Dynamic Cyber Defense

•

1 gostou•1,090 visualizações

Presented by: John Fleker, HP Abstract: The cyber threat landscape is continually evolving. More and more, the critical infrastructure of our nation is at risk. Whether by nation-state actors, criminal organizations, hacktivists or any number of hackers looking to prove their skills, our safety and economic prosperity is threatened. There are four things that must be considered in order to address the evolving threats: 1- Becoming more proactive in our cyber defense efforts through intelligence 2- Better user behavior management 3- Assessing risk using meaningful metric 4- Resilience – operating through an intrusion We need to look at the threat picture differently – in a proactive way – to ensure that CEO’s and CIO/CISO’s are on the same page regarding the threat, to allow those leaders to make better resourcing decisions and to be better prepared to mitigate adversaries when they arrive at the security perimeter. We need to integrate a wider set of intelligence into our thinking. This is critical to taking a more proactive stance in defending your networks. Combined with what you know of your own network, cyber intelligence strategically helps make solid resource planning decisions and functionally, helps your network operators better defend, mitigate and operate through cyber intrusions. The Operational Levels of Cyber Intelligence paper by the Intelligence and National Security Alliance details a better way of using intelligence. www.insaonline.org/i/d/a/Resources/CyberIntel_WP.aspx Additionally, we must increase info sharing across the board. Executive Order 13636 - Improving Critical Infrastructure Cybersecurity is leading critical infrastructure that direction.

Tecnologia Negócios

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential.
9thAnnual EnergySec
September 19, 2013 Denver
John Felker
Director, Cyber and Intelligence Strategy
Hewlett-Packard Enterprise Services
Dynamic Cyber Defense

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2
Potential industrial control intrusion or error?

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3
Key cyber consideration points
•  Cyber threat landscape is continually evolving
•  Critical infrastructure of our nation is at risk
•  Nation-state actors, criminal organizations, hacktivists or script-kiddie hackers
•  Nations safety and economic prosperity is threatened
•  Four things to consider to address the evolving threats:
•  Be more proactive in our cyber defense efforts through intelligence
•  Better user behavior management
•  Assessing risk using meaningful metrics
•  Resilience – operating through an intrusion

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4
•  View the threat picture differently – PROACTIVELY
•  Ensure CEO’s and CIO/CISO’s understand threat the same way
•  Allow those leaders to make better resourcing decisions
•  Better preparation to mitigate adversaries at the security perimeter
•  Integrate a wider set of intelligence into our cybersecurity thinking
•  Critical to taking a more proactive stance
•  Strategically - own network & open source cyber intelligence = better resource planning decisions
•  Functionally - network operators can better defend, mitigate and operate through cyber intrusions
•  Operational Levels of Cyber Intelligence paper - Intelligence and National
Security Alliance – helps define cyber intelligence
www.insaonline.org/i/d/a/Resources/CyberIntel_WP.aspx
Additional key cyber consideration points

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5
•  MUST increase info sharing across the board –
•  Executive Order 13636 - Improving Critical Infrastructure Cybersecurity
is leading critical infrastructure that direction.
•  User behavior management policies and training only minimally
effective
•  User base is one of the most vulnerable portals to intrusions
•  poor user behavior can be prevented or at least improved
•  regular, effective (“sticky”) interaction with users improves user behavior
•  potentially makes your user base part of the security solution
Additional key cyber consideration points

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6
•  A common understanding of risk and appropriate risk metrics is
vital
•  Must understand/apply risk...it's more than just patches,
vulnerability etc.
•  Must understand threats outside the network – capability, access &
opportunity
•  Common metrics measure internal network hygiene efforts but
don’t address the value of the mission or intellectual property
•  Risk metrics need to make sense to leadership...
•  what's the business risk, not just the cost or network risk?
•  what are the business operations metrics, in cost and in network exposure?
•  how do changes in cybersecurity posture impact?
Additional key cyber consideration points

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7
•  All systems need to be able to operate through an intrusion
•  broad-based intelligence can help, but…
•  understanding your network
•  ensuring that “mission” operators and network operators are on the same page
•  exercising both sets of people and systems against intrusions is the best way
to be resilient
•  Smart grid resilience efforts provide a good model for IT supporting
the business to think about
Additional key cyber consideration points

Mais conteúdo relacionado

Mais procurados

Main points covered: • Understanding the inverted economics of cyber security, the incentives for cyber crime and its effect on the growing threat • Inefficiencies with the traditional approaches to cyber risk assessment and why we are not making more progress in enhancing cyber defenses • Resetting roles and responsibilities regarding cyber security within organizations • Developing empirical, cost-effective cyber risk assessments to meet the evolving threat Our presenter for this webinar is Larry Clinton, the president of the Internet Security Alliance (ISA), a multi-sector association focused on Cybersecurity thought leadership, policy advocacy, and best practices. Mr. Clinton advises both industry and governments around the world. He has twice been listed on the Corporate 100 list of the most influential people in corporate governance. He is the author of The Cyber Risk Handbook for Corporate Boards. PWC has found the use of this Handbook improves cyber budgeting, cyber risk management and helps create a culture of security. The Handbook has been published in the US, Germany, the UK and Latin America. He is currently working on a version for the European Conference of Directors Associations as well as versions for Japan and India. Mr. Clinton also leads ISA, public policy work built around their publication “The Cyber Security Social Contract” which the NATO Center of Cyber Excellence in Estonia asked for a briefing on. Recorded Webinar: https://www.youtube.com/watch?v=8qVtoqi37X8

Advanced Cybersecurity Risk Management: How to successfully address your Cybe...

PECB

Presented by: Andrew Plato, Anitian Abstract: Understanding, managing and responding to risk is one of the core functions of any information security program. However, for many organizations risk assessment is cumbersome and time consuming process. IT leaders, as well as security regulations, are demanding risk management practices that can deliver quick and actionable results. Rapid Risk Assessment is a new approach to risk management that dramatically reduces the time, effort, and complexity for IT security risk assessment. Using the existing principles of risk management defined in NIST 800-30 documents, Rapid Risk Assessment can deliver more actionable and reliable results empowering business leaders to make sound decisions about risk. The key to this approach is a unique combination of skills, organization, and documentation that accelerates every aspect of the risk management process. This presentation shows why current risk management tactics are failing and how Rapid Risk Assessment can correct those deficiencies.

Rapid Risk Assessment: A New Approach to Risk Management

EnergySec

As attacks on Sony and Target show, the impact of a breach can stretch for months. Knowing how to communicate to the various internal and external audiences is crucial to mitigating the trail of damage. The webinar features Melanie Dougherty Thomas, a crisis expert with more than 20 years of experience in marketing and communications. Melanie is Managing Director of Inform – a top communications firm that serves Fortune 500s. Melanie will outline strategies for: ·Incident investigation and assessment ·Public acknowledgement and media management ·Customer and social media responses ·Legal notifications and obligations Our featured speakers for this webinar will be: ·Melanie Dougherty Thomas, Managing Director, Inform ·Ted Julian, CMO, Co3 Systems

Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat

Resilient Systems

As a new CISO, you want to have an impact as quickly as possible - people will be watching and judging. But at the same time, you need to be practical about what's achievable in an organization that you're still getting to know. It's also important to consider the experience you bring to the role and how it applies - or doesn't - to your new job. In this webinar, we'll discuss three fundamental differences you're likely to experience in your new job and offer recommendations on strategic activities you can focus on in your first 90 days. New CISOs will gain a framework for identifying these quick wins. Existing CISOs will get an opportunity to refresh and revitalize their security program. Our featured speakers for this webinar will be: - Ted Julian, Chief Marketing Officer, Co3 Systems - Bill Campbell, IT Executive and Serial CISO Are you a CIPP holder? (CIPP/US, CIPP/C, CIPP/E, CIPP/G and CIPP/IT) Attend this webinar for CPE credit.

New CISO - The First 90 Days

Resilient Systems

Cybersecurity solution-guide

AdilsonSuende

With more than 50,000 new malware created every day organisations can no longer afford to risk the financial and reputational impacts of a security or data breach, which can be too much for a business to recover from. Because of this, IT managers face increasing scrutiny and pressure from CEOs, managing directors and boards to prove that they are keeping the organisation secure. The changing threat landscape means organisations need to be vigilant and smarter about security. While businesses still face threats from infected devices and malware, attackers have also moved beyond that. For example, there is an increasing number of targeted email attacks with cyber criminals spending time to monitor communications so they can imitate emails that are so sophisticated that even relatively savvy users will open them. This webinar will explore the building blocks required to ensure you have the roadmap required to best protection against cyber attacks. We will provide you with a high level view of the following topics: · Audit and discovery – What are your weaknesses and are you compliant? · Education – Do your employees know when not to open that attachment? · Policy – Do you have the right policies for your industry? · Technology – Where to start and what has changed?

Your cyber security webinar

Empired

"Thinking diffrent" about your information security strategy

Jason Clark

Tripwire Energy Working Group Session w/Dale Peterson

Tripwire

When we talk about cyber security, we recognize that it is part of a holistic approach to security and critical infrastructure protection. Tools and technology are not enough to ensure that mission critical systems provide capabilities needed for the military, continuity of government and commercial enterprises to continue operations in the face of emerging threats. Recognizing the unique nature of our location on the Hawaiian Islands in the middle of the Pacific, we also understand the importance of collaboration and alignment of critical infrastructure protection among the military, state government, commercial and public stakeholders. A comprehensive approach needs to include innovative capabilities, a thorough analysis of operational dependencies, and the organizational collaboration required to protect critical capabilities. In this session, we will discuss our innovate approach to developing a holistic cyber security approach for critical infrastructure and share a case study to help you think differently about your own approaches for security.

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense

EnergySec

Bob West - Educating the Board of Directors

centralohioissa

Vulnerability management - beyond scanning

Vladimir Jirasek

In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.

Cybersecurity Risk Management Program and Your Organization

McKonly & Asbury, LLP

Secrets to managing your Duty of Care in an ever- changing world. How well do you know your risks? Are you keeping up with your responsibilities to provide Duty of Care? How well are you prioritising Cybersecurity initiatives? Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives. Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello. The seminar will cover: • Fiduciary responsibility • How to efficiently deal with personal liability and the threat of court action • The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making • How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action

Cybersecurity Roadmap Development for Executives

Krist Davood - Principal - CIO

Dealing with Information Security, Risk Management & Cyber Resilience

Donald Tabone

Cyber Security Strategies and Approaches

vngundi

Cybersecurity Risks for Businesses

Alex Rudie

Intel Presentation from NIST Cybersecurity Framework Workshop 6

Phil Agcaoili

Setting up CSIRT

APNIC

What it Takes to be a CISO in 2017

Doug Copley

Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework

centralohioissa

Mais procurados (20)

Advanced Cybersecurity Risk Management: How to successfully address your Cybe...

Rapid Risk Assessment: A New Approach to Risk Management

Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat

New CISO - The First 90 Days

Cybersecurity solution-guide

Your cyber security webinar

"Thinking diffrent" about your information security strategy

Tripwire Energy Working Group Session w/Dale Peterson

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense

Bob West - Educating the Board of Directors

Vulnerability management - beyond scanning

Cybersecurity Risk Management Program and Your Organization

Cybersecurity Roadmap Development for Executives

Dealing with Information Security, Risk Management & Cyber Resilience

Cyber Security Strategies and Approaches

Cybersecurity Risks for Businesses

Intel Presentation from NIST Cybersecurity Framework Workshop 6

Setting up CSIRT

What it Takes to be a CISO in 2017

Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework

Destaque

Presented by: Chris Sistrunk, Entergy Abstract: IT folks have been doing it for years – building labs to test new products before rolling them out – but the concept is still rather revolutionary to most practitioners of SCADA security. Yet the benefits of a lab are many, including training staff and solving real-world problems by replicating and attacking them in the relatively low-risk lab environment. But how do you pitch this (not inexpensive) idea in a way that gets organizational buy-in? And if your organization is just too small, what are the factors to considering when using a third-party lab? Hear ideas and ask questions of someone who evolved his organization’s capabilities from one small lab to five complete labs.

Come See What’s Cooking in My Lab

EnergySec

Understanding Hacker Tools and Techniques: A live Demonstration

EnergySec

Energy Biographies Final Research report

energybiographies

Presented by: Jacob Kitchel, Industrial Defender Abstract: This presentation will review useful concepts and tools that can be applied by DevOps team with “Controlled Remediation”. We’ll demonstrate the application of non-security, system administration, deployment, monitoring and change tracking using tools to achieve controlled remediation. This will build a foundation through which security, compliance, and change management goals can be achieved in an automated fashion within control system environments. DevOps is a juxtaposition of the words “development” and “operations” and is meant to portray a tight relationship between the two traditionally separate roles which build and operate complex computer systems and software applications. DevOps groups work with a unified goal to rapidly and reliably deploy and manage the underlying systems which organizations rely upon to make a profit while balancing resource constraints. “Controlled Remediation” is a concept used to describe the use of automation to maintain acceptable configuration and settings on industrial cyber assets. Additionally, this presentation will discuss the variations of “Automated Remediation” and “Manual Remediation”.

6 Tools for Improving IT Operations in ICS Environments

EnergySec

Energy Challenges for Wales: The Flexible Integrated Energy Systems (FLEXIS) ...

energybiographies

Presented by: Spencer McIntyre, SecureState Abstract: Smart Meter Security is a growing topic in the security industry that hasn’t been discussed to its full potential. This presentation will discuss the types of vulnerabilities that have been found in Smart Meters, and give examples from real world assessments we’ve conducted. Different methods of accessing the meter will be presented such as over the optical interface and the Zigbee wireless radio. In addition, we will discuss a testing methodology we’ve developed which covers Smart Meter testing with the open source Termineter framework developed by the presenter. Finally a live demonstration of the attacks that were discussed will be performed on a real Smart Meter during the presentation for the audience. Finally the newest features in the Termineter framework will be discussed including the support for connecting to Meters over TCP/IP networks using C12.22. Audience members will leave the presentation with a detailed understanding of the types of vulnerabilities that affect smart meters and how they can be leveraged by an attacker.

How I learned to Stop Worrying and Start Loving the Smart Meter

EnergySec

Presented by: Slade Griffin, Contextual Security Solutions Abstract: This session will present Mr. Griffin’s observations made while working directly with utilities as they developed and built incident response processes and the teams to support them. Topic covered will be the architectural development of visibility into different types of networks using different technologies. Having the technology to gain visibility into your networks is less than half the battle, the next step is to properly tune down the “noise” to determine whether an incident is happening.

Building an Incident Response Team

EnergySec

Presented by: Lucas Apa and Carlos Mario Penagos, IOActive Abstract: The evolution of wireless technologies has allowed industrial automation and control systems (IACS) to become strategic assets for companies that rely on processing plants and facilities. When sensors and transmitters are attacked, remote sensor measurements on which critical decisions are made might be modified, this could lead to unexpected, harmful, and dangerous consequences. This presentation demonstrates attacks that exploit key distribution vulnerabilities we recently discovered in every wireless device made by three leading industrial wireless automation solution providers. We will review the most commonly implemented key distribution schemes, their weaknesses, and how vendors can more effectively align their designs with key distribution solutions.

Compromising Industrial Facilities From 40 Miles Away

EnergySec

Security Updates Matter: Exploitation for Beginners

EnergySec

Presented by: Chris Unton, Midwest ISO (MISO) Abstract: MISO embarked on a structured, comprehensive process improvement program to make advancements in cyber security risk reduction as well as CIP compliance. The program utilizes the Six Sigma framework to reduce process defects and gain efficiencies. The 13 month effort comprises process level health checks; assignment of functional roles, responsibilities, and oversight; cross-functional process improvement events; and training/awareness curriculums to lock in the improvements. As a result, MISO not only is strengthening its cyber security and compliance posture, but also positioning the company for a smoother adoption of controls based audits when applicable. In this presentation, Mr. Unton will walk through the process and show how this has been instrumental in greatly enhancing MISO’s security and compliance environment.

Structured NERC CIP Process Improvement Using Six Sigma

EnergySec

The problem of how to make the transition to a more environmentally and socially sustainable society poses questions about how such far - reaching social change can be brought about. In recent years, lifecourse transitions have been identified by a range of researchers as opportunities for policy and other actors to intervene to change how individuals use energy, taking advantage of such disruptive transitions to encourage individuals to be reflexive towards their lifestyles and how they use the technological infrastructures on which they rely. Such identifications, however, employ narratives of voluntary change which take an overly optimistic change of how individuals experience lifecourse transitions, and ignore effects of experiences of unresolved or unsucc essful transitions. Drawing on narrative interview data from the Energy Biographies project based at Cardiff University, we explore three case studies where effects of such unresolved transitions are significant. Using the concept of liminal transition as developed by Victor Turner, we examine instances where ‘progressive’ master narratives of energy use reduction clash with other ‘narrative genres’ which individuals use to make sense of change, based on experiences of transition. These clashes show how nar ratives which view lifecourse transitions as opportunities ignore the challenges that such transitions may pose to individual identity and thereby to interventions which position individuals as agents responsible for driving change

Energy biographies: narrative genres, lifecourse transitions and practice change

energybiographies

It has been argued that social technology assessment requires critique of the ‘worlds’ implicated in the future imaginaries through which expectations take shape around new technologies. Qualitative social science research can aid deliberation by exploring the meanings of technologies within everyday practices, as is demonstrate by Yolande Strengers’ ethnographic work on everyday energy use and imaginaries of ‘smartness’. In this paper, we show how a novel combination of narrative interviews and multimodal methods can help in explore future imaginaries of smartness through the lens of biographical experiences of socio-technical changes in how energy is used domestically. In particular, this approach can open up a critical space around future socio-technical imaginaries by exploring the investments that individuals have in different forms of engagement with the world and the relationship between these forms and particular technologies. Using a psychosocial framework that draws on theoretical resources from science and technology studies, we show how these investments can lead to shifts in the meaning of taken-for granted assumptions about the meaning of concepts like convenience, and how valued forms of subjectivity may be conceptualised as emerging out of the ‘friction’ of engagement with the world. In this way, we demonstrate the value for of ‘thick’ data relating to the affective dimensions of subjective experience for social technology assessment and responsible research and innovation.

The grit in the oyster:

energybiographies

This paper examines how the ways in which consumers use energy are shaped, not only by practice (Shove, Pantzar and Watson, 2012), but by biographically attachments to ways of life which relate to place and identity. Understanding how practices which require the consumption of energy may be transformed is vital for any transition towards socio-environmental sustainability. However, theorising and explaining the role of individual agency in practice change continues to present challenges. In this paper we address this issue by employing concepts of complex subjectivity to analyse some psychosocial dimensions of energy consumption. In particular, we focus on how a narrative interview-based and multimodal approach to understanding practice can render visible conflicts between different definitions of ‘need’ or the purpose of practices, which often develop into different (and sometimes incommensurable) forms of normative justification for engaging in different practices. Drawing on interviews conducted as part of the Energy Biographies project at Cardiff University, we show that engaging in practices is bound up with particular attachments that are seen by interviewees as constitutive of identity and of visions of ‘the good life’ or particular ways of determining what is ‘right’ in a given situation. Lifecourse transitions may produce conflicts between such normative frameworks which can create obstacles to the transformation of practices that are unaccounted for by practice theory.

Living the "Good Life"?: energy biographies, identities and competing normati...

energybiographies

Destaque (13)

Come See What’s Cooking in My Lab

Understanding Hacker Tools and Techniques: A live Demonstration

Energy Biographies Final Research report

6 Tools for Improving IT Operations in ICS Environments

Energy Challenges for Wales: The Flexible Integrated Energy Systems (FLEXIS) ...

How I learned to Stop Worrying and Start Loving the Smart Meter

Building an Incident Response Team

Compromising Industrial Facilities From 40 Miles Away

Security Updates Matter: Exploitation for Beginners

Structured NERC CIP Process Improvement Using Six Sigma

Energy biographies: narrative genres, lifecourse transitions and practice change

The grit in the oyster:

Living the "Good Life"?: energy biographies, identities and competing normati...

Semelhante a Dynamic Cyber Defense

Retail security-services--client-presentation

Joseph Schorr

Identifying Your Agency's Vulnerabilities

Emily2014

Tight alignment between compliance and security capabilities can make each component stronger than it would be by itself. Organizations that blend the two not only more effectively combat targeted attacks and data breaches, but also more easily meet compliance requirements and avoid expensive fines. Learn how leading organizations are leveraging continuous monitoring and incident response management to achieve a more secure and compliant enterprise.

Stay out of headlines for non compliance or data breach

Sridhar Karnam

IT Security Management -- People, Procedures and Tools

Andrew S. Baker (ASB)

Cybersecurity Best Practices in Financial Services

John Rapa

New technologies - Amer Haza'a

Fahmi Albaheth

Incorporating cloud computing for enhanced communication v2

Christian Verstraete

Protecting What Matters...An Enterprise Approach to Cloud Security

InnoTech

3 Things to Learn About:  * 1. Ransomware is a particular problem and currently the highest priority for healthcare organizations. Machine learning can use the structure of a malicious email to detect an attack even before the email is opened. * 2. Big data architectures provide the machine-learning models with the volume and variety of data required to achieve complete visibility across the spectrum of IT activity—from packets to logs to alerts.  * 3. Intel and industry partners are currently running one-hour, complimentary, confidential benchmark engagements for HLS organizations that want to see how their security compares with the industry .

Protecting health and life science organizations from breaches and ransomware

Cloudera, Inc.

Security professionals have years of experience logging and tracking network security events to identify unauthorized or malicious activity on a corporate network. Unfortunately, many of today's attacks are focused on the application layer, where the fidelity of logging for security events is less robust. Most application logs are typically used to see errors and failures and the internal state of the system, not events that might be interesting from a security perspective. Security practitioners are concerned with understanding patterns of user behavior and, in the event of an attack, being able to see an entire user’s session. How are application events different from network events? What type of information should security practitioners ensure software developers log for event analysis? What are the types of technologies that enable application-level logging and analysis? In this presentation, John Dickson will discuss what should be present in application logs to help understand threats and attacks, and better guard against them.

Top Strategies to Capture Security Intelligence for Applications

Denim Group

What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf

SecureCurve

Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...

EC-Council

GDPR | Cyber security process resilience

Rishi Kant

SECURITY AND CONTROL

shinydey

Managing Information for Impact

Donny Shimamoto

Top 10 tips for effective SOC/NOC collaboration or integration

Sridhar Karnam

With the increasing number of data breaches and cyber attacks, it's becoming clear that traditional security measures are no longer sufficient. Zero Trust security is an approach that assumes no user, device, or network is trustworthy by default. This seminar will explore the concept of Zero Trust and its application to data security. During this seminar, we will cover a range of topics related to Zero Trust and data security, including the history and evolution of Zero Trust, the key principles of Zero Trust, and the different applications of Zero Trust in data security. We will also discuss the impact of Zero Trust on the job market and the skills required to work effectively with this approach. Through a combination of lectures, case studies, and interactive discussions, attendees will gain a comprehensive understanding of the potential benefits of implementing a Zero Trust approach to data security. They will leave the seminar with practical insights and strategies to effectively leverage Zero Trust to protect their organization's data. Learning Objectives: Upon completion of this seminar, participants will be able to: 1. Understand the history and evolution of Zero Trust and its application to data security. 2. Gain insights into the key principles of Zero Trust and the different applications of this approach in data security. 3. Learn about the potential benefits and challenges of implementing a Zero Trust approach to data security. 4. Develop practical strategies for effectively leveraging Zero Trust to protect their organization's data. 5. Network with other industry professionals to share insights and best practices.

Zero Trust and Data Security

Career Communications Group

Cyber Security

NC Military Business Center

3 tips to funding your security program

CloudBees

U nit 4

Integral university, India

Semelhante a Dynamic Cyber Defense (20)

Retail security-services--client-presentation

Identifying Your Agency's Vulnerabilities

Stay out of headlines for non compliance or data breach

IT Security Management -- People, Procedures and Tools

Cybersecurity Best Practices in Financial Services

New technologies - Amer Haza'a

Incorporating cloud computing for enhanced communication v2

Protecting What Matters...An Enterprise Approach to Cloud Security

Protecting health and life science organizations from breaches and ransomware

Top Strategies to Capture Security Intelligence for Applications

What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf

Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...

GDPR | Cyber security process resilience

SECURITY AND CONTROL

Managing Information for Impact

Top 10 tips for effective SOC/NOC collaboration or integration

Zero Trust and Data Security

Cyber Security

3 tips to funding your security program

U nit 4

Mais de EnergySec

Over the past few years, penetration testing has gotten easier. What used to take a week of scanning, analysis, and exploit research now happens in one day on average in a common IT environment. The efficiency of compromise has increased based on several factors including increased knowledge sharing, more robust computing, and automated exploitation tools. OT environments are often utilizing the same operating systems and are prone to many of the same attacks. The main differences are the presence of custom protocols, embedded systems, and lack of formal security programs to address the gaps created by two-way data communication networks. This talk will show the most common attacks which our team currently uses to gain access and control over the networks and systems we test. More importantly, we will discuss the “top 10” things an organization can do to mitigate, remediate, and have active visibility into critical systems.

Slide Griffin - Practical Attacks and Mitigations

EnergySec

Innovative and disruptive technologies are enhancing and invading our traditional industrial business model. Future organizations will need more data to operate efficiently and succeed in the brave new interconnected world. The diversity of new technologies and data will fuel more diversity in business opportunity. Everyone expects more OT, more IoT, and more IT – and all of it is supposed to be highly reliable and secure. These factors (and more) lead to a landscape shift for the mission-critical cybersecurity risk profile. In this session, hear ways to recognize the problems and gain some clarity on possible solutions through historic lessons, made up words, and practical front-line experience.

Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...

EnergySec

Almost 70 years since the first computer bug was discovered, there has been decades of research done on Information Security theory and practice. Yet, despite vast amounts of money being spent, innumerable academic papers, mainstream media obsession, and entire industries being formed, we are left with the impression that the risk is growing, not receding. Why? Some argue a lack of data, but data clearly exists. We’re likely generating it, in some areas, faster than humans will ever be able to process it. Perhaps, after all of this effort, we’ve managed to box ourselves into metaphors and first principles that might be inappropriately constraining how we think about “Information Security Risk”. In fact, it’s worth noting that we can’t even agree if there is a space between “Cyber” and “Security” when it’s written out. This talk will take an anecdotal look at “Information Security Risk”, “What IS Cyber Security?”, and use that perspective to suggest areas of research that are either lacking or should be made more accessible to the markets, industries, and individuals driving risk management change. In an industry filled with data, perhaps an examination of empty space might be helpful.

Jack Whitsitt - Yours, Anecdotally

EnergySec

In our modern world, we’ve learned to take for granted the universal availability of things like running water and electricity, and more recently, the Internet. As technology progresses, we are rapidly approaching a future in which nearly everything is digitally connected to nearly everything else. At the same time, we are learning to accept that all digital devices are broken from a security perspective. How we respond and adapt to this reality could well determine whether our future is utopian or dystopian. In In this interactive session, we will explore novel avenues of attack using digital “soft-targets”, and discuss how we might hold things together in the face of persistent vulnerability.

Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...

EnergySec

Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security

EnergySec

The NERC CIPv5 deadline is fast approaching, and it’s not too late to be prepared. Join Mark Prince, Manager Operational Technology Fossil, from Entergy, Karl Perman, VP Member Services from EnergySec and Tim Erlin, Director from Tripwire to discuss achieving and maintaining NERC CIPv5 compliance in a fossil generation plant. We’ll cover some of the challenges that Entergy has experienced in their NERC CIPv5 compliance journey. Specifically, we will discuss configuration change management and how to leverage technologies for these requirements and consider what life would be without them.

Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management

EnergySec

Regulated entities should consider the RSAW templates when preparing evidence of compliance with the NERC CIP Standards. There are a number of implicit requirements in CIP v5 which an entity needs to fulfill to be compliant, which are not specifically identified in the actual requirements. In this webinar, our experts will discuss such implicit requirements. Key learning's from this session would be: RSAW format Implicit requirements of CIP RSAWs Leveraging technology for RSAW management

Explore the Implicit Requirements of the NERC CIP RSAWs

EnergySec

Presenter: Daniel Lance, Layered Integration After years of installing wireless sensor networks in homes and businesses we are now faced with a question “How is this all secure? Or is it?” A look into WSN (Wireless Sensor Networks) history and original design concepts that paved the road to us using these in our every day life. This presentation will be a deep dive into wireless and reveal new challenges we have in protecting our perimeter when all of our core monitoring devices are riding a wave into the public space as most industrial control providers look to capitalize on fast installation times and inexpensive adaptive solutions. This research shows us start to finish how anyone with a laptop and SDR (Software Defined Radio) can hack into and take control of WSN’s from outside the front gate. The presentation will demonstrate how a device inside your facility might reveal itself through spectrum analysis than how a hacker might flank the security of the device and own the network with very simple replay attacks that can grant them physical access, and how social engineering pre-installation and post-installation will cause you to disregard warning signs that someone is tampering with the network. A high level understanding of radio is no longer needed for packet analysis with open source tools, proper implementation has never been more important as even a encrypted device can be compromised by the last mile before installation. We will talk about the tools security professionals are lacking from the manufactures of these devices to scan for a compromised device and what can be done in the future to protect WSN’s.

Wireless Sensor Networks: Nothing is Out of Reach

EnergySec

Presenter: Mikael Vingaard, EnergiNet.dk The goal of having a Honeypot (a fake ‘vulnerable’ IT-system/ service) is to learn more about your attackers and the methods they will use to breach your ICS/SCADA systems – but how can the Energy Sector actual benefit from using a Honeypot? The Danish information security researcher, Mikael Vingaard has taken various free open source software to deploy ICS/SCADA Honeypot systems, and will share his experiences from the research and present interesting findings from the collected informations. The talk will be discuss the pros and cons of honeypots, how to use honeypots as an early-warning system and add some interesting points seen from the energy sector of using Honeypot systems. The presentation will showcase that gaining access to actual ICS threat intelligence can be done – even in budget constrained organizations.

Please, Come and Hack my SCADA System!

EnergySec

Presenter: Mike Firstenberg, Waterfall Security Solutions NIST, NERC CIP, the ISA/IEC and other authorities are adjusting their advice for secure industrial networks to include at least one layer of hardware-enforced unidirectional communications. Many security practitioners are familiar with specific applications of Unidirectional Security Gateway technology, but fewer have seen how widely the technology is being deployed throughout the electric sector. Join us to review comprehensive unidirectional network architectures for generation, transmission, distribution, high-voltage substations, and control centers/TSO’s/balancing authorities. In each vertical we review use cases, examine NERC CIP compliance implications and cost savings, and compare the strength of each architecture with legacy firewall-based designs.

Unidirectional Network Architectures

EnergySec

Presenter: Joseph Loomis, Southwest Research Institute (SwRI) Asset Owners face challenges as they strive towards implementing the NERC-CIP V5 requirements. Meeting the requirements often require documentation and technical knowledge of how an asset operates that can only be provided by a Vendor. Vendors, likewise, may be unclear about how the NERC-CIP requirements affect them, and are unsure about how to meet the technical requirements. In this presentation we detail the lessons learned from a recent project where SwRI worked with a Vendor to determine how the requirements apply to them and what the Vendor needs to have to help support an Asset Owner in an audit.

NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role

EnergySec

Presenter: Patrick Miller, EnergySec (President Emeritis) Innovative and disruptive technologies are enhancing and invading our traditional industrial business model. Future infrastructure organizations will need more data to operate efficiently and succeed in the brave new interconnected world. The diversity of new technologies and data will fuel more diversity in business opportunity. Everyone expects more OT, more IOT, and more IT – and all of it is supposed to be highly reliable and secure. These factors (and more) lead to a landscape shift for the industrial cybersecurity risk profile. In this session, hear ways to recognize the problems and gain some clarity on possible solutions through historic lessons, made up words, and practical front-line experience.

Industrial Technology Trajectory: Running With Scissors

EnergySec

Presenters: Robert Landavazo, PNM Resources and Katherine Brocklehurst, Tripwire With countless hours of work to go, PNM was far from ready for its coming audit in just 18 months. Confidence levels in its existing manual, and incomplete security controls, were at an all-time low; and the visibility into control center environments for quantifying its status and progress towards compliance was immeasurable. With Tripwire, PNM’s preparation of the looming CIPv3 audit noticeably improved. With efficient reporting and automation, PNM’s now positioned to hold itself accountable for CIP auditable compliance of more than 3,500 explicit and supporting control points, satisfying CIP-002-3, CIP-004-3, CIP-005-3, CIP-007-3 and CIP-009-3. In addition, enhanced visibility and better control gave PNM the ability to effectively communicate meaningful and measurable initiatives to executive teams – resulting in increased support for their funding needs. In this session, PNM – New Mexico’s largest electricity provider – will share a case study on its journey towards achieving continuous NERC CIP compliance despite a highly limited headcount, how it saved countless hours of labor-intensive manual effort, and the essential role that automation played in its success.

The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...

EnergySec

Presenter: David Zahn, PAS Industrial control systems represent the brass ring for hackers who want to disrupt plant operations and negatively impact safety and productivity. The problem for cybersecurity professionals is that plants have highly vulnerable proprietary control systems where configuration data is not visible via standard WMI or SNMP calls. Yet, it is this same configuration data, such as I/O cards, firmware, installed software, and more, that hackers work hard to attain as it aids them in gaining control over industrial systems within plants. As the saying goes, “you can’t manage what you can’t measure.” Taking inventory of this hidden configuration data and doing so for all control assets is difficult. Plants as a result fall short of achieving centralized, automated inventory – a cybersecurity best practice and a necessary precursor to effective change management. So how do you address change management when important security data is kept locked within each vendor’s distributed control systems, programmable logic controllers, and remote terminal units? In this session, we’ll explore the types of inventory data that comprise a best practices cyber security plan. Next, we will dive into cost effective, accurate automation opportunities for inventory discovery and maintenance of heterogeneous proprietary and non-proprietary control assets. Finally, we’ll present a case study for implementing best practices for hardening ICS cyber security and automating management of change. Agenda: Building and Maintaining an Accurate ICS Inventory Best Practices in Inventory Automation Case Study

ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...

EnergySec

Presenter: Damiano Bolzoni, SecurityMatters What if cyber attacks were not the most prominent threat to industrial networks and systems? Although malware is still a major point of interest, the sword of Damocles for industrial networks is represented by insider threats such as system misuse performed by disgruntled employees, contractors and vendors, unintentional operator mistakes, as well as network and system misconfiguration and uncontrolled configuration changes; all this could lead to the divergence or failure of critical processes. In this talk we reshape the concept of ICS security and demonstrate through case studies in different critical infrastructure sectors that the real value of industrial network monitoring goes beyond the detection of cyber attacks, but includes above all the need to maintain awareness about network and process operations, and obtain actionable intelligence that allows to preserve their overall health. We will show how the use of innovative network monitoring approaches can support security, operations, and network managers to: Gain IT visibility of OT networks and full situational awareness of the network and process Detect complex and advanced cyber attacks against industrial networks Mitigate operational mistakes and misconfiguration

Where Cyber Security Meets Operational Value

EnergySec

Presenter: Chris Sistrunk Why haven’t we seen more ICS-focused attacks? Perhaps it’s because we’re not looking for them. The current state of security in Industrial Control Systems is a widely publicized issue, but fixes to ICS security issues are long cycle, with some systems and devices that will unfortunately never have patches available. In this environment, visibility into security threats to ICS is critical, and almost all of ICS monitoring has been focused on compliance, rather than looking for indicators/evidence of compromise. The non-intrusive nature of Network Security Monitoring (NSM) is a perfect fit for ICS. This presentation looks at using NSM as part of an incident response strategy in ICS, various options for implementing NSM, and some of the capabilities that NSM can bring to an ICS cyber security program.

Where Are All The ICS Attacks?

EnergySec

After a brief introduction by Mr. Humphreys, Henry Bailey will talk a few minutes about SAP’s roadmap for utilities. This will be followed by a discussion led by Chris Humphreys about the evolutionary transition from disparate point solutions to enterprise-wide, end-to-end, Regulation Management where controls are consolidated and leveraged such that compliance is a byproduct of industry best practices. Finally, Mr. Rice and Chris Humphreys will end the hour with a presentation expanding on the concept of controls consolidation and compliance as a byproduct focused on NERC CIP Ver 3-5 and NIST transitional capabilities of Regulation Management.

SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...

EnergySec

It’s never too early to start thinking about where the standards are going and where your program should be heading. This presentation will discuss how energy organizations should consider furthering alignment to NIST 800-53 Rev 4; focusing on security maturity opportunities such as threat management; addressing third parties and vendors and developing processes to help satisfy control-based security objectives.

Industry Reliability and Security Standards Working Together

EnergySec

What the Department of Defense and Energy Sector Can Learn from Each Other

EnergySec

In July 2010, BC Hydro, the electric utility and grid operator of British Columbia began implementation of its AMI program, formally known as the Smart Meter & Infrastructure (SMI) program. The SMI program transformed BC Hydro from a traditional metering utility to a smart metering utility by implementing smart meters on the customer service points. It was the first step in the smart grid transformation. The SMI program required the introduction of many new devices and applications into BC Hydro’s infrastructure. Some of these had never been deployed before anywhere in the world. Many were field deployed, outside of BC Hydro’s physical security perimeter. The SMI Security Delivery Team was formed to deliver on these commitments and to take responsibility for the end to end security of the SMI program. The Team implemented a multi-pronged approach to securing SMI including security risk assessments, security penetration testing by the team, design reviews, whole project risk assessments and third party security penetration testing. A standards based approach was required to ground the test plan both in best practice and in a common set of principles that BC Hydro and its vendors could accept. The Advanced Metering Infrastructure (AMI) Risk Assessment document prepared by the Advanced Metering Infrastructure Security (AMI-SEC) Task Force was used as a basis for the test plan. This document has since been passed to the National Institute of Standards and Technology (NIST) Cyber Security Working Group and was integrated into NIST IR 7628. NIST IR 7628 contains a comprehensive list of possible threats to AMI systems. The program was highly successful. Test results informed BC Hydro’s deployment decisions and allowed the manufacturers to improve their products. Lessons were learned about how best to conduct third party security testing. A full lessons learned section is included in the presentation.

Third Party Security Testing for Advanced Metering Infrastructure Program

EnergySec

Mais de EnergySec (20)

Slide Griffin - Practical Attacks and Mitigations

Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...

Jack Whitsitt - Yours, Anecdotally

Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...

Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security

Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management

Explore the Implicit Requirements of the NERC CIP RSAWs

Wireless Sensor Networks: Nothing is Out of Reach

Please, Come and Hack my SCADA System!

Unidirectional Network Architectures

NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role

Industrial Technology Trajectory: Running With Scissors

The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...

ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...

Where Cyber Security Meets Operational Value

Where Are All The ICS Attacks?

SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...

Industry Reliability and Security Standards Working Together

What the Department of Defense and Energy Sector Can Learn from Each Other

Third Party Security Testing for Advanced Metering Infrastructure Program

Último

Top 10 Most Downloaded Games on Play Store in 2024

SynarionITSolutions

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

Manulife - Insurer Innovation Award 2024

The Digital Insurer

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Scaling API-first – The story of a global engineering organization

Radu Cotescu

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Dynamic Cyber Defense

1. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential. 9thAnnual EnergySec September 19, 2013 Denver John Felker Director, Cyber and Intelligence Strategy Hewlett-Packard Enterprise Services Dynamic Cyber Defense

3. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3 Key cyber consideration points •  Cyber threat landscape is continually evolving •  Critical infrastructure of our nation is at risk •  Nation-state actors, criminal organizations, hacktivists or script-kiddie hackers •  Nations safety and economic prosperity is threatened •  Four things to consider to address the evolving threats: •  Be more proactive in our cyber defense efforts through intelligence •  Better user behavior management •  Assessing risk using meaningful metrics •  Resilience – operating through an intrusion

4. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4 •  View the threat picture differently – PROACTIVELY •  Ensure CEO’s and CIO/CISO’s understand threat the same way •  Allow those leaders to make better resourcing decisions •  Better preparation to mitigate adversaries at the security perimeter •  Integrate a wider set of intelligence into our cybersecurity thinking •  Critical to taking a more proactive stance •  Strategically - own network & open source cyber intelligence = better resource planning decisions •  Functionally - network operators can better defend, mitigate and operate through cyber intrusions •  Operational Levels of Cyber Intelligence paper - Intelligence and National Security Alliance – helps define cyber intelligence www.insaonline.org/i/d/a/Resources/CyberIntel_WP.aspx Additional key cyber consideration points

5. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5 •  MUST increase info sharing across the board – •  Executive Order 13636 - Improving Critical Infrastructure Cybersecurity is leading critical infrastructure that direction. •  User behavior management policies and training only minimally effective •  User base is one of the most vulnerable portals to intrusions •  poor user behavior can be prevented or at least improved •  regular, effective (“sticky”) interaction with users improves user behavior •  potentially makes your user base part of the security solution Additional key cyber consideration points

6. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6 •  A common understanding of risk and appropriate risk metrics is vital •  Must understand/apply risk...it's more than just patches, vulnerability etc. •  Must understand threats outside the network – capability, access & opportunity •  Common metrics measure internal network hygiene efforts but don’t address the value of the mission or intellectual property •  Risk metrics need to make sense to leadership... •  what's the business risk, not just the cost or network risk? •  what are the business operations metrics, in cost and in network exposure? •  how do changes in cybersecurity posture impact? Additional key cyber consideration points

7. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7 •  All systems need to be able to operate through an intrusion •  broad-based intelligence can help, but… •  understanding your network •  ensuring that “mission” operators and network operators are on the same page •  exercising both sets of people and systems against intrusions is the best way to be resilient •  Smart grid resilience efforts provide a good model for IT supporting the business to think about Additional key cyber consideration points

8. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential. Questions? Please contact: John Felker john.felker@hp.com 703.736.4040

Dynamic Cyber Defense

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Destaque

Destaque (13)

Semelhante a Dynamic Cyber Defense

Semelhante a Dynamic Cyber Defense (20)

Mais de EnergySec

Mais de EnergySec (20)

Último

Último (20)

Dynamic Cyber Defense