Cloud Cyber Incident Sharing Center (CISC) Jim Reavis CEO, Cloud Security Alliance
|
|
- Mae Adams
- 8 years ago
- Views:
Transcription
1 Cloud Cyber Incident Sharing Center (CISC) Jim Reavis CEO, Cloud Security Alliance
2 Agenda CSA History CloudCERT White House Legislative Announcements How is CSA addressing the issue of information sharing? Cloud CISC Pilot Demo Next Steps Questions?
3 CSA History - CloudCERT CloudCERT was conceived of at the same time as the Cloud Security Alliance (CSA) Broad goal is to improve defenses of the cloud ecosystem against attackers Emphasis was placed on developing CSA due to broader scope and potential impact in industry CloudCERT initiative was formally announced 2010 Working Group has been meeting once a month since January 2011
4 White House Announcements The President signed an Executive Order encouraging and promoting information sharing. Promotes private sector and government information sharing as well as private to private via Information Sharing and Analysis Organizations (ISAO s) Requires DHS, DoJ, and Privacy and Civil Liberties Board to develop disclosure guidelines
5 Congressional Action the House The U.S. House is expected to vote on two bills this week which will focus on enabling information sharing between companies and with the Department of Homeland Security. The bills originate from the Homeland Security Committee (HR 1731) and Intelligence Committee (HR 1560). The House Judiciary Committee has provided language regarding liability protections for sharing data. The Rules Committee meets tonight to examine dozens of amendments. Both bills are thought to be complimentary and compatible but will require reconciliation which will probably not occur until the Senate passes its bill The bills define cyber threat indicators as well as cyber defense indicators. The bills require companies to take reasonable efforts to redact or encrypt sensitive information that is unrelated to a cyber attack. Both encourage private-to-private sharing as well as sharing with the DHS s National Cybersecurity and Communications Integration Center. Cloud Security Alliance, 2014.
6 Congressional Action the Senate The Senate Intelligence Committee passed a measure (S 754) similar to the House s proposed bills. It offers liability protection for sharing between companies and with the Department of Homeland Security. The Senate s vote on this measure may be delayed by agreement of extension of the Patriot Act which expires on June 1. A deal on the Patriot Act is reportedly in the works, but privacy advocates remain concerned. The bottom line: the prospects are good that we will have a law signed before Memorial Day. House and Senate leadership agree that an information sharing law is necessary. However.it is Washington. Cloud Security Alliance, 2014.
7 How is addressing the issue of information sharing?.
8 The Problem Attacks are becoming incredibly sophisticated. Knowing what happened is one thing. Knowing what to look for to see if it is happening to you is key. ISAC s have had limited success ISAC model is segmented by vertical (Financial Services, Energy, etc.). View across the sectors is critical to protecting companies today. ISACs do not allow for a Cloud Segment
9 The Problem ISAC Model requires sending sensitive data to a trusted third party. Company identity is known. Snowden incident has made sharing with trusted third parties undesirable today. Need is clear a trusted method of sharing is required. Company identity is not known so not subject to subpoena s, etc. Incident data submission is quick and simple. Rapid analysis of data including correlation with other reports and open source data Alerts sent in minutes, not days/weeks Ability to anonymously discuss attacks with others and share solutions.
10 The Solution Cloud CISC CSA Cloud Cyber Incident Sharing Center Cloud adoption is progressing at an accelerating pace. We are concerned that the lack of a robust, automated incident sharing function will inhibit the timely resolution of security incidents, hamper our ability to minimize the damage caused by incidents, and could ultimately have a serious negative impact on the industry. The CSA Cloud CISC will: Provide a truly anonymous, global cyber security incident sharing platform for enterprises; Educate the public and private community on Cloud Security Develop vendor neutral best practices and technical standards Develop policies aligning Cloud CISC to industry and governmental standards on an international basis.
11 How to get Involved Work Group Co-chair Currently seeking leadership for this initiative 2-3 Co-chairs (1appointed by CSA) Co-chair Requirements Appointed Co-chair must be an employee of a CSA Member Company Additional Co-chairs are decided by vote Time commitment required Contact research@cloudsecurityalliance.org for additional details and questions
12 How to get Involved Work Group Participant Currently seeking Volunteers for the following areas: Sub Group to focus on Researching, Developing & Promoting Vendor Neutral Best Practices Sub Group to define technical standards for information sharing Sub Group focused on Information Sharing Policy development and outreach Sub Group that will liaise with the standard development communities (SDOs) Contact if you are interested in getting involved
13 How to get Involved We need support from our CSA Provider Community to participate in Cloud CISC Pilot CALL TO ACTION: Submit Incident Report Data Data Types Title Date Region Type of Attack Known Remediation Contact if you are interested in getting involved with the pilot
14 How to get Involved CISC Pilot Participant We need support from our CSA Provider Community to participate in Cloud CISC Pilot CALL TO ACTION: Submit Incident Report Data Examples: Subject Date of incident Region Type of Attack Known Remediation
15 How the Cloud CISC Pilot Works Anonymous Authentication When users transmit sanitized reports, we execute a public anonymous authentication protocol that: Confirms the user is a member of the community, without disclosing the identity of the user, and Delivers a mathematic proof that the user has connected with TruSTAR and that TruSTAR does not know identity of the user.
16 A patent-pending technology that allows for easy sharing while preserving complete anonymity. 5 Rate & Collaborate 1 Scrub Reports are rated to Incident Reports increase relevance and of Identifying members collaborate Information with Cloud CISC Protects customer PII and Coordinator. corporate IP mitigating 4 Alerts & Review discovery concerns. Alerts members to new report for review along with correlated, actionable information 2 Share 3 Correlate & Analyze Immediately correlates report with open source and other submitted reports Unattributable Reports Protects company identity Powered by
17 CISC Pilot Demo.
18 Cloud CISC Next Steps Kick-Off Call & Develop a 4 month Information Sharing Pilot Starting in May/June 2015 Develop and deliver educational programs on Cloud Security and the need for information sharing for both the public and private sector ongoing based on results Identify areas of potential CSA research based on Pilot results Q Identify best practices and need for technical standards Nov May 2016 Identify need for policies and alignment across industries and governments. Nov 2015 May 2016
19 ????
4/21/2015. Jim Reavis CEO, Cloud Security Alliance. Cloud Security Alliance, 2015. Agenda
Jim Reavis CEO, Cloud Security Alliance Agenda CSA History CloudCERT White House Legislative Announcements How is CSA addressing the issue of information sharing? Cloud CISC Pilot Demo Next Steps Questions?
More informationPreservation of longstanding, roles and missions of civilian and intelligence agencies
Safeguards for privacy and civil liberties Preservation of longstanding, respective roles and missions of civilian and sharing with targeted liability Why it matters The White House has pledged to veto
More informationDocket No. DHS-2015-0017, Notice of Request for Public Comment Regarding Information Sharing and Analysis Organizations
Submitted via ISAO@hq.dhs.gov and www.regulations.gov July 10, 2015 Mr. Michael Echols Director, JPMO-ISAO Coordinator NPPD, Department of Homeland Security 245 Murray Lane, Mail Stop 0615 Arlington VA
More informationThe U.S. Department of Homeland Security s Response to Senator Franken s July 1, 2015 letter
The U.S. Department of Homeland Security s Response to Senator Franken s July 1, 2015 letter 1. In what ways do private entities currently share with, and receive from, the government cyber threat information?
More information1851 (d) RULE OF CONSTRUCTION. Nothing in this section shall be construed to (1) require a State to report data under subsection
U:\REPT\OMNI\FinalOmni\CPRT--HPRT-RU00-SAHR-AMNT.xml 0 (d) RULE OF CONSTRUCTION. Nothing in this section shall be construed to () require a State to report data under subsection (a); or () require a non-federal
More informationReport: An Analysis of US Government Proposed Cyber Incentives. Author: Joe Stuntz, MBA EP 14, McDonough School of Business
S 2 ERC Project: Cyber Threat Intelligence Exchange Ecosystem: Economic Analysis Report: An Analysis of US Government Proposed Cyber Incentives Author: Joe Stuntz, MBA EP 14, McDonough School of Business
More informationMyths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA)
Myths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA) MYTH: The cyber threat is being exaggerated. FACT: Cyber attacks are a huge threat to American lives, national security,
More informationHow Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495
How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda! Rise in Data Breaches! Effects of Increase in Cybersecurity Threats! Cybersecurity
More informationComparison of Information Sharing, Monitoring and Countermeasures Provisions in the Cybersecurity Bills
April 4, 2012 Comparison of Information Sharing, Monitoring and Countermeasures Provisions in the Cybersecurity Bills The chart below compares on civil liberties grounds four bills that seek to promote
More informationJOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015
JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationData Breach Response Planning: Laying the Right Foundation
Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA
More informationImplementation of the Cybersecurity Executive Order
Implementation of the Cybersecurity Executive Order November 13 th, 2013 Ben Beeson, Partner, Lockton Companies Gerald J. Ferguson, Partner, BakerHostetler Mark Weatherford, Principal, The Chertoff Group
More informationWILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES
WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES This special report examines the cyber risk disclosures made by the retail sector of the Fortune 1000.
More informationTestimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology
Testimony of Dan Nutkis CEO of HITRUST Alliance Before the Oversight and Government Reform Committee, Subcommittee on Information Technology Hearing entitled: Cybersecurity: The Evolving Nature of Cyber
More informationCybersecurity Information Sharing Legislation Protecting Cyber Networks Act (PCNA) National Cybersecurity Protection Advancement (NCPA) Act
In a flurry of activity, the U.S. House of Representatives last week passed two cybersecurity information sharing bills. Both the House Intelligence Committee and the House Homeland Security Committee
More informationLEGAL ISSUES IN SHARING CYBER THREAT INTELLIGENCE: WHAT ARE THE REAL CONCERNS?
LEGAL ISSUES IN SHARING CYBER THREAT INTELLIGENCE: WHAT ARE THE REAL CONCERNS? Kim PereK September 9, 2015 2015 Cybersecurity Innova0on Forum Agenda The Cyber Threat Landscape The Legal JusOficaOon for
More informationCyber After Snowden. Can DC Help Protect Your Networks? Matthew Rhoades, Director, Cyberspace & Security Program
Cyber After Snowden Can DC Help Protect Your Networks? Matthew Rhoades, Director, Cyberspace & Security Program Truman Project Members Cyberspace & Security Program Agenda Looking Back How we got here
More informationLogging In: Auditing Cybersecurity in an Unsecure World
About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that
More informationLegislative Language
Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking
More informationSempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013
Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013 Sempra Energy s gas and electric utilities collaborate with industry leaders and a wide range of
More informationTestimony of. Wm. Douglas Johnson. American Bankers Association. Subcommittee on Information Technology
Testimony of Wm. Douglas Johnson On behalf of the American Bankers Association before the Subcommittee on Information Technology of the Committee on Oversight and Government Reform United States House
More informationReport on CAP Cybersecurity November 5, 2015
Agenda Number 7. Report on CAP Cybersecurity November 5, 2015 Phil Cook CISSP, CISM Manager, Information Technologies Risk #1 External Attacks PR 81 Protect and secure CAP's Information Technology assets
More informationPartnership for Cyber Resilience
Partnership for Cyber Resilience Principles for Cyber Resilience 1. Recognition of interdependence: All parties have a role in fostering a resilient shared digital space 2. Role of leadership: Encourage
More informationTHE WHITE HOUSE Office of the Press Secretary
FOR IMMEDIATE RELEASE February 13, 2015 THE WHITE HOUSE Office of the Press Secretary FACT SHEET: White House Summit on Cybersecurity and Consumer Protection As a nation, the United States has become highly
More informationChairman Johnson, Ranking Member Carper, and Members of the committee:
UNITED STATES OFFICE OF PERSONNEL MANAGEMENT STATEMENT OF THE HONORABLE KATHERINE ARCHULETA DIRECTOR U.S. OFFICE OF PERSONNEL MANAGEMENT before the COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
More informationALM Virtual Corporate Counsel Managing Cybersecurity Risks and Mitigating Data Breach Damage
ALM Virtual Corporate Counsel Managing Cybersecurity Risks and Mitigating Data Breach Damage VENABLE LLP Attorneys at Law Washington, DC/New York/San Francisco/Los Angeles/Baltimore/Virginia/Delaware November
More informationCOMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER
COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER to THE CYBER SECURITY AND INFORMATION ASSURANCE RESEARCH AND DEVELOPMENT SENIOR STEERING GROUP OF THE FEDERAL NETWORKING AND INFROMATION TECHNOLOGY
More informationTechnological Evolution
Technological Evolution The Impact of Social Media, Big Data and Privacy on Business Government Regulation, Enforcement and Legislation on Privacy, Cyber Security and Social Media Jeff Brueggeman Vice
More informationNIST Cybersecurity Framework. ARC World Industry Forum 2014
NIST Cybersecurity Framework Vicky Yan Pillitteri NIST ARC World Industry Forum 2014 February 10-13, 2014 Orlando, FL Executive Order 13636 Improving Critical Infrastructure Cybersecurity It is the policy
More informationSharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So?
Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Bruce Heiman K&L Gates September 10, 2015 Bruce.Heiman@klgates.com (202) 661-3935 Why share information? Prevention
More informationCybersecurity Risk Information Sharing Program (CRISP): Bi-Directional Trust
Session ID: PNG-F01 Cybersecurity Risk Information Sharing Program (CRISP): Bi-Directional Trust Michael E. Smith Senior Cyber Policy Advisor to the Assistant Secretary, Office of Electricity Delivery
More informationCYBER INTELLIGENCE SHARING
AFCEA International Cyber Committee CYBER INTELLIGENCE SHARING Chairpersons: Richard C. Schaeffer, Jr., Riverbank Associates, LLC; Wray Varley, CenturyLink Government Members: Matthew Coose, Qmulos LLC;
More informationA New Security Dimension: Industry Experience Using Open Standards to Accelerate Threat Response
A New Security Dimension: Industry Experience Using Open Standards to Accelerate Threat Response Jason Corbin VP Product Management and Strategy IBM Security Cyber Threat Intelligence Refresher Payload
More informationBSA GLOBAL CYBERSECURITY FRAMEWORK
2010 BSA GLOBAL CYBERSECURITY FRAMEWORK BSA GLOBAL CYBERSECURITY FRAMEWORK Over the last 20 years, consumers, businesses and governments 1 around the world have moved online to conduct business, and access
More informationNATIONAL CYBERSECURITY PROTECTION ACT OF 2014
PUBLIC LAW 113 282 DEC. 18, 2014 NATIONAL CYBERSECURITY PROTECTION ACT OF 2014 VerDate Mar 15 2010 21:01 Feb 12, 2015 Jkt 049139 PO 00282 Frm 00001 Fmt 6579 Sfmt 6579 E:\PUBLAW\PUBL282.113 PUBL282 128
More informationChanging Legal Landscape in Cybersecurity: Implications for Business
Changing Legal Landscape in Cybersecurity: Implications for Business Presented to Greater Wilmington Cyber Security Group Presented by William R. Denny, Potter Anderson & Corroon LLP May 8, 2014 Topics
More informationCoordinating Attack Response at Internet Scale (CARIS)
Coordinating Attack Response at Internet Scale (CARIS) Overview and Summary Report July 2015 Kathleen Moriarty Security Area Director, IETF Kathleen.Moriarty.ietf@gmail.com Agenda Coordinating Attack Response
More informationBig Data Research Sponsorship
Big Data Research Sponsorship Overview The term Big Data refers to the massive amounts of digital information companies and governments collect about us and our surroundings. Providing security and privacy
More informationSELECTING AN ENTERPRISE-READY CLOUD SERVICE
21 Point Checklist for SELECTING AN ENTERPRISE-READY CLOUD SERVICE Brought to you by Introduction The journey to the cloud is well underway, and it s easy to see why when 84% of CIOs report cutting application
More informationInformation Security Program CHARTER
State of Louisiana Information Security Program CHARTER Date Published: 12, 09, 2015 Contents Executive Sponsors... 3 Program Owner... 3 Introduction... 4 Statewide Information Security Strategy... 4 Information
More informationTestimony of. Mr. Anish Bhimani. On behalf of the. Financial Services Information Sharing and Analysis Center (FS-ISAC) before the
Testimony of Mr. Anish Bhimani On behalf of the Financial Services Information Sharing and Analysis Center (FS-ISAC) before the Committee on Homeland Security United States House of Representatives DHS
More informationVirginia Joint Commission on Technology and Science. Cybersecurity Legislation
Virginia Joint Commission on Technology and Science Cybersecurity Legislation Pending Legislation Widespread agreement of need for legislation Three approaches CISPA Cybersecurity Act of 2012 SECURE IT
More informationActions and Recommendations (A/R) Summary
Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal government s interaction with industry
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationDelaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP
Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats
More informationS. ll IN THE SENATE OF THE UNITED STATES A BILL
TH CONGRESS ST SESSION S. ll To codify mechanisms for enabling cybersecurity threat indicator sharing between private and government entities, as well as among private entities, to better protect information
More informationSenate Committee on Commerce, Science, and Transportation March 19, 2015, Hearing Examining the Evolving Cyber Insurance Marketplace
Senate Committee on Commerce, Science, and Transportation March 19, 2015, Hearing Examining the Evolving Cyber Insurance Marketplace Testimony of Ben Beeson Vice President, Cyber Security and Privacy Lockton
More informationU.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems
U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)
More informationAn Overview of Large US Military Cybersecurity Organizations
An Overview of Large US Military Cybersecurity Organizations Colonel Bruce D. Caulkins, Ph.D. Chief, Cyber Strategy, Plans, Policy, and Exercises Division United States Pacific Command 2 Agenda United
More information[STAFF WORKING DRAFT]
S:\LEGCNSL\LEXA\DOR\OI\PARTIAL\CyberWD..xml [STAFF WORKING DRAFT] JULY, 0 SECTION. TABLE OF CONTENTS. The table of contents of this Act is as follows: Sec.. Table of contents. Sec.. Definitions. TITLE
More informationCyber Legislation & Policy Developments 2014
Cyber Legislation & Policy Developments 2014 SESSION ID: LAW-Fo2 Michael A. Aisenberg, Esq. Chair, ABA Information Security Committee Policy Task Force ABA Section on Science & Technology Law Principal
More informationCybersecurity and Information Sharing: Comparison of H.R. 1560 and H.R. 1731
Cybersecurity and Information Sharing: Comparison of H.R. 1560 and H.R. 1731 Eric A. Fischer Senior Specialist in Science and Technology April 20, 2015 Congressional Research Service 7-5700 www.crs.gov
More informationSummary of Privacy and Data Security Bills- 112 th Congress. Prepared for September 15, 2011 CT Privacy Forum
Summary of Privacy and Data Security Bills- 112 th Congress Prepared for September 15, 2011 CT Privacy Forum GEOLOCATION TRACKING The Location Privacy Protection Act of 2011 (S. 1223)- introduced by s
More informationLegislative Language
Legislative Language SEC. 1. COORDINATION OF FEDERAL INFORMATION SECURITY POLICY. (a) IN GENERAL. Chapter 35 of title 44, United States Code, is amended by striking subchapters II and III and inserting
More informationTestimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies
Marsh & McLennan Companies, Inc. 1166 Avenue of the Americas New York, NY 10036 +1 212 345 5000 Fax +1 212 345 4808 Testimony of PETER J. BESHAR Executive Vice President and General Counsel Marsh & McLennan
More informationDEPARTMENT OF JUSTICE WHITE PAPER. Sharing Cyberthreat Information Under 18 USC 2702(a)(3)
DEPARTMENT OF JUSTICE WHITE PAPER Sharing Cyberthreat Information Under 18 USC 2702(a)(3) Background Improved information sharing is a critical component of bolstering public and private network owners
More informationCyber-Security. FAS Annual Conference September 12, 2014
Cyber-Security FAS Annual Conference September 12, 2014 Maysar Al-Samadi Vice President, Professional Standards IIROC Cyber-Security IIROC Rule 17.16 BCP The regulatory landscape Canadian Government policy
More informationEffective Information Sharing and Analysis Process
Bringing Data to Life Presented by Michael Echols REGIONAL INTELLIGENCE SEMINAR AND NATIONAL SECURITY FORUM DHS Responsibilities Emergency Communications Capabilities Secure dot-gov Assist in Protecting
More informationS. 2519 AN ACT. To codify an existing operations center for cybersecurity.
TH CONGRESS D SESSION S. 1 AN ACT To codify an existing operations center for cybersecurity. 1 Be it enacted by the Senate and House of Representa- tives of the United States of America in Congress assembled,
More informationNational Security & Homeland Security Councils Review of National Cyber Security Policy. Submission of the Business Software Alliance March 19, 2009
National Security & Homeland Security Councils Review of National Cyber Security Policy Submission of the Business Software Alliance March 19, 2009 Question # 1: What is the federal government s role in
More informationHow To Understand The Cybersecurity Bill Of Rights
Trends in CyberSecurity Law & Software Audits Ronald L. Chichester, Esq. Law Office of Ronald Chichester, P.C. ISACA - Greater Houston Chapter May 17, 2012 Disclaimer I m a lawyer...... but I m not your
More informationCyber Threat Information Sharing Recommendations for Congress and the Administration
Cyber Threat Information Sharing Recommendations for Congress and the Administration AUTHORS Denise E. Zheng James A. Lewis MARCH 2015 A Report of the CSIS Strategic Technologies Program Blank Cyber Threat
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationDiane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899
Submitted via email: cyberframework@nist.gov April 8, 2013 Diane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Re: Developing a Framework
More informationOFFICE OF ENTERPRISE TECHNOLOGY SERVICES QUARTERLY REPORT ON
OFFICE OF ENTERPRISE TECHNOLOGY SERVICES QUARTERLY REPORT ON PERIODIC INFORMATION SECURITY AND PENETRATION AUDITS OF THE EXECUTIVE BRANCH INFORMATION TECHNOLOGY SYSTEMS APRIL 1, 2016 SUBMITTED TO THE TWENTY-EIGHTH
More informationBilling Code: 3510-EA
Billing Code: 3510-EA DEPARTMENT OF COMMERCE Office of the Secretary National Institute of Standards and Technology National Telecommunications and Information Administration [Docket Number: 130206115-3115-01]
More informationHow To Write A National Cybersecurity Act
ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 March 17, 2010 BACKGROUND & WHY THIS LEGISLATION IS IMPORTANT: Our nation is at risk. The networks that American families and businesses
More informationCybersecurity: Legislation, Hearings, and Executive Branch Documents
Cybersecurity: Legislation, Hearings, and Executive Branch Documents Rita Tehan Information Research Specialist November 17, 2015 Congressional Research Service 7-5700 www.crs.gov R43317 Cybersecurity:
More informationRelease of the Draft Cybersecurity Procurement Language for Energy Delivery Systems
Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems Energy Sector Control Systems Working Group Supporting the Electricity Sector Coordinating Council, Oil & Natural Gas
More informationPublic Law 113 283 113th Congress An Act
PUBLIC LAW 113 283 DEC. 18, 2014 128 STAT. 3073 Public Law 113 283 113th Congress An Act To amend chapter 35 of title 44, United States Code, to provide for reform to Federal information security. Be it
More informationHow To Understand And Manage Cybersecurity Risk
White Paper A Framework to Gauge Cyber Defenses NIST s Cybersecurity Framework Helps Critical Infrastructure Owners to Cost-Effectively Defend National & Economic Security of the U.S. Executive Summary
More informationOne Hundred Thirteenth Congress of the United States of America
S. 2519 One Hundred Thirteenth Congress of the United States of America AT THE SECOND SESSION Begun held at the City of Washington on Friday, the third day of January, two thous fourteen An Act To codify
More informationCybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues
Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues Todd Bertoson Daniel Gibb Erin Sheppard Principal Senior Managing Associate Counsel todd.bertoson@dentons.com
More informationCloud Security Alliance and Standards. Jim Reavis Executive Director March 2012
Cloud Security Alliance and Standards Jim Reavis Executive Director March 2012 About the CSA Global, not for profit, 501(c)6 organization Over 32,000 individual members, 120 corporate members, 60 chapters
More informationCyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record
Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications
More informationwww.pwc.com Cybersecurity and Privacy Hot Topics 2015
www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets
More informationFINRA Publishes its 2015 Report on Cybersecurity Practices
Securities Litigation & Enforcement Client Service Group and Data Privacy & Security Team To: Our Clients and Friends February 12, 2015 FINRA Publishes its 2015 Report on Cybersecurity Practices On February
More informationThe Department of Homeland Security The Department of Justice
The Department of Homeland Security The Department of Justice to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information
More informationCLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS
CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS NEW YORK Jeremy Feigelson jfeigelson@debevoise.com WASHINGTON, D.C. Satish M. Kini smkini@debevoise.com Renee
More informationMachine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense
Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense By: Daniel Harkness, Chris Strasburg, and Scott Pinkerton The Challenge The Internet is an integral part of daily
More informationSTATEMENT OF RANDY S. MISKANIC VICE PRESIDENT, SECURE DIGITAL SOLUTIONS U.S. POSTAL SERVICE BEFORE THE SUBCOMMITTEE ON FEDERAL WORKFORCE, U.
STATEMENT OF RANDY S. MISKANIC VICE PRESIDENT, SECURE DIGITAL SOLUTIONS U.S. POSTAL SERVICE BEFORE THE SUBCOMMITTEE ON FEDERAL WORKFORCE, U.S. POSTAL SERVICE AND THE CENSUS UNITED STATES HOUSE OF REPRESENTATIVES
More informationSECTION-BY-SECTION. Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012.
SECTION-BY-SECTION Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012. Section 2. Definitions. Section 2 defines terms including commercial information technology product,
More informationHomeland Security: Information Assurance Challenges and Opportunities. Building the National Cyber Security Division
Homeland Security: Information Assurance Challenges and Opportunities Building the National Cyber Security Division The Homeland Security Act and national strategies direct DHS to take the lead on cyber
More informationPreventing and Defending Against Cyber Attacks October 2011
Preventing and Defending Against Cyber Attacks October 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More information2015 List of Major Management Challenges for the CFPB
September 30, 2015 MEMORANDUM TO: FROM: SUBJECT: Richard Cordray Director Consumer Financial Protection Bureau Mark Bialek Inspector General 2015 List of Major Management Challenges for the CFPB We are
More informationNetwork Security Deployment (NSD)
Network Security Deployment (NSD) National Cybersecurity Protection System (NCPS) 11 July 2012 What is the NCPS? National Cybersecurity Protection System (NCPS) is the program of record within the Department
More informationThe Comprehensive National Cybersecurity Initiative
The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we
More informationH. R. 5005 11 SEC. 201. DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION.
H. R. 5005 11 (d) OTHER OFFICERS. To assist the Secretary in the performance of the Secretary s functions, there are the following officers, appointed by the President: (1) A Director of the Secret Service.
More informationVIRGINIA CYBER SECURITY COMMISSION November 7, 2014
VIRGINIA CYBER SECURITY COMMISSION November 7, 2014 1 Mission Statement The mission of the Virginia Cyber Security Partnership is to establish and maintain a trusted community of public and private sector
More informationCYBER AND IT SECURITY: CLOUD SECURITY FINAL SESSION. Architecture Framework Advisory Committee November 4, 2014
CYBER AND IT SECURITY: CLOUD SECURITY FINAL SESSION Architecture Framework Advisory Committee November 4, 2014 1 Agenda TIME TOPICS PRESENTERS 9:00 9:15 Opening Remarks and Introductions Shirley Ivan,
More informationClient Update SEC Releases Updated Cybersecurity Examination Guidelines
Client Update September 18, 2015 1 Client Update SEC Releases Updated Cybersecurity Examination Guidelines NEW YORK Jeremy Feigelson jfeigelson@debevoise.com Jim Pastore jjpastore@debevoise.com David Sarratt
More informationApril 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899
Salt River Project P.O. Box 52025 Mail Stop: CUN204 Phoenix, AZ 85072 2025 Phone: (602) 236 6011 Fax: (602) 629 7988 James.Costello@srpnet.com James J. Costello Director, Enterprise IT Security April 8,
More informationPreventing and Defending Against Cyber Attacks June 2011
Preventing and Defending Against Cyber Attacks June 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their unclassified
More informationIAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope
IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope March 6, 2014 Victoria King UPS (404) 828-6550 vking@ups.com Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com
More informationUnited States House of Representatives United States House of Representatives. Washington, DC 20515 Washington, DC 20515
April 17, 2015 The Honorable John Boehner The Honorable Nancy Pelosi Speaker of the House Democratic Leader United States House of Representatives United States House of Representatives H-232, U.S. Capitol
More informationComments :Incentives To Adopt Improved Cybersecurity Practices
Comments :Incentives To Adopt Improved Cybersecurity Practices 1. Do particular business sectors or company types lack sufficient incentives to make cybersecurity investments more than others? If so, why?
More information