SlideShare uma empresa Scribd logo

A W W A Presentation Regional Paper David Mc Cann

Transferir como PPT, PDF
Wivenhoe Management Group
Wivenhoe Management Group

The document discusses security vulnerability assessments (SVAs), their importance, history of related legislation, and liability issues. An SVA identifies threats, critical assets, recommendations, and costs. Without an SVA, an organization does not know its threat level, vulnerabilities, or appropriate security improvements. Federal agencies now require SVAs for many critical infrastructures. Properly addressing SVA findings can reduce liability, while ignoring vulnerabilities could result in negligence claims following an incident.

TecnologiaNegócios
1 de 58
SECURITY VULNERABILITY ASSESSMENT (SVA) & LIABILITY
TODAY’S PRESENTATION WILL ENCOMPASS THE FOLLOWING: ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
THE BASICS OF AN SVA ,[object Object],[object Object],[object Object],[object Object]
THE BASICS OF AN SVA ,[object Object],[object Object],[object Object],[object Object]
AS A NATION THE US REMAINS AT ELEVATED THREAT LEVELS Current Prevailing Nationwide Threat Level: It was Raised to High around the Anniversary of Sept. 11
CURRENT STATE OF SECURITY… OUTSIDER - PHYSICAL ATTACKS Type of Adversary Criminal Foreign State-Sponsored Terrorist Domestic Terrorist Environmental Extremist Vandals Threat Level Many users have historically protected at this level.
VANDAL (LOWEST RISK) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Vandal: Usually between the ages of 7 – 19
FOREIGN STATE-SPONSORED TERRORIST (HIGHEST RISK) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],International Terrorist: Adult, Male or Female, Ideology Driven
LET’S EXAMINE INSIDER THREAT SPECTRUM Type of Adversary Disgruntled (Sending a Message) Super-Insider (coercion) Disgruntled (Revenge) Threat Level Criminal Acts (Personal Gain) Disgruntled (Collusion) ,[object Object],[object Object],[object Object],Increased Access, Motivation, & Skill Level increases threat
CYBER DBT IS AMATEUR HACKER & INSIDER WITH OPERATIONAL PRIVILEGES Novice Amateur Hacker Organized Crime Government Sponsored Type of Cyber Terrorist Knowledge
THE BASICS OF AN SVA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
THE BASICS OF AN SVA ,[object Object],[object Object],[object Object],[object Object],[object Object]
THE BASICS OF AN SVA ,[object Object],[object Object],[object Object],[object Object],[object Object]
Client XXX Security Improvement Cost Estimate Sandia Methodology Approach Summary of Risk Reduction Solutions for Client XXX RISK REDUCTION SOLUTION CRITICAL ASSET DESCRIPTION ESTIMATED COST (1A) Control # X Relocate with New Housing $TBD (1B) Control # X Perimeter Security Improvements & Upgrades $600,000 (2A) Control # Y & I-XX/C-XX Culverts Perimeter Security Improvements $200,000 (2B) As Above Hardening Measures $190,000 (3A) WTP Facility Perimeter Security Improvements & Upgrade 1,240,000 (3B) As Above Perimeter Security Improvements & Upgrade 300,000 (3C) As Above Hardening Measures 1,060,000 TOTAL $3,590,000
Client XXX Security Improvement Cost Estimate Deterrent Methodology Approach Summary of Risk Reduction Solutions for Client XXX RISK REDUCTION SOLUTION CRITICAL ASSET DESCRIPTION ESTIMATED COST (1A) Control # X Relocate with New Housing $TBD (1B) Control # X Perimeter Security Improvements & Upgrades $276,000 (2A) Control # Y & I-XX/C-XX Culverts Perimeter Security Improvements $105,400 (2B) As Above Hardening Measures N/A (3A) WTP Facility Perimeter Security Improvements & Upgrade $560,500 (3B) As Above Perimeter Security Improvements & Upgrade $192,000 (3C) As Above Hardening Measures $1,060,000 TOTAL REDUCTION OF 68.42% $1,133,900
WHY IS AN SVA SO IMPORTANT?
A PROPERLY EXECUTED SVA PROVIDES: ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
WITHOUT PERFORMING A VA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
HISTORY OF SVA LEGISLATION ,[object Object],[object Object],[object Object]
CRITICAL INFRASTRUCTURES SUPPORT COMMAND AND CONTROL
HISTORY OF SVA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
HISTORY OF SVA ,[object Object],Since1998 the National Petroleum Council has been reviewing the vulnerabilities of oil & gas industry to attack (both physical and cyber). Post 9/11, oil and gas has been monitoring the security of its oil and gas transportation network, its refineries and its distribution facilities The American Petroleum Institute is coordinating information sharing among members. ISAC (Information Sharing and Analysis Center) has been promoting collection, assessment, and sharing of oil & gas member information on physical and electronic threats, vulnerabilities, incidents, and solutions/best practices.
HISTORY OF SVA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
NEW INITIATIVES BY STATE ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
NEW JERSEY ,[object Object],[object Object],[object Object],[object Object],[object Object]
MARYLAND ,[object Object],[object Object],[object Object],[object Object]
ILLINOIS ,[object Object],[object Object],[object Object]
HISTORY OF SVA ,[object Object],[object Object],[object Object],[object Object],[object Object]
HISTORY OF SVA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
NEW LEGISLATION ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
CLEAR PATTERN ,[object Object],[object Object],[object Object]
LIABILITY
LIABILITY ISSUES ,[object Object],[object Object]
LIABILITY ISSUES ,[object Object]
LIABILITY ISSUES ,[object Object],[object Object]
LIABILITY ISSUES ,[object Object],[object Object]
NEGLIGENCE ISSUES ,[object Object],[object Object]
NEGLIGENCE ISSUES ,[object Object],[object Object]
NEGLIGENCE ISSUES ,[object Object],[object Object]
FURTHER LIABILITY ISSUES ,[object Object],[object Object]
STATEMENT ,[object Object]
FURTHER LIABILITY ISSUES ,[object Object]
 
LACK OF DESIGN CRITERIA ,[object Object],[object Object],[object Object],[object Object],[object Object]
INADEQUATE SECURITY ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
QUESTIONS THAT CAN BE ANSWERED BY PROPER SECURITY DESIGN CRITERIA
LIKELY QUESTIONS…. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
LIKELY QUESTIONS… ,[object Object],[object Object],[object Object],[object Object],[object Object]
FURTHER LIABILITY ISSUES ,[object Object],[object Object],[object Object],[object Object]
FURTHER LIABILITY ISSUES ,[object Object],[object Object],[object Object],[object Object],[object Object]
SOLUTIONS
SECURITY VULNERABILITY ASSESSMENT (SVA) ,[object Object],[object Object]
SECURITY VULNERABILITY ASSESSMENT (SVA) ,[object Object],[object Object],[object Object]
SECURITY VULNERABILITY ASSESSMENT (SVA) ,[object Object],[object Object]
SOLUTIONS ,[object Object],[object Object],[object Object]
SOLUTIONS ,[object Object],[object Object],[object Object]
SOLUTIONS ,[object Object],[object Object],[object Object]
QUESTIONS www.wivenhoegroup.com Phone: 609-208-0112 E-mail: info@wivenhoegroup.com

Recomendados

Adequate securitynew1404.019
Adequate securitynew1404.019Adequate securitynew1404.019
Adequate securitynew1404.019Wivenhoe Management Group
 
Pa awwa2006 presentationrev1fin_feb
Pa awwa2006 presentationrev1fin_febPa awwa2006 presentationrev1fin_feb
Pa awwa2006 presentationrev1fin_febWivenhoe Management Group
 
Security vulnerability assessment & liability(li)
Security vulnerability assessment & liability(li)Security vulnerability assessment & liability(li)
Security vulnerability assessment & liability(li)Wivenhoe Management Group
 
AWWAWCEnv1102.009
AWWAWCEnv1102.009AWWAWCEnv1102.009
AWWAWCEnv1102.009Wivenhoe Management Group
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk AssessmentResolver Inc.
 
ComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityAnthony Dials
 
Wastewater Workshop Presentation 2007[2 R]
Wastewater Workshop Presentation 2007[2 R]Wastewater Workshop Presentation 2007[2 R]
Wastewater Workshop Presentation 2007[2 R]Wivenhoe Management Group
 

Recomendados

Adequate securitynew1404.019
Adequate securitynew1404.019Adequate securitynew1404.019
Adequate securitynew1404.019Wivenhoe Management Group
 
Pa awwa2006 presentationrev1fin_feb
Pa awwa2006 presentationrev1fin_febPa awwa2006 presentationrev1fin_feb
Pa awwa2006 presentationrev1fin_febWivenhoe Management Group
 
Security vulnerability assessment & liability(li)
Security vulnerability assessment & liability(li)Security vulnerability assessment & liability(li)
Security vulnerability assessment & liability(li)Wivenhoe Management Group
 
AWWAWCEnv1102.009
AWWAWCEnv1102.009AWWAWCEnv1102.009
AWWAWCEnv1102.009Wivenhoe Management Group
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk AssessmentResolver Inc.
 
ComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityAnthony Dials
 
Wastewater Workshop Presentation 2007[2 R]
Wastewater Workshop Presentation 2007[2 R]Wastewater Workshop Presentation 2007[2 R]
Wastewater Workshop Presentation 2007[2 R]Wivenhoe Management Group
 
Risk Management Methodology - Copy
Risk Management Methodology - CopyRisk Management Methodology - Copy
Risk Management Methodology - CopyRabah Odeh ITIL 5.0-OCP-CISA-PMP-OCP..etc
 
Cyber Attack Survival
Cyber Attack SurvivalCyber Attack Survival
Cyber Attack SurvivalSkoda Minotti
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident responseBrian Honan
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Risk Assessment And Management
Risk Assessment And ManagementRisk Assessment And Management
Risk Assessment And Managementvikasraina
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response PlanThomas Christopher Ty
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk AssessmentsJoAnna Cheshire
 
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...EC-Council
 
Pitfalls of Cyber Data
Pitfalls of Cyber DataPitfalls of Cyber Data
Pitfalls of Cyber DataPhil Huggins FBCS CITP
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Bay Dynamics
Bay DynamicsBay Dynamics
Bay DynamicsMeg Vorland
 
Incident Response: Security's Special Teams
Incident Response: Security's Special TeamsIncident Response: Security's Special Teams
Incident Response: Security's Special TeamsResilient Systems
 
Internal Risk Management
Internal Risk ManagementInternal Risk Management
Internal Risk ManagementBarry Caplin
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Information Secuirty Vulnerability Management
Information Secuirty Vulnerability ManagementInformation Secuirty Vulnerability Management
Information Secuirty Vulnerability Managementtschraider
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management ProgramDennis Chaupis
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionIvanti
 
Sample Incident Response Plan
Sample Incident Response PlanSample Incident Response Plan
Sample Incident Response PlanMatthew J McMahon
 
Security vulnerability assessment & liability dsm linkedin
Security vulnerability assessment & liability dsm linkedinSecurity vulnerability assessment & liability dsm linkedin
Security vulnerability assessment & liability dsm linkedinWivenhoe Management Group
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 

Mais conteúdo relacionado

Mais procurados

Cyber Attack Survival
Cyber Attack SurvivalCyber Attack Survival
Cyber Attack SurvivalSkoda Minotti
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident responseBrian Honan
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Risk Assessment And Management
Risk Assessment And ManagementRisk Assessment And Management
Risk Assessment And Managementvikasraina
 
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...EC-Council
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Incident Response: Security's Special Teams
Incident Response: Security's Special TeamsIncident Response: Security's Special Teams
Incident Response: Security's Special TeamsResilient Systems
 
Internal Risk Management
Internal Risk ManagementInternal Risk Management
Internal Risk ManagementBarry Caplin
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Information Secuirty Vulnerability Management
Information Secuirty Vulnerability ManagementInformation Secuirty Vulnerability Management
Information Secuirty Vulnerability Managementtschraider
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management ProgramDennis Chaupis
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionIvanti
 
Sample Incident Response Plan
Sample Incident Response PlanSample Incident Response Plan
Sample Incident Response PlanMatthew J McMahon
 

Mais procurados (20)

Risk Management Methodology - Copy
Risk Management Methodology - CopyRisk Management Methodology - Copy
Risk Management Methodology - Copy
 
Cyber Attack Survival
Cyber Attack SurvivalCyber Attack Survival
Cyber Attack Survival
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident response
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
Risk Assessment And Management
Risk Assessment And ManagementRisk Assessment And Management
Risk Assessment And Management
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response Plan
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk Assessments
 
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
 
Pitfalls of Cyber Data
Pitfalls of Cyber DataPitfalls of Cyber Data
Pitfalls of Cyber Data
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
 
Bay Dynamics
Bay DynamicsBay Dynamics
Bay Dynamics
 
Incident Response: Security's Special Teams
Incident Response: Security's Special TeamsIncident Response: Security's Special Teams
Incident Response: Security's Special Teams
 
Internal Risk Management
Internal Risk ManagementInternal Risk Management
Internal Risk Management
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the risk
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Information Secuirty Vulnerability Management
Information Secuirty Vulnerability ManagementInformation Secuirty Vulnerability Management
Information Secuirty Vulnerability Management
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management Program
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize Risk
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
Sample Incident Response Plan
Sample Incident Response PlanSample Incident Response Plan
Sample Incident Response Plan
 

Destaque

Security vulnerability assessment & liability dsm linkedin
Security vulnerability assessment & liability dsm linkedinSecurity vulnerability assessment & liability dsm linkedin
Security vulnerability assessment & liability dsm linkedinWivenhoe Management Group
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Cisco ccna-security note
Cisco ccna-security noteCisco ccna-security note
Cisco ccna-security notejihad nader
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentMarcelo Silva
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment PresentationLionel Medina
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesKellep Charles
 
Eight Steps to an Effective Vulnerability Assessment
Eight Steps to an Effective Vulnerability AssessmentEight Steps to an Effective Vulnerability Assessment
Eight Steps to an Effective Vulnerability AssessmentSirius
 

Destaque (7)

Security vulnerability assessment & liability dsm linkedin
Security vulnerability assessment & liability dsm linkedinSecurity vulnerability assessment & liability dsm linkedin
Security vulnerability assessment & liability dsm linkedin
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
Cisco ccna-security note
Cisco ccna-security noteCisco ccna-security note
Cisco ccna-security note
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment Presentation
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best Practices
 
Eight Steps to an Effective Vulnerability Assessment
Eight Steps to an Effective Vulnerability AssessmentEight Steps to an Effective Vulnerability Assessment
Eight Steps to an Effective Vulnerability Assessment
 

Semelhante a A W W A Presentation Regional Paper David Mc Cann

Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Lawguest8b10a3
 
Addressing cyber security
Addressing cyber securityAddressing cyber security
Addressing cyber securityFemi Ashaye
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
 
CTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxCTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxSophia Price
 
CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022SophiaPalmira1
 
RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™CPaschal
 
Massachusetts data privacy rules v6.0
Massachusetts data privacy rules v6.0Massachusetts data privacy rules v6.0
Massachusetts data privacy rules v6.0stevemeltzer
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousEthan S. Burger
 
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Wendy Knox Everette
 
Unconventional Risks Presented by Synergy Assoc
Unconventional Risks Presented by Synergy AssocUnconventional Risks Presented by Synergy Assoc
Unconventional Risks Presented by Synergy AssocSujit Ghosh
 
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachLegal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachDawn Yankeelov
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Michael C. Keeling, Esq.
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overviewdr_edw777
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementKeelan Stewart
 
2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance Raffa Learning Community
 
Cybersecurity Whistleblower Protection Guide
Cybersecurity Whistleblower Protection GuideCybersecurity Whistleblower Protection Guide
Cybersecurity Whistleblower Protection GuideBenjamin Tugendstein
 
Unit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docxUnit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docxmarilucorr
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15James Fisher
 
The Black Report - Hackers
The Black Report - HackersThe Black Report - Hackers
The Black Report - HackersDendreon
 

Semelhante a A W W A Presentation Regional Paper David Mc Cann (20)

Wivenhoe Management Group[2]
Wivenhoe Management Group[2]Wivenhoe Management Group[2]
Wivenhoe Management Group[2]
 
Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Law
 
Addressing cyber security
Addressing cyber securityAddressing cyber security
Addressing cyber security
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
 
CTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxCTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptx
 
CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022
 
RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™
 
Massachusetts data privacy rules v6.0
Massachusetts data privacy rules v6.0Massachusetts data privacy rules v6.0
Massachusetts data privacy rules v6.0
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
 
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
 
Unconventional Risks Presented by Synergy Assoc
Unconventional Risks Presented by Synergy AssocUnconventional Risks Presented by Synergy Assoc
Unconventional Risks Presented by Synergy Assoc
 
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachLegal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overview
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk Management
 
2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance
 
Cybersecurity Whistleblower Protection Guide
Cybersecurity Whistleblower Protection GuideCybersecurity Whistleblower Protection Guide
Cybersecurity Whistleblower Protection Guide
 
Unit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docxUnit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docx
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15
 
The Black Report - Hackers
The Black Report - HackersThe Black Report - Hackers
The Black Report - Hackers
 

Último

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 

Último (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

A W W A Presentation Regional Paper David Mc Cann

  • 2.
  • 3.
  • 4.
  • 5. AS A NATION THE US REMAINS AT ELEVATED THREAT LEVELS Current Prevailing Nationwide Threat Level: It was Raised to High around the Anniversary of Sept. 11
  • 6. CURRENT STATE OF SECURITY… OUTSIDER - PHYSICAL ATTACKS Type of Adversary Criminal Foreign State-Sponsored Terrorist Domestic Terrorist Environmental Extremist Vandals Threat Level Many users have historically protected at this level.
  • 7.
  • 8.
  • 9.
  • 10. CYBER DBT IS AMATEUR HACKER & INSIDER WITH OPERATIONAL PRIVILEGES Novice Amateur Hacker Organized Crime Government Sponsored Type of Cyber Terrorist Knowledge
  • 11.
  • 12.
  • 13.
  • 14. Client XXX Security Improvement Cost Estimate Sandia Methodology Approach Summary of Risk Reduction Solutions for Client XXX RISK REDUCTION SOLUTION CRITICAL ASSET DESCRIPTION ESTIMATED COST (1A) Control # X Relocate with New Housing $TBD (1B) Control # X Perimeter Security Improvements & Upgrades $600,000 (2A) Control # Y & I-XX/C-XX Culverts Perimeter Security Improvements $200,000 (2B) As Above Hardening Measures $190,000 (3A) WTP Facility Perimeter Security Improvements & Upgrade 1,240,000 (3B) As Above Perimeter Security Improvements & Upgrade 300,000 (3C) As Above Hardening Measures 1,060,000 TOTAL $3,590,000
  • 15. Client XXX Security Improvement Cost Estimate Deterrent Methodology Approach Summary of Risk Reduction Solutions for Client XXX RISK REDUCTION SOLUTION CRITICAL ASSET DESCRIPTION ESTIMATED COST (1A) Control # X Relocate with New Housing $TBD (1B) Control # X Perimeter Security Improvements & Upgrades $276,000 (2A) Control # Y & I-XX/C-XX Culverts Perimeter Security Improvements $105,400 (2B) As Above Hardening Measures N/A (3A) WTP Facility Perimeter Security Improvements & Upgrade $560,500 (3B) As Above Perimeter Security Improvements & Upgrade $192,000 (3C) As Above Hardening Measures $1,060,000 TOTAL REDUCTION OF 68.42% $1,133,900
  • 16. WHY IS AN SVA SO IMPORTANT?
  • 17.
  • 18.
  • 19.
  • 20. CRITICAL INFRASTRUCTURES SUPPORT COMMAND AND CONTROL
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.  
  • 44.
  • 45.
  • 46. QUESTIONS THAT CAN BE ANSWERED BY PROPER SECURITY DESIGN CRITERIA
  • 47.
  • 48.
  • 49.
  • 50.
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58. QUESTIONS www.wivenhoegroup.com Phone: 609-208-0112 E-mail: info@wivenhoegroup.com

Notas do Editor

  1. Notes:
  2. Notes:
  3. Notes:
  4. Notes:
  5. Notes:
  6. The wording of these questions will be improved
  7. This is just a slide indicating that I will be happy to answer any questions…