Presentation is loading. Please wait.

Presentation is loading. Please wait.

Topics & Trends in Cybersecurity

Published byPreston Norris Modified over 6 years ago

Similar presentations

Presentation on theme: "Topics & Trends in Cybersecurity"— Presentation transcript:

1 Topics & Trends in Cybersecurity
Fort Bragg Ed Fair January 25, 2016 Panel members: Nicole M. Winget, James Robertson, Alan Rynarzewski, Matthew Gonzalez; and Craig Gruber

2 Agenda Identify - Nicole M. Winget, Instructor of Homeland Security and Criminal Justice, Campbell University Protect - James Robertson, Ed.D., Program Chair, Software Development, Security and Computer Science, University of Maryland University College Detect - Alan Rynarzewksi, Business & IT Faculty, Kaplan University Respond - Matthew Gonzalez, PhD, Cyber Program Director, University of Charleston Recover - Craig W. Gruber, PhD, Director of MA in Homeland Security, Northeastern University Moderator, COL Jeffrey S. Cairns, USA (ret), Director Strategic Relations & Development, Norwich University

3 NIST: National Institutes of Standards and Technology Cyber Security Framework
The US Dept of Commerce National Institute of Standards and Technology developed a cybersecurity framework as a basis for both organizations to understand their cybersecurity posture. We are going to use this framework as a way to discuss the complex landscape of cybersecurity. These five areas are Identify, Protect, Detect, Respond, Recover.

4 ISACA: International Information Systems Organization Info Graphic on Cybersecurity Job Market:
The threat is growing- more breaches of greater severity, cybercrime is estimated at a $3Trillion dollar impact, breaches last longer, and never ending release of personally identifiable information. Not enough professionals to meet the demand, 1 million unfilled jobs worldwide reported by Forbes last January, nationally 47% of firms reported adding between 1 and 10 cybersecurity positions in Cyber security is not a single job but a variety of opportunities as distinguished by the NIST framework. Our panel of experts will provide some insight into each topic area.

5 Identify What is it? How do you accomplish it? Examples
Asset Management Business Environment Governance Risk Assessment Risk Management Strategy How do you accomplish it? Examples Nicole M. Winget Instructor of Homeland Security and Criminal Justice Campbell University

6 Protect Categories Access Control: Access to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions Awareness and Training: The organization’s personnel and partners are provided cybersecurity awareness education and are adequately trained to perform their information security-related duties and responsibilities consistent with related policies, procedures, and agreements. Data Security: Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information. Information Protection Processes and Procedures: Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities),processes, and procedures are maintained and used to manage protection of information systems and assets. Maintenance: Maintenance and repairs of industrial control and information system components is performed consistent with policies and procedures. Protective Technology: Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements Going to take 1 of the categories and provide some additional details. As well as suggest that the need to protect continues to be critical especially with more technologies and threats - IOT - Ransomware-as-a-service - AI/machine learning gathering social data James Robertson, Ed.D. Program Chair, Software Development, Security and Computer Science University of Maryland University College

7 Access Control Best Practices
Building/Facility security Least Privilege Maintain an Accurate Inventory of Devices Develop and Enforce Policies on Mobile Devices Establish Role-Based Access Controls Login Attempts Implement a logging (and monitoring) capability Building/Facility security Active Shooter, Terrorism Access to building and rooms within building Least Privilege – assign users the minimum set of rights they need Maintain an Accurate Inventory of Devices Eliminate Any Exposure of this Equipment to External Networks Develop and Enforce Policies on Mobile Devices Loss, Theft, or Disposal Malware Unauthorized Access Electronic Eavesdropping - collect and forward information onto another phone or server Establish Role-Based Access Controls grants or denies access to network resources based on job functions Login attempts locks out users on a number of failed login attempts within a certain period of time. Implementing a logging (and monitoring) capability allows for the monitoring of system activity Monitoring network traffic also allows organizations to determine if a user is making unauthorized actions or if an outsider is in the system James Robertson, Ed.D. Program Chair, Software Development, Security and Computer Science University of Maryland University College

8 Trending Threats & Mitigations
Ransomware Machine learning accelerates social engineering attacks IoT malware opens a backdoor into the home Drone-jacking - threats in the sky Recruiters Search for Cyber Talent Outside of Security Non-technical Security Professionals need will increase Bottom line – There is plenty to worry about, protect and defend against. We need more folks to join this effort. It is fun, exciting and you will be protecting our nations assets and our future. James Robertson, Ed.D. Program Chair, Software Development, Security and Computer Science University of Maryland University College

9 References James Robertson, Ed.D.
1. 10 Basic Cybersecurity Measures - Best Practices to Reduce Exploitable Weaknesses and Attacks, June 2015 retrieved from January 22, 2017 2. Framework for Improving Critical Infrastructure Cybersecurity, February 12, 2014. Retrieved from January 22, 2017 3. DHS and GSA Should Address Cyber Risk to Building and Access Control Systems, January 12, 2015 Retrieved from January 21, 2017 4. The Top 17 Security Predictions for 2017, January 8, 2017 Retrieved from January 23, 2017. Some references used James Robertson, Ed.D. Program Chair, Software Development, Security and Computer Science University of Maryland University College

10 Detect Hurdles Methods of Detection Visibility Amount of data
End user adventures Qualified candidates & education Alan Rynarzewksi Business & IT Faculty Kaplan University

11 CYBER RESPONSE TRENDS & OUTLOOK
1. 75% CULTURAL FABRIC 2. 57% OPERATIONAL AUTOMATION 3. TRADE SECRET RIGHTS 4. PHYSICAL RELIABILITY OUTLOOK: Presidential Policy Directive PPD-41: Threat Response Asset Response Intelligence Support Vision: Cyber Review Team Military Law Enforcement Private Tasks Force Coordination Enhance U.S. Cyber Command Matthew Gonzalez, PhD Cyber Program Director University of Charleston

12 NIST Cybersecurity Framework - RECOVER
Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event. The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity event. Examples of outcome Categories within this Function include: Recovery Planning; Improvements; and Communications. NIST Cybersecurity Framework - RECOVER Craig W. Gruber, PhD Director of MA in Homeland Security Northeastern University

13 Questions?

Download ppt "Topics & Trends in Cybersecurity"

Similar presentations

Khammar Mrabit Director Office of Nuclear Security

Khammar Mrabit Director Office of Nuclear Security
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.

Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.

PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.
Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.

Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Network security policy: best practices

Network security policy: best practices
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
What does “secure” mean? Protecting Valuables

What does “secure” mean? Protecting Valuables
Federal Aviation Administration Federal Aviation Administration 1 Presentation to: Name: Date: Federal Aviation Administration AMHS Security Security Sub-Group.

Federal Aviation Administration Federal Aviation Administration 1 Presentation to: Name: Date: Federal Aviation Administration AMHS Security Security Sub-Group.

Similar presentations

Ads by Google