Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Assurance Management Telecommunications and Information Security Workshop 2000.

Published byAndrea Dennis Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Assurance Management Telecommunications and Information Security Workshop 2000."— Presentation transcript:

1 Information Assurance Management Telecommunications and Information Security Workshop 2000

2 TISW 2000 National Telecommunications Information Agency (NTIA) Richard Clark, NSC, National Coordinator for Security, Infrastructure Protection and Counter-Terrorism. Attacks and reporting are up...Disney, Ikea, all hit in the last few weeks.

3 TISW 2000 5 Trends is vulnerabilities: –Good News: B2B is driving down prices and increasing production... –Bad News: You are only as secure as the least secure partner... –Deregulation of Electrical Power requires a vast new information exchange system to manage...

4 TISW 2000 –VoIP convergence: retains all the vulnerabilities of both voice systems and IP...How is this to be secured? –Expansion of wireless networks-We are slow to put in place...watch others for vulnerabilities. By 2003, 165 million anonymous connections... –Broadband - We are becoming more reliant on it...privacy rights are in jeopardy.

5 TISW 2000 5 things Industry can contribute: –People - “Cyber Corps” pay for undergrad and graduate degrees in InfoSec. Money to stimulate academia to start degree programs. –Share information - Telecom, Banking now, Power sector by the end of the year. Horizontal distributed attack warning 90% of successful attacks are the result of failure to install available patches. DOE and DOD working secure push to force patch installation.

6 TISW 2000 –Standards - Not the role of government to create standards...they will not regulate Cyber Space. All Banks must achieve Cyber security Health Care soon to follow Visa standards required for all its venders Generally accepted - varies by industry

7 TISW 2000 Next generation of telecom infrastructure with security built in and seamless use Government R&D money to be used to identify gaps where market forces are not working –Policy questions: Do we have to preserve privacy or anonymity? Or can we have both? Or neither? Continuity - non-partisan, not interrupted by changes in administrations.

8 TISW 2000 Michael Jacobs - DepDir InfoSec NSA Information Assurance Counter-measures Triad: –Technology –Policy and procedures –Awareness, training & education Stability is required for effective security

9 TISW 2000 Only three counter-measures available to protect those infrastructures: –Cyber security awareness and education –Strong Crypto –Good security-enabled commercial information technology.

10 TISW 2000 Howard Schmidt - Corporate Security Officer for Microsoft. Old comm adage: GIGO New Comm adage: GIGO...garbage in Gospel out...Said on the Net...must be true! New exposure to risk in every new device Looming issues...

11 TISW 2000 –Digital Divide - Have’s vs. Have nots –Spectrum management - wireless –Privacy –Encryption and export controls –Taxation and jurisdiction –Security of broadband persistent connections

12 TISW 2000 NITA panel discussions –Engineer security from the start –Administer the network securely –Test the system - configuration management –Respond to known weaknesses - have a plan! –Incentive to be part of the system - move SysAdmin from IT to Security –2-element authentication vs. Strong passwords –for root or Admin access

13 TISW 2000 –Common server tasks set to specific users Programmatic practices –Best Practices –PEN-TEST –Firewalls –URL Blocking –Anti-virus –Secure Authentication

14 TISW 2000 Emergency Response Program –Open source monitoring –Event correlation & analysis –CERT –Forensic team Cyber Insurance –Actuarial base won’t meet needs –Assessment -Security Program Elements

15 TISW 2000 Protect Detect Respond Collapse of the Internet? –Yes! At the nodes of the search engines

16 TISW 2000 How to influence the Board? –IDS outside the Firewall –Fiduciary responsibility to stockholders –Personal, financial risk Exposure and Risk –Foreseeability –Due care and diligence

17 TISW 2000 DDoS - failure to exercise due diligence Link liability Like Y2K requirements, you must be able to prove your infosec security procedures Process in place - not just things! HIPAA...”anticipated threats or hazards to security or integrity of customer records and information...”

18 TISW 2000 SEC using the same language Banking regs the same Due diligence - document, document, document! Anticipate & Avoid vs. Respond and React

Download ppt "Information Assurance Management Telecommunications and Information Security Workshop 2000."

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Security Monitoring & Management Security Control Panel Sensors & Detection Devices $ $ $ $ $ $ Physical Security Monitoring.

Security Monitoring & Management Security Control Panel Sensors & Detection Devices $ $ $ $ $ $ Physical Security Monitoring.
Workshop on High Confidence Medical Device Software and Systems (HCMDSS) Research & Roadmap June 2-3, 2005 Philadelphia, PA. Manufacturer/Care-Giver Perspective.

Workshop on High Confidence Medical Device Software and Systems (HCMDSS) Research & Roadmap June 2-3, 2005 Philadelphia, PA. Manufacturer/Care-Giver Perspective.
Security Controls – What Works

Security Controls – What Works
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.

Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,

Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,
Information Assurance and Security: Overview. Information Assurance “Measures that protect and defend information and information systems by ensuring.

Information Assurance and Security: Overview. Information Assurance “Measures that protect and defend information and information systems by ensuring.
Network security policy: best practices

Network security policy: best practices
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Similar presentations

Ads by Google