Open and free tools for “Whole of Government” approaches to Cybersecurity

Open and free tools for “Whole of Government” approaches to Cybersecurity

GMU International Cyber Center briefing provided to foreign military officials about what "Whole of Government"approaches are available for Cybersecurity requirements.

3962189473d062fdc76ce9a07cbe89fd?s=128

Shahid N. Shah

July 21, 2015
Tweet

Transcript

  1. Open and free tools for “Whole of Government” approaches to

    Cybersecurity Shahid N. Shah CEO and Chief Architect
  2. www.netspective.com 2  Business / Personal  Shopping & Banking

    Point of Sale (in store or on line)  Personnel  Social Media  … DHS provides advice and alerts to the 16 critical infrastructure areas … … DHS collaborates with sectors through Sector Coordinating Councils (SCC) X X
  3. www.netspective.com 3 @ShahidNShah Cybersecurity Framework • Developed in collaboration with

    industry, provides guidance to an organization on managing cybersecurity risk • Supports the improvement of cybersecurity for the Nation’s Critical Infrastructure using industry-known standards and best practices • Provides a common language and mechanism for organizations to – describe current cybersecurity posture; – describe their target state for cybersecurity; – identify and prioritize opportunities for improvement within the context of risk management; – assess progress toward the target state; – Foster communications among internal and external stakeholders. • Composed of three parts: the Framework Core, the Framework Implementation Tiers, and Framework Profiles 3
  4. www.netspective.com 4 @ShahidNShah Cybersecurity Framework Function Category IDENTIFY Asset Management

    Business Environment Governance Risk Assessment Risk Management PROTECT Access Control Awareness and Training Data Security Information Protection Processes and Procedures Protective Technology DETECT Anomalies and Events Security Continuous Monitoring Detection Processes RESPOND Communication Analysis Mitigation Improvements RECOVER Recovery Planning Improvements Communication 4
  5. www.netspective.com 5 @ShahidNShah Data Aggregation & Amount of Valuable Data

    Number of Connecte d People A security program must keep pace with the evolving threat landscape. It must become an intrinsic part of the enterprise that grows along with it. A Changing Landscape Drives Security 5
  6. www.netspective.com 6 @ShahidNShah ENISA Threat Landscape

  7. www.netspective.com 7 @ShahidNShah ENISA Threat Agents

  8. www.netspective.com 8 @ShahidNShah DHS Open Source Cybersecurity Catalog

  9. www.netspective.com 9 @ShahidNShah SecTools.org and DHS Research Program

  10. www.netspective.com 10 @ShahidNShah ISAOs as a Model for Regional Cooperation

    http://www.dhs.gov/isao
  11. www.netspective.com 11 @ShahidNShah ISAO Value Proposition https://www.us-cert.gov/sites/default/files/c3vp/CISCP_20140523.pdf

  12. www.netspective.com 12 @ShahidNShah ISAOs and Coordinating Processes A CSIRT Process

    Model for Improving Information Sharing & Knowledge Capture in Cybersecurity https://www.itu.int/dms_pub/itu-t/oth/06/35/T063500000200515PDFE.pdf
  13. www.netspective.com 13 @ShahidNShah Security Information Interoperability http://secure360.org/wp-content/uploads/2014/05/Threat-Intelligence-Sharing-using-STIX-and-TAXII.pdf

  14. Thank You Visit http://www.netspective.com E-mail shahid.shah@netspective.com Follow @ShahidNShah Call 202-713-5409