Presentation is loading. Please wait.

Presentation is loading. Please wait.

Threat Assessment in a Logical Environment. 1865 U.S. Financial Infrastructure Physical to Logical environment Protection and Threat Assessment Safe School.

Published byAgnes Logan Modified over 9 years ago

Similar presentations

Presentation on theme: "Threat Assessment in a Logical Environment. 1865 U.S. Financial Infrastructure Physical to Logical environment Protection and Threat Assessment Safe School."— Presentation transcript:

1 Threat Assessment in a Logical Environment

2 1865 U.S. Financial Infrastructure Physical to Logical environment Protection and Threat Assessment Safe School Initiative Modifying Threat Assessment Process

3 “No Silver Bullet”

4 Assessment starts with understanding Assets Company, System, Personnel, Product Where is the value loss? –Employees –Assets (what pays the check…?) –Clients –Company value Stock Share holders

5 Where are assets located, Who is responsible, Do the assets have known value or just perceived value? Physical assets, Logical Assets, both…. –Today modern companies value: intangible assets, intellectual property, sensitive information, client data, trademarks, copyrights, research and development, software applications, internal policies and procedures, human capital (who does what), customer data, vendor data, strategies (how you do what you do).

6 Where do you start? Historically what has triggered issues / concerns / panic … –Hacks, network intrusions, insider threat? –Dynamics of a “Secure Perimeter” Is it possible in a logical environment? “Circle the wagons” –“Spherical Approach / All encompassing”

7 Federal Trade Commission In the past year, 106 personal data losses were reported by companies and federal and state government totaling some 108 million identities. DATA SECURITY BREACHES – Technology, Job responsibilities, poor security practices.

8 Crises or Emergency ? Every crises is an emergency Every emergency is not a crises Know the difference Who determines the difference –Are you ready?

9 What Is a Threat? emergency? accident? external? self inflicted (disgruntled employee)? Time necessary to resolve? (Desk top exercise / practice, practice, practice) Plan of action …Triage.. keep the company going ….

10 Understand the damage Different plans for different problems Advance effort = fewer problems –Prepare a plan Practice plan Back up systems necessary to implement plan –Are they on company line? –How many people know the plan? –Who is accountable – let them do what they are paid to do!!!!!! –One voice to the media!!!!!!!!!!!!

11 Conduct a robust advance The tools / personnel necessary to do the job. Who, what, where, when, why, how –( Testing within the product (Plan ) development cycle) Keep out of the way of your Crises Manager “Chief Preparedness Officer (CPO)” Effective Disaster recovery …..

12 How long will the threat last? Infrastructures physical and / or logical Is it short term (real time)? Is it long term (domino effect)? Can the Chief Preparedness Officer tell? MAKE THE DECISION !!!!!!

13 Long term threat Company loss –Product Industrial espionage Intellectual property Production cycle Vital employee Building

14 Protect everything Company –Data storage –Access accountability Who has access? Employees –Workers –Executives –Co – company participants

15 When is the crises over? Implement (advance) security plan What was the goal that confirms the threat is resolved? Anything that doesn't kill you makes you stronger …. Get ready “ You will soon be surrounded by arm chair quarterbacks”.

16 Dealing with threat 1.Is it a threat 2.Which threat plan to implement 3.Let the plan manager work 4.Evaluate the progress / shift focus 5.Attain the resolution goal … get it fixed ! 6.Did the plan work? 7.How could the threat have been avoided 8.Reward and Recognize the effort

17 Questions, Comments, Observations Edwin (Eddie) Lugo U.S. Secret Service Baltimore, Maryland Edwin.Lugo@usss.dhs.gov Secret Service Web Site www.secretservice.gov/

Download ppt "Threat Assessment in a Logical Environment. 1865 U.S. Financial Infrastructure Physical to Logical environment Protection and Threat Assessment Safe School."

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
1 According to PETROSAFE safety policy, the company is keen that: Introduction All Egyptian Petroleum companies and foreign companies working in A.R.E.

1 According to PETROSAFE safety policy, the company is keen that: Introduction All Egyptian Petroleum companies and foreign companies working in A.R.E.
Innovation or Necessity? ISM 158 By: Sepehr Saeb.

Innovation or Necessity? ISM 158 By: Sepehr Saeb.
Martin County Emergency Management Agency. Is your business prepared to survive the economic impact of a major disaster? Are your company's valuable assets.

Martin County Emergency Management Agency. Is your business prepared to survive the economic impact of a major disaster? Are your company's valuable assets.
How we work with you. Infrastructure savings Pay only for what you use Labour Costs Match job functions with skill sets Financial Technology Efficient.

How we work with you. Infrastructure savings Pay only for what you use Labour Costs Match job functions with skill sets Financial Technology Efficient.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.

What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity.

Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.

1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.
PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.

PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.
Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005.

Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005.
®® Microsoft Windows 7 for Power Users Tutorial 10 Backing Up and Restoring Files.

®® Microsoft Windows 7 for Power Users Tutorial 10 Backing Up and Restoring Files.
Vital records mean essential agency records that are needed to meet operational responsibilities under national security emergencies or other emergency.

Vital records mean essential agency records that are needed to meet operational responsibilities under national security emergencies or other emergency.
Safety and Loss Control

Safety and Loss Control
Introduction to Network Defense

Introduction to Network Defense
IT Assurance and Reliability Why Should You Care? Richard Oppenheim, CPA, CITP President, SysTrust Services Corporation Presented to ISACA Regional Meeting.

IT Assurance and Reliability Why Should You Care? Richard Oppenheim, CPA, CITP President, SysTrust Services Corporation Presented to ISACA Regional Meeting.

Similar presentations

Ads by Google