Information Assurance Management Telecommunications and Information Security Workshop 2000.

Slides:



Advertisements
Similar presentations
Museum Presentation Intermuseum Conservation Association.
Advertisements

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Security Monitoring & Management Security Control Panel Sensors & Detection Devices $ $ $ $ $ $ Physical Security Monitoring.
Workshop on High Confidence Medical Device Software and Systems (HCMDSS) Research & Roadmap June 2-3, 2005 Philadelphia, PA. Manufacturer/Care-Giver Perspective.
Security Controls – What Works
The State of Security Management By Jim Reavis January 2003.
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Security+ Guide to Network Security Fundamentals
(Geneva, Switzerland, September 2014)
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Stephen S. Yau CSE , Fall Security Strategies.
Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,
Information Assurance and Security: Overview. Information Assurance “Measures that protect and defend information and information systems by ensuring.
Network security policy: best practices
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
SEC835 Database and Web application security Information Security Architecture.
Information Security Update CTC 18 March 2015 Julianne Tolson.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
Network Security Resources from the Department of Homeland Security National Cyber Security Division.
World Bank Integrator Unit Electronic Security and Payment Systems: Some New Challenges Tom Glaessner Thomas Kellermann Valerie McNevin The World Bank.
1 Figure 1-17: Security Management Security is a Primarily a Management Issue, not a Technology Issue Top-to-Bottom Commitment  Top-management commitment.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.
1 © 2003 Cisco Systems, Inc. All rights reserved. CIAG-HLS Security For Infrastructure Protection: Public-Private Partnerships KEN WATSON 15 OCT.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and Resiliency Policy Framework” Scenario for Discussion.
Mobile Banking By: Chenyu Gong, Jalal Hafidi, Harika Malineni.
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
Critical Infrastructure: Commerce/NTIA Lead Agency Role by Shirl Kinney Deputy Assistant Secretary, NTIA October - November, 1998 A Composite of Recent.
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
Working with HIT Systems
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.
Scott Charney Cybercrime and Risk Management PwC.
Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
Chapter 1: Information Security Fundamentals Security+ Guide to Network Security Fundamentals Second Edition.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
IS3220 Information Technology Infrastructure Security
Regional Telecommunications Workshop on FMRANS 2015 Presentation.
Regional Cyber Crime Unit
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
Managed IT Services JND Consulting Group LLC
Welcome to the ICT Department Unit 3_5 Security Policies.
Building A Security Program From The Ground Up
Agenda Control systems defined
and Security Management: ISO 28000
Information Technology Sector
Cyber Resilient Energy Delivery Consortium
Detection and Analysis of Threats to the Energy Sector (DATES)
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
I have many checklists: how do I get started with cyber security?
Security week 1 Introductions Class website Syllabus review
Cybersecurity: Tried and True Tactics for Assessing and Managing Risks, Employee Training and Program Testing Brian Rubin, Partner, Sutherland Tee Meeks,
Introduction to the PACS Security
Securing web applications Externally
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Anatomy of a Common Cyber Attack
Cloud Computing for Wireless Networks
Presentation transcript:

Information Assurance Management Telecommunications and Information Security Workshop 2000

TISW 2000 National Telecommunications Information Agency (NTIA) Richard Clark, NSC, National Coordinator for Security, Infrastructure Protection and Counter-Terrorism. Attacks and reporting are up...Disney, Ikea, all hit in the last few weeks.

TISW Trends is vulnerabilities: –Good News: B2B is driving down prices and increasing production... –Bad News: You are only as secure as the least secure partner... –Deregulation of Electrical Power requires a vast new information exchange system to manage...

TISW 2000 –VoIP convergence: retains all the vulnerabilities of both voice systems and IP...How is this to be secured? –Expansion of wireless networks-We are slow to put in place...watch others for vulnerabilities. By 2003, 165 million anonymous connections... –Broadband - We are becoming more reliant on it...privacy rights are in jeopardy.

TISW things Industry can contribute: –People - “Cyber Corps” pay for undergrad and graduate degrees in InfoSec. Money to stimulate academia to start degree programs. –Share information - Telecom, Banking now, Power sector by the end of the year. Horizontal distributed attack warning 90% of successful attacks are the result of failure to install available patches. DOE and DOD working secure push to force patch installation.

TISW 2000 –Standards - Not the role of government to create standards...they will not regulate Cyber Space. All Banks must achieve Cyber security Health Care soon to follow Visa standards required for all its venders Generally accepted - varies by industry

TISW 2000 Next generation of telecom infrastructure with security built in and seamless use Government R&D money to be used to identify gaps where market forces are not working –Policy questions: Do we have to preserve privacy or anonymity? Or can we have both? Or neither? Continuity - non-partisan, not interrupted by changes in administrations.

TISW 2000 Michael Jacobs - DepDir InfoSec NSA Information Assurance Counter-measures Triad: –Technology –Policy and procedures –Awareness, training & education Stability is required for effective security

TISW 2000 Only three counter-measures available to protect those infrastructures: –Cyber security awareness and education –Strong Crypto –Good security-enabled commercial information technology.

TISW 2000 Howard Schmidt - Corporate Security Officer for Microsoft. Old comm adage: GIGO New Comm adage: GIGO...garbage in Gospel out...Said on the Net...must be true! New exposure to risk in every new device Looming issues...

TISW 2000 –Digital Divide - Have’s vs. Have nots –Spectrum management - wireless –Privacy –Encryption and export controls –Taxation and jurisdiction –Security of broadband persistent connections

TISW 2000 NITA panel discussions –Engineer security from the start –Administer the network securely –Test the system - configuration management –Respond to known weaknesses - have a plan! –Incentive to be part of the system - move SysAdmin from IT to Security –2-element authentication vs. Strong passwords –for root or Admin access

TISW 2000 –Common server tasks set to specific users Programmatic practices –Best Practices –PEN-TEST –Firewalls –URL Blocking –Anti-virus –Secure Authentication

TISW 2000 Emergency Response Program –Open source monitoring –Event correlation & analysis –CERT –Forensic team Cyber Insurance –Actuarial base won’t meet needs –Assessment -Security Program Elements

TISW 2000 Protect Detect Respond Collapse of the Internet? –Yes! At the nodes of the search engines

TISW 2000 How to influence the Board? –IDS outside the Firewall –Fiduciary responsibility to stockholders –Personal, financial risk Exposure and Risk –Foreseeability –Due care and diligence

TISW 2000 DDoS - failure to exercise due diligence Link liability Like Y2K requirements, you must be able to prove your infosec security procedures Process in place - not just things! HIPAA...”anticipated threats or hazards to security or integrity of customer records and information...”

TISW 2000 SEC using the same language Banking regs the same Due diligence - document, document, document! Anticipate & Avoid vs. Respond and React

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.