SlideShare une entreprise Scribd logo

Integration of Cyber Events into Emergency Planning

David Sweigert
David Sweigert

Integration of Cyber Events into Emergency Planning

TechnologieBusinessFormation
1  sur  23
Weaving cyber events into emergency management plans Dave Sweigert, CISSP, CISA, PMP January, 2014 1/14/2014
Intended audience • Cyber security personnel working with emergency planners, Crisis Management Teams (CMT), Emergency Operation Plan developers and business continuity planners relying on current best practices 1/14/2014
Objective • Assist cyber practitioners in leveraging techniques to integrate cyber specific plans into larger basic plans • Provide background in best practice planning processes • Foster inter-disciplinary dialogue in the emergency planning domain 1/14/2014
BACKGROUND 1/14/2014
Different plans for different objectives • Strategic, Operational, Tactical Plans i. Strategic – goals and objectives set by senior leadership ii. Ops – roles and responsibilities, integrated with partners (state, regional, local, contractors, utilities) iii. Tactical – personnel, equipment, resources (standard operating procedures (SOP)) 1/14/2014
Planning backdrop • Comprehensive Preparedness Guide (CPG) 101, Developing and Maintaining Emergency Operations Plans as a guide • Three types of threats: natural, adversarial, technology (cyber) • FEMA’s Emergency Support Function # 2 addresses cyber security (drafting ESF #18 Cyber) 1/14/2014
Plans that support and supplement the comprehensive basic plan • • • • • • Administrative Plans Preparedness Plans Continuity Plans Recovery Plans Mitigation Plans Prevention and Protection Plans 1/14/2014
Terms: CIKR, COOP , COG & DRP Critical Infrastructure/Key Resources (CIKR) Continuity of Operations (COOP) Continuity of Government (COG) Disaster Recovery Planning (DRP) (I.T. specific recovery) • DRP defines knowledge, skills and abilities of technical personnel • DRP defines specific guidelines to carryout specific functions • • • • 1/14/2014
Other plans orbiting the basic plan • Organizational/agency specific plans (planning can be to department level) • Business Continuity (memorandums of understanding/agreement (MOU/A)) • Business Safety plans (OSHA) • Hazard Mitigation (identified major threats, union strikes, terrorism) • Home Safety Plans for essential personnel (develop family preparedness mindset) 1/14/2014
Emergency Operations Plans (EOPs) • Potential integration with National Incident Management System (NIMS) and National Response Framework (NRF) • Describes how incidents are handled • Base plan (organization-wide) with hazard specific annexes (cyber specific) • Information sharing between private-public partners 1/14/2014
EOPs: • Identification of response and recovery actions, agencies, key resources • Direction, control, sequence of events • Specific communications procedures • Identify triggers and processes to activate personnel, resources, partners • Times, periods, anticipation of needs • Appendix (support material) • Annex (threat / capability specific) 1/14/2014
PLANNING PROCESS 1/14/2014
The Planning table • Identify community partners (law enforcement, utilities, colleges) • Build relationship (cross-functional) • Identify resources (needed capabilities) • Know the processes needed and specialized procedures to acquire timely resources (pre-existing vendor agreements) 1/14/2014
Planning process issues • Get the right folks at the table • Walk thru your organizational structure • Develop common vocabulary (avoid use of career specific jargon and buzz words) • Incentivizing participants: developing a “hook” to retain participants • Develop team around a planning scenario common to all participants (72 hour power black-out) 1/14/2014
Best practices • • • • • • • • Project objective (create living document) Core planning team (stakeholders) Project schedule (tasks, durations) Plan development (templates) Plan preparation and review Plan vetting and commentary Final draft reviewed in workshop Approval 1/14/2014
Project Management issues • Need buy-in from top management (compliance issues HIPAA, SOX, PCI) • Scope statement (catalyst) • Define clear objectives • Project manager’s role defined • Scope creep (focus on a functional plan) 1/14/2014
Planning Characteristics • Reduction of unknowns • Continual process (living document) • Appropriate actions based on what is likely to happen based on facts, typical behavior, capabilities • Training, education, exercises • Testing the plans, revise and improve 1/14/2014
INTEGRATING PLANS 1/14/2014
Integrated Emergency Planning • Horizontal integration: developing partnerships across your organization • Synchronization and integration of plans (your plan may be part of another) • Promotes complementary goals • Reduces fragmentation • Ensures common focus • Work out MOUs/MOAs (legal review) 1/14/2014
Linkages to promote integration • Conduct gap analysis to determine shortfalls • Convert needs to capabilities (need 72 hours of power  mobile generators with fuel) • Understand the missions of public-private partners (law enforcement, contractors) • Developing crosswalk of plan components with partner plans to improve integration • Identify all appropriate stakeholders 1/14/2014
CONCLUSION 1/14/2014
Planning for the cyber incident • Understand that the cyber event plan is part of a broader integrated approach to emergency management • Pre-response planning with partners can greatly reduce impact (ounce of prevention) of the event • Strive to ensure your cyber plan is integrated into the total response 1/14/2014
About the author: An Air Force veteran, Dave Sweigert acquired significant security engineering experience with military and defense contractors before earning two Masters’ degrees (Project Management and Information Security). He holds the Certified Information Security Systems Professional (CISSP), Certified Information Systems Auditor (CISA) and Project Management Professional (PMP) certifications. Mr. Sweigert has over twenty years experience in information assurance, risk management, governance frameworks and litigation support. 1/14/2014

Recommandé

DHS 4300A Sensitive System Handbook Attachment E
DHS 4300A Sensitive System Handbook Attachment EDHS 4300A Sensitive System Handbook Attachment E
DHS 4300A Sensitive System Handbook Attachment EDavid Sweigert
 
DHS 4300A Sensitive Systems Handbook
DHS 4300A Sensitive Systems HandbookDHS 4300A Sensitive Systems Handbook
DHS 4300A Sensitive Systems HandbookDavid Sweigert
 
NSA Information Assurance Policy
NSA Information Assurance PolicyNSA Information Assurance Policy
NSA Information Assurance PolicyDavid Sweigert
 
Example of Security Awareness Training -- Department of Aging
Example of Security Awareness Training -- Department of AgingExample of Security Awareness Training -- Department of Aging
Example of Security Awareness Training -- Department of AgingDavid Sweigert
 
Disaster Recovery planning within HIPAA framework
Disaster Recovery planning within HIPAA frameworkDisaster Recovery planning within HIPAA framework
Disaster Recovery planning within HIPAA frameworkDavid Sweigert
 
Historia del petróleo en ecuador
Historia del petróleo en ecuadorHistoria del petróleo en ecuador
Historia del petróleo en ecuador102030HenryPerez
 
Quality assurance director performance appraisal
Quality assurance director performance appraisalQuality assurance director performance appraisal
Quality assurance director performance appraisalRioFerdinand678
 
H. vida CLARA ISABEL SUAREZ GARCIA
H. vida CLARA ISABEL SUAREZ GARCIAH. vida CLARA ISABEL SUAREZ GARCIA
H. vida CLARA ISABEL SUAREZ GARCIAUNIQUINDIO
 

Recommandé

DHS 4300A Sensitive System Handbook Attachment E
DHS 4300A Sensitive System Handbook Attachment EDHS 4300A Sensitive System Handbook Attachment E
DHS 4300A Sensitive System Handbook Attachment EDavid Sweigert
 
DHS 4300A Sensitive Systems Handbook
DHS 4300A Sensitive Systems HandbookDHS 4300A Sensitive Systems Handbook
DHS 4300A Sensitive Systems HandbookDavid Sweigert
 
NSA Information Assurance Policy
NSA Information Assurance PolicyNSA Information Assurance Policy
NSA Information Assurance PolicyDavid Sweigert
 
Example of Security Awareness Training -- Department of Aging
Example of Security Awareness Training -- Department of AgingExample of Security Awareness Training -- Department of Aging
Example of Security Awareness Training -- Department of AgingDavid Sweigert
 
Disaster Recovery planning within HIPAA framework
Disaster Recovery planning within HIPAA frameworkDisaster Recovery planning within HIPAA framework
Disaster Recovery planning within HIPAA frameworkDavid Sweigert
 
Historia del petróleo en ecuador
Historia del petróleo en ecuadorHistoria del petróleo en ecuador
Historia del petróleo en ecuador102030HenryPerez
 
Quality assurance director performance appraisal
Quality assurance director performance appraisalQuality assurance director performance appraisal
Quality assurance director performance appraisalRioFerdinand678
 
H. vida CLARA ISABEL SUAREZ GARCIA
H. vida CLARA ISABEL SUAREZ GARCIAH. vida CLARA ISABEL SUAREZ GARCIA
H. vida CLARA ISABEL SUAREZ GARCIAUNIQUINDIO
 
Impress redes sociales
Impress redes socialesImpress redes sociales
Impress redes socialeshollyb02
 
AIESEC international school project
AIESEC international school projectAIESEC international school project
AIESEC international school projectSherry Yujing Cai
 
格安ラルフローレンのシャツ個々のソリューションの保護
格安ラルフローレンのシャツ個々のソリューションの保護格安ラルフローレンのシャツ個々のソリューションの保護
格安ラルフローレンのシャツ個々のソリューションの保護boxian674
 
Magnetic attraction
Magnetic attractionMagnetic attraction
Magnetic attractionbhagwadgeeta
 
Youth Sermon Ideas - Primary Tasks of a Mentor
Youth Sermon Ideas - Primary Tasks of a MentorYouth Sermon Ideas - Primary Tasks of a Mentor
Youth Sermon Ideas - Primary Tasks of a MentorKen Sapp
 
Richard ibarra
Richard ibarraRichard ibarra
Richard ibarraRichard Ibarra
 
Question 1 powerpoint
Question 1 powerpointQuestion 1 powerpoint
Question 1 powerpointjackdavies28
 
Malla curricular
Malla curricularMalla curricular
Malla curricularNegrita Espinoza
 
Coursera MH8C4EX72VZU
Coursera MH8C4EX72VZUCoursera MH8C4EX72VZU
Coursera MH8C4EX72VZURudolf Silander
 
Hypertrophic cardiomyopathy
Hypertrophic cardiomyopathyHypertrophic cardiomyopathy
Hypertrophic cardiomyopathydrucsamal
 
Event Management - AK2012
Event Management - AK2012Event Management - AK2012
Event Management - AK2012Andre Knipe
 
Disaster Resistance City- Denizli
Disaster Resistance City- DenizliDisaster Resistance City- Denizli
Disaster Resistance City- DenizliDr. Yilmaz Ozmen
 
lood Resilience Workshop Introduction and Activities | Tim Godson and Susanna...
lood Resilience Workshop Introduction and Activities | Tim Godson and Susanna...lood Resilience Workshop Introduction and Activities | Tim Godson and Susanna...
lood Resilience Workshop Introduction and Activities | Tim Godson and Susanna...Department for Communities and Local Government Local Digital Campaign
 
Presentation_DRRM Mainstreaming in the Planning Cycle.pptx
Presentation_DRRM Mainstreaming in the Planning Cycle.pptxPresentation_DRRM Mainstreaming in the Planning Cycle.pptx
Presentation_DRRM Mainstreaming in the Planning Cycle.pptxClarenceCasapao
 
UNYCC Information Security Discussion
UNYCC Information Security DiscussionUNYCC Information Security Discussion
UNYCC Information Security DiscussionBen Woelk, CISSP, CPTC
 
NAP-GSP Cambodia Stocktaking Mission Debriefing
NAP-GSP Cambodia Stocktaking Mission DebriefingNAP-GSP Cambodia Stocktaking Mission Debriefing
NAP-GSP Cambodia Stocktaking Mission DebriefingNational Adaptation Plan Global Support Programme
 
Becoming an Accessibility Champion
Becoming an Accessibility ChampionBecoming an Accessibility Champion
Becoming an Accessibility ChampionKevin Rydberg
 
ITS and Emergency Management: An organisation-focused approach
ITS and Emergency Management: An organisation-focused approachITS and Emergency Management: An organisation-focused approach
ITS and Emergency Management: An organisation-focused approachAndre Dantas
 
Contingency action plan - (Disaster Management)
Contingency action plan - (Disaster Management)Contingency action plan - (Disaster Management)
Contingency action plan - (Disaster Management)Numaan Tole
 
Contingency action plan in disaster managment
Contingency action plan in disaster managmentContingency action plan in disaster managment
Contingency action plan in disaster managmentSamraiz Tejani
 
Water Research Impact and Uptake Workshop wrap up
Water Research Impact and Uptake Workshop wrap upWater Research Impact and Uptake Workshop wrap up
Water Research Impact and Uptake Workshop wrap upWater, Land and Ecosystems (WLE)
 
Tttikm1
Tttikm1Tttikm1
Tttikm1Dr. Kannan Srinivasan
 

Contenu connexe

En vedette

Impress redes sociales
Impress redes socialesImpress redes sociales
Impress redes socialeshollyb02
 
AIESEC international school project
AIESEC international school projectAIESEC international school project
AIESEC international school projectSherry Yujing Cai
 
格安ラルフローレンのシャツ個々のソリューションの保護
格安ラルフローレンのシャツ個々のソリューションの保護格安ラルフローレンのシャツ個々のソリューションの保護
格安ラルフローレンのシャツ個々のソリューションの保護boxian674
 
Magnetic attraction
Magnetic attractionMagnetic attraction
Magnetic attractionbhagwadgeeta
 
Youth Sermon Ideas - Primary Tasks of a Mentor
Youth Sermon Ideas - Primary Tasks of a MentorYouth Sermon Ideas - Primary Tasks of a Mentor
Youth Sermon Ideas - Primary Tasks of a MentorKen Sapp
 
Question 1 powerpoint
Question 1 powerpointQuestion 1 powerpoint
Question 1 powerpointjackdavies28
 
Hypertrophic cardiomyopathy
Hypertrophic cardiomyopathyHypertrophic cardiomyopathy
Hypertrophic cardiomyopathydrucsamal
 

En vedette (10)

Impress redes sociales
Impress redes socialesImpress redes sociales
Impress redes sociales
 
AIESEC international school project
AIESEC international school projectAIESEC international school project
AIESEC international school project
 
格安ラルフローレンのシャツ個々のソリューションの保護
格安ラルフローレンのシャツ個々のソリューションの保護格安ラルフローレンのシャツ個々のソリューションの保護
格安ラルフローレンのシャツ個々のソリューションの保護
 
Magnetic attraction
Magnetic attractionMagnetic attraction
Magnetic attraction
 
Youth Sermon Ideas - Primary Tasks of a Mentor
Youth Sermon Ideas - Primary Tasks of a MentorYouth Sermon Ideas - Primary Tasks of a Mentor
Youth Sermon Ideas - Primary Tasks of a Mentor
 
Richard ibarra
Richard ibarraRichard ibarra
Richard ibarra
 
Question 1 powerpoint
Question 1 powerpointQuestion 1 powerpoint
Question 1 powerpoint
 
Malla curricular
Malla curricularMalla curricular
Malla curricular
 
Coursera MH8C4EX72VZU
Coursera MH8C4EX72VZUCoursera MH8C4EX72VZU
Coursera MH8C4EX72VZU
 
Hypertrophic cardiomyopathy
Hypertrophic cardiomyopathyHypertrophic cardiomyopathy
Hypertrophic cardiomyopathy
 

Similaire à Integration of Cyber Events into Emergency Planning

Event Management - AK2012
Event Management - AK2012Event Management - AK2012
Event Management - AK2012Andre Knipe
 
Disaster Resistance City- Denizli
Disaster Resistance City- DenizliDisaster Resistance City- Denizli
Disaster Resistance City- DenizliDr. Yilmaz Ozmen
 
Presentation_DRRM Mainstreaming in the Planning Cycle.pptx
Presentation_DRRM Mainstreaming in the Planning Cycle.pptxPresentation_DRRM Mainstreaming in the Planning Cycle.pptx
Presentation_DRRM Mainstreaming in the Planning Cycle.pptxClarenceCasapao
 
Becoming an Accessibility Champion
Becoming an Accessibility ChampionBecoming an Accessibility Champion
Becoming an Accessibility ChampionKevin Rydberg
 
ITS and Emergency Management: An organisation-focused approach
ITS and Emergency Management: An organisation-focused approachITS and Emergency Management: An organisation-focused approach
ITS and Emergency Management: An organisation-focused approachAndre Dantas
 
Contingency action plan - (Disaster Management)
Contingency action plan - (Disaster Management)Contingency action plan - (Disaster Management)
Contingency action plan - (Disaster Management)Numaan Tole
 
Contingency action plan in disaster managment
Contingency action plan in disaster managmentContingency action plan in disaster managment
Contingency action plan in disaster managmentSamraiz Tejani
 
Incident management summit gauteng
Incident management summit gautengIncident management summit gauteng
Incident management summit gautengRoland2015
 
Developing a toolkit to assess the resilience of socio-ecological land and se...
Developing a toolkit to assess the resilience of socio-ecological land and se...Developing a toolkit to assess the resilience of socio-ecological land and se...
Developing a toolkit to assess the resilience of socio-ecological land and se...Bioversity International
 
ICT4D Seminar Uni Köln 20.02.16
ICT4D Seminar Uni Köln 20.02.16ICT4D Seminar Uni Köln 20.02.16
ICT4D Seminar Uni Köln 20.02.16Benita Rowe
 
Efforts in the field of adaptation in the Alpine space . outcomes of the C3-A...
Efforts in the field of adaptation in the Alpine space . outcomes of the C3-A...Efforts in the field of adaptation in the Alpine space . outcomes of the C3-A...
Efforts in the field of adaptation in the Alpine space . outcomes of the C3-A...Medi Ambient. Generalitat de Catalunya
 
Common Ground between the Paris Agreement and the Sendai Framework – National...
Common Ground between the Paris Agreement and the Sendai Framework – National...Common Ground between the Paris Agreement and the Sendai Framework – National...
Common Ground between the Paris Agreement and the Sendai Framework – National...NAP Global Network
 
disaster training programs.pptx
disaster training programs.pptxdisaster training programs.pptx
disaster training programs.pptxrajendra gopal
 
MEAL Advisor Iraq -TOR
MEAL Advisor Iraq -TORMEAL Advisor Iraq -TOR
MEAL Advisor Iraq -TORNir Dahal
 

Similaire à Integration of Cyber Events into Emergency Planning (20)

Event Management - AK2012
Event Management - AK2012Event Management - AK2012
Event Management - AK2012
 
Disaster Resistance City- Denizli
Disaster Resistance City- DenizliDisaster Resistance City- Denizli
Disaster Resistance City- Denizli
 
lood Resilience Workshop Introduction and Activities | Tim Godson and Susanna...
lood Resilience Workshop Introduction and Activities | Tim Godson and Susanna...lood Resilience Workshop Introduction and Activities | Tim Godson and Susanna...
lood Resilience Workshop Introduction and Activities | Tim Godson and Susanna...
 
Presentation_DRRM Mainstreaming in the Planning Cycle.pptx
Presentation_DRRM Mainstreaming in the Planning Cycle.pptxPresentation_DRRM Mainstreaming in the Planning Cycle.pptx
Presentation_DRRM Mainstreaming in the Planning Cycle.pptx
 
UNYCC Information Security Discussion
UNYCC Information Security DiscussionUNYCC Information Security Discussion
UNYCC Information Security Discussion
 
NAP-GSP Cambodia Stocktaking Mission Debriefing
NAP-GSP Cambodia Stocktaking Mission DebriefingNAP-GSP Cambodia Stocktaking Mission Debriefing
NAP-GSP Cambodia Stocktaking Mission Debriefing
 
Becoming an Accessibility Champion
Becoming an Accessibility ChampionBecoming an Accessibility Champion
Becoming an Accessibility Champion
 
ITS and Emergency Management: An organisation-focused approach
ITS and Emergency Management: An organisation-focused approachITS and Emergency Management: An organisation-focused approach
ITS and Emergency Management: An organisation-focused approach
 
Contingency action plan - (Disaster Management)
Contingency action plan - (Disaster Management)Contingency action plan - (Disaster Management)
Contingency action plan - (Disaster Management)
 
Contingency action plan in disaster managment
Contingency action plan in disaster managmentContingency action plan in disaster managment
Contingency action plan in disaster managment
 
Water Research Impact and Uptake Workshop wrap up
Water Research Impact and Uptake Workshop wrap upWater Research Impact and Uptake Workshop wrap up
Water Research Impact and Uptake Workshop wrap up
 
Tttikm1
Tttikm1Tttikm1
Tttikm1
 
Incident management summit gauteng
Incident management summit gautengIncident management summit gauteng
Incident management summit gauteng
 
Developing a toolkit to assess the resilience of socio-ecological land and se...
Developing a toolkit to assess the resilience of socio-ecological land and se...Developing a toolkit to assess the resilience of socio-ecological land and se...
Developing a toolkit to assess the resilience of socio-ecological land and se...
 
ICT4D Seminar Uni Köln 20.02.16
ICT4D Seminar Uni Köln 20.02.16ICT4D Seminar Uni Köln 20.02.16
ICT4D Seminar Uni Köln 20.02.16
 
Efforts in the field of adaptation in the Alpine space . outcomes of the C3-A...
Efforts in the field of adaptation in the Alpine space . outcomes of the C3-A...Efforts in the field of adaptation in the Alpine space . outcomes of the C3-A...
Efforts in the field of adaptation in the Alpine space . outcomes of the C3-A...
 
Common Ground between the Paris Agreement and the Sendai Framework – National...
Common Ground between the Paris Agreement and the Sendai Framework – National...Common Ground between the Paris Agreement and the Sendai Framework – National...
Common Ground between the Paris Agreement and the Sendai Framework – National...
 
disaster training programs.pptx
disaster training programs.pptxdisaster training programs.pptx
disaster training programs.pptx
 
IFPRI - Results and Impact Management System (RIMS)
IFPRI - Results and Impact Management System (RIMS)IFPRI - Results and Impact Management System (RIMS)
IFPRI - Results and Impact Management System (RIMS)
 
MEAL Advisor Iraq -TOR
MEAL Advisor Iraq -TORMEAL Advisor Iraq -TOR
MEAL Advisor Iraq -TOR
 

Plus de David Sweigert

The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)David Sweigert
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting David Sweigert
 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisDavid Sweigert
 
National Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterNational Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterDavid Sweigert
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner David Sweigert
 
National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017David Sweigert
 
California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9David Sweigert
 
Congressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityCongressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityDavid Sweigert
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)David Sweigert
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsDavid Sweigert
 
Canada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartCanada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartDavid Sweigert
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...David Sweigert
 
Cyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentCyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentDavid Sweigert
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentDavid Sweigert
 
National Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTNational Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTDavid Sweigert
 
National Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackNational Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackDavid Sweigert
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTDavid Sweigert
 
National Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionNational Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionDavid Sweigert
 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanDavid Sweigert
 
Cyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSCyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSDavid Sweigert
 

Plus de David Sweigert (20)

The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting
 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark Analysis
 
National Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterNational Cyber Security Awareness Month poster
National Cyber Security Awareness Month poster
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
 
National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017
 
California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9
 
Congressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityCongressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber Security
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking Threats
 
Canada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartCanada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector Chart
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
 
Cyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentCyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public Comment
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public Comment
 
National Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTNational Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFT
 
National Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackNational Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public Feedback
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
 
National Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionNational Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd edition
 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness Plan
 
Cyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSCyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHS
 

Dernier

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 

Dernier (20)

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 

Integration of Cyber Events into Emergency Planning

  • 1. Weaving cyber events into emergency management plans Dave Sweigert, CISSP, CISA, PMP January, 2014 1/14/2014
  • 2. Intended audience • Cyber security personnel working with emergency planners, Crisis Management Teams (CMT), Emergency Operation Plan developers and business continuity planners relying on current best practices 1/14/2014
  • 3. Objective • Assist cyber practitioners in leveraging techniques to integrate cyber specific plans into larger basic plans • Provide background in best practice planning processes • Foster inter-disciplinary dialogue in the emergency planning domain 1/14/2014
  • 5. Different plans for different objectives • Strategic, Operational, Tactical Plans i. Strategic – goals and objectives set by senior leadership ii. Ops – roles and responsibilities, integrated with partners (state, regional, local, contractors, utilities) iii. Tactical – personnel, equipment, resources (standard operating procedures (SOP)) 1/14/2014
  • 6. Planning backdrop • Comprehensive Preparedness Guide (CPG) 101, Developing and Maintaining Emergency Operations Plans as a guide • Three types of threats: natural, adversarial, technology (cyber) • FEMA’s Emergency Support Function # 2 addresses cyber security (drafting ESF #18 Cyber) 1/14/2014
  • 7. Plans that support and supplement the comprehensive basic plan • • • • • • Administrative Plans Preparedness Plans Continuity Plans Recovery Plans Mitigation Plans Prevention and Protection Plans 1/14/2014
  • 8. Terms: CIKR, COOP , COG & DRP Critical Infrastructure/Key Resources (CIKR) Continuity of Operations (COOP) Continuity of Government (COG) Disaster Recovery Planning (DRP) (I.T. specific recovery) • DRP defines knowledge, skills and abilities of technical personnel • DRP defines specific guidelines to carryout specific functions • • • • 1/14/2014
  • 9. Other plans orbiting the basic plan • Organizational/agency specific plans (planning can be to department level) • Business Continuity (memorandums of understanding/agreement (MOU/A)) • Business Safety plans (OSHA) • Hazard Mitigation (identified major threats, union strikes, terrorism) • Home Safety Plans for essential personnel (develop family preparedness mindset) 1/14/2014
  • 10. Emergency Operations Plans (EOPs) • Potential integration with National Incident Management System (NIMS) and National Response Framework (NRF) • Describes how incidents are handled • Base plan (organization-wide) with hazard specific annexes (cyber specific) • Information sharing between private-public partners 1/14/2014
  • 11. EOPs: • Identification of response and recovery actions, agencies, key resources • Direction, control, sequence of events • Specific communications procedures • Identify triggers and processes to activate personnel, resources, partners • Times, periods, anticipation of needs • Appendix (support material) • Annex (threat / capability specific) 1/14/2014
  • 13. The Planning table • Identify community partners (law enforcement, utilities, colleges) • Build relationship (cross-functional) • Identify resources (needed capabilities) • Know the processes needed and specialized procedures to acquire timely resources (pre-existing vendor agreements) 1/14/2014
  • 14. Planning process issues • Get the right folks at the table • Walk thru your organizational structure • Develop common vocabulary (avoid use of career specific jargon and buzz words) • Incentivizing participants: developing a “hook” to retain participants • Develop team around a planning scenario common to all participants (72 hour power black-out) 1/14/2014
  • 15. Best practices • • • • • • • • Project objective (create living document) Core planning team (stakeholders) Project schedule (tasks, durations) Plan development (templates) Plan preparation and review Plan vetting and commentary Final draft reviewed in workshop Approval 1/14/2014
  • 16. Project Management issues • Need buy-in from top management (compliance issues HIPAA, SOX, PCI) • Scope statement (catalyst) • Define clear objectives • Project manager’s role defined • Scope creep (focus on a functional plan) 1/14/2014
  • 17. Planning Characteristics • Reduction of unknowns • Continual process (living document) • Appropriate actions based on what is likely to happen based on facts, typical behavior, capabilities • Training, education, exercises • Testing the plans, revise and improve 1/14/2014
  • 19. Integrated Emergency Planning • Horizontal integration: developing partnerships across your organization • Synchronization and integration of plans (your plan may be part of another) • Promotes complementary goals • Reduces fragmentation • Ensures common focus • Work out MOUs/MOAs (legal review) 1/14/2014
  • 20. Linkages to promote integration • Conduct gap analysis to determine shortfalls • Convert needs to capabilities (need 72 hours of power  mobile generators with fuel) • Understand the missions of public-private partners (law enforcement, contractors) • Developing crosswalk of plan components with partner plans to improve integration • Identify all appropriate stakeholders 1/14/2014
  • 22. Planning for the cyber incident • Understand that the cyber event plan is part of a broader integrated approach to emergency management • Pre-response planning with partners can greatly reduce impact (ounce of prevention) of the event • Strive to ensure your cyber plan is integrated into the total response 1/14/2014
  • 23. About the author: An Air Force veteran, Dave Sweigert acquired significant security engineering experience with military and defense contractors before earning two Masters’ degrees (Project Management and Information Security). He holds the Certified Information Security Systems Professional (CISSP), Certified Information Systems Auditor (CISA) and Project Management Professional (PMP) certifications. Mr. Sweigert has over twenty years experience in information assurance, risk management, governance frameworks and litigation support. 1/14/2014