Larry Clinton Operations Officer Internet Security Alliance 703-907-7028 202-236-0001.

Slides:

Advertisements

Similar presentations

Cyber Crime and Technology

Advertisements

High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.

Philippine Cybercrime Efforts

DETECTING A CYBER-ATTACK SOURCE IN REAL TIME R. Romanyak 1), A. Sachenko 1), S. Voznyak 1), G. Connolly 2), G. Markowsky 2) 1) Ternopil Academy of National.

Introduction and Overview of Digital Crime and Digital Terrorism

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.

© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.

CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA SEI is sponsored by the U.S. Department of Defense ©

1`1 Hacking and Information Warfare. 2 Overview Information Warriors  Who Are They  What Do They Do Types of Threat PsyOps Civil Affairs Electronic.

1  Carnegie Mellon University System Security and U. Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh, PA

1 Telstra in Confidence Managing Security for our Mobile Technology.

Increasing customer value through effective security risk management

Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.

Legal and Ethical Issues in Computer Security

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Or, How to Spend Your Weekends… Fall 2007 Agenda General Overview of the CISO Arena Technical Security Information Security Strategic Security Kirk Bailey.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Threats and Attacks Principles of Information Security, 2nd Edition

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

DDos Distributed Denial of Service Attacks by Mark Schuchter.

1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management.

© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

© 2004, Enspherics Division of CIBER. All Rights Reserved. IT Security Trends, Threats, and Countermeasures Ed Bassett President Enspherics Division of.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

APCERT : APNIC Meeting 2014’ International Collaboration for Regional Cybersecurity Risk Reduction - APCERT Collaboration with Stakeholders Yurie Ito Chair,

SWAMI Threats, vulnerabilities & safeguards in a World of Ambient Intelligence David Wright Trilateral Research & Consulting 21 March 2006.

1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB

Computer Crime and Information Technology Security

Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.

Network Security Resources from the Department of Homeland Security National Cyber Security Division.

Lecture 1 Introduction Basic Security Concepts

1  Carnegie Mellon University Protecting Information Infrastructures Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh,

Internet Drivers License CSS411/BIS421 Computing Technology & Public Policy Mark Kochanski Spring 2010.

Computer & Internet Security Sean Lanham, CISSP - ISO University of Texas at Arlington Information Security Office.

International Cyber Warfare and Security Conference Cyber Defence Germany's Analysis of Global Threats 19th November 2013, Ankara.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Focus Group 1B Cybersecurity Dr. Bill Hancock, CISSP Cable and Wireless America FG1B Chair

Cyber Security Nevada Businesses Overview June, 2014.

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

Communications-Electronics Security Group. Excellence in Infosec.

Page 1 8 Oct 2004 IT Security Awareness Dangers in the Networked World Lai Zit Seng NUS School of Computing.

Information Security: It’s Everyone’s Business September 16, 2003 Greg Garcia, Vice President, Information Security ITAA.

January 6, 2003 A Gathering of Networks. Network Security Issues & Developments.

Randy Beavers CS 585 – Computer Security February 19, 2009.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.

CyberPatriot: Introduction to Cyber Security 9/10/10 Joshua White Director of CyOON R&D Everis Inc (315)

Computer Security Status Update FOCUS Meeting, 28 March 2002 Denise Heagerty, CERN Computer Security Officer.

High Performance Research Network Dept. / Supercomputing Center 1 DDoS Detection and Response System NetWRAP : Running on KREONET Yoonjoo Kwon

Resources for Meeting Internet Safety Requirements Cheryl Elliott James Madison University Bill Johnsen Virginia Beach City Public Schools Educational.

Computer Security Mike Asoodeh & Ray Dejean Office of Technology Southeastern Louisiana University.

EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.

1  Carnegie Mellon University Overview of the CERT/CC and the Survivable Systems Initiative Andrew P. Moore CERT Coordination Center.

1 Figure 1-3: Attack Trends Growing Incident Frequency  Incidents reported to the Computer Emergency Response Team/Coordination Center  1997: 2,134.

1 What will be the Coming Super Worms and Viruses By Alan S H Lam.

Securing Information Systems

IT Security Trends, Threats, and Countermeasures

Computer Security Incidents

Legal and Ethical Issues in Computer Security

Threat Trends and Protection Strategies Barbara Laswell, Ph. D

Cyber Security and the National Broadband Strategy

امنیت اطلاعات و ضرورت آن

Computer Security Incidents

Discussion Government Private Business Tools for prevention Congress

ISACA IN 2019 Robin Lyons WHAT’S NEXT, NOW Technical Research Manager

Presentation transcript:

Larry Clinton Operations Officer Internet Security Alliance

The Past

Source: The Present

The Internet Security Alliance The Internet Security Alliance is a collaborative effort between Carnegie Mellon University’s Software Engineering Institute (SEI) and its CERT Coordination Center (CERT/CC) and the Electronic Industries Alliance (EIA), a federation of trade associations with over 2,500 members.

Sponsors

US National Strategy to Secure Cyber Space The vast majority of cyber attacks originate or pass through systems abroad, cross several boarders and require international cooperation to stop

US National Strategy to Secure Cyber Space “The US interests in promoting cyber security extends well beyond its boarders. Critical information infrastructures are directly connected to Canada, Mexico, Europe, Asia and LA. The nations economy and security are reliant on far-flung corporations and trading partners that requires secure and reliable information infrastructure to function.”

Human Agents Hackers Disgruntled employees White collar criminals Organized crime Terrorists Methods of Attack Brute force Denial of Service Viruses & worms Back door taps & misappropriation, Information Warfare (IW) techniques Exposures Information theft, loss & corruption Monetary theft & embezzlement Critical infrastructure failure Hacker adventures, e- graffiti/defacement Business disruption Representative Incidents Code Red, Nimda, Sircam CD Universe extortion, e-Toys “Hactivist” campaign, Love Bug, Melissa Viruses The Threats – The Risks

Attack Sophistication v. Intruder Technical Knowledge High Low password guessing self-replicating code password cracking exploiting known vulnerabilities disabling audits back doors hijacking sessions sweepers sniffers packet spoofing GUI automated probes/scans denial of service www attacks Tools Attackers Intruder Knowledge Attack Sophistication “stealth” / advanced scanning techniques burglaries network mgmt. diagnostics DDOS attacks

The Dilemma: Growth in Number of Vulnerabilities Reported to CERT/CC

Growth in Incidents Reported to the CERT/CC

Machines Infected per Hour at Peak

Computer Virus Costs (in billions) (Through Oct 7) $ billion

Economic Impact of Cyber Attacks “Estimates of total world-wide losses attributable to virus and worm attacks in 2003 range from $13 billion due to viruses and worms only to $226 billion for all forms of overt attacks-- -Congressional Research Service Report to Congress April 2004

Largest Study Ever Conducted Finds : PricewaterhouseCoopers Sept Actual Spending on Security is flat Most “plan” to increase security spending “The greatest barrier to effective security is inadequate budget”

Companies Integrating Internet into Security 58% North America 41 % Asia 37 % South America 36% Europe

North America 51 % Asia 44 % Europe 40 % South America 24 % Data Protection as part of Policy

A Coherent 10 step Program of Cyber Security 1. Members and CERT create best practices 2. Members and CERT share information 3. Cooperate with industry and government to develop new models and products consistent with best practices

A Coherent Program of Cyber Security 4. Provide Education and Training programs based on coherent theory and measured compliance 5. Coordinate across sectors 6. Coordinate across borders

A coherent program 7. Develop the business case (ROI) for improved cyber security 8. Develop market incentives and tools for consistent maintenance of cyber security 9. Integrate sound theory and practice and evaluation into public policy 10. Constantly expand the perimeter of cyber security by adding new members

ISA Security Anchor Proposal Go beyond isolated conferences to Full service trade association for cyber security providing on-going services in: Information sharing on threats and incidents Best practices/standards/assessment development Locally-based education and training Domestic & international policy development Develop market incentives for cyber security

ISA Wholesale Membership Program Method of Reaching Smaller Companies Trade Associations Join for ISA lowest rate. ALL their small members receive full associate services FREE OF CHARGE

Wholesale Services FREE Best Practices Guide for Small Businesses FREE On-Line assessment and suggestions FREE access to secure Portal with news on Emerging threats, vulnerabilities & what to do FREE meetings/calls with experts FREE Newsletter on Cyber & Physical for SB

Larry Clinton Operations Officer Internet Security Alliance