Presentation is loading. Please wait.

Presentation is loading. Please wait.

Threat Trends and Protection Strategies Barbara Laswell, Ph. D

Published byClinton Copeland Modified over 6 years ago

Similar presentations

Presentation on theme: "Threat Trends and Protection Strategies Barbara Laswell, Ph. D"— Presentation transcript:

1 Threat Trends and Protection Strategies Barbara Laswell, Ph. D
Threat Trends and Protection Strategies Barbara Laswell, Ph.D. September 2003 CERT® Centers Software Engineering Institute Carnegie Mellon Pittsburgh, PA Sponsored by the U.S. Department of Defense

2 Software Engineering Institute
Federally Funded Research and Development Center (FFRDC) Sponsored by the U.S. Department of Defense Operated by Carnegie Mellon Purpose is to help others make measured improvements in their software engineering capabilities CERT® Centers are part of the SEI

3 Growth in Number of Incidents Reported to the CERT/CC

4 Growth in Number of Vulnerabilities Reported to the CERT/CC

5 Attack Sophistication vs. Intruder Knowledge

6 Lack of Boundaries Today we see the shift in thinking from bounded to unbounded systems, specifically shifting from the presence of well-defined geographic, political, cultural, and legal/jurisdictional boundaries to their absence.

7 Trends Steady increase in both vulnerabilities and incidents, as well as a growing dependency on the Internet Cyber attackers using vulnerabilities and easy connectivity to the Internet to conduct criminal activities, compromise information, and launch denial of service attacks that seriously disrupt operations Attacks are cheap, easy, difficult to trace, and growing increasingly sophisticated Cyber-space and physical space are one

8 Strategy for Organizations

9 Protect Strategy Conduct risk analyses
Develop policy and implement risk mitigation plans Use security practices

10 Protect Resources Risk-based information security assessment methods OCTAVE Security practices Survey on network security and insider threats [USSS and CERT]

11 Detect Strategy Use modern technology and system management processes to identify and analyze attacks and compromises

12 Detect Resources Analysis techniques and methods

13 Respond Strategy Have incident response teams and procedures in place to quickly react to attacks and compromises Recover and restore critical services Conduct cybercrime investigations

14 Respond Resources CERT Advisories Vulnerability notes database
Vulnerability notes database Automated Incident Reporting (AirCERT) Computer Security Incident Response Team (CSIRT) guidance, training and certification “Tracking and Tracing Cyber Attacks”

15 Sustain/Improve Strategy
Develop an information assurance empowered workforce

16 Sustain/Improve Resources
Awareness and training at all levels Secure programming practices and training TSP/PSP pilots

17 Our Mission An Internet community that is
in information assurance and survivability

18 Countries of CERT course attendees

19 Recent Publications

20 For More Information CERT® Centers Software Engineering Institute Carnegie Mellon University Pittsburgh, PA USA +1 (412)

Download ppt "Threat Trends and Protection Strategies Barbara Laswell, Ph. D"

Similar presentations

Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
OCTAVESM Process 4 Create Threat Profiles

OCTAVESM Process 4 Create Threat Profiles
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
Prepared for: DISA September 17, 2003 Establishing a Government Information Security System Presented to the IT AND COMMUNICATIONS SYSTEMS SECURITY CONFERENCE.

Prepared for: DISA September 17, 2003 Establishing a Government Information Security System Presented to the IT AND COMMUNICATIONS SYSTEMS SECURITY CONFERENCE.
© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.

© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.
Building Capabilities for Incident Handling and Response

Building Capabilities for Incident Handling and Response
S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.

S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 © 2002 Carnegie.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 SEI is sponsored by the U.S. Department of Defense ©

CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA SEI is sponsored by the U.S. Department of Defense ©
© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213.

© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA
© 2007-2011 Carnegie Mellon University The CERT Insider Threat Center.

© Carnegie Mellon University The CERT Insider Threat Center.
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
Protection of Classified Information & Cyber Security

Protection of Classified Information & Cyber Security
1  Carnegie Mellon University System Security and U. Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213.

1  Carnegie Mellon University System Security and U. Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh, PA
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.

1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.

© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.

Similar presentations

Ads by Google