• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
PPT Course Materials from Cyber Threat Intelligence Webcast
 

PPT Course Materials from Cyber Threat Intelligence Webcast

on

  • 3,924 views

 

Statistics

Views

Total Views
3,924
Views on SlideShare
3,924
Embed Views
0

Actions

Likes
1
Downloads
103
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    PPT Course Materials from Cyber Threat Intelligence Webcast PPT Course Materials from Cyber Threat Intelligence Webcast Presentation Transcript

    • Speaker Agency and Firms: US-CERT - Department of Homeland Security Marita Fowler Section Chief, Surface Analysis Group Cybersecurity Division Solutionary, Inc. Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Deloitte & Touche LLP Rich Baich CISSP,CISM Principal – Global Leader Cyber Threat and Vulnerability Management Wiley Rein LLP Nova J. Daly Public Policy Consultant PricewaterhouseCoopers LLP Edward P Gibson, CISSP, FBCS Director, US Forensics Technology Solutions Practice Thank you for logging into today’s event. Please note we are in standby mode. All Microphones will be muted until the event starts. We will be back with speaker instructions @ 11:55am. Any Questions? Please email: Info@knowledgecongress.org Group Registration Policy Please note ALL participants must be registered or they will not be able to access the event. If you have more than one person from your company attending, you must fill out the group registration form. We reserve the right to disconnect any unauthorized users from this event and to deny violators admission to future events. To obtain a group registration please send a note to info@knowledgecongress.org or call 646.202.9344 . Presented By: August 12, 2010
    • Sponsored by: Media Partner: August 12, 2010 Solutionary is an information security company that delivers a wide range of managed security solutions and professional services to reduce risk, increase security and ensure compliance. Solutionary is positioned by Gartner as a "visionary" in the MSSP Magic Quadrant, and Forrester as a “strong performer” in the MSSP Wave. The company provides 24/7 services to clients through two security operations centers (SOCs) in the Americas, and eight SOCs in EMEA and AsiaPac with strategic partners. For more information, visit http://www.solutionary.com/ Information Security Today, www.infosectoday.com, is for information security managers and other technical managers and staff who are the first-line support responsible for the daily, efficient operation of security policies, procedures, standards, and practices. Information Security Today informs its readers of best practices, as well as of research into current and upcoming issues in information security. Articles take a how-to approach to their topics to help readers solve problems and be applicable to on-the-job situations faced everyday by IT, information security, and networking and system administration professionals. management practices; and law, investigations, and ethics. www.auerbach-publications.com
    • August 12, 2010
      • If you experience any technical difficulties during today’s WebEx session, please contact our Technical Support @ 866-779-3239.
      • You may ask a question at anytime throughout the presentation today via the chat window on the lower right hand side of your
      • screen. Questions will be aggregated and addressed during the Q&A segment.
      • Please note, this call is being recorded for playback purposes.
      • If anyone was unable to log in to the online webcast and needs to download a copy of the PowerPoint presentation for today’s
      • event, please send an email to: info@knowledgecongress.org. If you’re already logged in to the online webcast, we will post a link
      • to download the files shortly.
      • “ If you are listening on a laptop, you may need to use headphones as some laptops speakers are not sufficiently amplified enough to
      • hear the presentations. If you do not have headphones and cannot hear the webcast send an email to info@knowledgcongress.org
      • and we will send you the dial in phone number.“
      • About an hour or so after the event, you'll be sent a survey via email asking you for your feedback on your experience with this event
      • today - it's designed to take less than two minutes to complete, and it helps us to understand how to wisely invest your time in future
      • events. Your feedback is greatly appreciated. If you are applying for continuing education credit, completions of the surveys are
      • mandatory as per your state boards and bars. 6 secret words (3 for each credit hour) will be give through out the presentation. We
      • will ask you to fill these words into the survey as proof of your attendance. Please stay tuned for the secret word.
      • Speakers, I will be giving out the secret words at randomly selected times. I may have to break into your presentation briefly to read
      • the secret word. Pardon the interruption.
      August 12, 2010
      • Unlimited Plan Features:
      •  
      • Unlimited access to all live webcasts for your employees.
        • You and your employees will be able to attend all of our webcasts on the schedule for the quarter.
        • There is no limit on how many webcasts you can attend and how many people from your firm join the webcasts.
      •  
      • Unlimited access to all of our recorded webcasts and archived material with a license to use for internal training and/or case preparation.
        • Your employees will have access to a wealth of archived material.
        • All material includes the recorded webcasts as well as the course material.
      •  
      • Access to all Opt-in attendee registration lists.
        • You will have access to the list of attendees who agree to receive information from event partners. (50% of the list.)
        • Why not turn the webcast into a business opportunity? This feature will connect you with a substantial portion of the audience.
      • Guaranteed admittance:
        • Your attorneys/employees will be guaranteed admittance to all webcasts.
        • Including those that are sold out and/or closed for registration.
      August 12, 2010
      • Unlimited Plan Features:
      •     
      • Priority customer service line:
        • You will receive a priority customer service account manager.
        • You will bypass the main customer service department.
      •  
      • Priority CLE/CPE processing.
        • Attendees from your firm will receive expedited processing of Certificate of Attendance Forms.
        • Please note, your State Bar or Accounting Board will make the final determination with respect to continuing education credit. If you are applying for CLE credit in Texas you must register 20 days before the event date.)
      •  
      • Discounted Guest passes:
        • You can Purchase guest passes for your clients and guests at a discounted rate of $99 each.
        • Invite anyone you wish: colleagues, clients, potential clients.
        • Download the Brochure & Our Forward Schedule:
        • http://www.mediafire.com/file/unjqbnwyymu/Unlimited_Attendee_Plan_2010.pdf
      August 12, 2010
    • Brief Speaker Bios: August 12, 2010 Marita Fowler Marita Fowler is the Section Chief for the Surface Analysis Group (SAG). Her team is responsible for the analysis and dissemination of information related to financially/ideologically motivated cyber activity and emerging threats. She has diverse background in intelligence, security engineering, space program security and cyber threat analysis. Pamela Fusco, CISSP, CISM, CHS-III Pamela Fusco is a name known to many of you; she has been in the security industry for nearly 25 years, including roles as chief security strategist and CSO for Merck, MCI and Citigroup; and a member of the White House special ops staff. She is closely affiliated with key industry organizations including ISSA and the Cloud Security Alliance. Managed security services provider Solutionary is home to Pamela where she serves as vice president of industry solutions.
    • Brief Speaker Bios: August 12, 2010 Rich Baich CISSP,CISM Rich Baich is a Principal in Deloitte & Touche LLP’s Security & Privacy Service, where he champions the Global Cyber Threat and Vulnerability Management practice. Rich has over 15 years experience leading multi-national teams designing, implementing, measuring and advising organizations to effectively and efficiently balance risk, technology and data management decisions with data protection risks, regulatory compliance issues, privacy and security controls. Rich is former Chief Information Security Officer (CISO) at ChoicePoint Inc. where he held enterprise-wide responsibility for information and technology security. Previously, he held leadership positions within NSA, McAfee, and the FBI. In 2005, Rich authored “Winning as a CISO”, a security executive leadership guidebook and advisor to the President’s Commission for Cyber Security. Nova J. Daly Mr. Daly is an international investment, trade and cybersecurity policy expert and has held senior leadership positions at the White House, the U.S. Departments of the Treasury and Commerce and the U.S. Senate. As the former Treasury Deputy Assistant Secretary for Investment Security and Policy from 2006-2009, Mr. Daly was responsible for managing Treasury's work as the chair of the Committee on Foreign Investment in the United States. In that capacity, he also served as the Treasury representative on cybersecurity policy formulation within the Administration. He holds an undergraduate degree in political science from the University of California, Irvine and a graduate degree in international law and organizations from American University.
    • Brief Speaker Bio: August 12, 2010 Edward P Gibson, CISSP, FBCS Ed Gibson is a Director at PricewaterhouseCoopers (PwC) in the Forensics Technology Practice in Washington DC and global. He is responsible for helping companies build capabilities and preventative mechanisms relative to anti-money laundering, FCPA, corporate intelligence, cyber compromise, data protection and privacy, economic espionage, supply chain technology, and social media. He recently returned to the US after 10 years in the UK - from 2000-2005 he was an Assistant Legal Attache for the FBI, assigned to the US Embassy in London in charge of the FBI's cyber investigations in the UK and Ireland. Following his retirement from the FBI in June 2005 he took up a new role as the Chief cyber Security Advisor for Microsoft Ltd in the UK until December 2009 where he was a sought after speaker on cyber risk issues due to his ability to make it personal and real. Prior to London, Ed was a career FBI agent in the Washington DC metro are specializing in investigations of complex frauds, asset identification, and economic espionage. He is a qualified Solicitor in England and Wales, a CISSP (Certified Information Systems Security Professional), a Fellow of the British Computer Society (FBCS), holds a current Top Secret/SCI clearance, and served in the military in the early '70s. Today Ed will be talking about the practical difficulties Corporate executives, the c-Suite, and law firms face in determining 'who to call' when the cyber catastrophe happens and the threat comes from off-shore. ► For more information about the speakers, you can visit: http://www.knowledgecongress.org/event_2010_cyber.html
    • Cybercrime has evolved from a mere exercise in intellectual one-upmanship among programmers to highly organized and sophisticated global criminal operations whose collective common objectives are as old as crime itself: to steal your company’s money! As a result, Cyber-attacks on companies are rising at meteoric rates & finance executives around the globe are being drafted into the front lines to help combat it. Combating Cybercrime for Finance Professionals LIVE webcast aims to arm you with the latest know-how to help you spot and stop cybercrime dead in its tracks. While you are reading this, thousands of companies world-wide are being robbed by cybercriminals. Is your company one of the victims or will it be one of the victors? Join Combating Cybercrime for Finance Professionals LIVE webcast and arm yourself with the latest knowledge to stop cyber criminals before they stop you. August 12, 2010
    • Featured Speakers: August 12, 2010 SEGMENT 1: Marita Fowler Section Chief, Surface Analysis Group Cybersecurity Division US-CERT - Department of Homeland Security SEGMENT 3: Rich Baich CISSP,CISM Principal – Global Leader Cyber Threat and Vulnerability Management Deloitte & Touche LLP SEGMENT 4: Nova J. Daly Public Policy Consultant Wiley Rein LLP SEGMENT 5: Edward P Gibson, CISSP, FBCS Director, US Forensics Technology Solutions Practice PricewaterhouseCoopers LLP SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.
    • Introduction August 12, 2010 Marita Fowler is the Section Chief for the Surface Analysis Group (SAG). Her team is responsible for the analysis and dissemination of information related to financially/ideologically motivated cyber activity and emerging threats. She has diverse background in intelligence, security engineering, space program security and cyber threat analysis. SEGMENT 1: Marita Fowler Section Chief, Surface Analysis Group Cybersecurity Division US-CERT - Department of Homeland Security
    • A Threat to National Security? August 12, 2010 Espionage Motivated Malware Financially Motivated Malware SEGMENT 1: Marita Fowler Section Chief, Surface Analysis Group Cybersecurity Division US-CERT - Department of Homeland Security Image from StuckINa.com Image from Technoslum.com
    • Government Malware Trends August 12, 2010 SEGMENT 1: Marita Fowler Section Chief, Surface Analysis Group Cybersecurity Division US-CERT - Department of Homeland Security
    • How Can You Help? Information Sharing August 12, 2010 SEGMENT 1: Marita Fowler Section Chief, Surface Analysis Group Cybersecurity Division US-CERT - Department of Homeland Security
    • Introduction August 12, 2010 Pamela Fusco is a name known to many of you; she has been in the security industry for nearly 25 years, including roles as chief security strategist and CSO for Merck, MCI and Citigroup; and a member of the White House special ops staff. She is closely affiliated with key industry organizations including ISSA and the Cloud Security Alliance. Managed security services provider Solutionary is home to Pamela where she serves as vice president of industry solutions. SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.
    • August 12, 2010 Go Home, The Internet Is Closed SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.
    • August 12, 2010 SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.
    • August 12, 2010 In a Virtual Battle Field
      • Security usually implies a confrontation, good vs. evil
      • Most battles, civil unrest and/or conflicts, organized or not, one side either surrenders or is
      • forced into retreat and the victor rises
      • Cyber issues have no retreat, no surrender, no empty trenches
      • Cyber Crime is low risk with high rewards
        • Cyber Crime prosecution is minimal
      SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.
    • August 12, 2010
      • On line extortion
        • Utilities
        • Government
        • Business
      • Cyber tool kits (w/ 12 mos. of support and services)
      • Opting in, no participation required
        • Pretexting
        • Target does not have to be engaged or aware
      • Combat zone is non fiction
        • Zombie Armies
        • BOT Nets
      Virtual Trenches SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.
    • August 12, 2010
      • Units were "fielded so fast that it was done with an unencrypted signal. It could be intercepted, hacked into and jammed,“ stated an Air Force officer with knowledge of the program
        • Intended for line-of sight communications (tactical, real time)
        • Military drones are “particularly susceptible” to video taps
        • “ It’s like criminals using radio scanners to pick up police communications,” the senior officer says .
      ROVER (Remotely Operated Video Enhanced Receiver) SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.
    • August 12, 2010 The World’s Information SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.
    • August 12, 2010
      • Automated queries and data correlation
        • Location, real time searches, “near me now”
        • Retail inventory
        • Common consumer queries amass the cyber vaults
        • Billions of images and relational data
        • Ask and you shall receive
      • Connected to the Cloud (“fielded so fast”)
        • Resource rich devices connected to the cloud
        • Adoption significantly on the rise
        • Understanding and knowledge mid grade
        • Exploitation vectors and analysis TBD
          • CSA, Trusted Cloud
      Virtualization and Information Cyberflow SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.
    • August 12, 2010 Verify SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.
    • August 12, 2010
      • Technology only does what humans, design it to do
      • Consumers offer more pii when they believe they are getting something
      • Hold back a bit, don’t be so precise
        • Goggles for Google
        • Information relevance and data flux
        • Websites, specifically for golfers, etc
        • Social medians
          • Booz Allen’s social networking hello. Bah.com (P2P)
          • Targets employees with 5-15 yrs experience
      An act of generosity may become too generous SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.
    • August 12, 2010
      • Sensible metrics and business intelligence
      • Realistic reporting and analysis
        • Compliance and auditing, business and personal
        • Investments in innovation and R&D
        • Strategy and preparation
        • Collaboration, affiliations and standards
          • Vas coalescence
          • Enable rapid acquisition by leveraging collaborative and participating partners
      Elements, Trends and Analysis SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.
    • August 12, 2010
      • Point in time
        • Too late
      • Social “Median” (can’t fight the trends)
      • Economies of scale
        • Portal
        • SIEM (and/or like)
      • Know the business of hacking
      • Know the solutions for defense and offense
        • Leverage trusted partners
        • MSSPs, Telco’s
        • Cloud solutions and purpose built methodologies and technologies
      Get the VIEW! SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.
    • August 12, 2010 Identify the Source Think like they do and consider the outcome SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.
    • Introduction August 12, 2010 Rich Baich is a Principal in Deloitte & Touche LLP’s Security & Privacy Service, where he champions the Global Cyber Threat and Vulnerability Management practice. Rich has over 15 years experience leading multi-national teams designing, implementing, measuring and advising organizations to effectively and efficiently balance risk, technology and data management decisions with data protection risks, regulatory compliance issues, privacy and security controls. Rich is former Chief Information Security Officer (CISO) at ChoicePoint Inc. where he held enterprise-wide responsibility for information and technology security. Previously, he held leadership positions within NSA, McAfee, and the FBI. In 2005, Rich authored “Winning as a CISO”, a security executive leadership guidebook and advisor to the President’s Commission for Cyber Security. SEGMENT 3: Rich Baich CISSP,CISM Principal – Global Leader Cyber Threat and Vulnerability Management Deloitte & Touche LLP
    • Cyber Threat Intelligence August 12, 2010 SEGMENT 3: Rich Baich CISSP,CISM Principal – Global Leader Cyber Threat and Vulnerability Management Deloitte & Touche LLP
    • The Changing Threat Landscape August 12, 2010 The cybercrime landscape has evolved into a set of highly specialized criminal products and services that are able to target specific organizations, regions, and customer profiles by using a sophisticated set of malware exploits and anonymization systems which routinely evade present-day security controls.
    • The Underground Economy August 12, 2010 Malware Distribution Service Data Mining & Enrichment Data Acquisition Service Phishing Data Sales Cashing Stolen Data Drop Sites Keyloggers Payment Gateways Retailers Bank Carding Forums Instant Messaging Data Validation Service eMoney Spammer Botnet Owners Cyber Criminals Drop Service Wire Transfer eCommerce Sites Botnet Service Malware Authors Credit Card Cashers Malicious Code Related Criminal Roles Underground Criminal Services Criminal Forums & Communication 3 rd Party & Corporate Enablers Key: Compromise Acquire Enrich and Validate Sell Monetize On-Line Gambling Identity Collectors
    • Making Cyber Threat Intelligence Actionable August 12, 2010 Our approach is based on real life deployment experience. It has been proven to work in large production environments and is differentiated by the use of aggregated open source intelligence with is transformed into normalized, context aware, actionable cyber threat intelligence data.
      • Commercial Feeds
      • Law Enforcement
      • Industry Associations
      • Underground Forums
      • Hash databases
      • GEOIP data
      • Honeynets
      • Malware Forensics
      • Brand monitoring
      • P2P monitoring
      • DNS monitoring
      • Watchlist monitoring
      • Fraud investigations
      • Security event data
      • Abuse mailbox info
      • Vulnerability data
      • Sandboxes
      • Human intelligence
      Risk Assessment Process Threat Intelligence Reporting Risk Acceptance Process Risk Mitigation & Remediation Line of Business Teams Security, Fraud and Operational Risk Teams 3 rd Parties, Subsidiaries Urgent security control updates IP reputation data for authentication Proactive Surveillance External Cyber Threat Intelligence Feeds Cyber Threat Intelligence Collection Research, and Analysis Process “ All Source Fusion” Internal Threat Intelligence Feeds Integrated Business Processes Actionable Intelligence
    • The Value of A Cyber Threat Intelligence Capability August 12, 2010
      • Actionable, risk-based cyber intelligence data
      • Enhanced, industry specific brand monitoring and protection
      • Upgraded information security controls that meet or exceed regulatory obligations
      • Limit or reduce the scope and impact of security breaches
      • Reduce operational loss caused by cyber criminals
      • Reduce the frequency and scope of security incidents
      • Identify customers, partners, and suppliers that are compromised
      • Reduce the amount of time necessary to detect and locate advanced persistent threats
      • Improve the return on investment for previously purchased security controls, management platforms, and intelligence feeds
      SEGMENT 3: Rich Baich CISSP,CISM Principal – Global Leader Cyber Threat and Vulnerability Management Deloitte & Touche LLP
    • Introduction August 12, 2010 Mr. Daly is an international investment, trade and cybersecurity policy expert and has held senior leadership positions at the White House, the U.S. Departments of the Treasury and Commerce and the U.S. Senate. As the former Treasury Deputy Assistant Secretary for Investment Security and Policy from 2006-2009, Mr. Daly was responsible for managing Treasury's work as the chair of the Committee on Foreign Investment in the United States. In that capacity, he also served as the Treasury representative on cybersecurity policy formulation within the Administration. He holds an undergraduate degree in political science from the University of California, Irvine and a graduate degree in international law and organizations from American University. SEGMENT 4: Nova J. Daly Public Policy Consultant Wiley Rein LLP
    • The Facts August 12, 2010
      • Cyber criminals operate undetected within systems. Their technologies include devices plugged into corporate networks, malware, and key stroke loggers that capture credentials and provide criminals with privileged access while they evade detection.
        • In 2009, more than 11.1 million U.S. adults were victims of identity theft.
        • One in every ten U.S. consumers has already been victimized by identity theft.
        • On average, victims lose between $851 and $1,378 out-of-pocket and spend 330 hours repairing the damage.
        • Incidents of fraud translated into losses of more than $54 billion by consumers and businesses.
      SEGMENT 4: Nova J. Daly Public Policy Consultant Wiley Rein LLP
    • What Does it Mean for the Evolution of Cyber Security Vulnerability Management? August 12, 2010
      • Future legislative and federal initiatives that will seek to standardize technologies; possibly
      • with penalties for those businesses that do not meet certain standards
      • New guidelines on cybersecurity protocols
      • New international initiatives
      • Increased funding for R&D and technology procurement
      SEGMENT 4: Nova J. Daly Public Policy Consultant Wiley Rein LLP
    • Are You Ready for Big Brother? August 12, 2010
      • Some form of federal cyber security legislation is sure to pass the U.S. Congress, and it will change
      • the way you do business.
      SEGMENT 4: Nova J. Daly Public Policy Consultant Wiley Rein LLP
    • Congress is Very Engaged August 12, 2010
      • In 2009-10, Congress held over 75 hearings on cybersecurity.
      • Members stressed the need to partner with private sector entities.
      • However, barring a “Pearl Harbor” attack, legislation will not pass this year.
      SEGMENT 4: Nova J. Daly Public Policy Consultant Wiley Rein LLP
    • Key Congressional Committees August 12, 2010
      • Senate
        • Committee on Homeland Security an Governmental Affairs
          • Joseph Lieberman (I-CT); Susan Collins (R-ME)
        • Committee on Commerce, Science and Transportation
          • Jay Rockefeller (D-WV); Olympia Snowe (R-ME)
      • House
        • Committee on Science & Technology
          • Bart Gordon (D-TN); James Sensenbrenner (R-WI)
        • Committee on Energy and Commerce
          • Henry A. Waxman (D-CA); Joe Barton (R-TX)
        • Committee on Homeland Security
          • Bennie Thompson (D-MS); Peter T. King (R-NY)
      SEGMENT 4: Nova J. Daly Public Policy Consultant Wiley Rein LLP
    • Key Congressional Legislation August 12, 2010
      • Cybersecurity Enhancement Act, H.R. 4061 : Passed the House and could pass in the Senate. Funds $396 million in R&D over 4 years; promotes a federal cybersecurity workforce and transfer of cyber technologies into the marketplace.
      • International Cybercrime Reporting and Cooperation Act, S. 3155 & H.R. 4692 : Requires the President to produce annual reports on international efforts and identify countries posing a cyber threat.
      • Appropriations for Department of Homeland Security, H.R. 4842 : Includes $150 million in funding for cybersecurity R&D to prevent, detect and respond to cyber attacks.
      • House Energy and Commerce and/Homeland Security Proposals : Both of these Committees have jurisdiction on cybersecurity and will likely have an important say in anything that is signed into law or considered in the House.
      SEGMENT 4: Nova J. Daly Public Policy Consultant Wiley Rein LLP
    • Key Congressional Legislation August 12, 2010
      • Cybersecurity Act of 2010, S.773 : Passed Senate Commerce Committee. Estimated to cost $1.8 billion. This bill contains provisions for private sector collaboration, but there are concerns that it creates a “cyber bureaucracy” that would inhibit innovation. Provisions in the bill could levy fines for non-compliance with certain technology and procurement standards.
      • Protecting Cyberspace as a National Asset Act, S. 3480: The bill from Senators Lieberman and Collins places a top cybersecurity official in the White House, but gives DHS broad powers. Authorizes the President to issue a declaration of a national cyber emergency to covered critical infrastructure.
      • Senate Leader Harry Reid committed to developing comprehensive cyber security legislation in a June 2010, letter to President Obama, and told Senators to meld the competing cybersecurity bills together by September, if not earlier.
      SEGMENT 4: Nova J. Daly Public Policy Consultant Wiley Rein LLP
    • Changes in the Cyber Security Policy Vacuum August 12, 2010
      • Federal initiatives from agencies like the Department of Homeland Security and the Federal Communication Commission are driving changes in the absence of cyber security leadership.
      SEGMENT 4: Nova J. Daly Public Policy Consultant Wiley Rein LLP
    • Moves from the Administration August 12, 2010
      • 2008: Development of the Comprehensive National Cybersecurity Initiative (CNCI)
      • 2009: Performance of a 60-day review and publication of the Cyberspace Policy Review Report. The Report leads to:
        • Creation of a Cybersecurity Coordinator at the White House.
        • Work between federal, state and local partners with industry to identify procurement strategies that will incentivize the market.
          • Including through adjustments to liability considerations, tax incentives, and new regulatory requirements and compliance mechanisms.
      SEGMENT 4: Nova J. Daly Public Policy Consultant Wiley Rein LLP
    • Key Administration Agencies and Actions August 12, 2010
      • The White House . The National Security Counsel and National Economic Council are the nexus of cyber policy for the federal government.
      • The Department of Homeland Security (DHS). This agency is cyber central and responsible for: implementing the deployment of an intrusion detection system; coordinating R&D efforts; developing a cyber counterintelligence plan; expanding cyber education; and developing an approach for global supply chain risk management.
      • The Department of Defense (DOD) and the National Security Agency (NSA). Key agencies on cybersecurity spending and policy with immense budgets and huge policy weight.
      SEGMENT 4: Nova J. Daly Public Policy Consultant Wiley Rein LLP
    • Key Administration Agencies and Actions August 12, 2010
      • The U.S. Department of Commerce (Commerce). Commerce’s National Telecommunications and Information Administration (NTIA) plays an important role in cyber security policy.
      • The U.S. Department of State (State). Plays a significant international role, including on negotiations with other governments.
      • The Federal Communications Commission (FCC). The FCC recently released its National Broadband Plan. A key part of that plan is to give the FCC a greatly enhanced role in developing and promoting cyber security measures. It is also seeking support for a certification system for providers.
      SEGMENT 4: Nova J. Daly Public Policy Consultant Wiley Rein LLP
    • International Treaty? August 12, 2010
      • New international initiatives are creating industry and national coalitions.
      SEGMENT 4: Nova J. Daly Public Policy Consultant Wiley Rein LLP
    • International Cybersecurity Moves August 12, 2010
      • International Consensus
        • The world is moving toward developing a consensus around five pillars of cybersecurity action, with each country building:
          • a national security response team,
          • informed legislation,
          • public-private sector engagement and public awareness,
          • stronger enforcement, and
          • capacity building.
      SEGMENT 4: Nova J. Daly Public Policy Consultant Wiley Rein LLP
    • Cyber Money August 12, 2010
      • The tap on spending for cyber security R&D and technology has just begun to open.
      SEGMENT 4: Nova J. Daly Public Policy Consultant Wiley Rein LLP
    • Money and Resources August 12, 2010
      • The cumulative U.S. federal cybersecurity market is valued to be $55 billion from 2010-2015 and
      • will grow steadily – at about 6.2 percent annually over the next six years.
      • Congress is planning on providing massive funding to agencies and cybersecurity R&D.
      • The DHS alone plans to invest $900 million in technology in fiscal 2011, and is hiring thousands
      • of cybersecurity experts.
      • Funds related to these initiatives will find their way to the state and local coffers.
      SEGMENT 4: Nova J. Daly Public Policy Consultant Wiley Rein LLP
    • Questions? August 12, 2010 SEGMENT 4: Nova J. Daly Public Policy Consultant Wiley Rein LLP
    • Introduction August 12, 2010 Ed Gibson is a Director at PricewaterhouseCoopers (PwC) in the Forensics Technology Practice in Washington DC and global. He is responsible for helping companies build capabilities and preventative mechanisms relative to anti-money laundering, FCPA, corporate intelligence, cyber compromise, data protection and privacy, economic espionage, supply chain technology, and social media. He recently returned to the US after 10 years in the UK - from 2000-2005 he was an Assistant Legal Attache for the FBI, assigned to the US Embassy in London in charge of the FBI's cyber investigations in the UK and Ireland. Following his retirement from the FBI in June 2005 he took up a new role as the Chief cyber Security Advisor for Microsoft Ltd in the UK until December 2009 where he was a sought after speaker on cyber risk issues due to his ability to make it personal and real. Prior to London, Ed was a career FBI agent in the Washington DC metro are specializing in investigations of complex frauds, asset identification, and economic espionage. He is a qualified Solicitor in England and Wales, a CISSP (Certified Information Systems Security Professional), a Fellow of the British Computer Society (FBCS), holds a current Top Secret/SCI clearance, and served in the military in the early '70s. Today Ed will be talking about the practical difficulties Corporate executives, the c-Suite, and law firms face in determining 'who to call' when the cyber catastrophe happens and the threat comes from off-shore. SEGMENT 5: Edward P Gibson, CISSP, FBCS Director, US Forensics Technology Solutions Practice PricewaterhouseCoopers LLP
    • Talking Points August 12, 2010
      • " It's never going to happen to me" - What you need to know now!
      • Who are you going to call when the extortion email arrives in your inbox: in-house counsel? External counsel? Police? FBI / US Secret Service? Your neighbor?
      • Data Breach reporting - publication and notification - or hide?
      • Insider threat greater than external threats - economic espionage is real
      • WabiSabiLabi.com e-bay of software vulnerabilities
      • Cryptome.org // Sealandgov.org // Wikileaks.com - Do you know where your data is?
      (Edward P Gibson, CISSP, FBCS, Director-Forensic Technology Solutions, PricewaterhouseCoopers, Washington DC metro and global, Ed.Gibson@us.pwc.com, +1 703 789 5281) SEGMENT 5: Edward P Gibson, CISSP, FBCS Director, US Forensics Technology Solutions Practice PricewaterhouseCoopers LLP
    • Talking Points August 12, 2010
      • Cloud computing - What is it and why you should care
      • International discovery issues: MLAT / Letters Rogatory / or Just forget about it?
      • Data privacy / public policy issues are constantly changing in Europe
      • Sometimes you just can't do anything about it after it happens - so don't let it happen in the first place.
      • Network printers / copy machines; mobile devices; hardware: yes they all store data
      • Social Media - 17 steps to privacy (what is good is bad - does anyone care?)
      (Edward P Gibson, CISSP, FBCS, Director-Forensic Technology Solutions, PricewaterhouseCoopers, Washington DC metro and global, Ed.Gibson@us.pwc.com, +1 703 789 5281) SEGMENT 5: Edward P Gibson, CISSP, FBCS Director, US Forensics Technology Solutions Practice PricewaterhouseCoopers LLP
    • August 12, 2010 ► You may ask a question at anytime throughout the presentation today. Simply click on the question mark icon located on the floating tool bar on the bottom right side of your screen. Type your question in the box that appears and click send. ► Questions will be answered in the order they are received. SEGMENT 1: Marita Fowler Section Chief, Surface Analysis Group Cybersecurity Division US-CERT - Department of Homeland Security SEGMENT 3: Rich Baich CISSP,CISM Principal – Global Leader Cyber Threat and Vulnerability Management Deloitte & Touche LLP SEGMENT 4: Nova J. Daly Public Policy Consultant Wiley Rein LLP SEGMENT 5: Edward P Gibson, CISSP, FBCS Director, US Forensics Technology Solutions Practice PricewaterhouseCoopers LLP SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.
    • Notes: August 12, 2010
    • August 12, 2010 ABOUT THE KNOWLEDGE CONGRESS: The Knowledge Group, LLC is an organization that produces live webcasts which examine regulatory changes and their impacts across a variety of industries. “We bring together the world's leading authorities and industry participants through informative two-hour webcasts to study the impact of changing regulations.” If you would like to be informed of other upcoming events, please click here. Disclaimer: The Knowledge Group, LLC is producing this event for information purposes only. We do not intend to provide or offer business advice.   The contents of this event are based upon the opinions of our speakers. The Knowledge Congress does not warrant their accuracy and completeness. The statements made by them are based on their independent opinions and does not necessarily reflect that of The Knowledge Congress' views.   In no event shall The Knowledge Congress be liable to any person or business entity for any special, direct, indirect, punitive, incidental or consequential damages as a result of any information gathered from this webcast.