Cyber Education triangle clarifying the fog of cyber security through targeted training



Similar documents
Cutting through the fog of cybersecurity

Cybersecurity: What CFO s Need to Know

Cybersecurity Definitions and Academic Landscape

What REALLY matters in Cloud Security? RE: Internet of things sensors, data, security and beyond!

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

NICE and Framework Overview

Altius IT Policy Collection Compliance and Standards Matrix

National Initiative for Cyber Security Education

How to use the National Cybersecurity Workforce Framework. Your Implementation Guide

Checklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security

Wasting Money on the Tools? Automating the Most Critical Security Controls. Mason Brown Director, The SANS Institute

Checklist for Breach Readiness. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) For Daily Compliance & Security Tips, Follow

Tactical View for Cyber Security Framework

National Initiative for Cybersecurity Education

Looking at the SANS 20 Critical Security Controls

Defending Against Data Beaches: Internal Controls for Cybersecurity

Solving the CIO s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense

SECURITY. Risk & Compliance Services

Critical Controls for Cyber Security.

Caretower s SIEM Managed Security Services

Think like an MBA not a CISSP

Corporate Overview. MindPoint Group, LLC 8078 Edinburgh Drive, Springfield, VA Office: Fax:

Information Security Officer (# 1773) Salary: Grade 25 ($81,808-$102,167) / Grade 27 ($90,595 to $113,141) Summary of Duties. Minimum Qualifications

PCI DSS AND THE TOP 20 CRITICAL SECURITY CONTROLS COMPARING SECURITY FRAMEWORKS SERIES

THE NATIONAL CYBERSECURITY WORKFORCE FRAMEWORK. USER GUIDE Employers

Designing & Building a Cybersecurity Program. Based on the NIST Cybersecurity Framework (CSF)

Metrics that Matter Security Risk Analytics

Cyber security tackling the risks with new solutions and co-operation Miikka Pönniö

CONCEPTS IN CYBER SECURITY

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Program Overview and 2015 Outlook

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

SANS Top 20 Critical Controls for Effective Cyber Defense

Vendor Risk Management Financial Organizations

Cybersecurity and internal audit. August 15, 2014

Access FedVTE online at: fedvte.usalearning.gov

IT AUDIT WHO WE ARE. Current Trends and Top Risks of /9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

Big Data, Big Risk, Big Rewards. Hussein Syed

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

The Evolution of Application Monitoring

National Railroad Passenger Corp. (AMTRAK) Session 1 Threats and Constraints. Continuous. - Continuous Monitoring. - Continuous Assessment

The Cyber OODA Loop: How Your Attacker Should Help You Design Your Defense. Tony Sager The Center for Internet Security

Intelligence Driven Security

Click to edit Master title style. How To Choose The Right MSSP

Leveraging SANS and NIST to Evaluate New Security Tools

INCIDENT RESPONSE CHECKLIST

Operationally Focused CYBER Training Framework

The Protection Mission a constant endeavor

The Role of Security Monitoring & SIEM in Risk Management

Complying with the Federal Information Security Management Act. Parallels with Sarbanes-Oxley Compliance

An enterprise grade information security & forensic technical team

Cybersecurity. Cloud. and the. 4TH Annual NICE Workshop Navigating the National Cybersecurity Education InterState Highway September 2013

SOC & HIPAA Compliance

Teaching Information Security to Engineering Managers

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

Information Security Risk and Compliance Series Risking Your Business

Defending against modern threats Kruger National Park ICCWS 2015

We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

RMS. Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles

Information Technology Risk Management

Triangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

PCI Compliance for Cloud Applications

Building Security In:

IBM QRadar Security Intelligence April 2013

Cyber Security Seminar KTH

U.S. FLEET CYBER COMMAND U.S. TENTH FLEET DoD RMF Transition

How To Protect Yourself From A Hacker Attack

CRR-NIST CSF Crosswalk 1

Information Blue Valley Schools FEBRUARY 2015

Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.

Cyber Risk Management Guidance for FHFA Regulated Entities

PCI DSS 3.0 : THE CHANGES AND HOW THEY WILL EFFECT YOUR BUSINESS

University of Pittsburgh Security Assessment Questionnaire (v1.5)

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Digi Device Cloud: Security You Can Trust

Personal Security Practices of the CAO

NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015

Cyber R &D Research Roundtable

Information Security Policy

White Paper: Consensus Audit Guidelines and Symantec RAS

Professional Services Overview

Developing a Mature Security Operations Center

Transcription:

Cyber Education triangle clarifying the fog of cyber security through targeted training Curriculum & Resources Linked / leveraged (on-line, companies, colleges, etc) MS / BS Cyber CISSP / GISP / CISO / etc forensics / ethical hacker / etc Firewall / cloud security/ Crypto & Key mgmt / * Education levels Advanced Targeted Expands the pool for advanced education Small business security course & practicum (KEY break point ->) Security + Awareness Education STEM (grades 7-12) Foundational ( * = IDS/IPS, anti-virus, wireless, application development / management, web/mobile code, mobile, etc )

NICE Levels & methods NSA CAE Accreditation Focus areas NIST SPs & must do + requirements SANS top 20 Top 35 Mitigations OWASP top 10 Top 25 SW errors Notional Cyber education roadmap (Authoritative sources, categorized, mapped to CSF) Customer Awareness AND Demand CERT areas / KSAs Grouped & aligned Support key IA needs Align Needs / Areas Clarify / map certs to specific demand areas Target environment Curriculum MAP Objectives Quantified KSAs Cyber Needs Paper Center & align KSAs with security needs to also educate leaders Targeted / focused Trained / proven KSA Cyber Workforce NIST / Whitehouse Cybersecurity framework (CSF) foundation Inputs / factors Key artifacts outcome

Cyber capabilities KSA decomposition (Objective = Business Risk Management prioritized vulnerability reductions) Overall Cyber Security Factors people Main functional Areas / buckets processes products policy (1) Provision Analyze O&M / support Collect Investigate Protect & defend From NICE framework = (1) functions (2) cyber skills (KSAs) (2) requirements analysis Assessment C&A Security testing Pen testing Security design KEY capabilities / products / processes / methods = KSAs Compliance IA/CND & crypto/key mgmt IA&A Mobile / wireless Tools Policy Network (client / server / router) SW/apps services Web / active code Data O&M/support Sys Admin & CM/hygiene Threats C&A (V&V) RISK Assessment ALL geared to specific positions / types (manager, project lead, Cyber SME / ISSE) And with some aspect of technical level (apprentice, journeyman, master)

Hierarchy of Cyber Needs (i.e.. Maslow ) Where if you don t take care of the level before the one you are operating in, focusing on, then your efforts are for the most part mute, as you are in a higher risk status until the earlier level is satisfied! Master Optimized Value 5 Cyber actualization compliance / assessment / analytics + V&V / TE&C / C&A formal proof > residual risks > cyber value proposition + KEY compliance activities PII, PCI, HIPAA, etc + Forensics / ethical hacker + Big data / predictive analytics (integrate SCM / SIEM, IA/CND reports, etc l) + Pen / security testing (of all cyber capabilities, backup, PW, etc) NSA IAD top ten tasks Top 20 security controls Top 35 mitigations 4 Applied cyber security (IA / CND / security capabilities best practices) Given the below best practices, cyber protections approach, then distill the key attributes for each IA/CND capability, while following and tailoring for the company s environment the install instructions of the products specific equipment settings for secure sustainment / operations = Firewall, A/V suite, IDS/IPS, Crypto, Key mgmt., Mobile, wireless, Network, apps, data security, etc Journeyman Operations 3 Cyber Maintenance security Hygiene / CM / SoPs + Manage Policy social media content & settings restrict sharing / privileges = proactive monitoring + Maintain Cyber Security Suite patches, upgrades, etc.. control system settings & dashboard! + Standard operating procedures (SOPs).. USE / enforce them + Security training / education awareness ALL levels reinforce / Incentivize pos& neg 2 Cyber foundation + Access control (PW, CAC, enforce least privilege, separate / rotate duties, etc) + Layered Defense IA/CND strategy WHAT capabilities are needed + Security Policy (privacy, social media, PII, etc) enforcement aspects too + Monitoring / Know your baseline SCM / SIEM.. + Tools selection and integration + Business Risk Management / Assessment (RMF / COBIT) / requirements analysis with an AoA Apprentice BASICs 1 Resiliency Survival / recovery + Secure backup (Types / methods, various sites / levels) + Incident responses (company processes, comms with LE / FBI, etc) + Recovery Plan COOP / BCP (phases of recovery, hot / mirror site, etc) KSA / practicum based on small business security

The Cyber Integrated Package Structured bottom up / needs approach to effective cyber education!

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information