slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Andy Purdy PowerPoint Presentation
Download Presentation
Andy Purdy

Loading in 2 Seconds...

play fullscreen
1 / 8

Andy Purdy - PowerPoint PPT Presentation

Download Presentation
Andy Purdy
An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. “Lessons from Defending Cyberspace”The Challenge of Addressing the Cyber Risk – for law enforcement, enterprises, nations, and the global community Andy Purdy

  2. Summary • Summary of the current cyber risk? • What approach should we take? • What capabilities do we need? • Risk management – for organizations and countries • How should we approach Critical Information Infrastructure Protection from a risk and preparedness perspective?

  3. What is the current cyber risk? • Moderately sophisticated malicious actors can intrude into systems almost at will • Intrusion into systems give outsiders the access of insiders • Economic espionage - theft of proprietary data • Theft of personal information and access to online accounts • Broad-based or targeted disruption of communications and database access, or attacks on the integrity of data

  4. What approach should we take? • Embrace security as part of the business, which means security must no longer be done in a silo and an afterthought. • Look to mature organizational security through the use of best practice guidelines or control frameworks such as ISO 17799/BS 7799, NIST 800-53 or COBIT. • Move day-to-day security into operations and work to eliminate redundancy.

  5. What capabilities do we need? • Participation by key stakeholders in the organization for risk and response and recovery • Commitment to assess, prioritize, and implement measures to mitigate risk • Situational awareness • Analytical and forensic capabilities • Incident response capability

  6. Risk management – for organizations & countries • Risk management is critical for organization and entire countries • Limited resources require prioritization • Internal stakeholders must work together in ongoing, dynamic process to identify critical functions, interdependencies, risks • Exercise and improve • Provide resource requirements to seniors

  7. How should we approach CIIP to address risk and preparedness? • Stakeholders at the national and int’l levels must work together to assess and mitigate risk, and plan, and build capacity for, response and recovery. • Use standards to drive risk reduction. • Exercise to identify gaps and improve. • Use this process to identify requirements to drive resource allocation and risk mitigation. • Limited resources require prioritization.

  8. Contact information: Andy Purdy President, DRA Enterprises, Inc. BigFix, Inc. Executive Advisory Board For technology solutions and for information about DRA Associates, Inc.: