1 / 8

Andy Purdy

“Lessons from Defending Cyberspace” The Challenge of Addressing the Cyber Risk – for law enforcement, enterprises, nations, and the global community. Andy Purdy. Summary. Summary of the current cyber risk? What approach should we take? What capabilities do we need?

camden-hart
Download Presentation

Andy Purdy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. “Lessons from Defending Cyberspace”The Challenge of Addressing the Cyber Risk – for law enforcement, enterprises, nations, and the global community Andy Purdy

  2. Summary • Summary of the current cyber risk? • What approach should we take? • What capabilities do we need? • Risk management – for organizations and countries • How should we approach Critical Information Infrastructure Protection from a risk and preparedness perspective?

  3. What is the current cyber risk? • Moderately sophisticated malicious actors can intrude into systems almost at will • Intrusion into systems give outsiders the access of insiders • Economic espionage - theft of proprietary data • Theft of personal information and access to online accounts • Broad-based or targeted disruption of communications and database access, or attacks on the integrity of data

  4. What approach should we take? • Embrace security as part of the business, which means security must no longer be done in a silo and an afterthought. • Look to mature organizational security through the use of best practice guidelines or control frameworks such as ISO 17799/BS 7799, NIST 800-53 or COBIT. • Move day-to-day security into operations and work to eliminate redundancy.

  5. What capabilities do we need? • Participation by key stakeholders in the organization for risk and response and recovery • Commitment to assess, prioritize, and implement measures to mitigate risk • Situational awareness • Analytical and forensic capabilities • Incident response capability

  6. Risk management – for organizations & countries • Risk management is critical for organization and entire countries • Limited resources require prioritization • Internal stakeholders must work together in ongoing, dynamic process to identify critical functions, interdependencies, risks • Exercise and improve • Provide resource requirements to seniors

  7. How should we approach CIIP to address risk and preparedness? • Stakeholders at the national and int’l levels must work together to assess and mitigate risk, and plan, and build capacity for, response and recovery. • Use standards to drive risk reduction. • Exercise to identify gaps and improve. • Use this process to identify requirements to drive resource allocation and risk mitigation. • Limited resources require prioritization.

  8. Contact information: Andy Purdy President, DRA Enterprises, Inc. BigFix, Inc. Executive Advisory Board Andy.Purdy@andypurdy.com For technology solutions and for information about DRA Associates, Inc.: www.andypurdy.com

More Related