The Science, Engineering, and Business of Cyber Security

Size: px
Start display at page:

Download "The Science, Engineering, and Business of Cyber Security"

Transcription

1 Institute for Cyber Security The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber Security COS Research Conference October 18, Ravi Sandhu 1

2 Institute for Cyber Security Founded in 2007 to be a world leader in cyber security research A unit in the College of Sciences, with strong ties to the Department of Computer Science Cyber Security in UTSA started in 2000 and is well represented in the Colleges of Science, Engineering and Business Ravi Sandhu 2

3 Cyberspace 2010 Department of Defense epiphanies Cyberspace is officially recognized by Department of Defense as a new warfare domain akin to land, sea, air and space Department of Defense officially admits having and using offensive cyber weapons Department of Defense officially admits malware penetrations in its classified networks Ravi Sandhu 3

4 Cyber Security Objectives INTEGRITY modification misdirection AVAILABILITY access CONFIDENTIALITY disclosure Ravi Sandhu 4

5 Cyber Security Objectives USAGE purpose disposal INTEGRITY modification misdirection CONFIDENTIALITY disclosure AVAILABILITY access Ravi Sandhu 5

6 Security versus Privacy Security Privacy Ravi Sandhu 6

7 Cyber Security Evolution Computer Security Communications Security Information Security Information Assurance Mission Assurance Ravi Sandhu 7

8 Cyber Security Techniques Prevent Detect Accept Ravi Sandhu 8

9 Cyber Security Goal Enable system designers and operators to say: This system is secure Not attainable There is an infinite supply of attacks Ravi Sandhu 9

10 Cyber Security Goal Enable system designers and operators to say: This system is secure enough Many successful examples Mass scale, not very high assurance ATM network On-line banking E-commerce Engineering Science One of a kind, extremely high assurance US President s nuclear football Business Ravi Sandhu 10

11 Why is Cyber Security so Hard? Halting problem Inference Weakest link Analog hole Insider Human element Usability Cyber innovation Covert channels Side channels Ravi Sandhu 11

12 Cyber Security Prognosis Not too bad About as good as it is going to get The criminal enterprise can only defraud so many Big government and big business are a real threat Highly asymmetric Offense component Clandestine Dual goals: strong offense, strong defense Mankind has somehow kept nuclear, chemical and biological in control. Cyber is different but should be controllable. Ravi Sandhu 12

13 ICS Research Thrusts Application-centric Secure Information Sharing Social Computing Security Secure Provenance-aware Systems Privacy Policies and Enforcement Foundational Research Trustworthy Cloud Computing Secure Multi-Tenants in Cloud Technology-centric Big Data Security and Privacy Security in Internet of Things Attack-centric Malware Detection and Analysis Botnet Analysis and Defense Ravi Sandhu 13

14 ICS FlexCloud Lab Research Attribute-based Access Control Secure Data Provenance Secure Information Sharing Secure Cloud Computing FlexCloud/FlexFarm cores -19TB mirrored RAID - 35TB SAN Commercial Collaboration/Support Education Cloud Computing Courses Big Data OpenStack Training Malware Detection and Analysis Rackspace Joyent High Performance Computing Ravi Sandhu 14

The Science, Engineering, and Business of Cyber Security

The Science, Engineering, and Business of Cyber Security Institute for Cyber Security The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber Security University

More information

Cyber Security Research: A Personal Perspective

Cyber Security Research: A Personal Perspective CS 6393 Lecture 1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013 ravi.sandhu@utsa.edu www.profsandhu.com Ravi Sandhu 1 Prognosis

More information

Cyber Security: What You Need to Know

Cyber Security: What You Need to Know Cyber Security: What You Need to Know Prof. Ravi Sandhu Executive Director and Chief Scientist Institute for Cyber Security University of Texas at San Antonio October 2009 ravi.sandhu@utsa.edu www.profsandhu.com

More information

The Future of Cyber Security

The Future of Cyber Security Institute for Cyber Security The Future of Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair ravi.sandhu@utsa.edu www.profsandhu.com www.ics.utsa.edu Ravi Sandhu 1 Cyber Security Status

More information

Challenges of Cyber Security Education at the Graduate Level

Challenges of Cyber Security Education at the Graduate Level Institute for Cyber Security Challenges of Cyber Security Education at the Graduate Level Ravi Sandhu Executive Director and Endowed Professor Nov. 9, 2012 ravi.sandhu@utsa.edu www.profsandhu.com www.ics.utsa.edu

More information

The Future of Access Control: Attributes, Automation and Adaptation

The Future of Access Control: Attributes, Automation and Adaptation Institute for Cyber Security The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair SERE NIST, Gaithersberg June 19, 2013 ravi.sandhu@utsa.edu

More information

The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to It?

The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to It? Institute for Cyber Security The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to It? Ravi Sandhu Executive Director and Endowed Professor February 21, 2011 ravi.sandhu@utsa.edu

More information

CS 6393 Lecture 7. Privacy. Prof. Ravi Sandhu Executive Director and Endowed Chair. March 8, 2013. ravi.sandhu@utsa.edu www.profsandhu.

CS 6393 Lecture 7. Privacy. Prof. Ravi Sandhu Executive Director and Endowed Chair. March 8, 2013. ravi.sandhu@utsa.edu www.profsandhu. CS 6393 Lecture 7 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, 2013 ravi.sandhu@utsa.edu www.profsandhu.com Ravi Sandhu 1 Privacy versus Security Privacy Security I think this

More information

Security Models: Past, Present and Future

Security Models: Past, Present and Future Security Models: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University of Texas at San Antonio August 2010 ravi.sandhu@utsa.edu www.profsandhu.com

More information

Cyber Security: Past, Present and Future

Cyber Security: Past, Present and Future Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security (ICS) University of Texas at San Antonio August 2009 ravi.sandhu@utsa.edu www.profsandhu.com

More information

Institute for Cyber Security

Institute for Cyber Security Institute for Cyber Security The Institute for Cyber Security (ICS) conducts basic and applied research in partnership with academia, government and industry. The Institute's Executive Director Prof. Ravi

More information

Cyber Innovation and Research Consortium

Cyber Innovation and Research Consortium Cyber Innovation and Research Consortium Mission Conduct, coordinate and promote cyber and cyber security innovation, research, and policy 2 Focus Basic and Applied Research Education and Curriculum Outreach

More information

Purpose-Centric Secure Information Sharing

Purpose-Centric Secure Information Sharing Purpose-Centric Secure Information Sharing Ravi Sandhu Executive Director and Endowed Professor Institute for Cyber Security (ICS) University of Texas at San Antonio September 2009 ravi.sandhu@utsa.edu

More information

Research Topics in the National Cyber Security Research Agenda

Research Topics in the National Cyber Security Research Agenda Research Topics in the National Cyber Security Research Agenda Trust and Security for our Digital Life About this document: This document summarizes the research topics as identified in the National Cyber

More information

Security and the Cloud:

Security and the Cloud: Security and the Cloud: Cloud Trust Brokers Ravi Ganesan* Founder, SafeMashups +1.415.680.5746 ravi@safemashups.com ravi@findravi.com www.safemashups.com www.findravi.com *This work was performed when

More information

Network Security in Building Networks

Network Security in Building Networks Network Security in Building Networks Prof. Dr. (TU NN) Norbert Pohlmann Institute for Internet Security - if(is) Westphalian University of Applied Sciences Gelsenkirchen, Germany www.if-is.net Content

More information

Information Security in Business: Issues and Solutions

Information Security in Business: Issues and Solutions Covenant University Town & Gown Seminar 2015 Information Security in Business: Issues and Solutions A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information

More information

Security in the Cloud an end to end Problem

Security in the Cloud an end to end Problem ID WORLD Abu Dhabi 18-19 March 2012 Cloud Computing & Mobile Applications Dr. Andrew Jones Programme Chair for Information Security Khalifa University of Science, Technology and Research, Abu Dhabi Security

More information

Big 4 Information Security Forum

Big 4 Information Security Forum San Francisco ISACA Chapter Proudly Presents: Big 4 Information Security Forum A Day-Long, Multi-Session Event, being held in San Francisco @ the Sir Francis Drake Hotel! *** PLEASE NOTE THIS EVENT WILL

More information

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses

More information

Foundations Applications Technologies

Foundations Applications Technologies Institute for Cyber Security ICS Research Projects Ravi Sandhu Institute for Cyber Security University of Te exas at San Antonio August 30, 2012 IIIT Delhi 1 ICS Philosophy Foundations Applications Technologies

More information

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement

More information

Federated Identity and Single-Sign On

Federated Identity and Single-Sign On CS 6393 Lecture 5 Federated Identity and Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 15, 2013 ravi.sandhu@utsa.edu www.profsandhu.com Ravi Sandhu 1 The Web Today User

More information

Today s Global Cyber Security Status and Trustworthy Systems That Leverage Distrust Amongst Sovereigns

Today s Global Cyber Security Status and Trustworthy Systems That Leverage Distrust Amongst Sovereigns Today s Global Cyber Security Status and Trustworthy Systems That Leverage Distrust Amongst Sovereigns Benjamin GITTINS Ronald KELSON What is cyberspace and why is it so important? US Government Cyberspace

More information

Evolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance

Evolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance Evolving Threats and Attacks: A Cloud Service Provider s viewpoint John Howie Senior Director Online Services Security and Compliance Introduction Microsoft s Cloud Infrastructure Evolution of Threats

More information

資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系

資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系 資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系 Outline Infosec, COMPUSEC, COMSEC, and Network Security Why do we need Infosec and COMSEC? Security

More information

Institute for Cyber Security. A Multi-Tenant RBAC Model for Collaborative Cloud Services

Institute for Cyber Security. A Multi-Tenant RBAC Model for Collaborative Cloud Services Institute for Cyber Security A Multi-Tenant RBAC Model for Collaborative Cloud Services Bo Tang, Qi Li and Ravi Sandhu Presented by Bo Tang at The 11 th International Conference on Privacy, Security and

More information

The Protection Mission a constant endeavor

The Protection Mission a constant endeavor a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring

More information

Making our Cyber Space Safe

Making our Cyber Space Safe Making our Cyber Space Safe Ghana s Emerging Cyber Security Policy & Strategy William Tevie Director General 5/28/2014 1 Agenda Cyber Security Issues Background to Policy Target Audience for Framework

More information

PACB One-Day Cybersecurity Workshop

PACB One-Day Cybersecurity Workshop PACB One-Day Cybersecurity Workshop WHAT IS CYBERSECURITY? PRESENTED BY: JON WALDMAN, SBS CISA, CRISC 1 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Masters of Info Assurance

More information

The Strategic Importance, Causes and Consequences of Terrorism

The Strategic Importance, Causes and Consequences of Terrorism The Strategic Importance, Causes and Consequences of Terrorism How Terrorism Research Can Inform Policy Responses Todd Stewart, Ph.D. Major General, United States Air Force (Retired) Director, Program

More information

One Hundred Twelfth Congress of the United States of America

One Hundred Twelfth Congress of the United States of America S. 3454 One Hundred Twelfth Congress of the United States of America AT THE SECOND SESSION Begun and held at the City of Washington on Tuesday, the third day of January, two thousand and twelve An Act

More information

Cyber-Security. FAS Annual Conference September 12, 2014

Cyber-Security. FAS Annual Conference September 12, 2014 Cyber-Security FAS Annual Conference September 12, 2014 Maysar Al-Samadi Vice President, Professional Standards IIROC Cyber-Security IIROC Rule 17.16 BCP The regulatory landscape Canadian Government policy

More information

Offensive capabilities

Offensive capabilities Chapter 5 5 Beyond signals intelligence: Offensive capabilities 5.1 Introduction Documents released by German magazine Der Spiegel provide a much richer picture of the offensive activities of the NSA and

More information

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks White Paper Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks White Paper Executive Summary Around the world, organizations are investing massive amounts of their budgets

More information

Privacy and Security in Healthcare

Privacy and Security in Healthcare 5 th 5 th th National HIPAA Summit National Strategy to Secure Cyberspace Privacy and Security in Healthcare October 31, 2002 Andy Purdy Senior Advisor, IT Security and Privacy The President s Critical

More information

A National Model for Cyber Protection Through Disrupting Attacker Command and Control Channels

A National Model for Cyber Protection Through Disrupting Attacker Command and Control Channels A National Model for Cyber Protection Through Disrupting Attacker Command and Control Channels Jeff Brown, CISO, Raytheon Company In today s cyber security environment there is one inescapable truth. There

More information

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101 Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro

More information

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency ENISA s Study on the Evolving Threat Landscape European Network and Information Security Agency Agenda Introduction to ENISA Preliminary remarks The ENISA report Major findings Conclusions 2 ENISA The

More information

Subject: Critical Infrastructure Identification, Prioritization, and Protection

Subject: Critical Infrastructure Identification, Prioritization, and Protection For Immediate Release Office of the Press Secretary The White House December 17, 2003 Homeland Security Presidential Directive / HSPD-7 Subject: Critical Infrastructure Identification, Prioritization,

More information

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming

More information

Introduction to Cybersecurity Overview. October 2014

Introduction to Cybersecurity Overview. October 2014 Introduction to Cybersecurity Overview October 2014 Introduces the importance of cybersecurity and current trends Eight modules with presentations and panel discussions that feature industry experts Activities,

More information

December 17, 2003 Homeland Security Presidential Directive/Hspd-7

December 17, 2003 Homeland Security Presidential Directive/Hspd-7 For Immediate Release Office of the Press Secretary December 17, 2003 December 17, 2003 Homeland Security Presidential Directive/Hspd-7 Subject: Critical Infrastructure Identification, Prioritization,

More information

TRUST Background. National Science Foundation Office of Integrative Activities (OIA) Core Funding (FY2005-2015)

TRUST Background. National Science Foundation Office of Integrative Activities (OIA) Core Funding (FY2005-2015) TRUST TRUST: : Team for Research in Ubiquitous Secure Technology A Collaborative Approach to Advancing Cyber Security Research and Development Larry Rohrbough Executive Director, TRUST University of California,

More information

Security & privacy in the cloud; an easy road?

Security & privacy in the cloud; an easy road? Security & privacy in the cloud; an easy road? A journey to the trusted cloud Martin Vliem CISSP, CISA National Security Officer Microsoft The Netherlands mvliem@microsoft.com THE SHIFT O L D W O R L D

More information

At dincloud, Cloud Security is Job #1

At dincloud, Cloud Security is Job #1 At dincloud, Cloud Security is Job #1 A set of surveys by the international IT services company, the BT Group revealed a major dilemma facing the IT community concerning cloud and cloud deployments. 79

More information

ARI 26/2013 (Translated from Spanish) 17 September 2013. Cyber cells: a tool for national cyber security and cyber defence

ARI 26/2013 (Translated from Spanish) 17 September 2013. Cyber cells: a tool for national cyber security and cyber defence ARI ARI 26/2013 (Translated from Spanish) 17 September 2013 Cyber cells: a tool for national cyber security and cyber defence Thiber Theme 1 Cyber cells are effective tools that enable countries to operate,

More information

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY JANUARY 2012 Table of Contents Executive Summary 1 Introduction 2 Our Strategic Goals 2 Our Strategic Approach 3 The Path Forward 5 Conclusion 6 Executive

More information

Hierarchical Secure Information and Resource Sharing in OpenStack Community Cloud

Hierarchical Secure Information and Resource Sharing in OpenStack Community Cloud Hierarchical Secure Information and Resource Sharing in OpenStack Community Cloud Cyber Incident Response An Model for Information and Resource Sharing Amy(Yun) Zhang, Farhan Patwa, Ravi Sandhu, Bo Tang

More information

CYBER SECURITY, INTELLIGENCE AND AWARENESS COURSE PARK HOTEL THE HAGUE THE HAGUE, NETHERLANDS 26-30OCTOBER 2015

CYBER SECURITY, INTELLIGENCE AND AWARENESS COURSE PARK HOTEL THE HAGUE THE HAGUE, NETHERLANDS 26-30OCTOBER 2015 BACKGROUND CYBER SECURITY, INTELLIGENCE AND AWARENESS COURSE PARK HOTEL THE HAGUE THE HAGUE, NETHERLANDS 26-30OCTOBER 2015 On 26-30 October 2015 Lowlands Solutions Netherlands (LSN) will be presenting

More information

Big Data and Cyber Security A bibliometric study Jacky Akoka, Isabelle Comyn-Wattiau, Nabil Laoufi Workshop SCBC - 2015 (ER 2015) 1 Big Data a new generation of technologies and architectures, designed

More information

WHITEPAPER. Data Security for Office 365 Balancing control & usability

WHITEPAPER. Data Security for Office 365 Balancing control & usability WHITEPAPER Data Security for Office 365 Balancing control & usability Contents Executive Summary... 2 Top Security Issues for Office 365... 4 Compelled Disclosures... 4 Unauthorized Sharing... 4 External

More information

Digital Evidence and Threat Intelligence

Digital Evidence and Threat Intelligence Digital Evidence and Threat Intelligence 09 November 2015 Mark Clancy CEO www.soltra.com @soltraedge External Threats Growing 117,339 incoming attacks every day The total number of security incidents detected

More information

Cyber Security VTT and the Finnish Approach

Cyber Security VTT and the Finnish Approach Cyber Security VTT and the Finnish Approach September 22, 2015 Reijo Savola, Principal Scientist CHALLENGES Explosive increase in number and impact of cyber security attacks Use of Internet technologies

More information

INFRAGARD.ORG. Portland FBI. Unclassified 1

INFRAGARD.ORG. Portland FBI. Unclassified 1 INFRAGARD.ORG Portland FBI 1 INFRAGARD Thousands of Members One Mission Securing Infrastructure The subject matter experts include: 2 INFRAGARD Provides a trusted environment for the exchange of Intelligence

More information

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts.

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts. Tufts University Department of Computer Science COMP 116 Introduction to Computer Security Fall 2014 Final Project Investigating Security Issues in Cloud Computing Guocui Gao Guocui.gao@tufts.edu Mentor:

More information

Cloud Computing Technologies Achieving Greater Trustworthiness and Resilience

Cloud Computing Technologies Achieving Greater Trustworthiness and Resilience Cloud Computing Technologies Achieving Greater Trustworthiness and Resilience Cloud Standards Customer Council Public Sector Cloud Summit March 24, 2014 Dr. Ron Ross Computer Security Division Information

More information

2. Cyber security research in the Netherlands

2. Cyber security research in the Netherlands 2. Cyber security research in the Netherlands Jan Piet Barthel MSc Netherlands Organization for Scientific Research A strong motivation to enforce CS research: Absence or lack of cyber security is listed

More information

SEC.. DEFENSE CYBER CRIME CENTER: AUTHORITY TO ADMIT PRIVATE SECTOR CIVILIANS TO CYBER SECURITY COURSES.

SEC.. DEFENSE CYBER CRIME CENTER: AUTHORITY TO ADMIT PRIVATE SECTOR CIVILIANS TO CYBER SECURITY COURSES. SEC.. DEFENSE CYBER CRIME CENTER: AUTHORITY TO ADMIT PRIVATE SECTOR CIVILIANS TO CYBER SECURITY COURSES. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 (a) AUTHORITY FOR ADMISSION. The Secretary

More information

US Federal Cyber Security Research Program November 15, 2012 New England Advanced Cyber Security Center Workshop Bill Newhouse (NIST)

US Federal Cyber Security Research Program November 15, 2012 New England Advanced Cyber Security Center Workshop Bill Newhouse (NIST) US Federal Cyber Security Research Program November 15, 2012 New England Advanced Cyber Security Center Workshop Bill Newhouse (NIST) william.newhouse@nist.gov NITRD Structure for US Federal Cybersecurity

More information

Palo Alto Networks. October 6

Palo Alto Networks. October 6 Palo Alto Networks October 6 Agenda Malware Trends by the numbers Protect Locally Share Globally Delivery methods 21.5% ~14% OF MALWARE HAS BEEN DELIVERED OVER APPS OTHER THAN WEB AND EMAIL IN 2015 8.2%

More information

Practical Steps To Securing Process Control Networks

Practical Steps To Securing Process Control Networks Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.

More information

Identity Theft and Data Management Public Records Are Not the Problem

Identity Theft and Data Management Public Records Are Not the Problem Identity Theft and Data Management Public Records Are Not the Problem Richard J. H. Varn Coalition for Sensible Public Records Access (CSPRA) 1 Overview of Key Points Un-validated, single factor authentication

More information

Agenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.

Agenda. 3 2012, Palo Alto Networks. Confidential and Proprietary. Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and

More information

Cybersecurity Awareness. Part 1

Cybersecurity Awareness. Part 1 Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat

More information

A hole in the cloud: Is cloud secure?

A hole in the cloud: Is cloud secure? A hole in the cloud: Is cloud secure? N. Vijaykumar Infosys Technologies Limited, Bangalore presented at Security in cloud is a key challenge! 70% 60% 50% 40% 30% 20% 10% 0% Data integrity tampering Hacker

More information

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things Cyber security Digital Customer Experience Digital Employee Experience Digital Insight Internet of Things Payments IP Solutions Cyber Security Cloud 2015 CGI IT UK Ltd Contents... Securing organisations

More information

A Detailed Strategy for Managing Corporation Cyber War Security

A Detailed Strategy for Managing Corporation Cyber War Security A Detailed Strategy for Managing Corporation Cyber War Security Walid Al-Ahmad Department of Computer Science, Gulf University for Science & Technology Kuwait alahmed.w@gust.edu.kw ABSTRACT Modern corporations

More information

Cyber security trends & strategy for business (digital?)

Cyber security trends & strategy for business (digital?) Cyber security trends & strategy for business (digital?) Presentation by Anwer Yusoff Head, Industry & Business Development C y b e r S e c u r i t y M a l a y s i a NATIONAL CYBERSECURITY TECHNICAL SPECIALIST

More information

Big Data, Big Risk, Big Rewards. Hussein Syed

Big Data, Big Risk, Big Rewards. Hussein Syed Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data

More information

Intelligent Agents The New perspective Enhancing Network Security

Intelligent Agents The New perspective Enhancing Network Security Intelligent Agents The New perspective Enhancing Network Security Krystian Baniak 24 October 2007 Agenda Introduction Intelligent Agent Based Systems Agent Reinforced Reasoning Research description Law

More information

FERPA: Data & Transport Security Best Practices

FERPA: Data & Transport Security Best Practices FERPA: Data & Transport Security Best Practices April 2013 Mike Tassey Privacy Technical Assistance Center FERPA and Data Security Unlike HIPAA and other similar federal regulations, FERPA does not require

More information

the Council of Councils initiative

the Council of Councils initiative Author: Andrea Renda, Senior Research Fellow, Centre for European Policy Studies May 3, 2013 Editor's note: This brief is a feature of the Council of Councils initiative, gathering opinions from global

More information

Hybrid Warfare & Cyber Defence

Hybrid Warfare & Cyber Defence Hybrid Warfare & Cyber Defence Maj Gen Thomas FRANZ, DEU AF SHAPE DCOS CIS & CD Characteristics of Hybrid Warfare Alternate means to achieve goals Lines blurred between: state-onstate wars, counterinsurgency

More information

KUDELSKI SECURITY DEFENSE. www.kudelskisecurity.com

KUDELSKI SECURITY DEFENSE. www.kudelskisecurity.com KUDELSKI SECURITY DEFENSE Cyber Defense Center connection for remote information exchange with local monitoring consoles Satellite link Secure Data Sharing, a data-centric solution protecting documents

More information

Cybersecurity Definitions and Academic Landscape

Cybersecurity Definitions and Academic Landscape Cybersecurity Definitions and Academic Landscape Balkrishnan Dasarathy, PhD Program Director, Information Assurance Graduate School University of Maryland University College (UMUC) Email: Balakrishnan.Dasarathy@umuc.edu

More information

(U)SimMonitor: A New Malware that Compromises the Security of Cellular Technology and Allows Security Evaluation

(U)SimMonitor: A New Malware that Compromises the Security of Cellular Technology and Allows Security Evaluation (U)SimMonitor: A New Malware that Compromises the Security of Cellular Technology and Allows Security Evaluation DR. C. NTANTOGIAN 1, DR. C. XENAKIS 1, DR. G. KAROPOULOS 2 1 DEPT. O F DIGITAL SYST EMS,

More information

Guy Ron Managing Director, Bayon Security guyron@bayoncon.com

Guy Ron Managing Director, Bayon Security guyron@bayoncon.com Guy Ron Managing Director, Bayon Security guyron@bayoncon.com About Me Started my career at the Israeli Defense Forces developing mission critical solutions for the Air Force and retiring as a Captain

More information

Where Do You Draw the Creepy Line? Privacy, Big Data Analytics and the Internet of Things

Where Do You Draw the Creepy Line? Privacy, Big Data Analytics and the Internet of Things Where Do You Draw the Creepy Line? Privacy, Big Data Analytics and the Internet of Things aisa.org.a u aisa.org.a u Rebecca Herold, CEO The Privacy Professor 1 rebeccaherold@rebeccaherold.com Agenda Technology

More information

Cyber Security Research and Development: A Homeland Security Perspective

Cyber Security Research and Development: A Homeland Security Perspective Cyber Security Research and Development: A Homeland Security Perspective Simon Szykman, Ph.D. Director, Cyber Security R&D 202-772-9867 Outline! DHS Organizational Overview Cyber Security Stakeholders

More information

Zak Khan Director, Advanced Cyber Defence

Zak Khan Director, Advanced Cyber Defence Securing your data, intellectual property and intangible assets from cybercrime Zak Khan Director, Advanced Cyber Defence Agenda (16 + optional video) Introduction (2) Context Global Trends Strategic Impacts

More information

The State of Industrial Control Systems Security and National Critical Infrastructure Protection

The State of Industrial Control Systems Security and National Critical Infrastructure Protection The State of Industrial Control Systems Security and National Critical Infrastructure Protection Emerging Threats Tinuade Adesina, Lulea University of Technology Sweden IT Security for the Next Generation

More information

Managing Security and Privacy Risk in Healthcare Applications

Managing Security and Privacy Risk in Healthcare Applications Managing Security and Privacy Risk in Healthcare Applications 5 th Annual OCR / NIST HIPAA Security Rule Conference June 6, 2012 Dr. Ron Ross Computer Security Division Information Technology Laboratory

More information

Investing in Cybersecurity: Understanding Risks and Building Capabilities for the Future

Investing in Cybersecurity: Understanding Risks and Building Capabilities for the Future Testimony of R. David Mahon Vice President and Chief Security Officer CenturyLink before the Committee on Appropriations Subcommittee on Homeland Security United States Senate Investing in Cybersecurity:

More information

Top Attacks in Social Media

Top Attacks in Social Media Top Attacks in Social Media SESSION ID: HUM-F03A Gary Bahadur CEO KRAA Security @KRAASecurity 140 Characters of Pain What s the Problem with Social Media? No security strategies in place No enterprise-wide

More information

Simplifying Security & Compliance Innovating IT Managed Services. Data Security Threat Landscape and IT General Controls

Simplifying Security & Compliance Innovating IT Managed Services. Data Security Threat Landscape and IT General Controls Simplifying Security & Compliance Innovating IT Managed Services Data Security Threat Landscape and IT General Controls Audit Standards and IT General Controls General IT controls discussed in AUC Section

More information

DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview DHS, National Cyber Security Division Overview Hun Kim, Deputy Director Strategic Initiatives Information Analysis and Infrastructure Protection Directorate www.us-cert.gov The strategy of DHS, as defined

More information

Participants: Introduction:

Participants: Introduction: National Conversation A Trusted Cyber Future Discussion Led by Dan Massey, CSD Program Manager Moderator: Joe Gersch (Secure 64) Department of Homeland Security Science and Technology Directorate (DHS

More information

THE CHALLENGES OF CYBERSECURITY TRAINING

THE CHALLENGES OF CYBERSECURITY TRAINING THE CHALLENGES OF CYBERSECURITY TRAINING DR. JORGE LÓPEZ HERNÁNDEZ ARDIETA DR. MARINA SOLEDAD EGEA GONZÁLEZ Cybersecurity Research Group Cybersecurity& Privacy Innovation Forum Brussels Belgium 28-29 April

More information

TUSKEGEE CYBER SECURITY PATH FORWARD

TUSKEGEE CYBER SECURITY PATH FORWARD TUSKEGEE CYBER SECURITY PATH FORWARD Preface Tuskegee University is very aware of the ever-escalating cybersecurity threat, which consumes continually more of our societies resources to counter these threats,

More information

The Cyber Security Crisis

The Cyber Security Crisis The Cyber Security Crisis Eugene H. Spafford Professor & Executive Director CERIAS http://www.cerias.purdue.edu/ The State of Cybersecurity Overwhelming vulnerabilities About 4000 in each of 2003, 2004

More information

Policies and Practices on Network Security of MIIT

Policies and Practices on Network Security of MIIT 2011/TEL43/SPSG/WKSP/004 Policies and Practices on Network Security of MIIT Submitted by: China Workshop on Cybersecurity Policy Development in the APEC Region Hangzhou, China 27 March 2011 Policies and

More information

[WEB HOSTING SECURITY 2014] Crucial Cloud Hosting. Crucial Research

[WEB HOSTING SECURITY 2014] Crucial Cloud Hosting. Crucial Research 2014 Crucial Cloud Hosting Crucial Research [WEB HOSTING SECURITY 2014] Security is a growing threat for hyper-connected and Internet-dependent businesses whose activities increasingly rely on web hosting

More information

NIST Cybersecurity Framework Overview

NIST Cybersecurity Framework Overview NIST Cybersecurity Framework Overview Executive Order 13636 Improving Critical Infrastructure Cybersecurity 2nd ENISA International Conference on Cyber Crisis Cooperation and Exercises Executive Order

More information

Analyzing HTTP/HTTPS Traffic Logs

Analyzing HTTP/HTTPS Traffic Logs Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that

More information

Cyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014

Cyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014 Cyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented by: Jennifer A. Puplava

More information

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure Home Secure digital transformation SMACT Advise, Protect & Monitor Why Capgemini & Sogeti? In safe hands Capgemini & Sogeti Cybersecurity Services Guiding enterprises and government through digital transformation

More information

RARITAN VALLEY COMMUNITY COLLEGE COURSE OUTLINE. CISY-274 Privacy, Ethics & Computer Forensics

RARITAN VALLEY COMMUNITY COLLEGE COURSE OUTLINE. CISY-274 Privacy, Ethics & Computer Forensics RARITAN VALLEY COMMUNITY COLLEGE COURSE OUTLINE CISY-274 Privacy, Ethics & Computer Forensics I. Basic Course Information A. Course Number & Title: CISY-274 - Privacy, Ethics, & Computer Forensics B. New

More information

Cyber Adversary Characterization. Know thy enemy!

Cyber Adversary Characterization. Know thy enemy! Cyber Adversary Characterization Know thy enemy! Brief History of Cyber Adversary Modeling Mostly Government Agencies. Some others internally. Workshops DARPA 2000 Other Adversaries, RAND 1999-2000 Insider

More information

US Federal Cyber Security Research Program. NITRD Program

US Federal Cyber Security Research Program. NITRD Program US Federal Cyber Security Research Program NITRD Program Purpose The primary mechanism by which the U.S. Government coordinates its unclassified Networking and IT R&D (NITRD) investments Supports NIT-related

More information