Presentation is loading. Please wait.

Presentation is loading. Please wait.

FOUNDATIONS OF OPERATIONAL RISK

Published byHubert Stone Modified over 6 years ago

Similar presentations

Presentation on theme: "FOUNDATIONS OF OPERATIONAL RISK"— Presentation transcript:

1 FOUNDATIONS OF OPERATIONAL RISK
IMT 556 Week #6 Autumn 2013

2 Administrative Details
You should all have your papers back by now You should name every paper you write with a title – Paper #1 is not a title Following the instructions gets you a higher grade Watch the video to see how to read my comments Come talk to me if you don’t understand the comments Next week’s speakers =Christopher Dahl, Deloitte; and Chris Rivinus, Tullow Oil (Africa’s leading independent oil company) Next week’s “Real World” = Third Party/Human Risk

3 News of the week Federal Prosecutors, in a Policy Shift, Cite Warrantless Wiretaps as Evidence Spying Known at Top Levels, Officials Say NSA bills set up a choice in Congress: End bulk collection of phone records or endorse it NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say

4 Cyber Threat People System Processes External Events
Vulnerability to social engineering Contractors System Flaws and security holes Access to IP Processes Lack of effective controls Looking in the wrong place External Events Hacks from other entities (criminal, Anonymous) Hacks by other governments (Ponemon Rpt)

5 Cyber security breakdowns
NY Times and Wall Street Journal – Jan 2013 Impact: 450,000 usernames and passwords compromised Twitter – February 2013 Impact: Inappropriate messages were posted through Burger King’s account posing as McDonald’s Adobe – October 2013 Impact: As many as 38 million customers affected

6 Risk to the Nation’s Critical Infrastructure
Vulnerabilities inherent in industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems (primarily in the private sector) which govern networks including power, water, and chemical production among other vital operations. Risks to confidential databases held by the government: Social Security, Medicare, Internal Revenue Service that include private information on its citizens. Global risks to national credibility and reputation that are a result of either government activity or a lack of information sharing between government and the private sector.

7 The Department of Homeland Security released this map showing the locations of 7,200 key industrial control systems that appear to be directly linked to the Internet and vulnerable to attack

8 SCADA Systems Supervisory control and data acquisition is a type of industrial control system (ICS). Includes manufacturing, production, power generation,  water treatment and distribution, wastewater collection and  treatment, oil and gas pipelines, electrical power transmission,  heating, ventilation, and air conditioning systems (HVAC), access, and energy consumption. Not designed with security in mind. Can not differentiate between legitimate requests and malicious responses. SCADA systems were traditionally on isolated networks that would require an attacker to first gain physical access to the target facility, but not anymore.

9 Natanz Nuclear Facility in Iran attacked by the Stuxnet worm
Stuxnet is a computer worm discovered in June 2010 that is believed to have been created by the United States and Israel to attack Iran's nuclear facilities. Affected 1000 out of 5000 uranium purifier centrifuges Justification: Iran was suspected to be pursuing a nuclear weapons program

10 Saudi Aramco Hack – August 15, 2012
The virus — called Shamoon after a word embedded in its code — was designed to do two things: replace the data on hard drives with an image of a burning American flag report the addresses of infected computers — a bragging list of sorts — back to a computer inside the company’s network.

11 Telvent Security Hack – Sept 10, 2012
Internal firewall and security systems breach SCADA Admin Tool OASyS SCADA Compromised - a product that helps energy firms mesh older IT assets with more advanced “smart grid” technologies Attacker(s) installed malicious software and stole project files The digital fingerprints left behind by the attackers point to a Chinese hacking team known as the ‘Comment Group’

12 Mitigating Cyber Threats
Resilience Strengthen digital and network infrastructure to be more resistant to attacks Quick recovery Reduce cyber threats Information about the intentions of cyber adversaries counter-social engineering training. Make potentially critical cyber-security information available to law enforcers, government, intelligence agencies

13 Cyber Intelligence Sharing and Protection Act (CISPA)
Would have allowed for the sharing of Internet traffic information between the U.S. government and certain technology and manufacturing companies. The stated aim of the bill was to help the U.S government investigate cyber threats and ensure the security of networks against cyber attack. Currently “dying a quiet death” in the Senate Trust issues very high between government and private sector

14 Failed Attempts at Cyber Legislation
SOPA PIPA Cyber Security Act of 2010 CISPA SOPA, PIPA, CISMA and CISPA were all met with widespread protest due to privacy concerns: US government would be able to read Americans’ personal s, online chat conversations, and other personal information that only private companies and servers might have access to.

Download ppt "FOUNDATIONS OF OPERATIONAL RISK"

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
1 July 08, 2010 Information Security Officer Meeting.

1 July 08, 2010 Information Security Officer Meeting.
2015 Predicted Threats C YBER S ECURITY I NTELLIGENCE You got to be careful if you don’t know where you’re going, because you might not get there. – Yogi.

2015 Predicted Threats C YBER S ECURITY I NTELLIGENCE You got to be careful if you don’t know where you’re going, because you might not get there. – Yogi.
Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.

Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.
Sam Cook April 18, 2013. Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.

Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.

Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.
ELECTRICAL CRITICAL INFRASTRUCTURE SECURITY Charles Hookham, P.E., M.ASCE, VP, Utility Projects HDR Engineering 1.

ELECTRICAL CRITICAL INFRASTRUCTURE SECURITY Charles Hookham, P.E., M.ASCE, VP, Utility Projects HDR Engineering 1.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Cybersecurity and the Department of Justice Vincent A. Citro, Assistant United States Attorney July 9-10, 2014 Unclassified – For Public Use.

Cybersecurity and the Department of Justice Vincent A. Citro, Assistant United States Attorney July 9-10, 2014 Unclassified – For Public Use.
Information Security. What is Information Security? A. The quality of being secure B. To protect the confidentiality, integrity, and availability of information.

Information Security. What is Information Security? A. The quality of being secure B. To protect the confidentiality, integrity, and availability of information.
Jonathan Baulch  A worm that spreads via USB drives  Exploits a previously unknown vulnerability in Windows  Trojan backdoor that looks for a specific.

Jonathan Baulch  A worm that spreads via USB drives  Exploits a previously unknown vulnerability in Windows  Trojan backdoor that looks for a specific.
IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.

IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Data Center Firewall. 2 Common IT Security Challenges Does my network security protect my IT environment and sensitive data and meet the regulatory compliances?

Data Center Firewall. 2 Common IT Security Challenges Does my network security protect my IT environment and sensitive data and meet the regulatory compliances?
MALWARE : STUXNET CPSC 420 : COMPUTER SECURITY PRINCIPLES Somya Verma Sharad Sharma Somya Verma Sharad Sharma.

MALWARE : STUXNET CPSC 420 : COMPUTER SECURITY PRINCIPLES Somya Verma Sharad Sharma Somya Verma Sharad Sharma.

Similar presentations

Ads by Google