SlideShare une entreprise Scribd logo

Cyber Critical Infrastructure Framework Panel

Télécharger en tant que PPTX, PDF
Paul Di Gangi
Paul Di Gangi

The following presentation slides were used during the 2014 Cyber Summit Panel Session on Cyber Critical Infrastructure Guidelines at the University of Alabama at Birmingham

Formation
1  sur  21
NIST Cyber Critical Infrastructure Guidelines
Meet Our Panelists Allen Johnston, Ph.D. Associate Professor of Information Systems Paul M. Di Gangi, Ph.D., CISSP Assistant Professor of Information Systems Deborah Williams, CISSP Program Manager Matthew Speare Head of Governance & Integration Angella Carlisle, CISSP, CRISC, CHSP IT Security Manager Dave Summitt, CISSP Chief Information Security Officer
OUR NATION’S
Critical Infrastructure Gone Digital...
EO 13636: Improving Critical Cybersecurity Infrastructure It is the policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties. February 2013
What are the critical infrastructure sectors? 85 % PRIVATELY OWNED
What are we already doing to protect these sectors? Critical Sector Reg’s/Standards/Laws Critical Sector Reg’s/Standards/Laws Agriculture & Food 21 CFR 11 Government Facilities N/A Commercial Facilities 25 CFR 542 N/A Dams CIP 002-009 (Mandatory) National Monuments & Icons Transportation Systems 49 CFR 193,1520 Chemical 6 CFR 27 Critical Manufacturing N/A Emergency Services N/A Healthcare & Public Health 45 CFR 164 (HIPAA) Nuclear Reactors, Materials & Waste 10 CFR 73 (NRC) Water 42 U.S.C. 300-2 (Law) Energy CIP 002-009 (Mandatory) Information Technology N/A Postal & Shipping N/A Banking & Finance 12,16,17,31 CFR , (SOX,GLB, AML) Communications N/A Defense Industrial Base NISPOM
But there are still gaps to the overall strategy!
Organizational Views on Cybersecurity Adaptive Adapts cybersecurity practices based on lessons learned & predictive indicators; organization-wide approach to managing risk using risk-informed policies, processes, and procedures; actively shares information w/ partners Repeatable Risk management practices are formally approved, expressed in policy, and updated regularly; organization-wide approach to managing risk using risk-informed policies, processes, and procedures; understands dependencies w/partners Informed Risk management practices are approved by management, but may not have established organization-wide policy; awareness of risk at organizational level but approach not established; not formally sharing w/ partners Partial Risk management practices are not formalized & risk managed in a reactive manner; implements risks management on case-by-case basis; may not coordinate or collaborate w/ partners
Cybersecurity Framework
Cybersecurity Framework Strategically-oriented for “Big Picture” View Threat/Risk Centric Process Approach
Why should organizations adopt a nonmandatory framework? Incentive Type Grants Rate-Recovery for PriceRegulated Industries Bundled Insurance Requirements, Liability Protection, and Legal Benefits Prioritizing Certain Classes of Training and Technical Assistance Procurement Considerations Streamline Information Security Regulations Summary Description Fixed cost, performance-based awards for investment in cybersecurity products and services for prospective Framework adopters. Recovery of cybersecurity investments in the rates charged for services provided by Framework adopters through a price cap, in which the government allows a firm to charge up to a certain maximum price that is independent of the realized cost. A system of litigation risk mitigation for which those entities that adopt the Framework and meet reasonable insurance requirements are eligible to apply. Other types of legal benefits may include limited indemnity, higher burdens of proof, or limited penalties; case consolidations; case transfers to a single Federal court; creation of a Federal legal privilege that preempts State disclosure and/or discovery requirements for certain cybersecurity self-assessments. The Federal Government offers several types of technical assistance to critical infrastructure owners and operators, including preparedness support, assessments, training of employees, and advice on best practices. Introduce a technical requirement in the procurement process for certain types of acquisitions for Framework adopters, or requirements for Framework adoption for Federal information and communications technology providers or other contracts, particularly those involving access to sensitive government information or essential services. Creation of a unified compliance model for similar requirements and eliminate overlaps among existing laws; streamlining of differences between U.S. and international law (perhaps through treaties); ensuring equivalent adoption; reducing audit burdens; and offering prioritized permitting.
Where are we in the timeline?
Panel Discussion Question: What are the pressing issues for critical infrastructure organizations in the information security/assurance domain? What are the initial reactions of organizations in your industry to the Critical Infrastructure guidelines that were recently released?
Panel Discussion Question: How well does the Critical Infrastructure guidelines integrate with your existing regulatory requirements? What’s new that is currently not addressed? Are the Critical Infrastructure guidelines likely to become a standard for your industry or do you see a different set of guidelines being adopted?
Panel Discussion Question: What are the primary challenges your organization faces for implementing the Critical Infrastructure guidelines?
Panel Discussion Question: How are the incentives being perceived within your industry for complying with the Critical Infrastructure guidelines? Of the proposed incentives, grants, technical assistance, rate recovery, liability reform – which are most attractive to you?
Cyber Critical Infrastructure Framework Panel

Recommandé

Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
Critical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCritical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCommunity Protection Forum
 
Introduction to National Critical Infrastructure Cyber Security: Background a...
Introduction to National Critical Infrastructure Cyber Security: Background a...Introduction to National Critical Infrastructure Cyber Security: Background a...
Introduction to National Critical Infrastructure Cyber Security: Background a...Jack Whitsitt
 
Critical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatCritical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatMotorola Solutions
 
NIST Cybersecurity Framework Background and Review | Jack Whitsitt
NIST Cybersecurity Framework Background and Review | Jack WhitsittNIST Cybersecurity Framework Background and Review | Jack Whitsitt
NIST Cybersecurity Framework Background and Review | Jack WhitsittJack Whitsitt
 
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Enrique Martin
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Securityinside-BigData.com
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber SecurityPhil Agcaoili
 

Recommandé

Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
Critical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCritical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCommunity Protection Forum
 
Introduction to National Critical Infrastructure Cyber Security: Background a...
Introduction to National Critical Infrastructure Cyber Security: Background a...Introduction to National Critical Infrastructure Cyber Security: Background a...
Introduction to National Critical Infrastructure Cyber Security: Background a...Jack Whitsitt
 
Critical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatCritical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatMotorola Solutions
 
NIST Cybersecurity Framework Background and Review | Jack Whitsitt
NIST Cybersecurity Framework Background and Review | Jack WhitsittNIST Cybersecurity Framework Background and Review | Jack Whitsitt
NIST Cybersecurity Framework Background and Review | Jack WhitsittJack Whitsitt
 
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Enrique Martin
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Securityinside-BigData.com
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber SecurityPhil Agcaoili
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergySec
 
Airport security 2013 john mc carthy
Airport security 2013 john mc carthyAirport security 2013 john mc carthy
Airport security 2013 john mc carthyRussell Publishing
 
Tcs cybersecurity for healthcare
Tcs cybersecurity for healthcareTcs cybersecurity for healthcare
Tcs cybersecurity for healthcareComtech TCS
 
CYBERSECURITY LEGISLATION
CYBERSECURITY LEGISLATIONCYBERSECURITY LEGISLATION
CYBERSECURITY LEGISLATION3.com
 
Effective Cybersecurity Communication Skills
Effective Cybersecurity Communication SkillsEffective Cybersecurity Communication Skills
Effective Cybersecurity Communication SkillsJack Whitsitt
 
Detroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDetroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDoug Copley
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approachesvngundi
 
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseEnergySec
 
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropeIndustrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropePositive Hack Days
 
Yours Anecdotally: Developing a Cybersecurity Problem Space
Yours Anecdotally: Developing a Cybersecurity Problem SpaceYours Anecdotally: Developing a Cybersecurity Problem Space
Yours Anecdotally: Developing a Cybersecurity Problem SpaceJack Whitsitt
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsEnergySec
 
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...Government Technology and Services Coalition
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceSymantec
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber DefenseEnergySec
 
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyKristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyGovernment Technology and Services Coalition
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityHackerOne
 
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardEnergySec
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber securitynsheel
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)Gopal Choudhary
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challengemsdee3362
 
Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital AgeManaging Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital AgePerficient, Inc.
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFLaurie Mosca-Cocca
 

Contenu connexe

Tendances

Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergySec
 
Airport security 2013 john mc carthy
Airport security 2013 john mc carthyAirport security 2013 john mc carthy
Airport security 2013 john mc carthyRussell Publishing
 
Tcs cybersecurity for healthcare
Tcs cybersecurity for healthcareTcs cybersecurity for healthcare
Tcs cybersecurity for healthcareComtech TCS
 
CYBERSECURITY LEGISLATION
CYBERSECURITY LEGISLATIONCYBERSECURITY LEGISLATION
CYBERSECURITY LEGISLATION3.com
 
Effective Cybersecurity Communication Skills
Effective Cybersecurity Communication SkillsEffective Cybersecurity Communication Skills
Effective Cybersecurity Communication SkillsJack Whitsitt
 
Detroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDetroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDoug Copley
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approachesvngundi
 
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseEnergySec
 
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropeIndustrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropePositive Hack Days
 
Yours Anecdotally: Developing a Cybersecurity Problem Space
Yours Anecdotally: Developing a Cybersecurity Problem SpaceYours Anecdotally: Developing a Cybersecurity Problem Space
Yours Anecdotally: Developing a Cybersecurity Problem SpaceJack Whitsitt
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsEnergySec
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceSymantec
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber DefenseEnergySec
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityHackerOne
 
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardEnergySec
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber securitynsheel
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)Gopal Choudhary
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challengemsdee3362
 

Tendances (20)

Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber Resiliency
 
Airport security 2013 john mc carthy
Airport security 2013 john mc carthyAirport security 2013 john mc carthy
Airport security 2013 john mc carthy
 
Tcs cybersecurity for healthcare
Tcs cybersecurity for healthcareTcs cybersecurity for healthcare
Tcs cybersecurity for healthcare
 
CYBERSECURITY LEGISLATION
CYBERSECURITY LEGISLATIONCYBERSECURITY LEGISLATION
CYBERSECURITY LEGISLATION
 
Effective Cybersecurity Communication Skills
Effective Cybersecurity Communication SkillsEffective Cybersecurity Communication Skills
Effective Cybersecurity Communication Skills
 
Detroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDetroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare Cybersecurity
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
 
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
 
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropeIndustrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
 
Yours Anecdotally: Developing a Cybersecurity Problem Space
Yours Anecdotally: Developing a Cybersecurity Problem SpaceYours Anecdotally: Developing a Cybersecurity Problem Space
Yours Anecdotally: Developing a Cybersecurity Problem Space
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
 
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
 
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyKristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In Cybersecurity
 
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber security
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challenge
 

Similaire à Cyber Critical Infrastructure Framework Panel

Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital AgeManaging Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital AgePerficient, Inc.
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFLaurie Mosca-Cocca
 
Cloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor RiskCloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor RiskHealth Catalyst
 
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...Patton Boggs LLP
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 
8242015 Combating cyber risk in the supply chain ­ Print Art.docx
8242015 Combating cyber risk in the supply chain ­ Print Art.docx8242015 Combating cyber risk in the supply chain ­ Print Art.docx
8242015 Combating cyber risk in the supply chain ­ Print Art.docxevonnehoggarth79783
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach riskLivingstone Advisory
 
Vertex_Why_Software_Non_Negotiable_WP
Vertex_Why_Software_Non_Negotiable_WPVertex_Why_Software_Non_Negotiable_WP
Vertex_Why_Software_Non_Negotiable_WPLuke Arrington
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAGovCloud Network
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionPrecisely
 
Michael Josephs
Michael JosephsMichael Josephs
Michael JosephsdaveGBE
 
Compliance policies and procedures followed in data centers
Compliance policies and procedures followed in data centersCompliance policies and procedures followed in data centers
Compliance policies and procedures followed in data centersLivin Jose
 
Streamline Compliance and Increase ROI White Paper
Streamline Compliance and Increase ROI White PaperStreamline Compliance and Increase ROI White Paper
Streamline Compliance and Increase ROI White PaperNetIQ
 
Enabling Science with Trust and Security – Guest Keynote
Enabling Science with Trust and Security – Guest KeynoteEnabling Science with Trust and Security – Guest Keynote
Enabling Science with Trust and Security – Guest KeynoteGlobus
 
2009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-20092009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-2009asundaram1
 
Standards For Wright Aircraft Corp
Standards For Wright Aircraft CorpStandards For Wright Aircraft Corp
Standards For Wright Aircraft CorpAntoinette Williams
 
Institute for the entrepreneur v1r3
Institute for the entrepreneur v1r3Institute for the entrepreneur v1r3
Institute for the entrepreneur v1r3Dawn Simpson
 
Convergence Compliance E Discovery Rim.Doc
Convergence Compliance E Discovery Rim.DocConvergence Compliance E Discovery Rim.Doc
Convergence Compliance E Discovery Rim.DocDavid Haines
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataPrecisely
 

Similaire à Cyber Critical Infrastructure Framework Panel (20)

Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital AgeManaging Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
 
Cloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor RiskCloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor Risk
 
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Fed...
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessments
 
8242015 Combating cyber risk in the supply chain ­ Print Art.docx
8242015 Combating cyber risk in the supply chain ­ Print Art.docx8242015 Combating cyber risk in the supply chain ­ Print Art.docx
8242015 Combating cyber risk in the supply chain ­ Print Art.docx
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach risk
 
Vertex_Why_Software_Non_Negotiable_WP
Vertex_Why_Software_Non_Negotiable_WPVertex_Why_Software_Non_Negotiable_WP
Vertex_Why_Software_Non_Negotiable_WP
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
 
Michael Josephs
Michael JosephsMichael Josephs
Michael Josephs
 
Takeaways from a Simulated Cyber Attack
Takeaways from a Simulated Cyber AttackTakeaways from a Simulated Cyber Attack
Takeaways from a Simulated Cyber Attack
 
Compliance policies and procedures followed in data centers
Compliance policies and procedures followed in data centersCompliance policies and procedures followed in data centers
Compliance policies and procedures followed in data centers
 
Streamline Compliance and Increase ROI White Paper
Streamline Compliance and Increase ROI White PaperStreamline Compliance and Increase ROI White Paper
Streamline Compliance and Increase ROI White Paper
 
Enabling Science with Trust and Security – Guest Keynote
Enabling Science with Trust and Security – Guest KeynoteEnabling Science with Trust and Security – Guest Keynote
Enabling Science with Trust and Security – Guest Keynote
 
2009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-20092009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-2009
 
Standards For Wright Aircraft Corp
Standards For Wright Aircraft CorpStandards For Wright Aircraft Corp
Standards For Wright Aircraft Corp
 
Institute for the entrepreneur v1r3
Institute for the entrepreneur v1r3Institute for the entrepreneur v1r3
Institute for the entrepreneur v1r3
 
Convergence Compliance E Discovery Rim.Doc
Convergence Compliance E Discovery Rim.DocConvergence Compliance E Discovery Rim.Doc
Convergence Compliance E Discovery Rim.Doc
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
 

Plus de Paul Di Gangi

Open Entrepreneurship: Exploring the Role of Entrepreneurs in Private-collect...
Open Entrepreneurship: Exploring the Role of Entrepreneurs in Private-collect...Open Entrepreneurship: Exploring the Role of Entrepreneurs in Private-collect...
Open Entrepreneurship: Exploring the Role of Entrepreneurs in Private-collect...Paul Di Gangi
 
Social Media for Non-Profits: Challenges & Opportunities
Social Media for Non-Profits: Challenges & OpportunitiesSocial Media for Non-Profits: Challenges & Opportunities
Social Media for Non-Profits: Challenges & OpportunitiesPaul Di Gangi
 
Social Media & Experienced-based Business Models
Social Media & Experienced-based Business ModelsSocial Media & Experienced-based Business Models
Social Media & Experienced-based Business ModelsPaul Di Gangi
 
Social Media & You: What's the big deal?
Social Media & You: What's the big deal?Social Media & You: What's the big deal?
Social Media & You: What's the big deal?Paul Di Gangi
 
Technology Strategy & You
Technology Strategy & YouTechnology Strategy & You
Technology Strategy & YouPaul Di Gangi
 
iTeaching: Digitally Enabled Education
iTeaching: Digitally Enabled EducationiTeaching: Digitally Enabled Education
iTeaching: Digitally Enabled EducationPaul Di Gangi
 
Sustainability of the OpenSim Community: A Research Agenda
Sustainability of the OpenSim Community: A Research AgendaSustainability of the OpenSim Community: A Research Agenda
Sustainability of the OpenSim Community: A Research AgendaPaul Di Gangi
 
We're in this together! Summary Interview Findings for the eZ Publish Community
We're in this together! Summary Interview Findings for the eZ Publish CommunityWe're in this together! Summary Interview Findings for the eZ Publish Community
We're in this together! Summary Interview Findings for the eZ Publish CommunityPaul Di Gangi
 
Exploring the Organization-user Relationship in Private-Collective Knowledge ...
Exploring the Organization-user Relationship in Private-Collective Knowledge ...Exploring the Organization-user Relationship in Private-Collective Knowledge ...
Exploring the Organization-user Relationship in Private-Collective Knowledge ...Paul Di Gangi
 
Digital Marketing: Advice & Tips
Digital Marketing: Advice & TipsDigital Marketing: Advice & Tips
Digital Marketing: Advice & TipsPaul Di Gangi
 
Social Network Analysis & User Innovations
Social Network Analysis & User InnovationsSocial Network Analysis & User Innovations
Social Network Analysis & User InnovationsPaul Di Gangi
 
Social Media for Education
Social Media for EducationSocial Media for Education
Social Media for EducationPaul Di Gangi
 
Social Media & Marketing
Social Media & MarketingSocial Media & Marketing
Social Media & MarketingPaul Di Gangi
 
Exploring Experience-based Business Models
Exploring Experience-based Business ModelsExploring Experience-based Business Models
Exploring Experience-based Business ModelsPaul Di Gangi
 
Value Creation & the Evolution of Organizational Business Models
Value Creation & the Evolution of Organizational Business ModelsValue Creation & the Evolution of Organizational Business Models
Value Creation & the Evolution of Organizational Business ModelsPaul Di Gangi
 
Exploring Private-Collective Business Models
Exploring Private-Collective Business ModelsExploring Private-Collective Business Models
Exploring Private-Collective Business ModelsPaul Di Gangi
 
Exploring Business Models
Exploring Business ModelsExploring Business Models
Exploring Business ModelsPaul Di Gangi
 
An introduction to project management: Learning the basics
An introduction to project management: Learning the basicsAn introduction to project management: Learning the basics
An introduction to project management: Learning the basicsPaul Di Gangi
 
Getting your customer ideas to work for you
Getting your customer ideas to work for youGetting your customer ideas to work for you
Getting your customer ideas to work for youPaul Di Gangi
 
Would You Share - Knowledge Exchange
Would You Share - Knowledge ExchangeWould You Share - Knowledge Exchange
Would You Share - Knowledge ExchangePaul Di Gangi
 

Plus de Paul Di Gangi (20)

Open Entrepreneurship: Exploring the Role of Entrepreneurs in Private-collect...
Open Entrepreneurship: Exploring the Role of Entrepreneurs in Private-collect...Open Entrepreneurship: Exploring the Role of Entrepreneurs in Private-collect...
Open Entrepreneurship: Exploring the Role of Entrepreneurs in Private-collect...
 
Social Media for Non-Profits: Challenges & Opportunities
Social Media for Non-Profits: Challenges & OpportunitiesSocial Media for Non-Profits: Challenges & Opportunities
Social Media for Non-Profits: Challenges & Opportunities
 
Social Media & Experienced-based Business Models
Social Media & Experienced-based Business ModelsSocial Media & Experienced-based Business Models
Social Media & Experienced-based Business Models
 
Social Media & You: What's the big deal?
Social Media & You: What's the big deal?Social Media & You: What's the big deal?
Social Media & You: What's the big deal?
 
Technology Strategy & You
Technology Strategy & YouTechnology Strategy & You
Technology Strategy & You
 
iTeaching: Digitally Enabled Education
iTeaching: Digitally Enabled EducationiTeaching: Digitally Enabled Education
iTeaching: Digitally Enabled Education
 
Sustainability of the OpenSim Community: A Research Agenda
Sustainability of the OpenSim Community: A Research AgendaSustainability of the OpenSim Community: A Research Agenda
Sustainability of the OpenSim Community: A Research Agenda
 
We're in this together! Summary Interview Findings for the eZ Publish Community
We're in this together! Summary Interview Findings for the eZ Publish CommunityWe're in this together! Summary Interview Findings for the eZ Publish Community
We're in this together! Summary Interview Findings for the eZ Publish Community
 
Exploring the Organization-user Relationship in Private-Collective Knowledge ...
Exploring the Organization-user Relationship in Private-Collective Knowledge ...Exploring the Organization-user Relationship in Private-Collective Knowledge ...
Exploring the Organization-user Relationship in Private-Collective Knowledge ...
 
Digital Marketing: Advice & Tips
Digital Marketing: Advice & TipsDigital Marketing: Advice & Tips
Digital Marketing: Advice & Tips
 
Social Network Analysis & User Innovations
Social Network Analysis & User InnovationsSocial Network Analysis & User Innovations
Social Network Analysis & User Innovations
 
Social Media for Education
Social Media for EducationSocial Media for Education
Social Media for Education
 
Social Media & Marketing
Social Media & MarketingSocial Media & Marketing
Social Media & Marketing
 
Exploring Experience-based Business Models
Exploring Experience-based Business ModelsExploring Experience-based Business Models
Exploring Experience-based Business Models
 
Value Creation & the Evolution of Organizational Business Models
Value Creation & the Evolution of Organizational Business ModelsValue Creation & the Evolution of Organizational Business Models
Value Creation & the Evolution of Organizational Business Models
 
Exploring Private-Collective Business Models
Exploring Private-Collective Business ModelsExploring Private-Collective Business Models
Exploring Private-Collective Business Models
 
Exploring Business Models
Exploring Business ModelsExploring Business Models
Exploring Business Models
 
An introduction to project management: Learning the basics
An introduction to project management: Learning the basicsAn introduction to project management: Learning the basics
An introduction to project management: Learning the basics
 
Getting your customer ideas to work for you
Getting your customer ideas to work for youGetting your customer ideas to work for you
Getting your customer ideas to work for you
 
Would You Share - Knowledge Exchange
Would You Share - Knowledge ExchangeWould You Share - Knowledge Exchange
Would You Share - Knowledge Exchange
 

Dernier

POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxShobhayan Kirtania
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 

Dernier (20)

POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptx
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 

Cyber Critical Infrastructure Framework Panel

  • 1. NIST Cyber Critical Infrastructure Guidelines
  • 2. Meet Our Panelists Allen Johnston, Ph.D. Associate Professor of Information Systems Paul M. Di Gangi, Ph.D., CISSP Assistant Professor of Information Systems Deborah Williams, CISSP Program Manager Matthew Speare Head of Governance & Integration Angella Carlisle, CISSP, CRISC, CHSP IT Security Manager Dave Summitt, CISSP Chief Information Security Officer
  • 5.
  • 6.
  • 7. EO 13636: Improving Critical Cybersecurity Infrastructure It is the policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties. February 2013
  • 8.
  • 9. What are the critical infrastructure sectors? 85 % PRIVATELY OWNED
  • 10. What are we already doing to protect these sectors? Critical Sector Reg’s/Standards/Laws Critical Sector Reg’s/Standards/Laws Agriculture & Food 21 CFR 11 Government Facilities N/A Commercial Facilities 25 CFR 542 N/A Dams CIP 002-009 (Mandatory) National Monuments & Icons Transportation Systems 49 CFR 193,1520 Chemical 6 CFR 27 Critical Manufacturing N/A Emergency Services N/A Healthcare & Public Health 45 CFR 164 (HIPAA) Nuclear Reactors, Materials & Waste 10 CFR 73 (NRC) Water 42 U.S.C. 300-2 (Law) Energy CIP 002-009 (Mandatory) Information Technology N/A Postal & Shipping N/A Banking & Finance 12,16,17,31 CFR , (SOX,GLB, AML) Communications N/A Defense Industrial Base NISPOM
  • 11. But there are still gaps to the overall strategy!
  • 12. Organizational Views on Cybersecurity Adaptive Adapts cybersecurity practices based on lessons learned & predictive indicators; organization-wide approach to managing risk using risk-informed policies, processes, and procedures; actively shares information w/ partners Repeatable Risk management practices are formally approved, expressed in policy, and updated regularly; organization-wide approach to managing risk using risk-informed policies, processes, and procedures; understands dependencies w/partners Informed Risk management practices are approved by management, but may not have established organization-wide policy; awareness of risk at organizational level but approach not established; not formally sharing w/ partners Partial Risk management practices are not formalized & risk managed in a reactive manner; implements risks management on case-by-case basis; may not coordinate or collaborate w/ partners
  • 14. Cybersecurity Framework Strategically-oriented for “Big Picture” View Threat/Risk Centric Process Approach
  • 15. Why should organizations adopt a nonmandatory framework? Incentive Type Grants Rate-Recovery for PriceRegulated Industries Bundled Insurance Requirements, Liability Protection, and Legal Benefits Prioritizing Certain Classes of Training and Technical Assistance Procurement Considerations Streamline Information Security Regulations Summary Description Fixed cost, performance-based awards for investment in cybersecurity products and services for prospective Framework adopters. Recovery of cybersecurity investments in the rates charged for services provided by Framework adopters through a price cap, in which the government allows a firm to charge up to a certain maximum price that is independent of the realized cost. A system of litigation risk mitigation for which those entities that adopt the Framework and meet reasonable insurance requirements are eligible to apply. Other types of legal benefits may include limited indemnity, higher burdens of proof, or limited penalties; case consolidations; case transfers to a single Federal court; creation of a Federal legal privilege that preempts State disclosure and/or discovery requirements for certain cybersecurity self-assessments. The Federal Government offers several types of technical assistance to critical infrastructure owners and operators, including preparedness support, assessments, training of employees, and advice on best practices. Introduce a technical requirement in the procurement process for certain types of acquisitions for Framework adopters, or requirements for Framework adoption for Federal information and communications technology providers or other contracts, particularly those involving access to sensitive government information or essential services. Creation of a unified compliance model for similar requirements and eliminate overlaps among existing laws; streamlining of differences between U.S. and international law (perhaps through treaties); ensuring equivalent adoption; reducing audit burdens; and offering prioritized permitting.
  • 16. Where are we in the timeline?
  • 17. Panel Discussion Question: What are the pressing issues for critical infrastructure organizations in the information security/assurance domain? What are the initial reactions of organizations in your industry to the Critical Infrastructure guidelines that were recently released?
  • 18. Panel Discussion Question: How well does the Critical Infrastructure guidelines integrate with your existing regulatory requirements? What’s new that is currently not addressed? Are the Critical Infrastructure guidelines likely to become a standard for your industry or do you see a different set of guidelines being adopted?
  • 19. Panel Discussion Question: What are the primary challenges your organization faces for implementing the Critical Infrastructure guidelines?
  • 20. Panel Discussion Question: How are the incentives being perceived within your industry for complying with the Critical Infrastructure guidelines? Of the proposed incentives, grants, technical assistance, rate recovery, liability reform – which are most attractive to you?

Notes de l'éditeur

  1. Image Source: http://www.flickr.com/photos/ttc_press/5007644722/sizes/o/
  2. Image Source: http://www.shrader.net/images/news/1331930690_3841-AEI-(iphone-app).jpg
  3. Image Source: http://research.pandasecurity.com/blogs/images/cartoon/online_banking.JPG
  4. Image Source: http://a57.foxnews.com/global.fncstatic.com/static/managed/img/fn2/video/876/493/100213_serrie_medicalrecords_640.jpg?ve=1&tl=1
  5. Image Source: http://www.flickr.com/photos/austenhufford/7216871660/sizes/o/Document Source: https://www.federalregister.gov/executive-order/13636
  6. Image Source: http://www.flickr.com/photos/thairms/3499360774/sizes/l/
  7. Image Source: http://www.flickr.com/photos/bensonkua/2405779789/sizes/l/
  8. Image Source: http://www.flickr.com/photos/bensonkua/2405779789/sizes/l/
  9. Image Source: http://www.flickr.com/photos/bensonkua/2405779789/sizes/l/
  10. Image Source: http://www.flickr.com/photos/bensonkua/2405779789/sizes/l/
  11. Image Source: http://www.flickr.com/photos/wwworks/4759535950/sizes/o/