SlideShare uma empresa Scribd logo

A Strategy for Addressing Cyber Security Challenges

Cybersecurity Education and Research Centre
Cybersecurity Education and Research Centre

Talk that Prof. Mustaque Ahamad from GaTech gave at Global Cybersecurity Leaders Program http://www.cisoacademy.com/gclp2-prof-mustaque-ahamad-april-2015/

Tecnologia
1 de 16
Baixar para ler offline
A  Strategy  for  Addressing  Cyber   Security  Challenges   Mustaque  Ahamad   Professor  of  Computer  Science,  Georgia  Ins>tute  of  Technology   Global  Professor  of  Engineering,  New  York  University  Abu  Dhabi   Co-­‐founder  and  Chief  Scien>st,  Pindrop  Security  
A  Couple  of  Observa>ons   •  Cyber  security  has  become  an  extremely   important  problem  for  people,  businesses  and   governments.   •  Addressing  cyber  security  challenges  presents   serious  challenges.   •  Cyber  now  reaches  into  cri>cal  physical   systems.   •  Cyber  security  is  going  to  be  a  journey,  not  a   des>na>on.  
Are  Things  Really  Bad?   •  Growing  sophis>ca>on  of  the  threat  landscape   –  Cyber  criminals,  hack>vits,  terrorists  and  na>on-­‐states   –  Cyber  crime  costs  are  reaching  half  a  trillion  dollars  (In   India,  0.21%  of  GDP,  McAfee  2014  Report)   –  Greatest  transfer  of  wealth  (Keith  Alexander,   hXp://foreignpolicy.com/2012/07/09/nsa-­‐chief-­‐cybercrime-­‐cons>tutes-­‐the-­‐greatest-­‐transfer-­‐of-­‐wealth-­‐in-­‐history/  )   •  Complex  technology  ecosystem   –  “Reflec>ons  on  trus>ng  trust”   •  People,  processes  and  coordina>on  across   mul>ple  stakeholders    
Threats  +  Vulnerabili>es  =>  AXacks   •  Can  we  make  threats  go  away?   •  AXribu>on  is  extremely  difficult   •  Global  and  transna>onal   •  How  can  we  address  vulnerabili>es?   •  Security  errors  in  sofware  (over  1700  entries  in  NVD  in  last   3  months)   •  Asymmetry  –  aXackers  only  need  to  find  one  bug,  we  need   to  fix  all   •  People  are  weak  links   •  Only  higher  assurance,  no  perfect  security   –  Stronger  preven>on  and  early  detec>on   –   Faster  recovery  and  remedia>on  
So,  What  Can  We  Do?   •  Educa>on   – Developing  the  “security  mindset”   – Undergraduate  and  graduate  programs   •  Research   – Rapidly  evolving  field   •  Policy,  legal  and  regula>on   – It  is  much  more  than  technology  
Educa>ng  Cyber  Security  Professionals   •  US  Na>onal  Ini>a>ve  for  Cybersecurity   Educa>on  (NICE)  hXp://csrc.nist.gov/nice/framework/    
Capacity  Building  for  Educa>ng  Cyber   Security  Professionals   •  What  do  we  do?   –  Undergraduate  or  graduate  programs?   –  Integra>ng  security  concepts  in  CS  curriculum?   –  Voca>onal  programs?   •   How  do  we  do  it?   –  So,  where  do  we  find  cyber  security  faculty?   –  Developing  hands  on  projects  and  laboratories   •  US  Response   –  Centers  of  Excellence  Program  (NSA/DHS)   –  Scholarship-­‐for-­‐Service  (SFS)  Program)   –  NSF  SaTC  Educa>on  Projects   •  Curriculum  development,  sharing,  workshops  etc.  
Research  Capacity  Building   •  Evolving  threat  landscape  and  rapidly   changing  technologies   – Gelng  ahead  of  emerging  threats   – “Test  and  verify”  rather  than  “trust  but  verify”   •  Diverse  set  of  research  challenges   – Trustworthiness  of  technology  to  human   dimension   •  Real-­‐world  impact  of  research   – Tech  transfer  and  commercializa>on  
Example  I:  Malware  Analysis   •  Scalable  malware  analysis  system   processes  approximately  250K   samples  a  day   •  Extrac>ng  features  from   communica>on  paXerns   •  Big  data  due  to  deep  packet   analysis  and  event  volume   •  Machine  learning  for  aXribu>on   •  Visualiza>on  and  ac>onable   intelligence               Mariposa  Botnet   Tracking  and  Takedown  
Example  II:  Data-­‐Driven  Cyber  Risk   •  Collect  cyber  risk  relevant  data   from  mul>ple  sources   – Vulnerabili>es   – Exploit  kits  and  malware   – AXack  data  (public  and     private)   •  Analy>cs  and  visualiza>on   – Lean  back  and  lean  forward               Calendar  view  of     reported  vulnerabili>es  
Na>onal  R&D  Strategy:  US  Example   •  Na>onal  Science  Founda>on  Secure  and  Trustworthy   (SaTC)   –  Launched  afer  developing  a  na>onal  strategy  ( hXps://www.whitehouse.gov/sites/default/files/microsites/ostp/fed_cybersecurity_rd_strategic_plan_2011.pdf)   –  Interdisciplinary  including  behavioral  and  economic  aspects   •  DHS,  DARPA  and  NSA  Ini>a>ves   –  Cri>cal  infrastructure  security  (CPS)   –  Resilient  and  transparent  compu>ng   –  Science  of  security   •  Networking  and  Informa>on  Technology  Research  and   Development  (NITRD)  Program   –  Coordinated  across  mul>ple  agencies   –  High  level  goal  is  to  maintain  US  technological  leadership  in  this   field  
Cyber  Security  Policy   •  Policy  development  is  as  important  as  best   technical  safeguards   •  Should  companies  and  government  agencies   required  to  prac>ce  certain  level  of  cyber   hygiene?   •  Informa>on  sharing  and  coordina>on   •  Privacy   •  Legal  and  enforcement  issues  
Lessons  Learned   •  Educa>on  capacity  building   – Aggressively  support  centers  like  CERC  IIIT  Delhi     – CS  curriculum  needs  to  be  augmented  with  cyber   security  offerings  at  all  levels   – “Educa>ng  the  educators”  –  summer  schools,   workshops  and  hosted  programs   – What  do  we  do  about  faculty?   •  Incen>ves  for  CS  faculty  members  to  shif/expand  their   research  into  cyber  security   •  Be  crea>ve  (professor  of  prac>ce,  global  professor  etc.)  
Lessons  Learned  Contd.   •  Research  capacity  building   –  You  cannot  be  a  major  player  without  a  strong  research  base     •  How  many  papers  at  security  conferences  from  India?   –  Launch/seed  a  few  ambi>ous  (and  high  risk)  research  projects   like  NSF’s  fron>ers   –  Start/get  security  conferences  to  India  to  grow  the  community   –  Applied  research  exper>se   •  Cannot  only  rely  on  security  vendor  professionals  for  crisis  handling   •  CDC  for  cyber,  CERT  2.0?   –  Coordina>on  across  Na>onal  Labs,  DRDO??   –  Home  grown  cyber  security  companies??  
Lessons  Learned  Contd.   •  Cyber  security  is  much  more  than  technology   – Policy,  regulatory  and  legal  dimensions   – Cyber  security  maturity  model  and  best  prac>ces   – Preparedness  assessment   – Conversa>ons  at  the  highest  level  (WEF  ini>a>ve)   – Informa>on  sharing,  coordina>on  and  mutual  aid   – Informal  trust  networks  
Conclusions   •  Cyber  risk  ranks  among  the  top  global  risks   (2015  WEF  Global  risks  report)   •  Na>onal  response  is  of  cri>cal  importance   •  Need  to  move  at  “network  speed”   •  It  is  all  about  capacity  building   •  Ignore  research  at  your  own  peril    

Recomendados

Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...
Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...
Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...Cybersecurity Education and Research Centre
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...BCM Institute
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
Cyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation SlidesCyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation SlidesSlideTeam
 
Webinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWebinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWPICPE
 
Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)AT-NET Services, Inc. - Charleston Division
 

Recomendados

Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...
Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...
Data-Driven Assessment of Cyber Risk: Challenges in Assessing and Migrating C...Cybersecurity Education and Research Centre
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...BCM Institute
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
Cyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation SlidesCyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation SlidesSlideTeam
 
Webinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWebinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWPICPE
 
Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)AT-NET Services, Inc. - Charleston Division
 
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryHow COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryCR Group
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]APNIC
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019PECB
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015ITSM Academy, Inc.
 
The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015Security Innovation
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber securitySumanPramanik7
 
Cisa ransomware guide
Cisa ransomware guideCisa ransomware guide
Cisa ransomware guideanpapathanasiou
 
WhyNormShield
WhyNormShieldWhyNormShield
WhyNormShieldCandan BOLUKBAS
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityGopiRajan4
 
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyScience of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyShawn Riley
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsIBM Security
 
Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chainaletarw
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRTAPNIC
 
CSIRT_16_Jun
CSIRT_16_JunCSIRT_16_Jun
CSIRT_16_JunCandan BOLUKBAS
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Hamisi Kibonde
 
The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...Aladdin Dandis
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessStephen Cobb
 
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCCyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCAT-NET Services, Inc. - Charleston Division
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
Webinar ISO 27001 informatiebeveiliging: revisie, certificering en implementa...
Webinar ISO 27001 informatiebeveiliging: revisie, certificering en implementa...Webinar ISO 27001 informatiebeveiliging: revisie, certificering en implementa...
Webinar ISO 27001 informatiebeveiliging: revisie, certificering en implementa...Lloyd's Register Quality Assurance Nederland
 

Mais conteúdo relacionado

Mais procurados

How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryHow COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryCR Group
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]APNIC
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019PECB
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015ITSM Academy, Inc.
 
The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015Security Innovation
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber securitySumanPramanik7
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityGopiRajan4
 
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyScience of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyShawn Riley
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsIBM Security
 
Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chainaletarw
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRTAPNIC
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Hamisi Kibonde
 
The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...Aladdin Dandis
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessStephen Cobb
 

Mais procurados (20)

How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryHow COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015
 
The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber security
 
Cisa ransomware guide
Cisa ransomware guideCisa ransomware guide
Cisa ransomware guide
 
WhyNormShield
WhyNormShieldWhyNormShield
WhyNormShield
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber security
 
Science of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis MethodologyScience of Security: Cyber Ecosystem Attack Analysis Methodology
Science of Security: Cyber Ecosystem Attack Analysis Methodology
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chain
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRT
 
CSIRT_16_Jun
CSIRT_16_JunCSIRT_16_Jun
CSIRT_16_Jun
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)
 
The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good Business
 
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCCyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
 

Destaque

Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032PECB
 
Developing A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramDeveloping A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramBGA Cyber Security
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 

Destaque (7)

Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
Webinar ISO 27001 informatiebeveiliging: revisie, certificering en implementa...
Webinar ISO 27001 informatiebeveiliging: revisie, certificering en implementa...Webinar ISO 27001 informatiebeveiliging: revisie, certificering en implementa...
Webinar ISO 27001 informatiebeveiliging: revisie, certificering en implementa...
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
 
Developing A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramDeveloping A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response Program
 
Ch14 Policies and Legislation
Ch14 Policies and LegislationCh14 Policies and Legislation
Ch14 Policies and Legislation
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 

Semelhante a A Strategy for Addressing Cyber Security Challenges

Testimony of Terry V. Benzel, University of Southern California Information S...
Testimony of Terry V. Benzel, University of Southern California Information S...Testimony of Terry V. Benzel, University of Southern California Information S...
Testimony of Terry V. Benzel, University of Southern California Information S...DETER-Project
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWPICPE
 
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017Maurice Dawson
 
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAECybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE360 BSI
 
2018 OPM Cybersecurity Career Day - Protect & Defend
2018 OPM Cybersecurity Career Day - Protect & Defend2018 OPM Cybersecurity Career Day - Protect & Defend
2018 OPM Cybersecurity Career Day - Protect & DefendBrian Andrzejewski
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...360 BSI
 
CISSP Certification Training Course
CISSP Certification Training CourseCISSP Certification Training Course
CISSP Certification Training CourseRicky Lionel Vaz
 
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...Florence Hudson
 
Cyber Security_Presentation_KTH
Cyber Security_Presentation_KTHCyber Security_Presentation_KTH
Cyber Security_Presentation_KTHAwais Shibli
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...360 BSI
 
UCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptxUCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptxucisa
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Priyanka Aash
 
Trustworthy Computational Science: A Multi-decade Perspective
Trustworthy Computational Science: A Multi-decade PerspectiveTrustworthy Computational Science: A Multi-decade Perspective
Trustworthy Computational Science: A Multi-decade PerspectiveVon Welch
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
Scientific Software Challenges and Community Responses
Scientific Software Challenges and Community ResponsesScientific Software Challenges and Community Responses
Scientific Software Challenges and Community ResponsesDaniel S. Katz
 
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi KenyaRegional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi KenyaMartin M
 
Responsible AI & Cybersecurity: A tale of two technology risks
Responsible AI & Cybersecurity: A tale of two technology risksResponsible AI & Cybersecurity: A tale of two technology risks
Responsible AI & Cybersecurity: A tale of two technology risksLiming Zhu
 
SMi Group's Oil and Gas Cyber Security North America
SMi Group's Oil and Gas Cyber Security North AmericaSMi Group's Oil and Gas Cyber Security North America
SMi Group's Oil and Gas Cyber Security North AmericaDale Butler
 
NSF SI2 program discussion at 2014 SI2 PI meeting
NSF SI2 program discussion at 2014 SI2 PI meetingNSF SI2 program discussion at 2014 SI2 PI meeting
NSF SI2 program discussion at 2014 SI2 PI meetingDaniel S. Katz
 
Improving cyber security using biosecurity experience
Improving cyber security using biosecurity experienceImproving cyber security using biosecurity experience
Improving cyber security using biosecurity experienceNorman Johnson
 

Semelhante a A Strategy for Addressing Cyber Security Challenges (20)

Testimony of Terry V. Benzel, University of Southern California Information S...
Testimony of Terry V. Benzel, University of Southern California Information S...Testimony of Terry V. Benzel, University of Southern California Information S...
Testimony of Terry V. Benzel, University of Southern California Information S...
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on Utilities
 
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
 
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAECybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
 
2018 OPM Cybersecurity Career Day - Protect & Defend
2018 OPM Cybersecurity Career Day - Protect & Defend2018 OPM Cybersecurity Career Day - Protect & Defend
2018 OPM Cybersecurity Career Day - Protect & Defend
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
 
CISSP Certification Training Course
CISSP Certification Training CourseCISSP Certification Training Course
CISSP Certification Training Course
 
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
 
Cyber Security_Presentation_KTH
Cyber Security_Presentation_KTHCyber Security_Presentation_KTH
Cyber Security_Presentation_KTH
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
 
UCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptxUCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptx
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst
 
Trustworthy Computational Science: A Multi-decade Perspective
Trustworthy Computational Science: A Multi-decade PerspectiveTrustworthy Computational Science: A Multi-decade Perspective
Trustworthy Computational Science: A Multi-decade Perspective
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
 
Scientific Software Challenges and Community Responses
Scientific Software Challenges and Community ResponsesScientific Software Challenges and Community Responses
Scientific Software Challenges and Community Responses
 
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi KenyaRegional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
 
Responsible AI & Cybersecurity: A tale of two technology risks
Responsible AI & Cybersecurity: A tale of two technology risksResponsible AI & Cybersecurity: A tale of two technology risks
Responsible AI & Cybersecurity: A tale of two technology risks
 
SMi Group's Oil and Gas Cyber Security North America
SMi Group's Oil and Gas Cyber Security North AmericaSMi Group's Oil and Gas Cyber Security North America
SMi Group's Oil and Gas Cyber Security North America
 
NSF SI2 program discussion at 2014 SI2 PI meeting
NSF SI2 program discussion at 2014 SI2 PI meetingNSF SI2 program discussion at 2014 SI2 PI meeting
NSF SI2 program discussion at 2014 SI2 PI meeting
 
Improving cyber security using biosecurity experience
Improving cyber security using biosecurity experienceImproving cyber security using biosecurity experience
Improving cyber security using biosecurity experience
 

Mais de Cybersecurity Education and Research Centre

Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...Cybersecurity Education and Research Centre
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...Cybersecurity Education and Research Centre
 
Twitter and Polls: What Do 140 Characters Say About India General Elections 2014
Twitter and Polls: What Do 140 Characters Say About India General Elections 2014Twitter and Polls: What Do 140 Characters Say About India General Elections 2014
Twitter and Polls: What Do 140 Characters Say About India General Elections 2014Cybersecurity Education and Research Centre
 

Mais de Cybersecurity Education and Research Centre (16)

Automated Methods for Identity Resolution across Online Social Networks
Automated Methods for Identity Resolution across Online Social NetworksAutomated Methods for Identity Resolution across Online Social Networks
Automated Methods for Identity Resolution across Online Social Networks
 
Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...
 
Video Inpainting detection using inconsistencies in optical Flow
Video Inpainting detection using inconsistencies in optical FlowVideo Inpainting detection using inconsistencies in optical Flow
Video Inpainting detection using inconsistencies in optical Flow
 
TASVEER : Tomography of India’s Internet Infrastructure
TASVEER : Tomography of India’s Internet InfrastructureTASVEER : Tomography of India’s Internet Infrastructure
TASVEER : Tomography of India’s Internet Infrastructure
 
Identification and Analysis of Malicious Content on Facebook: A Survey
Identification and Analysis of Malicious Content on Facebook: A SurveyIdentification and Analysis of Malicious Content on Facebook: A Survey
Identification and Analysis of Malicious Content on Facebook: A Survey
 
Clotho : Saving Programs from Malformed Strings and Incorrect
Clotho : Saving Programs from Malformed Strings and IncorrectClotho : Saving Programs from Malformed Strings and Incorrect
Clotho : Saving Programs from Malformed Strings and Incorrect
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
 
Clotho: Saving Programs from Malformed Strings and Incorrect String-handling
Clotho: Saving Programs from Malformed Strings and Incorrect String-handling�Clotho: Saving Programs from Malformed Strings and Incorrect String-handling�
Clotho: Saving Programs from Malformed Strings and Incorrect String-handling
 
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsAnalyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
 
Emerging Phishing Trends and Effectiveness of the Anti-Phishing Landing Page
Emerging Phishing Trends and Effectiveness of the Anti-Phishing Landing PageEmerging Phishing Trends and Effectiveness of the Anti-Phishing Landing Page
Emerging Phishing Trends and Effectiveness of the Anti-Phishing Landing Page
 
Securing the Digital Enterprise
Securing the Digital EnterpriseSecuring the Digital Enterprise
Securing the Digital Enterprise
 
Broker Bots: Analyzing automated activity during High Impact Events on Twitter
Broker Bots: Analyzing automated activity during High Impact Events on TwitterBroker Bots: Analyzing automated activity during High Impact Events on Twitter
Broker Bots: Analyzing automated activity during High Impact Events on Twitter
 
Twitter and Polls: What Do 140 Characters Say About India General Elections 2014
Twitter and Polls: What Do 140 Characters Say About India General Elections 2014Twitter and Polls: What Do 140 Characters Say About India General Elections 2014
Twitter and Polls: What Do 140 Characters Say About India General Elections 2014
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
 
Exploration of gaps in Bitly's spam detection and relevant countermeasures
Exploration of gaps in Bitly's spam detection and relevant countermeasuresExploration of gaps in Bitly's spam detection and relevant countermeasures
Exploration of gaps in Bitly's spam detection and relevant countermeasures
 
The future of interaction & its security challenges
The future of interaction & its security challengesThe future of interaction & its security challenges
The future of interaction & its security challenges
 

Último

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 

A Strategy for Addressing Cyber Security Challenges

  • 1. A  Strategy  for  Addressing  Cyber   Security  Challenges   Mustaque  Ahamad   Professor  of  Computer  Science,  Georgia  Ins>tute  of  Technology   Global  Professor  of  Engineering,  New  York  University  Abu  Dhabi   Co-­‐founder  and  Chief  Scien>st,  Pindrop  Security  
  • 2. A  Couple  of  Observa>ons   •  Cyber  security  has  become  an  extremely   important  problem  for  people,  businesses  and   governments.   •  Addressing  cyber  security  challenges  presents   serious  challenges.   •  Cyber  now  reaches  into  cri>cal  physical   systems.   •  Cyber  security  is  going  to  be  a  journey,  not  a   des>na>on.  
  • 3. Are  Things  Really  Bad?   •  Growing  sophis>ca>on  of  the  threat  landscape   –  Cyber  criminals,  hack>vits,  terrorists  and  na>on-­‐states   –  Cyber  crime  costs  are  reaching  half  a  trillion  dollars  (In   India,  0.21%  of  GDP,  McAfee  2014  Report)   –  Greatest  transfer  of  wealth  (Keith  Alexander,   hXp://foreignpolicy.com/2012/07/09/nsa-­‐chief-­‐cybercrime-­‐cons>tutes-­‐the-­‐greatest-­‐transfer-­‐of-­‐wealth-­‐in-­‐history/  )   •  Complex  technology  ecosystem   –  “Reflec>ons  on  trus>ng  trust”   •  People,  processes  and  coordina>on  across   mul>ple  stakeholders    
  • 4. Threats  +  Vulnerabili>es  =>  AXacks   •  Can  we  make  threats  go  away?   •  AXribu>on  is  extremely  difficult   •  Global  and  transna>onal   •  How  can  we  address  vulnerabili>es?   •  Security  errors  in  sofware  (over  1700  entries  in  NVD  in  last   3  months)   •  Asymmetry  –  aXackers  only  need  to  find  one  bug,  we  need   to  fix  all   •  People  are  weak  links   •  Only  higher  assurance,  no  perfect  security   –  Stronger  preven>on  and  early  detec>on   –   Faster  recovery  and  remedia>on  
  • 5. So,  What  Can  We  Do?   •  Educa>on   – Developing  the  “security  mindset”   – Undergraduate  and  graduate  programs   •  Research   – Rapidly  evolving  field   •  Policy,  legal  and  regula>on   – It  is  much  more  than  technology  
  • 6. Educa>ng  Cyber  Security  Professionals   •  US  Na>onal  Ini>a>ve  for  Cybersecurity   Educa>on  (NICE)  hXp://csrc.nist.gov/nice/framework/    
  • 7. Capacity  Building  for  Educa>ng  Cyber   Security  Professionals   •  What  do  we  do?   –  Undergraduate  or  graduate  programs?   –  Integra>ng  security  concepts  in  CS  curriculum?   –  Voca>onal  programs?   •   How  do  we  do  it?   –  So,  where  do  we  find  cyber  security  faculty?   –  Developing  hands  on  projects  and  laboratories   •  US  Response   –  Centers  of  Excellence  Program  (NSA/DHS)   –  Scholarship-­‐for-­‐Service  (SFS)  Program)   –  NSF  SaTC  Educa>on  Projects   •  Curriculum  development,  sharing,  workshops  etc.  
  • 8. Research  Capacity  Building   •  Evolving  threat  landscape  and  rapidly   changing  technologies   – Gelng  ahead  of  emerging  threats   – “Test  and  verify”  rather  than  “trust  but  verify”   •  Diverse  set  of  research  challenges   – Trustworthiness  of  technology  to  human   dimension   •  Real-­‐world  impact  of  research   – Tech  transfer  and  commercializa>on  
  • 9. Example  I:  Malware  Analysis   •  Scalable  malware  analysis  system   processes  approximately  250K   samples  a  day   •  Extrac>ng  features  from   communica>on  paXerns   •  Big  data  due  to  deep  packet   analysis  and  event  volume   •  Machine  learning  for  aXribu>on   •  Visualiza>on  and  ac>onable   intelligence               Mariposa  Botnet   Tracking  and  Takedown  
  • 10. Example  II:  Data-­‐Driven  Cyber  Risk   •  Collect  cyber  risk  relevant  data   from  mul>ple  sources   – Vulnerabili>es   – Exploit  kits  and  malware   – AXack  data  (public  and     private)   •  Analy>cs  and  visualiza>on   – Lean  back  and  lean  forward               Calendar  view  of     reported  vulnerabili>es  
  • 11. Na>onal  R&D  Strategy:  US  Example   •  Na>onal  Science  Founda>on  Secure  and  Trustworthy   (SaTC)   –  Launched  afer  developing  a  na>onal  strategy  ( hXps://www.whitehouse.gov/sites/default/files/microsites/ostp/fed_cybersecurity_rd_strategic_plan_2011.pdf)   –  Interdisciplinary  including  behavioral  and  economic  aspects   •  DHS,  DARPA  and  NSA  Ini>a>ves   –  Cri>cal  infrastructure  security  (CPS)   –  Resilient  and  transparent  compu>ng   –  Science  of  security   •  Networking  and  Informa>on  Technology  Research  and   Development  (NITRD)  Program   –  Coordinated  across  mul>ple  agencies   –  High  level  goal  is  to  maintain  US  technological  leadership  in  this   field  
  • 12. Cyber  Security  Policy   •  Policy  development  is  as  important  as  best   technical  safeguards   •  Should  companies  and  government  agencies   required  to  prac>ce  certain  level  of  cyber   hygiene?   •  Informa>on  sharing  and  coordina>on   •  Privacy   •  Legal  and  enforcement  issues  
  • 13. Lessons  Learned   •  Educa>on  capacity  building   – Aggressively  support  centers  like  CERC  IIIT  Delhi     – CS  curriculum  needs  to  be  augmented  with  cyber   security  offerings  at  all  levels   – “Educa>ng  the  educators”  –  summer  schools,   workshops  and  hosted  programs   – What  do  we  do  about  faculty?   •  Incen>ves  for  CS  faculty  members  to  shif/expand  their   research  into  cyber  security   •  Be  crea>ve  (professor  of  prac>ce,  global  professor  etc.)  
  • 14. Lessons  Learned  Contd.   •  Research  capacity  building   –  You  cannot  be  a  major  player  without  a  strong  research  base     •  How  many  papers  at  security  conferences  from  India?   –  Launch/seed  a  few  ambi>ous  (and  high  risk)  research  projects   like  NSF’s  fron>ers   –  Start/get  security  conferences  to  India  to  grow  the  community   –  Applied  research  exper>se   •  Cannot  only  rely  on  security  vendor  professionals  for  crisis  handling   •  CDC  for  cyber,  CERT  2.0?   –  Coordina>on  across  Na>onal  Labs,  DRDO??   –  Home  grown  cyber  security  companies??  
  • 15. Lessons  Learned  Contd.   •  Cyber  security  is  much  more  than  technology   – Policy,  regulatory  and  legal  dimensions   – Cyber  security  maturity  model  and  best  prac>ces   – Preparedness  assessment   – Conversa>ons  at  the  highest  level  (WEF  ini>a>ve)   – Informa>on  sharing,  coordina>on  and  mutual  aid   – Informal  trust  networks  
  • 16. Conclusions   •  Cyber  risk  ranks  among  the  top  global  risks   (2015  WEF  Global  risks  report)   •  Na>onal  response  is  of  cri>cal  importance   •  Need  to  move  at  “network  speed”   •  It  is  all  about  capacity  building   •  Ignore  research  at  your  own  peril