Presentation is loading. Please wait.

Presentation is loading. Please wait.

Larry Clinton Operations Officer Internet Security Alliance 703-907-7028 202-236-0001.

Published byMartina Barker Modified over 9 years ago

Similar presentations

Presentation on theme: "Larry Clinton Operations Officer Internet Security Alliance 703-907-7028 202-236-0001."— Presentation transcript:

1 Larry Clinton Operations Officer Internet Security Alliance lclinton@eia.org 703-907-7028 202-236-0001

2 The Past

3 Source: http://cm.bell-labs.com/who/ches/map/gallery/index.html The Present

4 The Internet Security Alliance The Internet Security Alliance is a collaborative effort between Carnegie Mellon University’s Software Engineering Institute (SEI) and its CERT Coordination Center (CERT/CC) and the Electronic Industries Alliance (EIA), a federation of trade associations with over 2,500 members.

5 Sponsors

6 US National Strategy to Secure Cyber Space The vast majority of cyber attacks originate or pass through systems abroad, cross several boarders and require international cooperation to stop

7 US National Strategy to Secure Cyber Space “The US interests in promoting cyber security extends well beyond its boarders. Critical information infrastructures are directly connected to Canada, Mexico, Europe, Asia and LA. The nations economy and security are reliant on far-flung corporations and trading partners that requires secure and reliable information infrastructure to function.”

8 Human Agents Hackers Disgruntled employees White collar criminals Organized crime Terrorists Methods of Attack Brute force Denial of Service Viruses & worms Back door taps & misappropriation, Information Warfare (IW) techniques Exposures Information theft, loss & corruption Monetary theft & embezzlement Critical infrastructure failure Hacker adventures, e- graffiti/defacement Business disruption Representative Incidents Code Red, Nimda, Sircam CD Universe extortion, e-Toys “Hactivist” campaign, Love Bug, Melissa Viruses The Threats – The Risks

9 Attack Sophistication v. Intruder Technical Knowledge High Low 19801985199019952000 password guessing self-replicating code password cracking exploiting known vulnerabilities disabling audits back doors hijacking sessions sweepers sniffers packet spoofing GUI automated probes/scans denial of service www attacks Tools Attackers Intruder Knowledge Attack Sophistication “stealth” / advanced scanning techniques burglaries network mgmt. diagnostics DDOS attacks

10 The Dilemma: Growth in Number of Vulnerabilities Reported to CERT/CC 19952002

11 Growth in Incidents Reported to the CERT/CC

12 Machines Infected per Hour at Peak

13 Computer Virus Costs (in billions) (Through Oct 7) $ billion

14 Economic Impact of Cyber Attacks “Estimates of total world-wide losses attributable to virus and worm attacks in 2003 range from $13 billion due to viruses and worms only to $226 billion for all forms of overt attacks-- -Congressional Research Service Report to Congress April 2004

15 Largest Study Ever Conducted Finds : PricewaterhouseCoopers Sept. 10 2004 Actual Spending on Security is flat Most “plan” to increase security spending “The greatest barrier to effective security is inadequate budget”

16 Companies Integrating Internet into Security 58% North America 41 % Asia 37 % South America 36% Europe

17 North America 51 % Asia 44 % Europe 40 % South America 24 % Data Protection as part of Policy

18 A Coherent 10 step Program of Cyber Security 1. Members and CERT create best practices 2. Members and CERT share information 3. Cooperate with industry and government to develop new models and products consistent with best practices

19 A Coherent Program of Cyber Security 4. Provide Education and Training programs based on coherent theory and measured compliance 5. Coordinate across sectors 6. Coordinate across borders

20 A coherent program 7. Develop the business case (ROI) for improved cyber security 8. Develop market incentives and tools for consistent maintenance of cyber security 9. Integrate sound theory and practice and evaluation into public policy 10. Constantly expand the perimeter of cyber security by adding new members

21 ISA Security Anchor Proposal Go beyond isolated conferences to Full service trade association for cyber security providing on-going services in: Information sharing on threats and incidents Best practices/standards/assessment development Locally-based education and training Domestic & international policy development Develop market incentives for cyber security

22 ISA Wholesale Membership Program Method of Reaching Smaller Companies Trade Associations Join for ISA lowest rate. ALL their small members receive full associate services FREE OF CHARGE

23 Wholesale Services FREE Best Practices Guide for Small Businesses FREE On-Line assessment and suggestions FREE access to secure Portal with news on Emerging threats, vulnerabilities & what to do FREE meetings/calls with experts FREE Newsletter on Cyber & Physical for SB

24 Larry Clinton Operations Officer Internet Security Alliance lclinton@eia.org 703-907-7028 202-236-0001

Download ppt "Larry Clinton Operations Officer Internet Security Alliance 703-907-7028 202-236-0001."

Similar presentations

Cyber Crime and Technology

Cyber Crime and Technology
High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.

High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.
Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
DETECTING A CYBER-ATTACK SOURCE IN REAL TIME R. Romanyak 1), A. Sachenko 1), S. Voznyak 1), G. Connolly 2), G. Markowsky 2) 1) Ternopil Academy of National.

DETECTING A CYBER-ATTACK SOURCE IN REAL TIME R. Romanyak 1), A. Sachenko 1), S. Voznyak 1), G. Connolly 2), G. Markowsky 2) 1) Ternopil Academy of National.
Introduction and Overview of Digital Crime and Digital Terrorism

Introduction and Overview of Digital Crime and Digital Terrorism
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.

© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.
CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 SEI is sponsored by the U.S. Department of Defense ©

CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA SEI is sponsored by the U.S. Department of Defense ©
1`1 Hacking and Information Warfare. 2 Overview Information Warriors  Who Are They  What Do They Do Types of Threat PsyOps Civil Affairs Electronic.

1`1 Hacking and Information Warfare. 2 Overview Information Warriors  Who Are They  What Do They Do Types of Threat PsyOps Civil Affairs Electronic.
1  Carnegie Mellon University System Security and U. Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213.

1  Carnegie Mellon University System Security and U. Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh, PA
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Increasing customer value through effective security risk management

Increasing customer value through effective security risk management
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.

Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Legal and Ethical Issues in Computer Security

Legal and Ethical Issues in Computer Security
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Or, How to Spend Your Weekends… Fall 2007 Agenda General Overview of the CISO Arena Technical Security Information Security Strategic Security Kirk Bailey.

Or, How to Spend Your Weekends… Fall 2007 Agenda General Overview of the CISO Arena Technical Security Information Security Strategic Security Kirk Bailey.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Threats and Attacks Principles of Information Security, 2nd Edition

Threats and Attacks Principles of Information Security, 2nd Edition
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

Similar presentations

Ads by Google