SlideShare une entreprise Scribd logo

A W W A Presentation Regional Paper David Mc Cann

Télécharger en tant que PPT, PDF
Wivenhoe Management Group
Wivenhoe Management Group

The document discusses security vulnerability assessments (SVAs), their importance, history of related legislation, and liability issues. An SVA identifies threats, critical assets, recommendations, and costs. Without an SVA, an organization does not know its threat level, vulnerabilities, or appropriate security improvements. Federal agencies now require SVAs for many critical infrastructures. Properly addressing SVA findings can reduce liability, while ignoring vulnerabilities could result in negligence claims following an incident.

TechnologieBusiness
1  sur  58
SECURITY VULNERABILITY ASSESSMENT (SVA) & LIABILITY
TODAY’S PRESENTATION WILL ENCOMPASS THE FOLLOWING: ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
THE BASICS OF AN SVA ,[object Object],[object Object],[object Object],[object Object]
THE BASICS OF AN SVA ,[object Object],[object Object],[object Object],[object Object]
AS A NATION THE US REMAINS AT ELEVATED THREAT LEVELS Current Prevailing Nationwide Threat Level: It was Raised to High around the Anniversary of Sept. 11
CURRENT STATE OF SECURITY… OUTSIDER - PHYSICAL ATTACKS Type of Adversary Criminal Foreign State-Sponsored Terrorist Domestic Terrorist Environmental Extremist Vandals Threat Level Many users have historically protected at this level.
VANDAL (LOWEST RISK) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Vandal: Usually between the ages of 7 – 19
FOREIGN STATE-SPONSORED TERRORIST (HIGHEST RISK) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],International Terrorist: Adult, Male or Female, Ideology Driven
LET’S EXAMINE INSIDER THREAT SPECTRUM Type of Adversary Disgruntled (Sending a Message) Super-Insider (coercion) Disgruntled (Revenge) Threat Level Criminal Acts (Personal Gain) Disgruntled (Collusion) ,[object Object],[object Object],[object Object],Increased Access, Motivation, & Skill Level increases threat
CYBER DBT IS AMATEUR HACKER & INSIDER WITH OPERATIONAL PRIVILEGES Novice Amateur Hacker Organized Crime Government Sponsored Type of Cyber Terrorist Knowledge
THE BASICS OF AN SVA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
THE BASICS OF AN SVA ,[object Object],[object Object],[object Object],[object Object],[object Object]
THE BASICS OF AN SVA ,[object Object],[object Object],[object Object],[object Object],[object Object]
Client XXX Security Improvement Cost Estimate Sandia Methodology Approach Summary of Risk Reduction Solutions for Client XXX RISK REDUCTION SOLUTION CRITICAL ASSET DESCRIPTION ESTIMATED COST (1A) Control # X Relocate with New Housing $TBD (1B) Control # X Perimeter Security Improvements & Upgrades $600,000 (2A) Control # Y & I-XX/C-XX Culverts Perimeter Security Improvements $200,000 (2B) As Above Hardening Measures $190,000 (3A) WTP Facility Perimeter Security Improvements & Upgrade 1,240,000 (3B) As Above Perimeter Security Improvements & Upgrade 300,000 (3C) As Above Hardening Measures 1,060,000 TOTAL $3,590,000
Client XXX Security Improvement Cost Estimate Deterrent Methodology Approach Summary of Risk Reduction Solutions for Client XXX RISK REDUCTION SOLUTION CRITICAL ASSET DESCRIPTION ESTIMATED COST (1A) Control # X Relocate with New Housing $TBD (1B) Control # X Perimeter Security Improvements & Upgrades $276,000 (2A) Control # Y & I-XX/C-XX Culverts Perimeter Security Improvements $105,400 (2B) As Above Hardening Measures N/A (3A) WTP Facility Perimeter Security Improvements & Upgrade $560,500 (3B) As Above Perimeter Security Improvements & Upgrade $192,000 (3C) As Above Hardening Measures $1,060,000 TOTAL REDUCTION OF 68.42% $1,133,900
WHY IS AN SVA SO IMPORTANT?
A PROPERLY EXECUTED SVA PROVIDES: ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
WITHOUT PERFORMING A VA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
HISTORY OF SVA LEGISLATION ,[object Object],[object Object],[object Object]
CRITICAL INFRASTRUCTURES SUPPORT COMMAND AND CONTROL
HISTORY OF SVA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
HISTORY OF SVA ,[object Object],Since1998 the National Petroleum Council has been reviewing the vulnerabilities of oil & gas industry to attack (both physical and cyber). Post 9/11, oil and gas has been monitoring the security of its oil and gas transportation network, its refineries and its distribution facilities The American Petroleum Institute is coordinating information sharing among members. ISAC (Information Sharing and Analysis Center) has been promoting collection, assessment, and sharing of oil & gas member information on physical and electronic threats, vulnerabilities, incidents, and solutions/best practices.
HISTORY OF SVA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
NEW INITIATIVES BY STATE ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
NEW JERSEY ,[object Object],[object Object],[object Object],[object Object],[object Object]
MARYLAND ,[object Object],[object Object],[object Object],[object Object]
ILLINOIS ,[object Object],[object Object],[object Object]
HISTORY OF SVA ,[object Object],[object Object],[object Object],[object Object],[object Object]
HISTORY OF SVA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
NEW LEGISLATION ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
CLEAR PATTERN ,[object Object],[object Object],[object Object]
LIABILITY
LIABILITY ISSUES ,[object Object],[object Object]
LIABILITY ISSUES ,[object Object]
LIABILITY ISSUES ,[object Object],[object Object]
LIABILITY ISSUES ,[object Object],[object Object]
NEGLIGENCE ISSUES ,[object Object],[object Object]
NEGLIGENCE ISSUES ,[object Object],[object Object]
NEGLIGENCE ISSUES ,[object Object],[object Object]
FURTHER LIABILITY ISSUES ,[object Object],[object Object]
STATEMENT ,[object Object]
FURTHER LIABILITY ISSUES ,[object Object]
 
LACK OF DESIGN CRITERIA ,[object Object],[object Object],[object Object],[object Object],[object Object]
INADEQUATE SECURITY ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
QUESTIONS THAT CAN BE ANSWERED BY PROPER SECURITY DESIGN CRITERIA
LIKELY QUESTIONS…. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
LIKELY QUESTIONS… ,[object Object],[object Object],[object Object],[object Object],[object Object]
FURTHER LIABILITY ISSUES ,[object Object],[object Object],[object Object],[object Object]
FURTHER LIABILITY ISSUES ,[object Object],[object Object],[object Object],[object Object],[object Object]
SOLUTIONS
SECURITY VULNERABILITY ASSESSMENT (SVA) ,[object Object],[object Object]
SECURITY VULNERABILITY ASSESSMENT (SVA) ,[object Object],[object Object],[object Object]
SECURITY VULNERABILITY ASSESSMENT (SVA) ,[object Object],[object Object]
SOLUTIONS ,[object Object],[object Object],[object Object]
SOLUTIONS ,[object Object],[object Object],[object Object]
SOLUTIONS ,[object Object],[object Object],[object Object]
QUESTIONS www.wivenhoegroup.com Phone: 609-208-0112 E-mail: info@wivenhoegroup.com

Recommandé

Adequate securitynew1404.019
Adequate securitynew1404.019Adequate securitynew1404.019
Adequate securitynew1404.019Wivenhoe Management Group
 
Pa awwa2006 presentationrev1fin_feb
Pa awwa2006 presentationrev1fin_febPa awwa2006 presentationrev1fin_feb
Pa awwa2006 presentationrev1fin_febWivenhoe Management Group
 
Security vulnerability assessment & liability(li)
Security vulnerability assessment & liability(li)Security vulnerability assessment & liability(li)
Security vulnerability assessment & liability(li)Wivenhoe Management Group
 
AWWAWCEnv1102.009
AWWAWCEnv1102.009AWWAWCEnv1102.009
AWWAWCEnv1102.009Wivenhoe Management Group
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk AssessmentResolver Inc.
 
ComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityAnthony Dials
 
Wastewater Workshop Presentation 2007[2 R]
Wastewater Workshop Presentation 2007[2 R]Wastewater Workshop Presentation 2007[2 R]
Wastewater Workshop Presentation 2007[2 R]Wivenhoe Management Group
 

Recommandé

Adequate securitynew1404.019
Adequate securitynew1404.019Adequate securitynew1404.019
Adequate securitynew1404.019Wivenhoe Management Group
 
Pa awwa2006 presentationrev1fin_feb
Pa awwa2006 presentationrev1fin_febPa awwa2006 presentationrev1fin_feb
Pa awwa2006 presentationrev1fin_febWivenhoe Management Group
 
Security vulnerability assessment & liability(li)
Security vulnerability assessment & liability(li)Security vulnerability assessment & liability(li)
Security vulnerability assessment & liability(li)Wivenhoe Management Group
 
AWWAWCEnv1102.009
AWWAWCEnv1102.009AWWAWCEnv1102.009
AWWAWCEnv1102.009Wivenhoe Management Group
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk AssessmentResolver Inc.
 
ComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityAnthony Dials
 
Wastewater Workshop Presentation 2007[2 R]
Wastewater Workshop Presentation 2007[2 R]Wastewater Workshop Presentation 2007[2 R]
Wastewater Workshop Presentation 2007[2 R]Wivenhoe Management Group
 
Risk Management Methodology - Copy
Risk Management Methodology - CopyRisk Management Methodology - Copy
Risk Management Methodology - CopyRabah Odeh ITIL 5.0-OCP-CISA-PMP-OCP..etc
 
Cyber Attack Survival
Cyber Attack SurvivalCyber Attack Survival
Cyber Attack SurvivalSkoda Minotti
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident responseBrian Honan
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Risk Assessment And Management
Risk Assessment And ManagementRisk Assessment And Management
Risk Assessment And Managementvikasraina
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response PlanThomas Christopher Ty
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk AssessmentsJoAnna Cheshire
 
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...EC-Council
 
Pitfalls of Cyber Data
Pitfalls of Cyber DataPitfalls of Cyber Data
Pitfalls of Cyber DataPhil Huggins FBCS CITP
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Bay Dynamics
Bay DynamicsBay Dynamics
Bay DynamicsMeg Vorland
 
Incident Response: Security's Special Teams
Incident Response: Security's Special TeamsIncident Response: Security's Special Teams
Incident Response: Security's Special TeamsResilient Systems
 
Internal Risk Management
Internal Risk ManagementInternal Risk Management
Internal Risk ManagementBarry Caplin
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Information Secuirty Vulnerability Management
Information Secuirty Vulnerability ManagementInformation Secuirty Vulnerability Management
Information Secuirty Vulnerability Managementtschraider
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management ProgramDennis Chaupis
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionIvanti
 
Sample Incident Response Plan
Sample Incident Response PlanSample Incident Response Plan
Sample Incident Response PlanMatthew J McMahon
 
Security vulnerability assessment & liability dsm linkedin
Security vulnerability assessment & liability dsm linkedinSecurity vulnerability assessment & liability dsm linkedin
Security vulnerability assessment & liability dsm linkedinWivenhoe Management Group
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 

Contenu connexe

Tendances

Cyber Attack Survival
Cyber Attack SurvivalCyber Attack Survival
Cyber Attack SurvivalSkoda Minotti
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident responseBrian Honan
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Risk Assessment And Management
Risk Assessment And ManagementRisk Assessment And Management
Risk Assessment And Managementvikasraina
 
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...EC-Council
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Incident Response: Security's Special Teams
Incident Response: Security's Special TeamsIncident Response: Security's Special Teams
Incident Response: Security's Special TeamsResilient Systems
 
Internal Risk Management
Internal Risk ManagementInternal Risk Management
Internal Risk ManagementBarry Caplin
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Information Secuirty Vulnerability Management
Information Secuirty Vulnerability ManagementInformation Secuirty Vulnerability Management
Information Secuirty Vulnerability Managementtschraider
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management ProgramDennis Chaupis
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionIvanti
 
Sample Incident Response Plan
Sample Incident Response PlanSample Incident Response Plan
Sample Incident Response PlanMatthew J McMahon
 

Tendances (20)

Risk Management Methodology - Copy
Risk Management Methodology - CopyRisk Management Methodology - Copy
Risk Management Methodology - Copy
 
Cyber Attack Survival
Cyber Attack SurvivalCyber Attack Survival
Cyber Attack Survival
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident response
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
Risk Assessment And Management
Risk Assessment And ManagementRisk Assessment And Management
Risk Assessment And Management
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response Plan
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk Assessments
 
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
 
Pitfalls of Cyber Data
Pitfalls of Cyber DataPitfalls of Cyber Data
Pitfalls of Cyber Data
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
 
Bay Dynamics
Bay DynamicsBay Dynamics
Bay Dynamics
 
Incident Response: Security's Special Teams
Incident Response: Security's Special TeamsIncident Response: Security's Special Teams
Incident Response: Security's Special Teams
 
Internal Risk Management
Internal Risk ManagementInternal Risk Management
Internal Risk Management
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the risk
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Information Secuirty Vulnerability Management
Information Secuirty Vulnerability ManagementInformation Secuirty Vulnerability Management
Information Secuirty Vulnerability Management
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management Program
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize Risk
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
Sample Incident Response Plan
Sample Incident Response PlanSample Incident Response Plan
Sample Incident Response Plan
 

En vedette

Security vulnerability assessment & liability dsm linkedin
Security vulnerability assessment & liability dsm linkedinSecurity vulnerability assessment & liability dsm linkedin
Security vulnerability assessment & liability dsm linkedinWivenhoe Management Group
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Cisco ccna-security note
Cisco ccna-security noteCisco ccna-security note
Cisco ccna-security notejihad nader
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentMarcelo Silva
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment PresentationLionel Medina
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesKellep Charles
 
Eight Steps to an Effective Vulnerability Assessment
Eight Steps to an Effective Vulnerability AssessmentEight Steps to an Effective Vulnerability Assessment
Eight Steps to an Effective Vulnerability AssessmentSirius
 

En vedette (7)

Security vulnerability assessment & liability dsm linkedin
Security vulnerability assessment & liability dsm linkedinSecurity vulnerability assessment & liability dsm linkedin
Security vulnerability assessment & liability dsm linkedin
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
Cisco ccna-security note
Cisco ccna-security noteCisco ccna-security note
Cisco ccna-security note
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment Presentation
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best Practices
 
Eight Steps to an Effective Vulnerability Assessment
Eight Steps to an Effective Vulnerability AssessmentEight Steps to an Effective Vulnerability Assessment
Eight Steps to an Effective Vulnerability Assessment
 

Similaire à A W W A Presentation Regional Paper David Mc Cann

Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Lawguest8b10a3
 
Addressing cyber security
Addressing cyber securityAddressing cyber security
Addressing cyber securityFemi Ashaye
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
 
CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022SophiaPalmira1
 
CTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxCTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxSophia Price
 
RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™CPaschal
 
Massachusetts data privacy rules v6.0
Massachusetts data privacy rules v6.0Massachusetts data privacy rules v6.0
Massachusetts data privacy rules v6.0stevemeltzer
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousEthan S. Burger
 
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Wendy Knox Everette
 
Unconventional Risks Presented by Synergy Assoc
Unconventional Risks Presented by Synergy AssocUnconventional Risks Presented by Synergy Assoc
Unconventional Risks Presented by Synergy AssocSujit Ghosh
 
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachLegal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachDawn Yankeelov
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Michael C. Keeling, Esq.
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overviewdr_edw777
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementKeelan Stewart
 
2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance Raffa Learning Community
 
Cybersecurity Whistleblower Protection Guide
Cybersecurity Whistleblower Protection GuideCybersecurity Whistleblower Protection Guide
Cybersecurity Whistleblower Protection GuideBenjamin Tugendstein
 
Unit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docxUnit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docxmarilucorr
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15James Fisher
 
The Black Report - Hackers
The Black Report - HackersThe Black Report - Hackers
The Black Report - HackersDendreon
 

Similaire à A W W A Presentation Regional Paper David Mc Cann (20)

Wivenhoe Management Group[2]
Wivenhoe Management Group[2]Wivenhoe Management Group[2]
Wivenhoe Management Group[2]
 
Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Law
 
Addressing cyber security
Addressing cyber securityAddressing cyber security
Addressing cyber security
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
 
CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022
 
CTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxCTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptx
 
RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™
 
Massachusetts data privacy rules v6.0
Massachusetts data privacy rules v6.0Massachusetts data privacy rules v6.0
Massachusetts data privacy rules v6.0
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
 
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
 
Unconventional Risks Presented by Synergy Assoc
Unconventional Risks Presented by Synergy AssocUnconventional Risks Presented by Synergy Assoc
Unconventional Risks Presented by Synergy Assoc
 
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachLegal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overview
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk Management
 
2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance
 
Cybersecurity Whistleblower Protection Guide
Cybersecurity Whistleblower Protection GuideCybersecurity Whistleblower Protection Guide
Cybersecurity Whistleblower Protection Guide
 
Unit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docxUnit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docx
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15
 
The Black Report - Hackers
The Black Report - HackersThe Black Report - Hackers
The Black Report - Hackers
 

Dernier

So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 

Dernier (20)

So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 

A W W A Presentation Regional Paper David Mc Cann

  • 2.
  • 3.
  • 4.
  • 5. AS A NATION THE US REMAINS AT ELEVATED THREAT LEVELS Current Prevailing Nationwide Threat Level: It was Raised to High around the Anniversary of Sept. 11
  • 6. CURRENT STATE OF SECURITY… OUTSIDER - PHYSICAL ATTACKS Type of Adversary Criminal Foreign State-Sponsored Terrorist Domestic Terrorist Environmental Extremist Vandals Threat Level Many users have historically protected at this level.
  • 7.
  • 8.
  • 9.
  • 10. CYBER DBT IS AMATEUR HACKER & INSIDER WITH OPERATIONAL PRIVILEGES Novice Amateur Hacker Organized Crime Government Sponsored Type of Cyber Terrorist Knowledge
  • 11.
  • 12.
  • 13.
  • 14. Client XXX Security Improvement Cost Estimate Sandia Methodology Approach Summary of Risk Reduction Solutions for Client XXX RISK REDUCTION SOLUTION CRITICAL ASSET DESCRIPTION ESTIMATED COST (1A) Control # X Relocate with New Housing $TBD (1B) Control # X Perimeter Security Improvements & Upgrades $600,000 (2A) Control # Y & I-XX/C-XX Culverts Perimeter Security Improvements $200,000 (2B) As Above Hardening Measures $190,000 (3A) WTP Facility Perimeter Security Improvements & Upgrade 1,240,000 (3B) As Above Perimeter Security Improvements & Upgrade 300,000 (3C) As Above Hardening Measures 1,060,000 TOTAL $3,590,000
  • 15. Client XXX Security Improvement Cost Estimate Deterrent Methodology Approach Summary of Risk Reduction Solutions for Client XXX RISK REDUCTION SOLUTION CRITICAL ASSET DESCRIPTION ESTIMATED COST (1A) Control # X Relocate with New Housing $TBD (1B) Control # X Perimeter Security Improvements & Upgrades $276,000 (2A) Control # Y & I-XX/C-XX Culverts Perimeter Security Improvements $105,400 (2B) As Above Hardening Measures N/A (3A) WTP Facility Perimeter Security Improvements & Upgrade $560,500 (3B) As Above Perimeter Security Improvements & Upgrade $192,000 (3C) As Above Hardening Measures $1,060,000 TOTAL REDUCTION OF 68.42% $1,133,900
  • 16. WHY IS AN SVA SO IMPORTANT?
  • 17.
  • 18.
  • 19.
  • 20. CRITICAL INFRASTRUCTURES SUPPORT COMMAND AND CONTROL
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.  
  • 44.
  • 45.
  • 46. QUESTIONS THAT CAN BE ANSWERED BY PROPER SECURITY DESIGN CRITERIA
  • 47.
  • 48.
  • 49.
  • 50.
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58. QUESTIONS www.wivenhoegroup.com Phone: 609-208-0112 E-mail: info@wivenhoegroup.com

Notes de l'éditeur

  1. Notes:
  2. Notes:
  3. Notes:
  4. Notes:
  5. Notes:
  6. The wording of these questions will be improved
  7. This is just a slide indicating that I will be happy to answer any questions…