Rising to the Challenge
|
|
- Clara Day
- 8 years ago
- Views:
Transcription
1 CYBERSECURITY: Rising to the Challenge Dialogues with Subject Matter Experts Advanced persistent threats. Zero-day attacks. Insider threats. Cybersecurity experts say that if IT leaders are not concerned about the ongoing evolution of the cyber landscape, it just means they are not paying enough attention. The problem is that these and other emerging cyber tactics are designed to evade traditional cyber defenses and escape detection until it s too late. The good news is it s not a lost cause. In this special report, two subject matter experts discuss cybersecurity technologies and strategies that can help agencies defend their systems and data against the latest cyber threats, today and into the future. Sponsored by
2 Sponsored Content The complexity of cybersecurity demands a systematic approach Jim Myers Sector Vice President and General Manager, Cyber Solutions Division, Northrop Grumman Information Systems Understanding your complete risk posture is essential. It is the difference between being proactive and in a good defensive position, versus reactive. How can an agency balance Q the need for better security with the need to provide a good user experience? A Understanding risk is critical when securing any digital environment. Today, mobile computing is where we see the most prevalent tradeoffs between user experience and security. Customers want the convenience and efficiencies that come from access to mobile apps. However, the greatest security risks are migrating to mobile, and these issues are limiting its full adoption. Developing essential security standards for application development can begin to address the inconsistency in security profiles that many mobile computing environments experience. At Northrop Grumman, we address security and user experience by taking a systematic approach and looking at mobile security in a holistic, risk-based way. Those customers who take a risk-based approach to developing enterprise cybersecurity policy and related solutions can deploy their resources and implement controls in a way that s best for them, resulting in a better user experience and lower risk. QIs mobile malware winning? What can agencies do to better protect themselves? AAt the moment, mobile malware is winning. That s because existing networks have not been architected with malware in mind, and the mobile environment is particularly vulnerable. Adversaries are using persistent and innovative approaches to get access to networks, and the only way agencies can tackle this is to secure the entire enterprise, including the device itself. You need a strong device security architecture, encryption for both data at rest and in motion, and identity management and authentication solutions to secure mobile users. Two-factor authentication is the classic approach, but there are also biometrics and other ways you can approach identity management. The same way you determine who gets access to certain types of data in a corporate environment, you want to have a similar process in place for a mobile environment. Mobile malware is best managed with non-signature based detection technology. Putting that technology at the network gateway allows you to isolate data and applications that are potentially suspect. We recommend that agencies develop end-to-end trusted mobility solutions that go beyond the gateway approach to include on-device malware detection and identity management. At Northrop Grumman, we re developing innovative security solutions in the mobile data environment, leveraging ideas from our university consortium and developing them through our own technology investments to help advance technology quickly.
3 QRisk management is an oft-used phrase in cybersecurity today. What does it mean to you, and how well do agencies understand it and practice it? AIn our business, we manage mission critical systems for our customers. As we see it, risk management is the ability to balance key elements of risk tolerance: the cost to implement security with the ability to effectively execute the mission. This is a delicate balance that can only be achieved by partnering with the customer to develop a deep understanding of their mission. We ve been doing this for more than 30 years, and it s this approach that helps enable a meaningful enterprise risk assessment. To help customers and our security practitioners develop this understanding, we created the Fan, a layered cyber defense approach that assesses risk at each level of the IT enterprise the perimeter, network, applications, data and client. The Fan allows us to be agnostic to platform and architecture. Each agency has different IT architectures and missions, and they think about risk differently. This approach allows us to leverage a common view of the enterprise and to identify where risk exists in each customer s architecture. Understanding your complete risk posture is essential. It is the difference between being proactive and in a good defensive position, versus reactive. QThe relationship between government and industry is seen as crucial to progress in cybersecurity. Where does it stand now, and does it still need to improve? How? The relationship is good, and it s a critical A one. This partnership is constantly improving through programs like the Defense Industrial Base cyber pilot. The cyber threat is still a new phenomenon to most, and the ability for agencies to implement even basic cybersecurity practices differs a lot. As we work collectively to get in front of the threat, building cybersecurity early in the acquisition lifecycle is imperative. Creating core cybersecurity criteria for evaluation will be important to establish within future acquisition documents. One area that still needs improvement is securing the supply chain. Government and industry need to work together to find better ways to leverage COTS in secure environments without compromising security. The NIST cyber framework is a great step forward and very useful for communicating how to manage risk by establishing a detection baseline and aggregating and correlating the event data. QWhat s the state of the government cybersecurity workforce? How can it be improved? The demand for cybersecurity experts A far exceeds the availability of this critical talent. That s why we have focused so much effort and investment into enhancing today s workforce and in developing tomorrow s talent. We created our own training program called Cyber Academy, a cyber education continuum for both internal and external customers. We also know the importance of reaching down to the middle and high school levels to get students excited about a career in STEM and cybersecurity. To that end, we re entering our fourth year as presenting sponsor of the Air Force Association s CyberPatriot program, the national youth cyber defense competition. We also partner with universities across the country to develop the cyber workforce. This includes funding the nation s first cybersecurity honors program, the Advanced Cybersecurity Experience for Students at the University of Maryland, and the Cyber Scholars program and the Cync incubator at the University of Maryland, Baltimore County. We also created the Cybersecurity Research Consortium, which includes Carnegie Mellon, Massachusetts Institute of Technology, Purdue and the University of Southern California, and opened a cyber lab at Cal Poly San Luis Obispo. We see our customers extending their training programs in cyber, and the workforce is growing. We also see the military academies offering cyber degrees. In total, there is much to do but I see the ranks of cyber-educated professionals increasing and ready to take on this critically important mission.
4 QWhat role do managed security services play in overall government cybersecurity? ACommercial managed security services are not always suitable for a government application. We see a wide range of adversaries attacking government IT enterprises, and a managed security service may not have the robustness to address the range of threats targeted at a government agency. If such a service is used, you ve potentially introduced a gap or vulnerability. That said, as IT infrastructure becomes more centralized through cloud computing, managed security services play a natural role. Some areas of the Department of Defense are migrating to shared IT infrastructure models and will likely expand their internal managed service models, including managed security services. Again, risk management is key. We encourage them to think about the risk tradeoffs, and at the same time to expand their internal managed security models with a higher level of security. QThe Snowden revelations have renewed concern about internal security lapses. What can agencies do to protect themselves against insider threats? AThis is one of the most challenging problems that we see today. There are a number of steps agencies can take to protect themselves, starting with basic practices such as evaluating hiring processes and compartmentalizing critical information. But that s not all. Going beyond the basics, there are data exfiltration prevention solutions in the marketplace; however, it s not clear that these current solutions can fully address the threat. This is a problem we ve studied extensively at Northrop Grumman, and we re developing some innovative capabilities for our customers to overcome this challenge. For instance, we re advancing automated solutions that can not only identify malware and provide situational awareness for network operators, but can also identify behavior of insiders that are suspect. Strong identity management, user authentication, and role-based access techniques are central to reducing the insider threat. User credentials, preferably enforced through biometric solutions, are mature enough to be deployed. Enhanced analytics can also be used to identify abnormal or suspicious behaviors. QPassword-only authentication seems to be rapidly falling out of favor. For government, what are the realistic alternatives over the next few years? AIn the coming years, new authentication approaches will replace passwords. With touch screen phone technology, for example, you ll be able to use fingerprint, voice and facial recognition. We see authentication approaches that will combine biometrics, encrypted PINs, and secure device provisioning as attractive alternatives to passwords. Even today there are alternatives available for authentication. CAC cards, for example, can be an interim step and can be used in combination with biometrics such as fingerprint detection. This approach supports our belief that singlefactor authentication is not sufficient. Again, it gets back to the discussion about risk tolerance and what the proper balance is for each agency. There are numerous statistics available now that identify the cost to an organization of a successful cyber intrusion. So once the attack has happened, the ROI for implementing even the most basic authentication and security improvements - as well as basic hygiene measures - is higher and clearly justified. QHow well does the government procurement process aid cybersecurity measures? What else would you like to see? AOur government customers are well aware of the role that procurement plays in cyber, and we stress the importance of designing security into that process. This is absolutely critical. If you can design it in upfront you can keep down costs and do a lot for affordability. We also talk about the need to consider supply chain security early in the process. Deployed systems have to meet proper security standards and that needs to be balanced with the expected advancements in technology and pervasive trends, such as mobility. If they do that, they ll find themselves in a better posture as far as getting the acquisitions underway. Clearly, the awareness among government
5 officials from the top down is growing and is being translated into policy. The government procurement process itself is very mature, but there is still work to do. In January, the GSA and DoD announced recommendations to improve cybersecurity resilience and address cyber risks in the federal acquisition process, a great step forward QHow well is the FedRAMP program working, and are any changes needed? Will it alone make cloud-based services more secure for agencies? AFedRAMP has a very challenging role in supporting the procurement of cloud services. They ve got a working process now for vetting cloud solutions, and it definitely brings efficiencies to government. The standardization FedRAMP has applied to this technologically diverse environment allows for further efficiencies for the federal government. If a federal CTO or CIO is presented with a cloud provider that has a provisional authority to operate, then they know that provider has a sound solution and their service is a lower security risk. Again, balancing risk tolerance. In that sense, FedRAMP is speeding up the whole process of selecting and acquiring cloud services and getting them much more mature solutions. In the last year, there were just over a dozen cloud providers granted FedRAMP provisional ATOs, so the process is clearly working. About Northrop Grumman Northrop Grumman is a leading integrator of cyber solutions for the Department of Defense, the intelligence community, civil/federal agencies, and for commercial and international customers - offering innovative solutions that are securing networks and products, worldwide. For more information, go to:
DoD Strategy for Defending Networks, Systems, and Data
DoD Strategy for Defending Networks, Systems, and Data November 13, 2013 Department DoDD of Defense Chief Information Officer DoD Strategy for Defending Networks, Systems, and Data Introduction In July
More informationTime Is Not On Our Side!
An audit sets the baseline. Restricting The next steps Authenticating help prevent, Tracking detect, and User Access? respond. It is rare for a few days to pass without news of a security breach affecting
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationI D C A N A L Y S T C O N N E C T I O N
I D C A N A L Y S T C O N N E C T I O N Robert Westervelt Research Manager, Security Products T h e R o l e a nd Value of Continuous Security M o nitoring August 2015 Continuous security monitoring (CSM)
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More informationDefending against modern threats Kruger National Park ICCWS 2015
Defending against modern threats Kruger National Park ICCWS 2015 Herman Opperman (CISSP, ncse, MCSE-Sec) - Architect, Cybersecurity Global Practice Microsoft Corporation Trends from the field Perimeter
More informationCloud Computing Technologies Achieving Greater Trustworthiness and Resilience
Cloud Computing Technologies Achieving Greater Trustworthiness and Resilience Cloud Standards Customer Council Public Sector Cloud Summit March 24, 2014 Dr. Ron Ross Computer Security Division Information
More informationApplying machine learning techniques to achieve resilient, accurate, high-speed malware detection
White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division
More informationManaging the Unpredictable Human Element of Cybersecurity
CONTINUOUS MONITORING Managing the Unpredictable Human Element of Cybersecurity A WHITE PAPER PRESENTED BY: May 2014 PREPARED BY MARKET CONNECTIONS, INC. 14555 AVION PARKWAY, SUITE 125 CHANTILLY, VA 20151
More informationEnterprise Security Tactical Plan
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
More informationAddressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model
White Paper Addressing the Full Attack Continuum: Before, During, and After an Attack It s Time for a New Security Model Today s threat landscape is nothing like that of just 10 years ago. Simple attacks
More informationNorthrop Grumman White Paper
Northrop Grumman White Paper A Distributed Core Network for the FirstNet Nationwide Network State Connectivity to the Core Network April 2014 Provided by: Northrop Grumman Corporation Information Systems
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationRequirements When Considering a Next- Generation Firewall
White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration
More informationCybersecurity Delivering Confidence in the Cyber Domain
Cybersecurity Delivering Confidence in the Cyber Domain With decades of intelligence and cyber expertise, Raytheon offers unmatched, full-spectrum, end-to-end cyber solutions that help you secure your
More informationCybersecurity Enhancement Account. FY 2017 President s Budget
Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities
More informationCybersecurity: Mission integration to protect your assets
Cybersecurity: Mission integration to protect your assets C Y B E R S O L U T I O N S P O L I C Y O P E R AT I O N S P E O P L E T E C H N O L O G Y M A N A G E M E N T Ready for what s next Cyber solutions
More informationCyber Security Risk Management: A New and Holistic Approach
Cyber Security Risk Management: A New and Holistic Approach Understanding and Applying NIST SP 800-39 WebEx Hosted by: Business of Security and Federal InfoSec Forum April 12, 2011 Dr. Ron Ross Computer
More informationRetail Security: Enabling Retail Business Innovation with Threat-Centric Security.
Retail Security: Enabling Retail Business Innovation with Threat-Centric Security. 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco public information. (1110R) 1 In the past
More informationSTATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration
STATEMENT OF Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration BEFORE THE HOUSE COMMITTEE ON HOMELAND SECURITY SUBCOMMITTEE
More informationCloud Security for Federal Agencies
Experience the commitment ISSUE BRIEF Rev. April 2014 Cloud Security for Federal Agencies This paper helps federal agency executives evaluate security and privacy features when choosing a cloud service
More informationSecurity Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013
Security Architecture: From Start to Sustainment Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture Topics Introduction Reverse Engineering the Threat Operational
More informationCybersecurity on a Global Scale
Cybersecurity on a Global Scale Time-tested Leadership A global leader for more than a century with customers in 80 nations supported by offices in 19 countries worldwide, Raytheon recognizes that shared
More informationIncrease insight. Reduce risk. Feel confident.
Increase insight. Reduce risk. Feel confident. Define critical goals with enhanced visibility then enable security and compliance across your complex IT infrastructure. VIRTUALIZATION + CLOUD NETWORKING
More informationSession 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness
Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber
More informationStop advanced targeted attacks, identify high risk users and control Insider Threats
TRITON AP-EMAIL Stop advanced targeted attacks, identify high risk users and control Insider Threats From socially engineered lures to targeted phishing, most large cyberattacks begin with email. As these
More informationBy John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION
THE NEXT (FRONT) TIER IN SECURITY When conventional security falls short, breach detection systems and other tier 2 technologies can bolster your network s defenses. By John Pirc THREAT HAS moved beyond
More informationNICE and Framework Overview
NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationMike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program
Cyber: The Catalyst to Transform the Security Program Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA A Common Language? Hyper Connected World Rapid IT Evolution Agile Targeted Threat
More informationCyber Security Solutions Integrated. Proactive. Resilient.
Cyber Security Solutions Integrated. Proactive. Resilient. Between defending against cyber attacks and ensuring mission resilience, there is one important word: HOW Cyber attacks never stop coming. Intrusions
More informationCyber Watch. Written by Peter Buxbaum
Cyber Watch Written by Peter Buxbaum Security is a challenge for every agency, said Stanley Tyliszczak, vice president for technology integration at General Dynamics Information Technology. There needs
More informationCyber Security: Confronting the Threat
09 Cyber Security: Confronting the Threat Cyber Security: Confronting the Threat 09 In Short Cyber Threat Awareness and Preparedness Active Testing Likelihood of Attack Privacy Breaches 9% 67% Only 9%
More informationISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services
ISSUE BRIEF Cloud Security for Federal Agencies Achieving greater efficiency and better security through federally certified cloud services This paper is intended to help federal agency executives to better
More informationInnovation, Partnership, Development
Innovation, Partnership, Development ECEHDA Annual Conference March 13, 2015 Chris Valentino Director of Strategy The Need Access to top talent to address our nations most challenging problems Diverse
More informationIBM Smarter Cities Cybersecurity Update
IBM Smarter Cities Cybersecurity Update October 2012 Kent Blossom, Vice President, IBM Security Solutions kblossom@us.ibm.com 1 Discussion Topics IBM Security Systems Evolving Client Priorities & Approaches
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationMicrosoft s cybersecurity commitment
Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade
More informationCybersecurity Strategic Talent Management. March, 2012
Cybersecurity Strategic Talent Management March, 2012 Cyber Operations - Starts with People Exploit Intel Attack Cyber Operations Defend Enablers 2 Talent Management Challenge Mission: Attract, Develop,
More informationWhite Paper: The Current State of BYOD
CTOlabs.com White Paper: The Current State of BYOD May 2012 A White Paper providing context and guidance you can use Inside: Snapshot of a fast moving trend Summary of recent surveys Considerations for
More informationNorthrop Grumman Cybersecurity Research Consortium
Northrop Grumman Cybersecurity Research Consortium GUIRR Spring Meeting Washington DC 9 February 2011 Robert F. Brammer, Ph.D. VP Advanced Technology and Chief Technology Officer Northrop Grumman Information
More informationHow To Secure Cloud Infrastructure Security
Cloud Infrastructure Security It s Time to Rethink Your Strategy Cloud Infrastructure Security It s Time to Rethink Your Strategy Infrastructure security used to be easier. Now, it is dramatically more
More informationIG ISCM MATURITY MODEL FOR FY 2015 FISMA FOR OFFICIAL USE ONLY
IG MATURITY MODEL FOR FY 2015 FISMA 1 Ad-hoc 1.1 program is not formalized and activities are performed in a reactive manner resulting in an adhoc program that does not meet 2 requirements for a defined
More informationCLOUD COMPUTING SERVICES CATALOG
CLOUD COMPUTING SERVICES CATALOG... Including information about the FedRAMP SM authorized Unclassified Remote Hosted Desktop (URHD) Software as a Service solution CTC Cloud Computing Services Software
More informationGOVERNMENT USE OF MOBILE TECHNOLOGY
GOVERNMENT USE OF MOBILE TECHNOLOGY Barriers, Opportunities, and Gap Analysis DECEMBER 2012 Product of the Digital Services Advisory Group and Federal Chief Information Officers Council Contents Introduction...
More informationBlacKnight. Cyber Security international A BUSINESS / MARKETING PRESENTATION
BlacKnight Cyber Security international A BUSINESS / MARKETING PRESENTATION The BlacKnight Mission To provide proven techniques and innovative learning services to help organizations detect, deter and
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationA Modern Framework for Network Security in Government
A Modern Framework for Network Security in Government 3 A MODERN FRAMEWORK FOR NETWORK SECURITY IN THE FEDERAL GOVERNMENT Government: Securing Your Data, However and Wherever Accessed Governments around
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication
More informationAddressing Cyber Risk Building robust cyber governance
Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber
More informationCarbon Black and Palo Alto Networks
Carbon Black and Palo Alto Networks Bring Together Next-Generation Endpoint and Network Security Solutions Endpoints and Servers in the Crosshairs of According to a 2013 study, 70 percent of businesses
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More informationTHE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS
THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Collaboration and communication between technical
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationBlackRidge Technology Transport Access Control: Overview
2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service
More informationSolving the Security Puzzle
Solving the Security Puzzle How Government Agencies Can Mitigate Today s Threats Abstract The federal government is in the midst of a massive IT revolution. The rapid adoption of mobile, cloud and Big
More informationCyber Threat Intelligence Move to an intelligencedriven cybersecurity model
Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Stéphane Hurtaud Partner Governance Risk & Compliance Deloitte Laurent De La Vaissière Director Governance Risk & Compliance
More informationMalware isn t The only Threat on Your Endpoints
Malware isn t The only Threat on Your Endpoints Key Themes The cyber-threat landscape has Overview Cybersecurity has gained a much higher profile over the changed, and so have the past few years, thanks
More informationRemarks for Admiral David Simpson WTA Advocates for Rural Broadband Spring Meeting Cybersecurity Panel
Remarks for Admiral David Simpson WTA Advocates for Rural Broadband Spring Meeting Cybersecurity Panel May 5th, 2015 10:00-11:30 a.m. Hyatt Regency, Indian Wells, CA Thank you all for welcoming me. It
More informationReliable, Repeatable, Measurable, Affordable
Reliable, Repeatable, Measurable, Affordable Defense-in-Depth Across Your Cyber Security Life-Cycle Faced with today s intensifying threat environment, where do you turn for cyber security answers you
More informationCYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS. Steve Mills DAU-South
CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS Steve Mills DAU-South 1 Overview Questions Cybersecurity Owners and Stakeholders Cybersecurity Why It Matters to DoD Program Managers Defense Science
More informationSITUATIONAL AWARENESS MITIGATE CYBERTHREATS
Gaining the SITUATIONAL AWARENESS needed to MITIGATE CYBERTHREATS Industry Perspective EXECUTIVE SUMMARY To become more resilient against cyberthreats, agencies must improve visibility and understand events
More informationSTAND THE. Cybersecurity. Q&A with Industry Leaders
STAND Cybersecurity Q&A with Industry Leaders Over the next five years, government will spend $55 billion on keeping mission critical systems and data safe from malicious threats. But even with this level
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationThe Comprehensive National Cybersecurity Initiative
The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationStatement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education
Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education Before the U.S. House Oversight and Government Reform Committee Hearing on Agency Compliance with the Federal Information
More informationSecuring Government Clouds Preparing for the Rainy Days
Securing Government Clouds Preparing for the Rainy Days Majed Saadi Director, Cloud Computing Practice Agenda 1. The Cloud: Opportunities and Challenges 2. Cloud s Potential for Providing Government Services
More informationOpening Up a Second Front for Cyber Security and Risk Management
Opening Up a Second Front for Cyber Security and Risk Management Annual Computer Security Applications Conference December 4, 2012 Dr. Ron Ross Computer Security Division Information Technology Laboratory
More informationSOLUTION BRIEF. Next Generation APT Defense for Healthcare
SOLUTION BRIEF Next Generation APT Defense for Healthcare Overview Next Generation APT Defense for Healthcare Healthcare records with patients personally identifiable information (PII) combined with their
More informationUpdate On Smart Grid Cyber Security
Update On Smart Grid Cyber Security Kshamit Dixit Manager IT Security, Toronto Hydro, Ontario, Canada 1 Agenda Cyber Security Overview Security Framework Securing Smart Grid 2 Smart Grid Attack Threats
More informationTHE FUTURE OF SMART GRID COMMUNICATIONS
THE FUTURE OF SMART GRID COMMUNICATIONS KENNETH C. BUDKA CTO STRATEGIC INDUSTRIES MAY 2014 THE GRID OF THE FUTURE WIDE-SCALE DEPLOYMENT OF RENEWABLES INCREASED ENERGY EFFICIENCY PEAK POWER REDUCTION, DEMAND
More informationCyber security in healthcare
Cyber security in healthcare Julian Meyrick, Vice President IBM Security Services Europe julian_meyrick@uk.ibm.com Healthcare is one of the top 5 industries that continue to offer attackers the most significant
More informationCyber Situational Awareness for Enterprise Security
Cyber Situational Awareness for Enterprise Security Tzvi Kasten AVP, Business Development Biju Varghese Director, Engineering Sudhir Garg Technical Architect The security world is changing as the nature
More informationREPORT. Next steps in cyber security
REPORT March 2015 Contents Executive summary...3 The Deloitte and Efma questionnaire...5 Level of awareness...5 Level of significance...8 Level of implementation...11 Gap identification and concerns...15
More informationTriangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace
Triangle InfoSeCon Alternative Approaches for Secure Operations in Cyberspace Lt General Bob Elder, USAF (Retired) Research Professor, George Mason University Strategic Advisor, Georgia Tech Research Institute
More informationAddressing FISMA Assessment Requirements
SOLUTION BRIEF Heeding FISMA s Call for Security Metrics and Continuous Network Monitoring Addressing FISMA Assessment Requirements Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965 Freedom
More informationHow do you give cybersecurity the highest priority in your organization? Cyber Protection & Resilience Solutions from CGI
How do you give cybersecurity the highest priority in your organization? Cyber Protection & Resilience Solutions from CGI CGI Cyber Protection & Resilience Solutions Optimized risk management and protection
More informationThe Path Ahead for Security Leaders
The Path Ahead for Security Leaders Executive Summary What You Will Learn If you asked security leaders five years ago what their primary focus was, you would likely get a resounding: securing our operations.
More informationRETHINKING CYBER SECURITY
RETHINKING CYBER SECURITY CHANGING THE BUSINESS CONVERSATION INTRODUCTION Advanced Persistent Threats (APTs) and advanced malware have been plaguing IT professionals for over a decade. During that time,
More informationADVANCED PERSISTENT THREATS & ZERO DAY ATTACKS
ADVANCED PERSISTENT THREATS & ZERO DAY ATTACKS AN INFORMATION SECURITY BATTLEFIELD From Static to Dynamic Defense Cyber Security Strategies, LLC 1 2008-2010 Is The Cyber Tipping Point ESTONIA GEORGIA CABLE
More informationUnified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice
Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Introduction There are numerous statistics published by security vendors, Government
More informationWhite Paper: Leveraging Web Intelligence to Enhance Cyber Security
White Paper: Leveraging Web Intelligence to Enhance Cyber Security October 2013 Inside: New context on Web Intelligence The need for external data in enterprise context Making better use of web intelligence
More informationRethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council
Rethinking Information Security for Advanced Threats CEB Information Risk Leadership Council Advanced threats differ from conventional security threats along many dimensions, making them much more difficult
More informationAccenture Cyber Security Transformation. October 2015
Accenture Cyber Security Transformation October 2015 Today s Presenter Antti Ropponen, Nordic Cyber Defense Domain Lead Accenture Nordics Antti is a leading consultant in Accenture's security consulting
More informationRisk Calculation and Predictive Analytics: Optimizing Governance, Risk and Compliance.
Risk Calculation and Predictive Analytics: Optimizing Governance, Risk and Compliance. Prevari makes organizations safer by providing instrumentation for managing risks to information. Prevari solutions
More informationCybersecurity in the States 2012: Priorities, Issues and Trends
Cybersecurity in the States 2012: Priorities, Issues and Trends Commission on Maryland Cyber Security and Innovation June 8, 2012 Pam Walker, Director of Government Affairs National Association of State
More informationRSA, The Security Division of EMC. Zamanta Anguiano Sales Manager RSA
RSA, The Security Division of EMC Zamanta Anguiano Sales Manager RSA The Age of the Hyperextended Enterprise BUSINESS ISSUES IMPACT Innovation Collaboration Exploding Information Supply Chain Customer
More informationIncident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com
Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationSecurity Risk Management For Health IT Systems and Networks
Health IT Standards Committee Meeting Security Risk Management For Health IT Systems and Networks NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Setting the stage. NATIONAL INSTITUTE OF STANDARDS AND
More informationSTATEMENT OF SYLVIA BURNS CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF THE INTERIOR BEFORE THE
STATEMENT OF SYLVIA BURNS CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF THE INTERIOR BEFORE THE HOUSE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM SUBCOMMITTEE ON INFORMATION TECHNOLOGY AND SUBCOMMITTE
More informationSponsored by. A REPORT BY HARVARD BUSINESS REVIEW ANALYTIC SERVICES Aggressive and Persistent: Using Frameworks to Defend Against Cyber Attacks
A REPORT BY HARVARD BUSINESS REVIEW ANALYTIC SERVICES Aggressive and Persistent: Using Frameworks to Defend Against Cyber Attacks Sponsored by Copyright 2014 Harvard Business School Publishing. All rights
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationEXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C. 20503. October 30, 2015
EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C. 20503 October 30, 2015 Executive Summary Strengthening the cybersecurity of Federal networks, systems, and data is one
More informationEEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project
EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies
More informationWhy Device Fingerprinting Provides Better Network Security than IP Blocking. How to transform the economics of hacking in your favor
Why Device Fingerprinting Provides Better Network Security than IP Blocking How to transform the economics of hacking in your favor Why Device Fingerprinting Provides Better Network Security than IP Blocking
More informationNavigating the NIST Cybersecurity Framework
Navigating the NIST Cybersecurity Framework Explore the NIST Cybersecurity Framework and tools and processes needed for successful implementation. Abstract For federal agencies, addressing cybersecurity
More information