SlideShare a Scribd company logo

Southern Risk Council - Cybersecurity Update 10-9-13

Download as PPTX, PDF
Phil Agcaoili
Phil Agcaoili
TechnologyEconomy & Finance
1 of 11
CYBERSECURITY UPDATE October 9, 2013 Southern Risk Council
The Cybersecurity Activity in Washington • Cybersecurity Framework • DHS Integrated Task Force • Regulators (e.g. FCC CSRIC) • Possible Legislation
DHS Critical Infrastructure Sectors Communications Sub-sectors: • Cable • Wireless • Wireline • Satellite • Broadcast
Executive Order on Cybersecurity • President signed an Executive Order and Presidential Policy Directive on February 12, 2013 to Improve Critical Infrastructure Cybersecurity • “Critical Infrastructure” is defined as “systems and assets, whether physical or virtual, so vital to the US” that their incapacity or destruction would have debilitating impact on: • Security, • National economic security, • Public health or safety • Key Parts • Cybersecurity Information Sharing (AG, DHS, and DNI, section 4) • Privacy and Civil Liberties Protections (DHS, section 5) • Develop Baseline Framework to Reduce Cyber Risk to Critical Infrastructure (NIST, section 7) • Voluntary program to support adoption (DHS, section 8) • “Procurement requirements related to cybersecurity” • Identification of Critical Infrastructure at Greatest Risk (DHS, section 9) • Agency review and report on existing regulatory requirements and authority to establish new framework-based requirements (section 10)
How the Framework has been Developed 5th Framework Workshop – November 14-15 EO 13,636 and PPD-21 – February 12, 2013
The Cybersecurity Framework Cybersecurity Risk Management Identify Protect DetectRespond Recover Prioritized Flexible Repeatable Performance based Cost Effective Basic Cyber Hygiene
DHS Voluntary Cybersecurity Program Voluntary Adoption ProgramIncentives Implementation Guidance Promote Participation Adopters
White House on Cybersecurity Incentives The departments of Homeland Security, Commerce and Treasury identified 8 incentives the federal government could use to encourage the nation's critical infrastructure owners to adopt voluntarily the cybersecurity framework being developed under the auspices of the National Institute of Standards and Technology. The eight incentives are: 1. Cybersecurity insurance, 2. Grants, 3. Process preferences, 4. Liability limitation, 5. Streamlined regulations, 6. Public recognition, 7. Rate recovery for price-regulated industries and 8. Cybersecurity research. Incentives would help nation's critical infrastructure operators adopt voluntary framework.
Cybersecurity Timeline Publication of Preliminary Framework 5th NIST Workshop End of 45 Day Comment Period on Preliminary Framework Publication of Final Framework FCC CSRIC IV Commences Regulatory Requirements Sufficiency Analysis Framework Effectiveness Assessment
Thanks Phil Agcaoili Chief Information Security Officer, Cox Communications, Inc. Co-Chair, Communications Sector Coordinating Council (CSCC), Cybersecurity Committee – Technical Sub-Committee Member, Communications Information Sharing and Analysis Center (ISAC) Co-Chair, FCC CSRIC IV, WG 4 (Cybersecurity Best Practices) Co-Founder & Board Member, Southern CISO Security Council Distinguished Fellow and Fellows Chairman, Ponemon Institute Founding Member, Cloud Security Alliance (CSA) Inventor & Co-Author, CSA Cloud Controls Matrix, GRC Stack, Security, Trust and Assurance Registry (STAR), and CSA Open Certification Framework (OCF) @hacksec https://www.linkedin.com/in/philA
CYBER INSURANCE Section 2

Recommended

Www.calguard.ca.gov Computer-Network-Defense
Www.calguard.ca.gov Computer-Network-DefenseWww.calguard.ca.gov Computer-Network-Defense
Www.calguard.ca.gov Computer-Network-Defense
David Sweigert
 
SEWERLOCK AND TELECOMLOCK INFRASTRUCTURE ASSETS
SEWERLOCK AND TELECOMLOCK INFRASTRUCTURE ASSETSSEWERLOCK AND TELECOMLOCK INFRASTRUCTURE ASSETS
SEWERLOCK AND TELECOMLOCK INFRASTRUCTURE ASSETS
S. F. (Sid) Nash
 
Business uses for blockchain
Business uses for blockchainBusiness uses for blockchain
Business uses for blockchain
Atkins
 
What Should We Do about Cyber Attacks?
What Should We Do about Cyber Attacks?What Should We Do about Cyber Attacks?
What Should We Do about Cyber Attacks?
Mercatus Center
 
Akolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'ConnorAkolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'Connor
Paul O'Connor
 
DDoS mitigation at Jisc
DDoS mitigation at JiscDDoS mitigation at Jisc
DDoS mitigation at Jisc
Jisc
 
Cyber resilient infrastructure
Cyber resilient infrastructureCyber resilient infrastructure
Cyber resilient infrastructure
Atkins
 
Privacy is at the heart of data protection
Privacy is at the heart of data protectionPrivacy is at the heart of data protection
Privacy is at the heart of data protection
Jisc
 

Recommended

Www.calguard.ca.gov Computer-Network-Defense
Www.calguard.ca.gov Computer-Network-DefenseWww.calguard.ca.gov Computer-Network-Defense
Www.calguard.ca.gov Computer-Network-Defense
David Sweigert
 
SEWERLOCK AND TELECOMLOCK INFRASTRUCTURE ASSETS
SEWERLOCK AND TELECOMLOCK INFRASTRUCTURE ASSETSSEWERLOCK AND TELECOMLOCK INFRASTRUCTURE ASSETS
SEWERLOCK AND TELECOMLOCK INFRASTRUCTURE ASSETS
S. F. (Sid) Nash
 
Business uses for blockchain
Business uses for blockchainBusiness uses for blockchain
Business uses for blockchain
Atkins
 
What Should We Do about Cyber Attacks?
What Should We Do about Cyber Attacks?What Should We Do about Cyber Attacks?
What Should We Do about Cyber Attacks?
Mercatus Center
 
Akolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'ConnorAkolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'Connor
Paul O'Connor
 
DDoS mitigation at Jisc
DDoS mitigation at JiscDDoS mitigation at Jisc
DDoS mitigation at Jisc
Jisc
 
Cyber resilient infrastructure
Cyber resilient infrastructureCyber resilient infrastructure
Cyber resilient infrastructure
Atkins
 
Privacy is at the heart of data protection
Privacy is at the heart of data protectionPrivacy is at the heart of data protection
Privacy is at the heart of data protection
Jisc
 
The National Security Agency (NSA) -- PRISM Surveillance System _Not a Surpri...
The National Security Agency (NSA) -- PRISM Surveillance System _Not a Surpri...The National Security Agency (NSA) -- PRISM Surveillance System _Not a Surpri...
The National Security Agency (NSA) -- PRISM Surveillance System _Not a Surpri...
Sonia Usih, PMP, MCPM, BSc.
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
PECB
 
mit data vr jan17
mit data vr jan17mit data vr jan17
mit data vr jan17
Patrick McCormick
 
Capstone Final Presentation
Capstone Final PresentationCapstone Final Presentation
Capstone Final Presentation
Kartik Uppal
 
www_infosecurity-magazine_com_news_rhode-island-sets-up-cybersecurity-team-that
www_infosecurity-magazine_com_news_rhode-island-sets-up-cybersecurity-team-thatwww_infosecurity-magazine_com_news_rhode-island-sets-up-cybersecurity-team-that
www_infosecurity-magazine_com_news_rhode-island-sets-up-cybersecurity-team-that
Anthony Heywood
 
The Data Privacy Paradox
The Data Privacy ParadoxThe Data Privacy Paradox
The Data Privacy Paradox
Mick Yates
 
Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™
Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™
Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™
Intralinks
 
Why shaWHY SHARE CYBER THREAT INFORMATIONre cyber threat information
Why shaWHY SHARE CYBER THREAT INFORMATIONre cyber threat informationWhy shaWHY SHARE CYBER THREAT INFORMATIONre cyber threat information
Why shaWHY SHARE CYBER THREAT INFORMATIONre cyber threat information
mikeecholscyber
 
Internet Society (ISOC Uk England) Webinar on User Trust
Internet Society (ISOC Uk England) Webinar on User TrustInternet Society (ISOC Uk England) Webinar on User Trust
Internet Society (ISOC Uk England) Webinar on User Trust
Ansgar Koene
 
PIPL - Steady Growth & Asset Monetization
PIPL - Steady Growth & Asset MonetizationPIPL - Steady Growth & Asset Monetization
PIPL - Steady Growth & Asset Monetization
Dr. Sanjeev B Ahuja
 
Building A Cloud-Ready Security Program
Building A Cloud-Ready Security ProgramBuilding A Cloud-Ready Security Program
Building A Cloud-Ready Security Program
NetIQ
 
NIST Updates Federal Supply Chain Risk Management Practices Guide
NIST Updates Federal Supply Chain Risk Management Practices GuideNIST Updates Federal Supply Chain Risk Management Practices Guide
NIST Updates Federal Supply Chain Risk Management Practices Guide
childlikeegg1000
 
NIST Updates Federal Supply Chain Risk Management Practices Guide
NIST Updates Federal Supply Chain Risk Management Practices GuideNIST Updates Federal Supply Chain Risk Management Practices Guide
NIST Updates Federal Supply Chain Risk Management Practices Guide
unevendock6891
 
Internet of Things and Governance
Internet of Things and GovernanceInternet of Things and Governance
Internet of Things and Governance
Kate Carruthers
 
Industrial Control Cybersecurity USA Cyber Senate conference
Industrial Control Cybersecurity USA Cyber Senate conference Industrial Control Cybersecurity USA Cyber Senate conference
Industrial Control Cybersecurity USA Cyber Senate conference
James Nesbitt
 
SARoNGS project (Jens Jensen)
SARoNGS project (Jens Jensen)SARoNGS project (Jens Jensen)
SARoNGS project (Jens Jensen)
JISC.AM
 
"Legal implementation barriers of privacy-preserving technologies" eLAW prese...
"Legal implementation barriers of privacy-preserving technologies" eLAW prese..."Legal implementation barriers of privacy-preserving technologies" eLAW prese...
"Legal implementation barriers of privacy-preserving technologies" eLAW prese...
e-SIDES.eu
 
CWIN17 New-York / earning the currency of trust
CWIN17 New-York / earning the currency of trustCWIN17 New-York / earning the currency of trust
CWIN17 New-York / earning the currency of trust
Capgemini
 
Digital Marketing and your startup
Digital Marketing and your startupDigital Marketing and your startup
Digital Marketing and your startup
Kate Carruthers
 
Is 2014 the year for Cyber Militias ?
Is 2014 the year for Cyber Militias ?Is 2014 the year for Cyber Militias ?
Is 2014 the year for Cyber Militias ?
David Sweigert
 
International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [AP...
International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [AP...International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [AP...
International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [AP...
APNIC
 
Infowarcon 2014 ME Cyber wars v13
Infowarcon 2014 ME Cyber wars v13Infowarcon 2014 ME Cyber wars v13
Infowarcon 2014 ME Cyber wars v13
Jorge Sebastiao
 

More Related Content

What's hot

How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
PECB
 
Capstone Final Presentation
Capstone Final PresentationCapstone Final Presentation
Capstone Final Presentation
Kartik Uppal
 
www_infosecurity-magazine_com_news_rhode-island-sets-up-cybersecurity-team-that
www_infosecurity-magazine_com_news_rhode-island-sets-up-cybersecurity-team-thatwww_infosecurity-magazine_com_news_rhode-island-sets-up-cybersecurity-team-that
www_infosecurity-magazine_com_news_rhode-island-sets-up-cybersecurity-team-that
Anthony Heywood
 
The Data Privacy Paradox
The Data Privacy ParadoxThe Data Privacy Paradox
The Data Privacy Paradox
Mick Yates
 
Is 2014 the year for Cyber Militias ?
Is 2014 the year for Cyber Militias ?Is 2014 the year for Cyber Militias ?
Is 2014 the year for Cyber Militias ?
David Sweigert
 

What's hot (20)

The National Security Agency (NSA) -- PRISM Surveillance System _Not a Surpri...
The National Security Agency (NSA) -- PRISM Surveillance System _Not a Surpri...The National Security Agency (NSA) -- PRISM Surveillance System _Not a Surpri...
The National Security Agency (NSA) -- PRISM Surveillance System _Not a Surpri...
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
 
mit data vr jan17
mit data vr jan17mit data vr jan17
mit data vr jan17
 
Capstone Final Presentation
Capstone Final PresentationCapstone Final Presentation
Capstone Final Presentation
 
www_infosecurity-magazine_com_news_rhode-island-sets-up-cybersecurity-team-that
www_infosecurity-magazine_com_news_rhode-island-sets-up-cybersecurity-team-thatwww_infosecurity-magazine_com_news_rhode-island-sets-up-cybersecurity-team-that
www_infosecurity-magazine_com_news_rhode-island-sets-up-cybersecurity-team-that
 
The Data Privacy Paradox
The Data Privacy ParadoxThe Data Privacy Paradox
The Data Privacy Paradox
 
Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™
Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™
Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™
 
Why shaWHY SHARE CYBER THREAT INFORMATIONre cyber threat information
Why shaWHY SHARE CYBER THREAT INFORMATIONre cyber threat informationWhy shaWHY SHARE CYBER THREAT INFORMATIONre cyber threat information
Why shaWHY SHARE CYBER THREAT INFORMATIONre cyber threat information
 
Internet Society (ISOC Uk England) Webinar on User Trust
Internet Society (ISOC Uk England) Webinar on User TrustInternet Society (ISOC Uk England) Webinar on User Trust
Internet Society (ISOC Uk England) Webinar on User Trust
 
PIPL - Steady Growth & Asset Monetization
PIPL - Steady Growth & Asset MonetizationPIPL - Steady Growth & Asset Monetization
PIPL - Steady Growth & Asset Monetization
 
Building A Cloud-Ready Security Program
Building A Cloud-Ready Security ProgramBuilding A Cloud-Ready Security Program
Building A Cloud-Ready Security Program
 
NIST Updates Federal Supply Chain Risk Management Practices Guide
NIST Updates Federal Supply Chain Risk Management Practices GuideNIST Updates Federal Supply Chain Risk Management Practices Guide
NIST Updates Federal Supply Chain Risk Management Practices Guide
 
NIST Updates Federal Supply Chain Risk Management Practices Guide
NIST Updates Federal Supply Chain Risk Management Practices GuideNIST Updates Federal Supply Chain Risk Management Practices Guide
NIST Updates Federal Supply Chain Risk Management Practices Guide
 
Internet of Things and Governance
Internet of Things and GovernanceInternet of Things and Governance
Internet of Things and Governance
 
Industrial Control Cybersecurity USA Cyber Senate conference
Industrial Control Cybersecurity USA Cyber Senate conference Industrial Control Cybersecurity USA Cyber Senate conference
Industrial Control Cybersecurity USA Cyber Senate conference
 
SARoNGS project (Jens Jensen)
SARoNGS project (Jens Jensen)SARoNGS project (Jens Jensen)
SARoNGS project (Jens Jensen)
 
"Legal implementation barriers of privacy-preserving technologies" eLAW prese...
"Legal implementation barriers of privacy-preserving technologies" eLAW prese..."Legal implementation barriers of privacy-preserving technologies" eLAW prese...
"Legal implementation barriers of privacy-preserving technologies" eLAW prese...
 
CWIN17 New-York / earning the currency of trust
CWIN17 New-York / earning the currency of trustCWIN17 New-York / earning the currency of trust
CWIN17 New-York / earning the currency of trust
 
Digital Marketing and your startup
Digital Marketing and your startupDigital Marketing and your startup
Digital Marketing and your startup
 
Is 2014 the year for Cyber Militias ?
Is 2014 the year for Cyber Militias ?Is 2014 the year for Cyber Militias ?
Is 2014 the year for Cyber Militias ?
 

Viewers also liked

2.5 use of ict in publishing
2.5 use of ict in publishing2.5 use of ict in publishing
2.5 use of ict in publishing
Momina Mateen
 
Why EA's must drive cloud strategy
Why EA's must drive cloud strategyWhy EA's must drive cloud strategy
Why EA's must drive cloud strategy
Mike Walker
 

Viewers also liked (8)

International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [AP...
International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [AP...International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [AP...
International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [AP...
 
Infowarcon 2014 ME Cyber wars v13
Infowarcon 2014 ME Cyber wars v13Infowarcon 2014 ME Cyber wars v13
Infowarcon 2014 ME Cyber wars v13
 
2.5 use of ict in publishing
2.5 use of ict in publishing2.5 use of ict in publishing
2.5 use of ict in publishing
 
Critical Infrastructure and Cyber Sec in Transportation Sector
Critical Infrastructure and Cyber Sec in Transportation SectorCritical Infrastructure and Cyber Sec in Transportation Sector
Critical Infrastructure and Cyber Sec in Transportation Sector
 
ICT Roles in Media Print Industry
ICT Roles in Media Print IndustryICT Roles in Media Print Industry
ICT Roles in Media Print Industry
 
Why EA's must drive cloud strategy
Why EA's must drive cloud strategyWhy EA's must drive cloud strategy
Why EA's must drive cloud strategy
 
Takaful Presentation Full
Takaful Presentation FullTakaful Presentation Full
Takaful Presentation Full
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentation
 

Similar to Southern Risk Council - Cybersecurity Update 10-9-13

Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Government Technology and Services Coalition
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
GovCloud Network
 
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMMCloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Hector Del Castillo, CPM, CPMM
 
Key Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsKey Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government Contractors
Government Technology and Services Coalition
 
Cyber-insurance and liability caps proposed as incentives by Department of Co...
Cyber-insurance and liability caps proposed as incentives by Department of Co...Cyber-insurance and liability caps proposed as incentives by Department of Co...
Cyber-insurance and liability caps proposed as incentives by Department of Co...
David Sweigert
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best Practices
Ulf Mattsson
 

Similar to Southern Risk Council - Cybersecurity Update 10-9-13 (20)

Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
 
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
 
NIST article I wrote
NIST article I wroteNIST article I wrote
NIST article I wrote
 
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
 
TALK Public Policy 2022
TALK Public Policy 2022TALK Public Policy 2022
TALK Public Policy 2022
 
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
 
Comprehensive U.S. Cyber Framework Final Report
Comprehensive U.S. Cyber Framework Final ReportComprehensive U.S. Cyber Framework Final Report
Comprehensive U.S. Cyber Framework Final Report
 
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMMCloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
 
Key Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsKey Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government Contractors
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security Framework
 
CSO Magazine Confab 2013 Atlanta - Cyber Security
CSO Magazine Confab 2013 Atlanta - Cyber SecurityCSO Magazine Confab 2013 Atlanta - Cyber Security
CSO Magazine Confab 2013 Atlanta - Cyber Security
 
DFARS & CMMC Overview
DFARS & CMMC Overview DFARS & CMMC Overview
DFARS & CMMC Overview
 
Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...
Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...
Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...
 
Cybersecurity and Data Privacy Update
Cybersecurity and Data Privacy UpdateCybersecurity and Data Privacy Update
Cybersecurity and Data Privacy Update
 
The Cybersecurity Executive Order
The Cybersecurity Executive OrderThe Cybersecurity Executive Order
The Cybersecurity Executive Order
 
Cyber-insurance and liability caps proposed as incentives by Department of Co...
Cyber-insurance and liability caps proposed as incentives by Department of Co...Cyber-insurance and liability caps proposed as incentives by Department of Co...
Cyber-insurance and liability caps proposed as incentives by Department of Co...
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best Practices
 
070614F-ISOAPresentation.ppt
070614F-ISOAPresentation.ppt070614F-ISOAPresentation.ppt
070614F-ISOAPresentation.ppt
 
FED GOV CON - Cybersecurity Compliance Under The FAR
FED GOV CON - Cybersecurity Compliance Under The FARFED GOV CON - Cybersecurity Compliance Under The FAR
FED GOV CON - Cybersecurity Compliance Under The FAR
 

More from Phil Agcaoili

2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security
Phil Agcaoili
 
Good Security Starts with Software Assurance - Software Assurance Market Plac...
Good Security Starts with Software Assurance - Software Assurance Market Plac...Good Security Starts with Software Assurance - Software Assurance Market Plac...
Good Security Starts with Software Assurance - Software Assurance Market Plac...
Phil Agcaoili
 

More from Phil Agcaoili (20)

Cybersecurity Market 2020 - Bring the Noise
Cybersecurity Market 2020 - Bring the NoiseCybersecurity Market 2020 - Bring the Noise
Cybersecurity Market 2020 - Bring the Noise
 
4th Industrial Revolution (4IR) - Cyber Canaries Get Out of the Mine
4th Industrial Revolution (4IR) - Cyber Canaries Get Out of the Mine4th Industrial Revolution (4IR) - Cyber Canaries Get Out of the Mine
4th Industrial Revolution (4IR) - Cyber Canaries Get Out of the Mine
 
2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philA2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philA
 
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter Meeting
 
Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...
Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...
Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security
 
OWASP Knoxville Inaugural Chapter Meeting
OWASP Knoxville Inaugural Chapter MeetingOWASP Knoxville Inaugural Chapter Meeting
OWASP Knoxville Inaugural Chapter Meeting
 
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
 
Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6
 
Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say?
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidAECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
 
2014 - KSU - So You Want to Be in Cyber Security?
2014 - KSU - So You Want to Be in Cyber Security?2014 - KSU - So You Want to Be in Cyber Security?
2014 - KSU - So You Want to Be in Cyber Security?
 
CSA Atlanta and Metro Atlanta ISSA Chapter Meeting May 2014 - Key Threats to ...
CSA Atlanta and Metro Atlanta ISSA Chapter Meeting May 2014 - Key Threats to ...CSA Atlanta and Metro Atlanta ISSA Chapter Meeting May 2014 - Key Threats to ...
CSA Atlanta and Metro Atlanta ISSA Chapter Meeting May 2014 - Key Threats to ...
 
Good Security Starts with Software Assurance - Software Assurance Market Plac...
Good Security Starts with Software Assurance - Software Assurance Market Plac...Good Security Starts with Software Assurance - Software Assurance Market Plac...
Good Security Starts with Software Assurance - Software Assurance Market Plac...
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber Security
 
CSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA Announcements
CSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA AnnouncementsCSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA Announcements
CSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA Announcements
 
Moneysec - Moneyball for Security
Moneysec - Moneyball for SecurityMoneysec - Moneyball for Security
Moneysec - Moneyball for Security
 
IAPP Atlanta Chapter Meeting 2013 February
IAPP Atlanta Chapter Meeting 2013 FebruaryIAPP Atlanta Chapter Meeting 2013 February
IAPP Atlanta Chapter Meeting 2013 February
 
Cloud Security Alliance (CSA) Chapter Meeting Atlanta 082312
Cloud Security Alliance (CSA) Chapter Meeting Atlanta 082312Cloud Security Alliance (CSA) Chapter Meeting Atlanta 082312
Cloud Security Alliance (CSA) Chapter Meeting Atlanta 082312
 
2013 Democratization Of Technology How Cloud And Consumerization Change Eve...
2013 Democratization Of Technology How Cloud And Consumerization Change Eve...2013 Democratization Of Technology How Cloud And Consumerization Change Eve...
2013 Democratization Of Technology How Cloud And Consumerization Change Eve...
 

Recently uploaded

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Recently uploaded (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 

Southern Risk Council - Cybersecurity Update 10-9-13

  • 2. The Cybersecurity Activity in Washington • Cybersecurity Framework • DHS Integrated Task Force • Regulators (e.g. FCC CSRIC) • Possible Legislation
  • 3. DHS Critical Infrastructure Sectors Communications Sub-sectors: • Cable • Wireless • Wireline • Satellite • Broadcast
  • 4. Executive Order on Cybersecurity • President signed an Executive Order and Presidential Policy Directive on February 12, 2013 to Improve Critical Infrastructure Cybersecurity • “Critical Infrastructure” is defined as “systems and assets, whether physical or virtual, so vital to the US” that their incapacity or destruction would have debilitating impact on: • Security, • National economic security, • Public health or safety • Key Parts • Cybersecurity Information Sharing (AG, DHS, and DNI, section 4) • Privacy and Civil Liberties Protections (DHS, section 5) • Develop Baseline Framework to Reduce Cyber Risk to Critical Infrastructure (NIST, section 7) • Voluntary program to support adoption (DHS, section 8) • “Procurement requirements related to cybersecurity” • Identification of Critical Infrastructure at Greatest Risk (DHS, section 9) • Agency review and report on existing regulatory requirements and authority to establish new framework-based requirements (section 10)
  • 5. How the Framework has been Developed 5th Framework Workshop – November 14-15 EO 13,636 and PPD-21 – February 12, 2013
  • 6. The Cybersecurity Framework Cybersecurity Risk Management Identify Protect DetectRespond Recover Prioritized Flexible Repeatable Performance based Cost Effective Basic Cyber Hygiene
  • 7. DHS Voluntary Cybersecurity Program Voluntary Adoption ProgramIncentives Implementation Guidance Promote Participation Adopters
  • 8. White House on Cybersecurity Incentives The departments of Homeland Security, Commerce and Treasury identified 8 incentives the federal government could use to encourage the nation's critical infrastructure owners to adopt voluntarily the cybersecurity framework being developed under the auspices of the National Institute of Standards and Technology. The eight incentives are: 1. Cybersecurity insurance, 2. Grants, 3. Process preferences, 4. Liability limitation, 5. Streamlined regulations, 6. Public recognition, 7. Rate recovery for price-regulated industries and 8. Cybersecurity research. Incentives would help nation's critical infrastructure operators adopt voluntary framework.
  • 9. Cybersecurity Timeline Publication of Preliminary Framework 5th NIST Workshop End of 45 Day Comment Period on Preliminary Framework Publication of Final Framework FCC CSRIC IV Commences Regulatory Requirements Sufficiency Analysis Framework Effectiveness Assessment
  • 10. Thanks Phil Agcaoili Chief Information Security Officer, Cox Communications, Inc. Co-Chair, Communications Sector Coordinating Council (CSCC), Cybersecurity Committee – Technical Sub-Committee Member, Communications Information Sharing and Analysis Center (ISAC) Co-Chair, FCC CSRIC IV, WG 4 (Cybersecurity Best Practices) Co-Founder & Board Member, Southern CISO Security Council Distinguished Fellow and Fellows Chairman, Ponemon Institute Founding Member, Cloud Security Alliance (CSA) Inventor & Co-Author, CSA Cloud Controls Matrix, GRC Stack, Security, Trust and Assurance Registry (STAR), and CSA Open Certification Framework (OCF) @hacksec https://www.linkedin.com/in/philA