Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bill Trelease VP – CTO Delhi Telephone Company

Published byRosamond Lucas Modified over 9 years ago

Similar presentations

Presentation on theme: "Bill Trelease VP – CTO Delhi Telephone Company"— Presentation transcript:

1 Bill Trelease VP – CTO Delhi Telephone Company Bill@delhitel.com

2 The Cyber Security Framework The Core of the matter:  Identify  Protect  Detect  Respond  Recover

3 Identify – Who is deciding the what  Put a team together that represents all aspects of your business  Since the Executive Order does not apply, we get to decide what “Core” and “Critical Infrastructure” are for us.  What is critical, and to who

4 Identify – The inventory l Telephone  The voice switch  A large [capacity] Mux (OC-x) ?  DXC ?  An NGDLC or OLT

5 Identify – The inventory l Internet Core or Border router DNS Authentication server Other routers or switches

6 Identify – The inventory l TV EAS receiver Comb generator(s) EAS server

7 Identify – The inventory l Business Critical Billing NMS / EMS OSS

8 Identify – The inventory Don't forget the interaction EMS all of it's devices Billing / OSS to authentication NMS

9 Identify – The Inventory Document IT !!!!!  What it is (make, model, etc)  Where it is  Who has to have access and what kind (read, write, admin)  Who should not have access  Date of last upgrade and / or patch and Rel. Id

10 Protect l Start from the outside, work in ACLs on Edge routers and SBC Firewall Segment networks Inter company internet network ACLs Per device Real passwords Appropriate permissions Backups incremental with full archival snapshots

11 Detect (think monitor)  Log all login attempts  Firewall with current signatures  IDS current signatures  Traffic patterns specifically changes of irregularities

12 Respond and Recover A response and recovery plan should be in place for all the assets identified  Allow for the possibility that drastic measures may be required  Segment disconnect  Area isolation  Stopping a service to maintain others

13 The Framework – it's more than just the “core”  Tiers (4) Refer to Framework for more detail  Keeps the core from being a check list  Indicative of framework risk management “philosophy” adoption  Tier 1: Partial – don't know that you don't know Tier 2: Risk Informed – know you don't know, but it's ITs problem

14 The Framework – it's more than just the “core” Tier 3: Repeatable – know there is a cyber risk and the company is working on it Tier 4: Adaptive – cyber security risk management is integrated in all company practices, there are scheduled tests, and results flow back into the process for improvement

15 Hand off to Jon

Download ppt "Bill Trelease VP – CTO Delhi Telephone Company"

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
Innovating Since 1998 Direct EDJE, we make A World of Difference Direct Response Order Management Software A Proven Solution Since.

Innovating Since 1998 Direct EDJE, we make A World of Difference Direct Response Order Management Software A Proven Solution Since.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
Network Management Basics Network management requirements OSI Management Functional Areas –Network monitoring: performance, fault, accounting –Network.

Network Management Basics Network management requirements OSI Management Functional Areas –Network monitoring: performance, fault, accounting –Network.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.

Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Controls for Information Security

Controls for Information Security
Campus Networking Best Practices Session 2: Layer 3 Dale Smith University of Oregon & NSRC

Campus Networking Best Practices Session 2: Layer 3 Dale Smith University of Oregon & NSRC
Initial Findings  Secure all contracts with third party vendors immediately  Develop a strong understanding of the ‘Flow of PHI’ within and outside of.

Initial Findings  Secure all contracts with third party vendors immediately  Develop a strong understanding of the ‘Flow of PHI’ within and outside of.
Network security policy: best practices

Network security policy: best practices
SANS Technology Institute - Candidate for Master of Science Degree Implementing and Automating Critical Control 19: Secure Network Engineering for Next.

SANS Technology Institute - Candidate for Master of Science Degree Implementing and Automating Critical Control 19: Secure Network Engineering for Next.
Introduction to Network Defense

Introduction to Network Defense
Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,

Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,
Security Guide for Interconnecting Information Technology Systems

Security Guide for Interconnecting Information Technology Systems

Similar presentations

Ads by Google