Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Similar presentations


Presentation on theme: "Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation."— Presentation transcript:

1 Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation

2 © 2008 Unisys Corporation. All rights reserved. Page 2 Discussion topics Global sector threats The global response Protection plan The future

3 © 2008 Unisys Corporation. All rights reserved. Page 3 Global Cyber Threats Impact Every Sector Electrical grid attacks – Brazil power sector attacks, 2003 US outage (Energy sector) The Morphing of the Mafia – slicing, spaming and phishing -Zeus (Financial Sector) Data extractions and data losses – loss of sensitive DoD data from Centcom and Estonia (Government Sector) Counterfeit equipment inserted into the supply chain (Manufacturing sector) Airline systems taken off line by a computer glitch crippling the air travel (Transportation sector) Hackers steal data pharmaceutical records of thousands of VA residents and encrypt it – holding it for ransom (Healthcare sector) Google hacked by the Chinese (Technology sector)

4 © 2008 Unisys Corporation. All rights reserved. Page 4 Keeping Pace The Public Sector needs better ways to protect assets and citizens Global criminal activity has increased the need for sophisticated tools to protect financial assets and avoid service interruptions Enterprises want cost effective solutions such as cloud and virtualization without giving up privacy and security Leaders must ensure continuity of operations for key infrastructure services and customer service, avoid negative economic impact The private sector needs to take a leadership role in securing their own infrastructure as well as their clients. We can’t wait for legislation and regulation. We need to act now.

5 © 2008 Unisys Corporation. All rights reserved. Page 5 US Leadership Direction “Protecting this infrastructure will be a national security priority. We will ensure that these networks are secure, trustworthy and resilient.” ~Obama May 29, 2009 May 27, 2010 – White House releases a new National Security Strategy

6 © 2008 Unisys Corporation. All rights reserved. Page 6 © 2009 Unisys Corporation. All rights reserved. Page 6 Our Cyber Dependency Today both public and private sector rely on information systems to perform their missions and business function Enterprise systems must be protected from cyber threats to ensure they are available Significant cyber attacks have overwhelmed security professionals – Attacks are aggressive and targeted; many are extremely sophisticated – Our adversaries are nation states, terrorist groups, hackers, and those with intentions of compromising critical systems – Malicious software deployments making it nearly impossible to protect critical systems and information

7 © 2008 Unisys Corporation. All rights reserved. Page 7 Protection begins with planning Strong governance models and organizational structure critical to success Assessing your current risk posture based on proven frameworks Build a strategic plan integrated into the overall corporate model Security is a business enabler and must not appear to be stand alone Policies are critical however worthless without enforcement tools Auditing, assessments and continuous monitoring

8 © 2008 Unisys Corporation. All rights reserved. Page 8 © 2009 Unisys Corporation. All rights reserved. Page 8 Determine Your Risk Profile Identify your assets Determine the assurance level Assess based on the risk level Identify your vulnerabilities Begin the remediation process When connecting system or sharing data ensure you know the security vulnerabilities before you connect The Objective: achieve visibility into your system security level, develop a plan to remediate and execute on those plans

9 © 2008 Unisys Corporation. All rights reserved. Page 9 © 2009 Unisys Corporation. All rights reserved. Page 9 Links in the security chain Management, Operational, and Technical Controls Risk assessment Security planning, policies, procedures Configuration management and control Contingency planning Incident response planning Security awareness and training Security in acquisitions Physical security Personnel security Security assessments Certification and accreditation Access control mechanisms Identification & authentication mechanisms (Biometrics, tokens, passwords) Audit mechanisms Encryption mechanisms Boundary and network protection devices (Firewalls, guards, routers, gateways) Intrusion protection/ detection systems Security configuration settings Anti-viral, anti-spyware, anti-spam software Smart cards Adversaries attack the weakest link…where is yours? – NIST

10 © 2008 Unisys Corporation. All rights reserved. Page 10 Where are we heading Advanced persistent threats and vulnerability sophistication Cyber crime will increase Continued disruption in the supply chain Attacks on critical infrastructure Cyber defense options – who pushes the button first

11 © 2008 Unisys Corporation. All rights reserved. Page 11 Contact Patricia Titus, CISO Patricia.titus@unisys.com 703-439-5406 desk 703-895-1492 cell


Download ppt "Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation."

Similar presentations


Ads by Google