Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
“Lessons from Defending Cyberspace”The Challenge of Addressing the Cyber Risk – for law enforcement, enterprises, nations, and the global community Andy Purdy
Summary • Summary of the current cyber risk? • What approach should we take? • What capabilities do we need? • Risk management – for organizations and countries • How should we approach Critical Information Infrastructure Protection from a risk and preparedness perspective?
What is the current cyber risk? • Moderately sophisticated malicious actors can intrude into systems almost at will • Intrusion into systems give outsiders the access of insiders • Economic espionage - theft of proprietary data • Theft of personal information and access to online accounts • Broad-based or targeted disruption of communications and database access, or attacks on the integrity of data
What approach should we take? • Embrace security as part of the business, which means security must no longer be done in a silo and an afterthought. • Look to mature organizational security through the use of best practice guidelines or control frameworks such as ISO 17799/BS 7799, NIST 800-53 or COBIT. • Move day-to-day security into operations and work to eliminate redundancy.
What capabilities do we need? • Participation by key stakeholders in the organization for risk and response and recovery • Commitment to assess, prioritize, and implement measures to mitigate risk • Situational awareness • Analytical and forensic capabilities • Incident response capability
Risk management – for organizations & countries • Risk management is critical for organization and entire countries • Limited resources require prioritization • Internal stakeholders must work together in ongoing, dynamic process to identify critical functions, interdependencies, risks • Exercise and improve • Provide resource requirements to seniors
How should we approach CIIP to address risk and preparedness? • Stakeholders at the national and int’l levels must work together to assess and mitigate risk, and plan, and build capacity for, response and recovery. • Use standards to drive risk reduction. • Exercise to identify gaps and improve. • Use this process to identify requirements to drive resource allocation and risk mitigation. • Limited resources require prioritization.
Contact information: Andy Purdy President, DRA Enterprises, Inc. BigFix, Inc. Executive Advisory Board Andy.Purdy@andypurdy.com For technology solutions and for information about DRA Associates, Inc.: www.andypurdy.com