Cyber Security SPIN
Overview Introduction The Importance of Software and Cyber Security Cyber Security Lifecycle and Process Summary 2
Software is Everywhere 3
Software is Becoming More Personal 4
We are Always Connected 5
Cyber Security is Crucial 6
Cyber Security Needs Systems, Enterprise, and Workforce Management Secure Software and Systems Development Resiliency Management Insider Threat Models and Controls Accelerated Security Operations, Investigation, and Response at Scale Network Situational Awareness Malware Analytics (reverse engineering, cataloging, tools) Incident Response and Digital Forensics 7
Secure Coding Standards Establish coding guidelines for commonly used programming languages that can be used to improve the security of software systems under development Based on documented standard language versions as defined by official or de facto standards organizations Secure coding standards are completed or under development for: C programming language C++ programming language Java Platform 8
Secure Coding Roadmap 9
Resilience Management Convergence of Security, Business Continuity, and IT Operations Ensure important assets stay productive in supporting business goals Risk Monitoring and Control Risk Planning Risk Identification Identify and address risk before it becomes disruptive Key element of Critical Infrastructure Protection Large-scale Incident Response Risk Response Risk Analysis 10
Insider Threat Protection Theft Sabotage Fraud 11
Network Situational Awareness Large Scale DNS Analysis Data Visualization Network Flow and Mobility Population Modeling Opte Project 12
Malware: Triage, Cataloging, Analysis 13
Cyber Crime Max Butler, 35, of San Francisco (AKA Max Vision, AKA Iceman) was indicted by a federal grand jury in Pittsburgh on three counts of wire fraud and two counts of transferring stolen identify information. www.theregister.co.uk The 27-count indictment charges Maksym Yastremskiy of Kharkov, Ukraine, and Aleksandr Suvorov from Estonia with conspiracy to commit wire fraud, wire fraud, aggravated identity theft, and conspiracy to commit computer fraud. Authorities say the alleged hackers obtained more than 52 million customer credit card numbers. www.newsfeedresearcher.com Albert Gonzalez, 28, and the two still-unnamed Russian citizens are charged with running an international scheme to steal more than 130 million credit and debit card numbers. www.newsfeedresearcher.com 14
Summary Pervasive connectivity of systems requires security measures. Responding to security incidents is critical but an unsustainable solution. Proactively building in security and managing resiliency to protect systems is imperative. Developing a capable cybersecurity workforce is essential to successful protection of our systems and information. 15