authorization.

2015 GenCyber Cybersecurity Workshop WhatIs.com: Cybersecurity  Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.  In a computing context, the term security implies cybersecurity.  According to a December 2010 analysis of U.S. spending plans, the federal government has allotted over $13 billion annually to cybersecurity over the next five years.

2015 GenCyber Cybersecurity Workshop UMUC: What is Cyber Security?  Network outages, data compromised by hackers, computer viruses and other incidents affect our lives in ways that range from inconvenient to life-threatening. As the number of mobile users, digital applications and data networks increase, so do the opportunities for exploitation.  Cyber security, also referred to as information technology security, focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change or destruction.

2015 GenCyber Cybersecurity Workshop Cyber Risk Management Framework Key Components Key Components  1. Protect valuable data: Organizations should identify their most valuable information assets, where these assets are located at any given time, and who has access to them.  2. Monitor for cyber risks: Traditional security monitoring approaches typically identify and react to cyber threats in isolation. Security tools are designed to identify specific unusual patterns or traffic types, and then alert operational teams to anomalous activity. Effective cyber-risk monitoring, on the other hand, focuses on building a sustainable and resilient approach to assess intelligence inputs from various functional teams and to correlate and dynamically adjust in real time the organization’s risk posture.  3. Understand your “cyber perimeter”: Today, a financial institution’s cyber perimeter extends to locations where data is stored, transmitted, and accessed—by internal employees and trusted partners. Organizations should ensure they have transparency into this expanded cybersecurity perimeter, because any weakness in the perimeter can become a security vulnerability.  4. Improve cyber intelligence: Most financial institutions’ threat-analysis efforts are scattered across several functions, physical locations, and systems. This disjointed nature and lack of a common methodology to leverage intelligence can be a significant barrier to robust cyber-risk intelligence. To close the gap, organizations should establish a robust threat-analysis capability that is built on shared intelligence, data, and research from internal and external sources.  5. Report and take action: A strong governing team with the right knowledge, expertise, and influence will be necessary to advance cybersecurity. An effective team can help ensure that monitoring systems are fluid and capable of precisely responding to cyber threats, and can empower management to appropriately react.  Does a high school or university need an information security program? What’s next in your cybersecurity program’s evolution? We’d like to hear your thoughts and comments.

2015 GenCyber Cybersecurity Workshop Cyber Security Governance  The Information Security Officer (ISO) facilitates the lifecycle of Security Operations, Risk Management and Security Architecture through a number of activities and repeatable processes.  Information Security Strategic Planning  Information Security Roadmap Development  Information Security Resource Planning  Establishment of Information Security Policies, Standards, Processes and Procedures  Information Security Training, Education and Awareness  Best practices for Information Governance is found in NIST SP Managing Information Security Risk Organizational, Mission, and Information System View.NIST SP Managing Information Security Risk Organizational, Mission, and Information System View.

2015 GenCyber Cybersecurity Workshop Threat Identification  The purpose of your Security Operations Center (SOC) is to identify threats to Information Security. As threats are identified, they should be provided to Risk Management for Analysis. Threats can be identified through a number of mechanisms including:  Intrusion Detection & Prevention Technologies.  Notices from organizations such as the Multi-State Information Sharing & Analysis Center.  Best practice for identifying threats is found in Appendix D of NIST SP Revision 1.Appendix D of NIST SP Revision 1.

2015 GenCyber Cybersecurity Workshop Risk Management  The purpose of your Risk Management Program is to quantify the Risks Identified by your Security Operations Center. The risks of threats can be managed through a number of strategies including:  Cataloguing the Risk – Establish a Risk Register.  Quantifying the Risk – Determine if vulnerabilities exist which can be exploited by the threats identified.  Measuring the Risk – Identify the impacts of realized risks.  Communicate the Risk – Convey prioritized risks to architects so that a solution can be established.  NIST SP “Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach,” provides a best practice framework for facilitating this activity. NIST SP “Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach,”

2015 GenCyber Cybersecurity Workshop Risk Mitigation  Risks are provided to Security Architects who implement or configure security controls to mitigate the identified risks. The following are process steps that can be used to mitigate risk:  Determine how the risk results in exploitation of a vulnerability.  Determine if there are existing security controls which can mitigate exploitation.  Implement or re-configure the security control to mitigate the risk.  Develop a mechanism to identify if risk exploitation is occurring and solution for monitoring for this risk.  NIST SP “Security and Privacy Controls for Federal Information Systems and Organizations,” illustrates a catalogue of security controls that can be used to identify mitigation strategies. NIST SP “Security and Privacy Controls for Federal Information Systems and Organizations,”

2015 GenCyber Cybersecurity Workshop National Cybersecurity Workforce Framework  The Framework establishes:  A common taxonomy and lexicon for cybersecurity workers that organizes cybersecurity into 31 specialty areas within 7 categories.  A baseline of tasks, specialty areas, and knowledge, skills and abilities (KSAs) associated with cybersecurity professionals.  And assists with strategic human capital efforts, including:  Workforce planning  Recruitment and Selection  Training and Development  Succession Planning

2015 GenCyber Cybersecurity Workshop Copyright for Material Reuse  Copyright© 2015 Charles Tappert Pace University. Please properly acknowledge the source for any reuse of the materials as below.  Charles Tappert, 2015 GenCyber Cybersecurity Workshop, Pace University  Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation. A copy of the license is available at

2015 GenCyber Cybersecurity Workshop Acknowledgment  The authors would like to acknowledge the support from the National Science Foundation under Grant No and from the GenCyber program in the National Security Agency. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation, the National Security Agency or the U.S. government GenCyber Cybersecurity Workshop

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.