AGENDA NCSIP Mandate IT Security Threats Specific Action Items Additional Initiatives.

Slides:



Advertisements
Similar presentations
STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION
Advertisements

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
SL21 Information Security Board Mission, Goals and Guiding Principles.
David A. Brown Chief Information Security Officer State of Ohio
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Statistical Metadata Strategy Elham M. Saleh - Acting Director of Economic Statistics - Director of Technical Resources Central Informatics Organisation.
1 July 08, 2010 Information Security Officer Meeting.
Asia Pacific Economic Cooperation Transportation Working Group ITS Experts Group Chicago, Illinois September 2002 Walter Kulyk, P.E. Director, Office of.
OU INFORMATION SECURITY & RISK MANAGEMENT ISA – February 4, 2015.
Inter-jurisdictional Service Delivery Initiatives Overview of Key Potential Opportunities Victor Abele Public Sector Service Delivery Council February.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.
An Accord Between the Government of Canada and the Voluntary Sector Training Deck provided by: The Non-Profit and Voluntary Sector Affairs Division Social.
1 May 2006 … Identity management - Internet - Data controller - PKI - Vulnerabilities - Fingerprint - Critical Information Infrastructure - Privacy and.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
JPCERT/CC May Fixed-Point Auto Data Collecting System Getting more accurate Scan and Prove data to provide more accurate network traffic analysis.
NGAC Interagency Data Sharing and Collaboration Spotlight Session: Best Practices and Lessons Learned Robert F. Austin, PhD, GISP Washington, DC March.
IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN.
1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.
National Preparedness All Hazards Consortium Corey Gruber Assistant Deputy Administrator, National Preparedness National Preparedness.
Nuclear Power Plant/Electric Grid Regulatory Coordination and Cooperation - ERO Perspective David R. Nevius and Michael J. Assante 2009 NRC Regulatory.
Japanese Government’s Efforts to Address Information Security Issues October, 2007 National Information Security Center (NISC)
Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Maintaining a Secure Messaging Environment Across , IM, Web and Other Protocols Jim Jessup Regional Manager, Information Risk Management Specialist.
International Comparisons - CANADA "Are there emergency management principles promoted in Canada and what influence do they have on the practice and teaching.
FAO/WHO CODEX TRAINING PACKAGE Enhancing participation in Codex activities Developed by the Food and Agriculture Organization of the United Nations (FAO)
Wayne Dauphinee Executive Director Seventh Annual Pacific NorthWest Cross Border Workshop Seattle, WA May Forging Ahead.
Recent Cyber Attacks and Countermeasures September 2006.
1 August 18, 2010 Disaster Recovery Coordinators’ Meeting.
1 GSC: Standardization Advancing Global Communications ISACC Opening Plenary Presentation GSC-11 SOURCE:ISACC TITLE:ISACC Opening Plenary Presentation.
STRATEGY SESSION SEPTEMBER 15, YEAR SECURITY DISCUSSION 1 NETWORK PLANNING TASK FORCE.
EPA Geospatial Segment United States Environmental Protection Agency Office of Environmental Information Enterprise Architecture Program Segment Architecture.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
GSC Global Standards Collaboration GSC August – 2 September 2005 Sophia Antipolis, France August 28 – September 2, ISACC Opening Plenary Presentation.
The Direction of Information Security and Privacy in State Government Presented by Colleen Pedroza Chief Information Security Officer California State.
Arlington County RACES David Jordan Chief Information Security Officer OEM Emergency Support Function #2 Lead.
Tracking national portfolios and assessing results Sub-regional Workshop for GEF Focal Points in West and Central Africa June 2008, Douala, Cameroon.
IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.
Title of Presentation in Verdana Bold Managing the Government Agenda Priorities and Planning Presentation Canada School of Public Service August 1, 2007.
National Information Communication Technologies Strategy Vasif Khalafov “National strategy” working group - Web -
1 PRIVACY SUB-COMMITTEE UPDATE PSCIOC Meeting February 9, 2004 Chris Norman Executive Director, Ministry of Management Services, Government of B.C.
Computer Policy and Security Report to Faculty Council Jeanne Smythe ATN Director for Computing Policy March 26,2004.
Copyright – Disaster Resistant Communities Group – Initial Planning Conference.
Presentation on S&T at the Second Managers’ Forum Lynne McHale Federal Science and Technology Community Management Secretariat February 17, 2005.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Information and Network security: Lithuania Tomas Lamanauskas Deputy Director Communications Regulatory Authority (RRT) Republic of Lithuania; ENISA Liaison.
HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.
Information Security in Laurier Grant Li Wilfrid Laurier University.
April 19 th, 2016 Governors Homeland Security and All-Hazards Cyber Security Sub-Committee.
Economics of Policing Shared Forward Agenda Economics of Policing Shared Forward Agenda.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
Information Security Officer Meeting
BruinTech Vendor Meet & Greet December 3, 2015
ISSeG Integrated Site Security for Grids WP2 - Methodology
University Career Services Committee
ISACC Activities Since GSC-16
Northern Education Action Plan
Information Security Board
Cyber Security in New Jersey State Government
2017 Health care Preparedness and Response Draft Capabilities
Module 5 Liaison and Managing Relationships with Stakeholders
ISACC Activities Since GSC-16
In the attack index…what number is your Company?
National Union Management Consultation Committee - Drug Manufacturing Inspection Transformation May 16, 2017 Regulatory Operations and Regions Branch.
Agency Action Plan on Diversity and Inclusion Presentation to the Labour Management Consultation Committee (LMCC) October 3, 2017.
Presentation transcript:

AGENDA NCSIP Mandate IT Security Threats Specific Action Items Additional Initiatives

NCSIP Mandate: Create and champion policies, standards, procedures and tools to ensure all jurisdictions in Canada maintain the highest standards of information infrastructure protection Exchange information, share best practices, and recommend programs and priorities on information protection for the governments of Canada

IT Security Threats Malicious code up 500 % in last 6 months Web application attacks increasing Average time between announcement of vulnerability and the exploit code last year was 5.8 days - now approaching ‘zero day’ Malicious code is morphing as it propagates Spyware and botnets are widespread 33% rise in phishing in 2004 over 2003

Spyware Keystroke Loggers (a.k.a., Keyloggers or Snoopware) –software that runs in background, recording all keystrokes of user, potentially stealing passwords and other confidential data Remote Access Trojans (RATS) –allows an attacker to remotely control user’s computer

Phishing Sites Increasing Source:

First comes the …

Then a redirection to a false site…

Spam is increasing

However: The threat picture is not unique to Canada Regular contact with NCSIP members re: –Emerging vulnerabilities, viruses, threats, incidents, best practices –Weekly collaboration through GovIRT sponsored by PSEPC, alerts/advisories, trends, incident management coordination, Qs & As etc –Operational cooperation with EMOs, other committees Industry is working aggressively to combat threats through iimproved products such as SPAM filtering, Spyware cleaning tools etc.

Specific Action Items

Common Self Assessment Tool PURPOSE: Assess current state of security Create a cross country, high level report on the state of IT Security Establish a base line for determining required improvements and measuring future progress Identify gaps and set priorities Assist in developing an improvement plan

Common Self Assessment Tool STATUS: High level tool developed as planned, based on the Quebec model Alberta, PEI and MISA will pilot the tool and report results Delayed due to copyright issues related to the Quebec model Concurrently, jurisdictions are building on the growing ISO tools being produced

Education and Awareness PURPOSE: Support Continuing Education and Awareness of IT Security issues at all levels across all jurisdictions

Education and Awareness STATUS: Quebec Videos have been re-taped and support material is being translated Exploration with CSE college re: training courses available/to be developed Increased collaboration with municipalities (MISA) Additional resources identified in some jurisdictions National Awareness Framework planned Ongoing work is required here as we are all dealing with the same citizen

Coordinate ITS Standards PURPOSE: Coordinate ITS standards, including adoption of national and international standards (e.g. NIST, ISO 17799)

NCSIP linkage with PSEPC National Security Policy –Government Operations Centre National Emergency Response System –Cyber Security Task Force National Cyber Security Strategy Canadian Cyber Incident Response Centre –Federal/National focal point and coordination centre Cyber Incident Response 7X24 Threat monitoring Enhanced readiness and response to cyber events nationally

National Emergency Response Structure Prime Minister Cabinet Ministerial Committee with DM participation as required for National Policy Direction Minister( s) Regional Interface Strategic Coordination National Policy Direction OGDs EOCs Including Agencies Regional federal offices Simple Incident Complex Incident Government Operations Centre (GOC) Department (s) DMs/ADMs ADM Public Safety Committee with DG participation as required for National Policy Direction

Emergency Response PURPOSE: Liaise and coordinate with emergency response organizations

Emergency Response STATUS: Call out exercise February 2004 Meeting with EMO officials April 2004 Effective CISO/EMO relationships developed Inter-jurisdictional cyber exercise group working expanded to include more EMO staff NCSIP exercise conducted October 2004 Briefing with EMOs November 2004 Joint exercise planned Fall 2005

Additional Initiatives Security clearance policies and practices Liaison with ITAC through GOC-TBS Spam, Spyware Wireless Security Mobile Devices