SlideShare uma empresa Scribd logo

The growing threat to information security: a focus on ISM

Norman Disney & Young
Norman Disney & Young

As correctional facilities adopt an expanding technology platform to improve operations, facility management and correctional education, new modes of risk are continuing to grow. NDY associate Travis Chehab was a featured speaker at the 2015 Prisons Conference where he presented on the Australian Government Information Security Manual (ISM).

Tecnologia
1 de 13
Baixar para ler offline
The Growing Threat to Information Security: A focus on ISM Prisons 2015, Melbourne Travis Chehab t.chehab@ndy.com www.ndy.com
The Threat... Australian networks face an unprecedented threat of malicious activity and loss of information. Malicious Actors: 1.  State-Sponsored Attackers 2.  Cyber Criminals 3.  Issue-Motivated Groups CSOC  Update,  Cyber  Security   Picture  2013  ,  June  2014  
The Threat... CSOC  Update,  Cyber  Security   Picture  2013  ,  June  2014  
The Threat... A new piece of malware is created every 1.5 seconds! Source:    ISM  -­‐  Trend  Micro,  Trend  Micro  Annual  Report:  The  Future  of  Threats  and  Threat  Technologies,  2009.                                    ISM  -­‐    RSA,  Cybercrime  Trends  Report  –  The  Current  State  of  Cybercrime  and  What  to  Expect  in  2011  
Prison Technology Drivers... •  Reduced rates of recidivism •  PILS •  Energy & Sustainability •  Co/Tr-Gen •  Water Treatment & Recycling Plants •  Lighting control •  System Resilience & Uptime •  Back-up generation and UPS •  N +1 systems / system redundancy •  Streamlining Process & Flexibility •  Centralised control, management, monitoring and response Technology  Convergence   The  Integrated  Communica7ons  Network  (ICN)  
Important Questions What would a serious cyber security incident cost our organisation? Who would benefit from having access to our information? What makes us secure against threats? Is the behaviour of our staff enabling a strong security culture? Are we ready to respond to a cyber security incident?
The Information Security Manual (ISM) h>p://www.asd.gov.au/infosec/ism/index.htm  
ISM Principles Volume Policy and procedure: !  Information security policy !  Security risk management plan !  System security plan !  Standard operating procedures !  Incident response plan !  Emergency procedures !  Business continuity and disaster recovery plans
ISM Controls Volume ‘Applicability’  of  a  control,  i.e.  Classifica7ons   TOP   SECRET   SECRET   CONFIDENTIAL   PROTECTED   GOVERNMENT/UNCLASS   ‘Compliance’  language  –  Should  vs.  Must   ‘Authority’  and  approval  of  non-­‐compliances:   •     DSD  –  Director  DSD  (ASD)   •     AH  –  Agency  Head   •     AA  –  Accredita@on  Authority   Precinct/Facility  Classifica7on...who’s  on  the  other  side  of  the  wall?   •       Non-­‐Shared  Government  Facility   •       Shared  Government  Facility   •       Shared  Non-­‐Government  Facility  
ISM Controls Volume 1. Information Security Governance 2. Physical Security 3. Personnel Security 4. Communications Security * 5. Information Technology Security Control:  1117;  Revision:  0;  Updated:  Nov-­‐10;  Applicability:  G,  P,  C,  S,  TS;  Compliance:  should;  Authority:  AA     Agencies  should  use  fibre  op@c  cabling.     What  does  a  ‘control’  look  like?   How  do  we  use  controls  and  for  what  project  aspects?   Statement  of   Applicability   (SoA)  
ISM in Construction Identification, Inspectability and the ‘By-Association Factor’ My  PROTECTED   network  is  the   blue  one!?  
ISM in Construction SoA   Design  &   Construc7on   IRAP   verifica7on   Risk  Plan   System  Plan  
Thanks any questions? The NDY communications group is a dedicated team looking after the specific ICT needs of our clients

Recomendados

Cyber security from military point of view
Cyber security from military point of viewCyber security from military point of view
Cyber security from military point of viewS.E. CTS CERT-GOV-MD
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructureNeha Agarwal
 
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...Papadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionWilliam McBorrough
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatuChinatu Uzuegbu
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
Cyber security report in m asteral
Cyber security report in m asteralCyber security report in m asteral
Cyber security report in m asteralwhilma teodoro
 

Recomendados

Cyber security from military point of view
Cyber security from military point of viewCyber security from military point of view
Cyber security from military point of viewS.E. CTS CERT-GOV-MD
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructureNeha Agarwal
 
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...Papadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionWilliam McBorrough
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatuChinatu Uzuegbu
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
Cyber security report in m asteral
Cyber security report in m asteralCyber security report in m asteral
Cyber security report in m asteralwhilma teodoro
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Stephen Abram
 
Information Is Power! Using Defensive Solutions in Cybersecurity
Information Is Power! Using Defensive Solutions in CybersecurityInformation Is Power! Using Defensive Solutions in Cybersecurity
Information Is Power! Using Defensive Solutions in CybersecurityCareer Communications Group
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksTripwire
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...Cybersecurity Education and Research Centre
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistancePaul-Charife Allen
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?John Gilligan
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire
 
Hiring for cybersecurity
Hiring for cybersecurityHiring for cybersecurity
Hiring for cybersecurityHays Recruitment North America
 
Cyber Security in the time of COVID -19
Cyber Security in the time of COVID -19Cyber Security in the time of COVID -19
Cyber Security in the time of COVID -19fingerprint.sh
 
Leveraging Change Control for Security
Leveraging Change Control for SecurityLeveraging Change Control for Security
Leveraging Change Control for SecurityTripwire
 
Infrastructure security
Infrastructure security Infrastructure security
Infrastructure security Adhar kashyap
 
ISTR XV
ISTR XVISTR XV
ISTR XVSymantec
 
2010 State Of Enterprise Security
2010 State Of Enterprise Security2010 State Of Enterprise Security
2010 State Of Enterprise SecuritySymantec
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismNihal Jani
 
ITS Datamatix Gitex Conference 2009 New ICT Security V2
ITS Datamatix Gitex Conference 2009 New ICT Security V2ITS Datamatix Gitex Conference 2009 New ICT Security V2
ITS Datamatix Gitex Conference 2009 New ICT Security V2Jorge Sebastiao
 
Cyber war scenario what are the defenses
Cyber war scenario what are the defenses Cyber war scenario what are the defenses
Cyber war scenario what are the defenses A. V. Rajabahadur
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilienceSymantec
 
A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingSPI Conference
 
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...Using Technology and Techno-People to Improve your Threat Resistance and Cybe...
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...Stephen Cobb
 
Threat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachThreat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachRahul Neel Mani
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 

Mais conteúdo relacionado

Mais procurados

Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Stephen Abram
 
Information Is Power! Using Defensive Solutions in Cybersecurity
Information Is Power! Using Defensive Solutions in CybersecurityInformation Is Power! Using Defensive Solutions in Cybersecurity
Information Is Power! Using Defensive Solutions in CybersecurityCareer Communications Group
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksTripwire
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...Cybersecurity Education and Research Centre
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistancePaul-Charife Allen
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?John Gilligan
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire
 
Cyber Security in the time of COVID -19
Cyber Security in the time of COVID -19Cyber Security in the time of COVID -19
Cyber Security in the time of COVID -19fingerprint.sh
 
Leveraging Change Control for Security
Leveraging Change Control for SecurityLeveraging Change Control for Security
Leveraging Change Control for SecurityTripwire
 
Infrastructure security
Infrastructure security Infrastructure security
Infrastructure security Adhar kashyap
 
2010 State Of Enterprise Security
2010 State Of Enterprise Security2010 State Of Enterprise Security
2010 State Of Enterprise SecuritySymantec
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismNihal Jani
 
ITS Datamatix Gitex Conference 2009 New ICT Security V2
ITS Datamatix Gitex Conference 2009 New ICT Security V2ITS Datamatix Gitex Conference 2009 New ICT Security V2
ITS Datamatix Gitex Conference 2009 New ICT Security V2Jorge Sebastiao
 
Cyber war scenario what are the defenses
Cyber war scenario what are the defenses Cyber war scenario what are the defenses
Cyber war scenario what are the defenses A. V. Rajabahadur
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilienceSymantec
 
A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingSPI Conference
 
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...Using Technology and Techno-People to Improve your Threat Resistance and Cybe...
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...Stephen Cobb
 

Mais procurados (20)

Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)
 
Information Is Power! Using Defensive Solutions in Cybersecurity
Information Is Power! Using Defensive Solutions in CybersecurityInformation Is Power! Using Defensive Solutions in Cybersecurity
Information Is Power! Using Defensive Solutions in Cybersecurity
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber Attacks
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistance
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale Peterson
 
Hiring for cybersecurity
Hiring for cybersecurityHiring for cybersecurity
Hiring for cybersecurity
 
Cyber Security in the time of COVID -19
Cyber Security in the time of COVID -19Cyber Security in the time of COVID -19
Cyber Security in the time of COVID -19
 
Leveraging Change Control for Security
Leveraging Change Control for SecurityLeveraging Change Control for Security
Leveraging Change Control for Security
 
Infrastructure security
Infrastructure security Infrastructure security
Infrastructure security
 
ISTR XV
ISTR XVISTR XV
ISTR XV
 
2010 State Of Enterprise Security
2010 State Of Enterprise Security2010 State Of Enterprise Security
2010 State Of Enterprise Security
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
ITS Datamatix Gitex Conference 2009 New ICT Security V2
ITS Datamatix Gitex Conference 2009 New ICT Security V2ITS Datamatix Gitex Conference 2009 New ICT Security V2
ITS Datamatix Gitex Conference 2009 New ICT Security V2
 
Cyber war scenario what are the defenses
Cyber war scenario what are the defenses Cyber war scenario what are the defenses
Cyber war scenario what are the defenses
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilience
 
A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm Approaching
 
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...Using Technology and Techno-People to Improve your Threat Resistance and Cybe...
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...
 

Destaque

Threat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachThreat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachRahul Neel Mani
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
 
The significance of the Shift to Risk Management from Threat & Vulnerability ...
The significance of the Shift to Risk Management from Threat & Vulnerability ...The significance of the Shift to Risk Management from Threat & Vulnerability ...
The significance of the Shift to Risk Management from Threat & Vulnerability ...PECB
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementMel Drews
 
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingHow to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingTony Martin-Vegue
 
Threat modeling web application: a case study
Threat modeling web application: a case studyThreat modeling web application: a case study
Threat modeling web application: a case studyAntonio Fontes
 
Threat Modeling web applications (2012 update)
Threat Modeling web applications (2012 update)Threat Modeling web applications (2012 update)
Threat Modeling web applications (2012 update)Antonio Fontes
 
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkMapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkAndrew Gerber
 
Threat Modeling And Analysis
Threat Modeling And AnalysisThreat Modeling And Analysis
Threat Modeling And AnalysisLalit Kale
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskSecurity Innovation
 
The importance of information security risk management
The importance of information security risk managementThe importance of information security risk management
The importance of information security risk managementMichael Francis
 
Risk assessment presentation
Risk assessment presentationRisk assessment presentation
Risk assessment presentationmmagario
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat ModelingCigital
 

Destaque (16)

Threat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachThreat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a Breach
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize Risk
 
The significance of the Shift to Risk Management from Threat & Vulnerability ...
The significance of the Shift to Risk Management from Threat & Vulnerability ...The significance of the Shift to Risk Management from Threat & Vulnerability ...
The significance of the Shift to Risk Management from Threat & Vulnerability ...
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk Management
 
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingHow to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
 
Threat modeling web application: a case study
Threat modeling web application: a case studyThreat modeling web application: a case study
Threat modeling web application: a case study
 
Threat Modeling web applications (2012 update)
Threat Modeling web applications (2012 update)Threat Modeling web applications (2012 update)
Threat Modeling web applications (2012 update)
 
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkMapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
 
Threat Modeling And Analysis
Threat Modeling And AnalysisThreat Modeling And Analysis
Threat Modeling And Analysis
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security Risk
 
The importance of information security risk management
The importance of information security risk managementThe importance of information security risk management
The importance of information security risk management
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk Assessment
 
Risk assessment presentation
Risk assessment presentationRisk assessment presentation
Risk assessment presentation
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
 

Semelhante a The growing threat to information security: a focus on ISM

Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMAlienVault
 
CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19IBM Sverige
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxmccormicknadine86
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxsleeperharwell
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionDLT Solutions
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
Creating a Culture of Security
Creating a Culture of SecurityCreating a Culture of Security
Creating a Culture of SecurityTechSoup
 
Federal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practicesFederal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practicesJohn Gilligan
 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance EnergyTech2015
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityAhmed Habib
 
SEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewSEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewStephen Bates
 
The Economics of Cyber Security
The Economics of Cyber SecurityThe Economics of Cyber Security
The Economics of Cyber SecurityJohn Gilligan
 
2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew RosenquistMatthew Rosenquist
 
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09Tammy Clark
 
2017 InfraGard Atlanta Conference - Matthew Rosenquist
2017 InfraGard Atlanta Conference - Matthew Rosenquist2017 InfraGard Atlanta Conference - Matthew Rosenquist
2017 InfraGard Atlanta Conference - Matthew RosenquistMatthew Rosenquist
 
Cybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafelCybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafelSURFnet
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]APNIC
 

Semelhante a The growing threat to information security: a focus on ISM (20)

Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19
 
1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security Solution
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
 
Creating a Culture of Security
Creating a Culture of SecurityCreating a Culture of Security
Creating a Culture of Security
 
Federal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practicesFederal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practices
 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network security
 
SEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewSEB Forcepoint Corporate Overview
SEB Forcepoint Corporate Overview
 
The Economics of Cyber Security
The Economics of Cyber SecurityThe Economics of Cyber Security
The Economics of Cyber Security
 
2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist
 
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
 
2017 InfraGard Atlanta Conference - Matthew Rosenquist
2017 InfraGard Atlanta Conference - Matthew Rosenquist2017 InfraGard Atlanta Conference - Matthew Rosenquist
2017 InfraGard Atlanta Conference - Matthew Rosenquist
 
Cybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafelCybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafel
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
 

Último

JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuidePixlogix Infotech
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfalexjohnson7307
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentationyogeshlabana357357
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfdanishmna97
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch TuesdayIvanti
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctBrainSell Technologies
 
CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)Wonjun Hwang
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Skynet Technologies
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxFIDO Alliance
 
Navigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi DaparthiNavigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi DaparthiRaviKumarDaparthi
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfAnubhavMangla3
 
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...SOFTTECHHUB
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsLeah Henrickson
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 
Microsoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdfMicrosoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdfOverkill Security
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxFIDO Alliance
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireExakis Nelite
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingScyllaDB
 

Último (20)

JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdf
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
Navigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi DaparthiNavigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi Daparthi
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
 
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Microsoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdfMicrosoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdf
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 

The growing threat to information security: a focus on ISM

  • 1. The Growing Threat to Information Security: A focus on ISM Prisons 2015, Melbourne Travis Chehab t.chehab@ndy.com www.ndy.com
  • 2. The Threat... Australian networks face an unprecedented threat of malicious activity and loss of information. Malicious Actors: 1.  State-Sponsored Attackers 2.  Cyber Criminals 3.  Issue-Motivated Groups CSOC  Update,  Cyber  Security   Picture  2013  ,  June  2014  
  • 3. The Threat... CSOC  Update,  Cyber  Security   Picture  2013  ,  June  2014  
  • 4. The Threat... A new piece of malware is created every 1.5 seconds! Source:    ISM  -­‐  Trend  Micro,  Trend  Micro  Annual  Report:  The  Future  of  Threats  and  Threat  Technologies,  2009.                                    ISM  -­‐    RSA,  Cybercrime  Trends  Report  –  The  Current  State  of  Cybercrime  and  What  to  Expect  in  2011  
  • 5. Prison Technology Drivers... •  Reduced rates of recidivism •  PILS •  Energy & Sustainability •  Co/Tr-Gen •  Water Treatment & Recycling Plants •  Lighting control •  System Resilience & Uptime •  Back-up generation and UPS •  N +1 systems / system redundancy •  Streamlining Process & Flexibility •  Centralised control, management, monitoring and response Technology  Convergence   The  Integrated  Communica7ons  Network  (ICN)  
  • 6. Important Questions What would a serious cyber security incident cost our organisation? Who would benefit from having access to our information? What makes us secure against threats? Is the behaviour of our staff enabling a strong security culture? Are we ready to respond to a cyber security incident?
  • 7. The Information Security Manual (ISM) h>p://www.asd.gov.au/infosec/ism/index.htm  
  • 8. ISM Principles Volume Policy and procedure: !  Information security policy !  Security risk management plan !  System security plan !  Standard operating procedures !  Incident response plan !  Emergency procedures !  Business continuity and disaster recovery plans
  • 9. ISM Controls Volume ‘Applicability’  of  a  control,  i.e.  Classifica7ons   TOP   SECRET   SECRET   CONFIDENTIAL   PROTECTED   GOVERNMENT/UNCLASS   ‘Compliance’  language  –  Should  vs.  Must   ‘Authority’  and  approval  of  non-­‐compliances:   •     DSD  –  Director  DSD  (ASD)   •     AH  –  Agency  Head   •     AA  –  Accredita@on  Authority   Precinct/Facility  Classifica7on...who’s  on  the  other  side  of  the  wall?   •       Non-­‐Shared  Government  Facility   •       Shared  Government  Facility   •       Shared  Non-­‐Government  Facility  
  • 10. ISM Controls Volume 1. Information Security Governance 2. Physical Security 3. Personnel Security 4. Communications Security * 5. Information Technology Security Control:  1117;  Revision:  0;  Updated:  Nov-­‐10;  Applicability:  G,  P,  C,  S,  TS;  Compliance:  should;  Authority:  AA     Agencies  should  use  fibre  op@c  cabling.     What  does  a  ‘control’  look  like?   How  do  we  use  controls  and  for  what  project  aspects?   Statement  of   Applicability   (SoA)  
  • 11. ISM in Construction Identification, Inspectability and the ‘By-Association Factor’ My  PROTECTED   network  is  the   blue  one!?  
  • 12. ISM in Construction SoA   Design  &   Construc7on   IRAP   verifica7on   Risk  Plan   System  Plan  
  • 13. Thanks any questions? The NDY communications group is a dedicated team looking after the specific ICT needs of our clients