Maintaining Herd Communication - Standards Used In IT And Cyber Security. Laura Kuiper

Similar documents

Strengths and Weaknesses of Cybersecurity Standards

Part 2: ICT security standards and guidance documents

AN OVERVIEW OF INFORMATION SECURITY STANDARDS

Security Controls What Works. Southside Virginia Community College: Security Awareness

INTERNATIONAL TELECOMMUNICATION UNION

Big Data, Big Risk, Big Rewards. Hussein Syed

Harmonizing Your Compliance and Security Objectives. Bonnie A. Goins Adjunct Professor, Illinois Institute of Technology

ICT Security Cybersecurity CYBEX Overview of activities in ITU-T with focus on Study Group 17

INFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc.

ITU-T Security Standard Activities

Latest in Cloud Computing Standards. Eric A. Hibbard, CISSP, ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems

Working Group on. First Working Group Meeting

Security/Information Assurance Measurements and Metrics

Our Commitment to Information Security

ISO/IEC Information & ICT Security and Governance Standards in practice. Charles Provencher, Nurun Inc; Chair CAC-SC27 & CAC-CGIT

Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012

Logging the Pillar of Compliance

Enterprise Security Architecture for Cyber Security. M.M.Veeraragaloo 5 th September 2013

Standards for Cyber Security

Information Security Management

Information Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza

A Flexible and Comprehensive Approach to a Cloud Compliance Program

The identity management (IdM) ecosystem: minding the gaps

Cloud Security Standards. Aziza Al Rashdi Director, Cyber Security Professional Services Oman National CERT Information Technology Authority

Status Report on Storage Security Initiatives

Fortinet Solutions for Compliance Requirements

2011 Cloud Security Alliance, Inc. All rights reserved.

Human Factors in Information Security

Cyber Security Controls Assessment : A Critical Discipline of Systems Engineering

PROPOSAL 20. Resolution 130 of Marrakesh on the role of ITU in information and communication network security

Privacy Impact Assessment. For Person Authentication Service (PAS) Date: January 9, 2015

Compliance, Audits and Fire Drills: In the Way of Real Security?

Information Security Management Systems

Cybersecurity for ALL

Executive Overview...4. Importance to Citizens, Businesses and Government...5. Emergency Management and Preparedness...6

ISO 27001:2005 & ISO 9001:2008

Altius IT Policy Collection Compliance and Standards Matrix

Privacy Management Standards: What They Are and Why They Are Needed Now

Copyright Telerad Tech RADSpa. HIPAA Compliance

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Data Management & Protection: Common Definitions

Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University

How to Lead the People in a Program Based Environment

kamai Technologies Inc. Commonly Accepted Security Practices and Recommendations (CASPR)

Cryptography and Network Security: Overview

Global Efforts to Secure Cloud Computing

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters

Lifting the Fog Around Cloud Computing. Eric A. Hibbard, CISSP-ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems

Securing your Corporate Infrastructure What is really needed to keep your assets protected

Society, Law Enforcement and the Internet

Cloud Computing ISO Security and Privacy Standards: 27017, 27018, Mike Edwards (Chair UK Cloud Standards Committee)

M2M & Cybersecurity Workshop TIA 2013 M2M Standards and Security. Mihai Voicu CIO/CSO ILS Technology LLC

Hans Bos Microsoft Nederland.

Network Security. Introduction. Security services. Players. Conclusions. Distributed information Distributed processing Remote smart systems access

Overview of ITU Cybersecurity Activities

Logical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110

Vendor Risk Management Financial Organizations

Introduction to Security

NIS Direktive und Europäische sicherheitsrelevante Projekte Udo Helmbrecht Executive Director, ENISA

Pilvipalveluiden tietoturvan standardisointi

Cloud Computing Standards: Overview and ITU-T positioning

CASPR Commonly Accepted Security Practices and Recommendations

Global Efforts to Secure Cloud Computing. Jason Witty President, Cloud Security Alliance Chicago

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

Enabling Compliance Requirements using ISMS Framework (ISO27001)

CYBERCRIME AND INFORMATION GOVERNANCE ARE YOU PREPARED?

A Funny Thing Happened On The Way To OASIS: From Specifications to Standards

Managing e-health data: Security management. Marc Nyssen Medical Informatics VUB Master in Health Telematics KIST

How To Implement An Information Security Management System

COSC 472 Network Security

Governance and Management of Information Security

AlienVault for Regulatory Compliance

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech

ANNEX B. Terms of Reference. CTBTO Information Security Management System Support on Call-off Basis

I. Introduction to Privacy: Common Principles and Approaches

Information Security ISO Standards. Feb 11, Glen Bruce Director, Enterprise Risk Security & Privacy

JTC 1/SC 27Security Techniques - Översikt arbetsgrupper och standarder

Toward global Interoperable Identity Management

Cybersecurity Framework: Current Status and Next Steps

Attacking the roadblocks preventing aggressive adoption of Cloud Standards:

Lith Networking and Network Marketing Safety

ITL BULLETIN FOR AUGUST 2012

SECURITY. Risk & Compliance Services

Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014

Top 10 Baseline Cybersecurity Controls Banks Aren't Doing

NIST Cyber Security Activities

What is Management Responsible For?

Securing the Microsoft Cloud

Security in the Green Cloud

Corporate Overview. MindPoint Group, LLC 8078 Edinburgh Drive, Springfield, VA Office: Fax:

Security issues in M2M envinronments when dealing with encrypted communication channels (such as SSH) Raoul Chiesa President, Security Brokers

Healthcare Cybersecurity Risk Management: Keys To an Effective Plan

Personal Security Practices of the CAO

Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit.

ITU Global Cybersecurity Agenda (GCA)

Nadya Bartol, CISSP, CGEIT VP, Industry Affairs and Cybersecurity Strategist UTC (Utilities Telecom Council) USA Utilities Telecom Council 1

93% of large organisations and 76% of small businesses

Achieving Governance, Risk and Compliance Requirements with HISP Certification Course

Transcription:

Maintaining Herd Communication - Standards Used In IT And Cyber Security Laura Kuiper

So what is Cyber Security? According to ITU-T X.1205 Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user s assets. Organization and user s assets include connected computing devices, personnel, infrastructure, applications, services, telecommunications systems, and the totality of transmitted and/or stored information in the cyber environment. Cybersecurity strives to ensure the attainment and maintenance of the security properties of the organization and user s assets against relevant security risks in the cyber environment. The general security objectives comprise the following: Availability Integrity, which may include authenticity and non-repudiation Confidentiality **ITU-T X.1205 Guidelines for CyberSecurity

So Many Standards Bodies Which organization should I be looking at? NIST ITU IEEE OASIS ISO IETF DHS BSIA CEN SIA ANSI

Cyber Security Topics Under Development Anti-Spam Mal-ware protection Botnet protection Home Security Identity Management Service Oriented Architecture (SOA) Biometricsi Critical Infrastructure

ITU Work Identity Management Preventing Worms spreading Network Security Management Privacy Incident Management Information Sharing

ISO Work ISO/IEC 27001/27002 Revision Identity Management/Privacy Responsible Vulnerability Disclosure ISO/IEC 27032 Guidelines for CyberSecurity Sector to Sector Communications Security for E-Government Network Security Risk Management ICT Readiness Auditing Industry Specific Standards

Other SDOs IETF Domain Name System (DNS) security, authentication protocols, public key infrastructure, email security, IEEE Wireless Security

So Much Complexity and Confusion DHS IEEE NIST ITU OASIS ISO IETF BSIA CEN SIA ANSI

Reducing the Complexity and Confusion Definition Documents ITU and ISO compatible standards ISO Standards d to support implementation ti SDO Liaisons Between SDOs With Industry Organizations

Definition Documents Information and Communications Technology (ICT) Security Standards Roadmap [2] Internet Security Glossary from the Internet Engineering Task Force (IETF), RFC 4949 [3] International ti Telecommunications Union Telecommunication Standardization Sector (ITU-T) T) approved security definitions iti [4]

Compatible Standards Identity Management ITU-T Focus Group Involvement of Major Industry organizations Simultaneous creation in ISO using same base documents CyberSecurity Standard ITU-T and ISO Liaison as editor Reducing duplication of effort Industry Specific

IS0 Implementation Standards ISO/IEC 27000 Family of Standards ISO/IEC 27003 - Information security management system implementation guidance ISO/IEC 27033 2 - Network Security Design and Implementation ISO/IEC 27004 ISM Measurements ISO/IEC 27034 Guidelines for Application Security

ISO Support Standards ISO/IEC 27005 Information Security Risk Management ISO/IEC 27007 ISMS Auditor Guidelines ISO/IEC 27031 ICT Readiness for Business Continuity it ISO/IEC 27035 Information Security Incident Management

Standard Relationships

Other Relationships Compliance Requirements Sarbanes Oxley (SOX) HIPAA PCI Extended Control Sets

What about Compliance? Which standard to use? Does this meet the requirements for regulations? What about conflicting standards NIST FIPS 200

Extended Control Set (ECS) Additional Controls for standards and controls beyond ISO/IEC 27001 Used with HIPAA, PCI, Sarbanes Oxley, etc Used to create an Information Security Management System (ISMS) for all requirements

Example of Using ECS

On the Horizon(1) Critical Infrastructure Sector to Sector Communications Sector/Industry Specific Guidelines ITU-D Cyber Security for Emerging Countries Security for E-Government

On the Horizon (2) Forensics Digital Forensics Communication Incident Response and Management Responsible Vulnerability Disclosure Incident Response Home Network Security Anti-Spam, Malware protection

Summary

References [1]http://www.pcmag.com/encyclopedia_term/0,2542,t=cyber security&i=40643,00.asp [2]ITU-T, European Network and Information Security Agency (ENISA), Network and Information Security Steering Group (NISSG). ICT Security Standards d Roadmap, version 2.2, 22 September 2007. <http://www.itu.int/itu- T/studygroups/com17/ict/index.html>. [3]Internet Engineering Task Force. Internet Security Glossary, August 2007. <http://www.ietf.org/rfc/rfc4949.txt>. [4] ITU T l i ti St d di ti S t S it [4] ITU Telecommunication Standardization Sector. Security Compendium, Part 2 Approved ITU-T Security Definitions. <http://www.itu.int/dms_pub/itut/oth/0a/0d/t0a0d00000a0001mswe.doc>.