SlideShare une entreprise Scribd logo

Wivenhoe Management Group[2]

Télécharger en tant que PPT, PDF
Wivenhoe Management Group
Wivenhoe Management Group

Information on Wivenhoe Management Group and its consultant network

1  sur  58
SECURITY VULNERABILITY ASSESSMENT (SVA) & LIABILITY
TODAY’S PRESENTATION WILL ENCOMPASS THE FOLLOWING: ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
THE BASICS OF AN SVA ,[object Object],[object Object],[object Object],[object Object]
THE BASICS OF AN SVA ,[object Object],[object Object],[object Object],[object Object]
AS A NATION THE US REMAINS AT ELEVATED THREAT LEVELS Current Prevailing Nationwide Threat Level: It was Raised to High around the Anniversary of Sept. 11
CURRENT STATE OF SECURITY… OUTSIDER - PHYSICAL ATTACKS Type of Adversary Criminal Foreign State-Sponsored Terrorist Domestic Terrorist Environmental Extremist Vandals Threat Level Many users have historically protected at this level.
VANDAL (LOWEST RISK) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Vandal: Usually between the ages of 7 – 19
FOREIGN STATE-SPONSORED TERRORIST (HIGHEST RISK) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],International Terrorist: Adult, Male or Female, Ideology Driven
LET’S EXAMINE INSIDER THREAT SPECTRUM Type of Adversary Disgruntled (Sending a Message) Super-Insider (coercion) Disgruntled (Revenge) Threat Level Criminal Acts (Personal Gain) Disgruntled (Collusion) ,[object Object],[object Object],[object Object],Increased Access, Motivation, & Skill Level increases threat
CYBER DBT IS AMATEUR HACKER & INSIDER WITH OPERATIONAL PRIVILEGES Novice Amateur Hacker Organized Crime Government Sponsored Type of Cyber Terrorist Knowledge
THE BASICS OF AN SVA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
THE BASICS OF AN SVA ,[object Object],[object Object],[object Object],[object Object],[object Object]
THE BASICS OF AN SVA ,[object Object],[object Object],[object Object],[object Object],[object Object]
Client XXX Security Improvement Cost Estimate Sandia Methodology Approach Summary of Risk Reduction Solutions for Client XXX $3,590,000 TOTAL 1,060,000 Hardening Measures As Above (3C) 300,000 Perimeter Security Improvements & Upgrade As Above (3B) 1,240,000 Perimeter Security Improvements & Upgrade WTP Facility (3A) $190,000 Hardening Measures As Above (2B) $200,000 Perimeter Security Improvements Control # Y & I-XX/C-XX Culverts (2A) $600,000 Perimeter Security Improvements & Upgrades Control # X (1B) $TBD Relocate with New Housing Control # X (1A) ESTIMATED COST DESCRIPTION CRITICAL ASSET RISK REDUCTION SOLUTION
Client XXX Security Improvement Cost Estimate Deterrent Methodology Approach Summary of Risk Reduction Solutions for Client XXX $1,133,900 TOTAL REDUCTION OF 68.42% $1,060,000 Hardening Measures As Above (3C) $192,000 Perimeter Security Improvements & Upgrade As Above (3B) $560,500 Perimeter Security Improvements & Upgrade WTP Facility (3A) N/A Hardening Measures As Above (2B) $105,400 Perimeter Security Improvements Control # Y & I-XX/C-XX Culverts (2A) $276,000 Perimeter Security Improvements & Upgrades Control # X (1B) $TBD Relocate with New Housing Control # X (1A) ESTIMATED COST DESCRIPTION CRITICAL ASSET RISK REDUCTION SOLUTION
WHY IS AN SVA SO IMPORTANT?
A PROPERLY EXECUTED SVA PROVIDES: ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
WITHOUT PERFORMING A VA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
HISTORY OF SVA LEGISLATION ,[object Object],[object Object],[object Object]
CRITICAL INFRASTRUCTURES SUPPORT COMMAND AND CONTROL
HISTORY OF SVA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
HISTORY OF SVA ,[object Object],Since1998 the National Petroleum Council has been reviewing the vulnerabilities of oil & gas industry to attack (both physical and cyber). Post 9/11, oil and gas has been monitoring the security of its oil and gas transportation network, its refineries and its distribution facilities The American Petroleum Institute is coordinating information sharing among members. ISAC (Information Sharing and Analysis Center) has been promoting collection, assessment, and sharing of oil & gas member information on physical and electronic threats, vulnerabilities, incidents, and solutions/best practices.
HISTORY OF SVA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
NEW INITIATIVES BY STATE ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
NEW JERSEY ,[object Object],[object Object],[object Object],[object Object],[object Object]
MARYLAND ,[object Object],[object Object],[object Object],[object Object]
ILLINOIS ,[object Object],[object Object],[object Object]
HISTORY OF SVA ,[object Object],[object Object],[object Object],[object Object],[object Object]
HISTORY OF SVA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
NEW LEGISLATION ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
CLEAR PATTERN ,[object Object],[object Object],[object Object]
LIABILITY
LIABILITY ISSUES ,[object Object],[object Object]
LIABILITY ISSUES ,[object Object]
LIABILITY ISSUES ,[object Object],[object Object]
LIABILITY ISSUES ,[object Object],[object Object]
NEGLIGENCE ISSUES ,[object Object],[object Object]
NEGLIGENCE ISSUES ,[object Object],[object Object]
NEGLIGENCE ISSUES ,[object Object],[object Object]
FURTHER LIABILITY ISSUES ,[object Object],[object Object]
STATEMENT ,[object Object]
FURTHER LIABILITY ISSUES ,[object Object]
 
LACK OF DESIGN CRITERIA ,[object Object],[object Object],[object Object],[object Object],[object Object]
INADEQUATE SECURITY ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
QUESTIONS THAT CAN BE ANSWERED BY PROPER SECURITY DESIGN CRITERIA
LIKELY QUESTIONS…. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
LIKELY QUESTIONS… ,[object Object],[object Object],[object Object],[object Object],[object Object]
FURTHER LIABILITY ISSUES ,[object Object],[object Object],[object Object],[object Object]
FURTHER LIABILITY ISSUES ,[object Object],[object Object],[object Object],[object Object],[object Object]
SOLUTIONS
SECURITY VULNERABILITY ASSESSMENT (SVA) ,[object Object],[object Object]
SECURITY VULNERABILITY ASSESSMENT (SVA) ,[object Object],[object Object],[object Object]
SECURITY VULNERABILITY ASSESSMENT (SVA) ,[object Object],[object Object]
SOLUTIONS ,[object Object],[object Object],[object Object]
SOLUTIONS ,[object Object],[object Object],[object Object]
SOLUTIONS ,[object Object],[object Object],[object Object]
QUESTIONS www.wivenhoegroup.com Phone: 609-208-0112 E-mail: info@wivenhoegroup.com

Recommandé

Adequate securitynew1404.019
Adequate securitynew1404.019Adequate securitynew1404.019
Adequate securitynew1404.019Wivenhoe Management Group
 
Pa awwa2006 presentationrev1fin_feb
Pa awwa2006 presentationrev1fin_febPa awwa2006 presentationrev1fin_feb
Pa awwa2006 presentationrev1fin_febWivenhoe Management Group
 
Security vulnerability assessment & liability(li)
Security vulnerability assessment & liability(li)Security vulnerability assessment & liability(li)
Security vulnerability assessment & liability(li)Wivenhoe Management Group
 
AWWAWCEnv1102.009
AWWAWCEnv1102.009AWWAWCEnv1102.009
AWWAWCEnv1102.009Wivenhoe Management Group
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk AssessmentResolver Inc.
 
ComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityAnthony Dials
 
Wastewater Workshop Presentation 2007[2 R]
Wastewater Workshop Presentation 2007[2 R]Wastewater Workshop Presentation 2007[2 R]
Wastewater Workshop Presentation 2007[2 R]Wivenhoe Management Group
 

Recommandé

Adequate securitynew1404.019
Adequate securitynew1404.019Adequate securitynew1404.019
Adequate securitynew1404.019Wivenhoe Management Group
 
Pa awwa2006 presentationrev1fin_feb
Pa awwa2006 presentationrev1fin_febPa awwa2006 presentationrev1fin_feb
Pa awwa2006 presentationrev1fin_febWivenhoe Management Group
 
Security vulnerability assessment & liability(li)
Security vulnerability assessment & liability(li)Security vulnerability assessment & liability(li)
Security vulnerability assessment & liability(li)Wivenhoe Management Group
 
AWWAWCEnv1102.009
AWWAWCEnv1102.009AWWAWCEnv1102.009
AWWAWCEnv1102.009Wivenhoe Management Group
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk AssessmentResolver Inc.
 
ComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityAnthony Dials
 
Wastewater Workshop Presentation 2007[2 R]
Wastewater Workshop Presentation 2007[2 R]Wastewater Workshop Presentation 2007[2 R]
Wastewater Workshop Presentation 2007[2 R]Wivenhoe Management Group
 
Risk Management Methodology - Copy
Risk Management Methodology - CopyRisk Management Methodology - Copy
Risk Management Methodology - CopyRabah Odeh ITIL 5.0-OCP-CISA-PMP-OCP..etc
 
Cyber Attack Survival
Cyber Attack SurvivalCyber Attack Survival
Cyber Attack SurvivalSkoda Minotti
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident responseBrian Honan
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Risk Assessment And Management
Risk Assessment And ManagementRisk Assessment And Management
Risk Assessment And Managementvikasraina
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response PlanThomas Christopher Ty
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk AssessmentsJoAnna Cheshire
 
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...EC-Council
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Bay Dynamics
Bay DynamicsBay Dynamics
Bay DynamicsMeg Vorland
 
Pitfalls of Cyber Data
Pitfalls of Cyber DataPitfalls of Cyber Data
Pitfalls of Cyber DataPhil Huggins FBCS CITP
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
 
Internal Risk Management
Internal Risk ManagementInternal Risk Management
Internal Risk ManagementBarry Caplin
 
Information Secuirty Vulnerability Management
Information Secuirty Vulnerability ManagementInformation Secuirty Vulnerability Management
Information Secuirty Vulnerability Managementtschraider
 
Incident Response: Security's Special Teams
Incident Response: Security's Special TeamsIncident Response: Security's Special Teams
Incident Response: Security's Special TeamsResilient Systems
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management ProgramDennis Chaupis
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment PresentationLionel Medina
 
Sample Incident Response Plan
Sample Incident Response PlanSample Incident Response Plan
Sample Incident Response PlanMatthew J McMahon
 
Security vulnerability assessment & liability dsm linkedin
Security vulnerability assessment & liability dsm linkedinSecurity vulnerability assessment & liability dsm linkedin
Security vulnerability assessment & liability dsm linkedinWivenhoe Management Group
 
A W W A Presentation Regional Paper David Mc Cann
A W W A Presentation Regional Paper David Mc CannA W W A Presentation Regional Paper David Mc Cann
A W W A Presentation Regional Paper David Mc CannWivenhoe Management Group
 

Contenu connexe

Tendances

Cyber Attack Survival
Cyber Attack SurvivalCyber Attack Survival
Cyber Attack SurvivalSkoda Minotti
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident responseBrian Honan
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Risk Assessment And Management
Risk Assessment And ManagementRisk Assessment And Management
Risk Assessment And Managementvikasraina
 
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...EC-Council
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
 
Internal Risk Management
Internal Risk ManagementInternal Risk Management
Internal Risk ManagementBarry Caplin
 
Information Secuirty Vulnerability Management
Information Secuirty Vulnerability ManagementInformation Secuirty Vulnerability Management
Information Secuirty Vulnerability Managementtschraider
 
Incident Response: Security's Special Teams
Incident Response: Security's Special TeamsIncident Response: Security's Special Teams
Incident Response: Security's Special TeamsResilient Systems
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management ProgramDennis Chaupis
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment PresentationLionel Medina
 
Sample Incident Response Plan
Sample Incident Response PlanSample Incident Response Plan
Sample Incident Response PlanMatthew J McMahon
 

Tendances (20)

Risk Management Methodology - Copy
Risk Management Methodology - CopyRisk Management Methodology - Copy
Risk Management Methodology - Copy
 
Cyber Attack Survival
Cyber Attack SurvivalCyber Attack Survival
Cyber Attack Survival
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident response
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
Risk Assessment And Management
Risk Assessment And ManagementRisk Assessment And Management
Risk Assessment And Management
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response Plan
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk Assessments
 
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
 
Bay Dynamics
Bay DynamicsBay Dynamics
Bay Dynamics
 
Pitfalls of Cyber Data
Pitfalls of Cyber DataPitfalls of Cyber Data
Pitfalls of Cyber Data
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the risk
 
Internal Risk Management
Internal Risk ManagementInternal Risk Management
Internal Risk Management
 
Information Secuirty Vulnerability Management
Information Secuirty Vulnerability ManagementInformation Secuirty Vulnerability Management
Information Secuirty Vulnerability Management
 
Incident Response: Security's Special Teams
Incident Response: Security's Special TeamsIncident Response: Security's Special Teams
Incident Response: Security's Special Teams
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management Program
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize Risk
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment Presentation
 
Sample Incident Response Plan
Sample Incident Response PlanSample Incident Response Plan
Sample Incident Response Plan
 

Similaire à Wivenhoe Management Group[2]

Security vulnerability assessment & liability dsm linkedin
Security vulnerability assessment & liability dsm linkedinSecurity vulnerability assessment & liability dsm linkedin
Security vulnerability assessment & liability dsm linkedinWivenhoe Management Group
 
A W W A Presentation Regional Paper David Mc Cann
A W W A Presentation Regional Paper David Mc CannA W W A Presentation Regional Paper David Mc Cann
A W W A Presentation Regional Paper David Mc CannWivenhoe Management Group
 
Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Lawguest8b10a3
 
Addressing cyber security
Addressing cyber securityAddressing cyber security
Addressing cyber securityFemi Ashaye
 
Massachusetts data privacy rules v6.0
Massachusetts data privacy rules v6.0Massachusetts data privacy rules v6.0
Massachusetts data privacy rules v6.0stevemeltzer
 
RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™CPaschal
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overviewdr_edw777
 
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxProject 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxstilliegeorgiana
 
Unconventional Risks Presented by Synergy Assoc
Unconventional Risks Presented by Synergy AssocUnconventional Risks Presented by Synergy Assoc
Unconventional Risks Presented by Synergy AssocSujit Ghosh
 
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Wendy Knox Everette
 
CTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxCTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxSophia Price
 
CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022SophiaPalmira1
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousEthan S. Burger
 
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachLegal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachDawn Yankeelov
 
Evaluating Surveillance, Detection, and Inspection Technology
Evaluating Surveillance, Detection, and Inspection TechnologyEvaluating Surveillance, Detection, and Inspection Technology
Evaluating Surveillance, Detection, and Inspection TechnologyPATRICK MAELO
 
Unit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docxUnit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docxmarilucorr
 
California Data Privacy Laws: Is Compliance Good Enough?
California Data Privacy Laws: Is Compliance Good Enough?California Data Privacy Laws: Is Compliance Good Enough?
California Data Privacy Laws: Is Compliance Good Enough?Lumension
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementKeelan Stewart
 

Similaire à Wivenhoe Management Group[2] (20)

Security vulnerability assessment & liability dsm linkedin
Security vulnerability assessment & liability dsm linkedinSecurity vulnerability assessment & liability dsm linkedin
Security vulnerability assessment & liability dsm linkedin
 
A W W A Presentation Regional Paper David Mc Cann
A W W A Presentation Regional Paper David Mc CannA W W A Presentation Regional Paper David Mc Cann
A W W A Presentation Regional Paper David Mc Cann
 
Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Law
 
Addressing cyber security
Addressing cyber securityAddressing cyber security
Addressing cyber security
 
Massachusetts data privacy rules v6.0
Massachusetts data privacy rules v6.0Massachusetts data privacy rules v6.0
Massachusetts data privacy rules v6.0
 
RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overview
 
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxProject 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
 
Unconventional Risks Presented by Synergy Assoc
Unconventional Risks Presented by Synergy AssocUnconventional Risks Presented by Synergy Assoc
Unconventional Risks Presented by Synergy Assoc
 
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
 
CTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxCTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptx
 
CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
 
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachLegal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
 
RAND_RR573
RAND_RR573RAND_RR573
RAND_RR573
 
Evaluating Surveillance, Detection, and Inspection Technology
Evaluating Surveillance, Detection, and Inspection TechnologyEvaluating Surveillance, Detection, and Inspection Technology
Evaluating Surveillance, Detection, and Inspection Technology
 
Unit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docxUnit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docx
 
California Data Privacy Laws: Is Compliance Good Enough?
California Data Privacy Laws: Is Compliance Good Enough?California Data Privacy Laws: Is Compliance Good Enough?
California Data Privacy Laws: Is Compliance Good Enough?
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk Management
 

Wivenhoe Management Group[2]

  • 2.
  • 3.
  • 4.
  • 5. AS A NATION THE US REMAINS AT ELEVATED THREAT LEVELS Current Prevailing Nationwide Threat Level: It was Raised to High around the Anniversary of Sept. 11
  • 6. CURRENT STATE OF SECURITY… OUTSIDER - PHYSICAL ATTACKS Type of Adversary Criminal Foreign State-Sponsored Terrorist Domestic Terrorist Environmental Extremist Vandals Threat Level Many users have historically protected at this level.
  • 7.
  • 8.
  • 9.
  • 10. CYBER DBT IS AMATEUR HACKER & INSIDER WITH OPERATIONAL PRIVILEGES Novice Amateur Hacker Organized Crime Government Sponsored Type of Cyber Terrorist Knowledge
  • 11.
  • 12.
  • 13.
  • 14. Client XXX Security Improvement Cost Estimate Sandia Methodology Approach Summary of Risk Reduction Solutions for Client XXX $3,590,000 TOTAL 1,060,000 Hardening Measures As Above (3C) 300,000 Perimeter Security Improvements & Upgrade As Above (3B) 1,240,000 Perimeter Security Improvements & Upgrade WTP Facility (3A) $190,000 Hardening Measures As Above (2B) $200,000 Perimeter Security Improvements Control # Y & I-XX/C-XX Culverts (2A) $600,000 Perimeter Security Improvements & Upgrades Control # X (1B) $TBD Relocate with New Housing Control # X (1A) ESTIMATED COST DESCRIPTION CRITICAL ASSET RISK REDUCTION SOLUTION
  • 15. Client XXX Security Improvement Cost Estimate Deterrent Methodology Approach Summary of Risk Reduction Solutions for Client XXX $1,133,900 TOTAL REDUCTION OF 68.42% $1,060,000 Hardening Measures As Above (3C) $192,000 Perimeter Security Improvements & Upgrade As Above (3B) $560,500 Perimeter Security Improvements & Upgrade WTP Facility (3A) N/A Hardening Measures As Above (2B) $105,400 Perimeter Security Improvements Control # Y & I-XX/C-XX Culverts (2A) $276,000 Perimeter Security Improvements & Upgrades Control # X (1B) $TBD Relocate with New Housing Control # X (1A) ESTIMATED COST DESCRIPTION CRITICAL ASSET RISK REDUCTION SOLUTION
  • 16. WHY IS AN SVA SO IMPORTANT?
  • 17.
  • 18.
  • 19.
  • 20. CRITICAL INFRASTRUCTURES SUPPORT COMMAND AND CONTROL
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.  
  • 44.
  • 45.
  • 46. QUESTIONS THAT CAN BE ANSWERED BY PROPER SECURITY DESIGN CRITERIA
  • 47.
  • 48.
  • 49.
  • 50.
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58. QUESTIONS www.wivenhoegroup.com Phone: 609-208-0112 E-mail: info@wivenhoegroup.com

Notes de l'éditeur

  1. Notes:
  2. Notes:
  3. Notes:
  4. Notes:
  5. Notes:
  6. The wording of these questions will be improved
  7. This is just a slide indicating that I will be happy to answer any questions…