SlideShare a Scribd company logo

Women in Cybersecurity_InfraGard Cybersecurity Symposium_11.17.2015

C
Connie Vaughn
1 of 15
Download to read offline
“Bringing You the Science in Security” Piece of (i) Proprietary – Do Not Distribute Women in Cybersecurity Panel Connie Vaughn Cvaughn@pieceofi.com 916-472-5614 InfraGard 11th Annual Security Symposium November 17, 2015 Rancho Cordova, California Piece of (i) Security Solutions
Piece of (i) Proprietary – Do Not Distribute Outline • Define the Terms used for Vulnerability and Risk Assessments • Discuss Analysis Approaches • Discuss Future Threats and Challenges • References • Question & Answers 2
Piece of (i) Proprietary – Do Not Distribute Definitions • Vulnerability Assessment – A systematic evaluation process in which qualitative and/or quantitative techniques are applied to detect vulnerabilities and to arrive at an effectiveness level for a security system to protect specific targets from specific adversaries and their acts 3
Piece of (i) Proprietary – Do Not Distribute Definitions (cont’d) • Risk Assessment – A process of analyzing threats and vulnerabilities of a facility, determining the potential for losses, and identifying cost-effective corrective measures and residual risk 4
Piece of (i) Proprietary – Do Not Distribute Physical and Cyber Consequences 8 Physical Attack Cyber Attack
Piece of (i) Proprietary – Do Not Distribute “The Science in Security” 10 R = PA * [ 1 – PE ] * CR = PA * [ 1 – PE ] * C Frequency of EventFrequency of Event Impact of EventImpact of Event Security  Risk Probability of Adversary  Success Probability of NeutralizationProbability of Neutralization PNPN Probability of InterruptionProbability of Interruption PIPI Probability “Options to Mitigate” will Prevent EventProbability “Options to Mitigate” will Prevent Event What Your System Can Do And More Importantly What Your System Can Not Do!
Piece of (i) Proprietary – Do Not Distribute Adversary Task Time T0T0 Detection Alarm Assessed TATA Response Adversary Interrupted TITI System Delay PPS Time Required Begin Action Task Complete Adversary Task  Time First System Alarm TCTC Time DelayDelay 11
Piece of (i) Proprietary – Do Not Distribute Recent Physical Security Examples • Man Enters White House • Two NY Prisoners Escape • El Chapo Prison Escape • Smugglers Tried Selling Nuclear Material to ISIS • London Jewelry Theft • Pedophiles Finding a Safe Haven on the Dark Net • Russian Plane Bombing • Unmanned Aircraft Systems (UAS) Events (airports, fire zones, White House, etc.) 15
Piece of (i) Proprietary – Do Not Distribute Key Steps • Establish a team • Define or characterize objectives of PPS • Analyze PPS • Redesign if necessary • Conduct performance tests • Determine risk level 16
Piece of (i) Proprietary – Do Not Distribute Security Management • Who has the Chief Security Officer Responsibilities – Devise policies and procedures • Loss & fraud prevention • Privacy – Oversee and coordinate security efforts • Information technology • Human resources • Communications • Legal • Facilities – Develop procedures to ensure physical safety • Management • Employees • Visitors – Maintain relationships with local, state and federal law enforcement – Develop emergency procedures and incident responses – Conduct risk management assessments 18
Piece of (i) Proprietary – Do Not Distribute Emerging Threats & Challenges • Unmanned Aircraft Systems (UAS) – Government policies? – Enforcement? • Lone Wolf – Anti-government – Economic disparity – Increase in violence – Attracted to soft targets • History of Low Crime – I can’t believe it happened here! 19
Piece of (i) Proprietary – Do Not Distribute UAS Challenges • Over 1 Million Expected Sells this Year • Lack of Regulations and Laws • Detecting and Assessment – Many sizes, shapes, payloads, and materials – Determining intent (commercial delivers vs malicious) • Tracking – High speeds (over 70mph) • Neutralization – Kinetic or passive – Unintended consequences 20
Piece of (i) Proprietary – Do Not Distribute Wireless Technology Challenges • Evolving Smart Technologies – Smart homes – Smart cars – Baby monitors 21
Piece of (i) Proprietary – Do Not Distribute Reference Material • ASIS International Risk Assessment Standard (2015) • Design and Evaluation of Physical Protection Systems (2007), Mary Lynn Garcia, CPP - Butterworth Heinemann - ISBN 978-0-7506-8352-X • Vulnerability Assessment of Physical Protection Systems (2006), Mary Lynn Garcia, CPP - Butterworth Heinemann- ISBN 0-7506-7788-0 • Security Risk Assessment and Management (2007), Betty Biringer - John Wiley & Sons, Inc. - ISBN 978-0-471-79352-6 22
Piece of (i) Proprietary – Do Not Distribute Questions/Answers 23 WWW.pieceofi.com

Recommended

2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist
Matthew Rosenquist
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting
David Sweigert
 
DISCHE_Steven_RWN_CV
DISCHE_Steven_RWN_CVDISCHE_Steven_RWN_CV
DISCHE_Steven_RWN_CV
Steve Dische
 
Capabilities of Cyber-Trerrorists - POTENTIAL ATTACKS - Possibility, Likelyho...
Capabilities of Cyber-Trerrorists - POTENTIAL ATTACKS - Possibility, Likelyho...Capabilities of Cyber-Trerrorists - POTENTIAL ATTACKS - Possibility, Likelyho...
Capabilities of Cyber-Trerrorists - POTENTIAL ATTACKS - Possibility, Likelyho...
Cristian Driga
 
Magazine Genre Research
Magazine Genre Research Magazine Genre Research
Magazine Genre Research
jaggerm2810
 
260715 gamedesigner v2
260715 gamedesigner v2260715 gamedesigner v2
260715 gamedesigner v2
Joori Leem
 
Al shafi`i poster with others
Al shafi`i poster with othersAl shafi`i poster with others
Al shafi`i poster with others
timclennon
 
Critica del sistema ético legal de la Contaduría Pública en colombia
Critica del sistema ético legal de la Contaduría Pública en colombiaCritica del sistema ético legal de la Contaduría Pública en colombia
Critica del sistema ético legal de la Contaduría Pública en colombia
SARAY PACHECO
 

Recommended

2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist
Matthew Rosenquist
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting
David Sweigert
 
DISCHE_Steven_RWN_CV
DISCHE_Steven_RWN_CVDISCHE_Steven_RWN_CV
DISCHE_Steven_RWN_CV
Steve Dische
 
Capabilities of Cyber-Trerrorists - POTENTIAL ATTACKS - Possibility, Likelyho...
Capabilities of Cyber-Trerrorists - POTENTIAL ATTACKS - Possibility, Likelyho...Capabilities of Cyber-Trerrorists - POTENTIAL ATTACKS - Possibility, Likelyho...
Capabilities of Cyber-Trerrorists - POTENTIAL ATTACKS - Possibility, Likelyho...
Cristian Driga
 
Magazine Genre Research
Magazine Genre Research Magazine Genre Research
Magazine Genre Research
jaggerm2810
 
260715 gamedesigner v2
260715 gamedesigner v2260715 gamedesigner v2
260715 gamedesigner v2
Joori Leem
 
Al shafi`i poster with others
Al shafi`i poster with othersAl shafi`i poster with others
Al shafi`i poster with others
timclennon
 
Critica del sistema ético legal de la Contaduría Pública en colombia
Critica del sistema ético legal de la Contaduría Pública en colombiaCritica del sistema ético legal de la Contaduría Pública en colombia
Critica del sistema ético legal de la Contaduría Pública en colombia
SARAY PACHECO
 
Critica del sistema etico legal de la contaduria en colombia
Critica del sistema etico legal de la contaduria en colombiaCritica del sistema etico legal de la contaduria en colombia
Critica del sistema etico legal de la contaduria en colombia
SARAY PACHECO
 
Degree
DegreeDegree
Degree
Carlos Enrique Macias Rodriguez
 
Launch Your Own Video Streaming Platform in 24 hrs with Muvi Studio
Launch Your Own Video Streaming Platform in 24 hrs with Muvi StudioLaunch Your Own Video Streaming Platform in 24 hrs with Muvi Studio
Launch Your Own Video Streaming Platform in 24 hrs with Muvi Studio
Muvi.com
 
Build Video Streaming Platform at ZERO Investment & within few Hours
Build Video Streaming Platform at ZERO Investment & within few HoursBuild Video Streaming Platform at ZERO Investment & within few Hours
Build Video Streaming Platform at ZERO Investment & within few Hours
Muvi.com
 
Rise and Growth of OTT Video Market in Asia
Rise and Growth of OTT Video Market in AsiaRise and Growth of OTT Video Market in Asia
Rise and Growth of OTT Video Market in Asia
Muvi.com
 
Overview : Mapping VoD Growth Across Regions, Industries and Platforms
Overview : Mapping VoD Growth Across Regions, Industries and PlatformsOverview : Mapping VoD Growth Across Regions, Industries and Platforms
Overview : Mapping VoD Growth Across Regions, Industries and Platforms
Muvi.com
 
Deloitte-fast-500-2014-winners'-brochure-121114
Deloitte-fast-500-2014-winners'-brochure-121114Deloitte-fast-500-2014-winners'-brochure-121114
Deloitte-fast-500-2014-winners'-brochure-121114
Yaphett Powell
 
Linux mint
Linux mint Linux mint
Linux mint
Poi Poi
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
Evan Francen
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmt
madunix
 
Building Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsBuilding Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & Metrics
Rob Arnold
 
ISAA PPt
ISAA PPtISAA PPt
ISAA PPt
RishabhAgrawal695188
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
Dan Michaluk
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
Stephen Cobb
 
Technology Issues and Cybersecurity Strategies
Technology Issues and Cybersecurity StrategiesTechnology Issues and Cybersecurity Strategies
Technology Issues and Cybersecurity Strategies
Jack Pringle
 
Undertake the Risk Analysis Policy
Undertake the Risk Analysis PolicyUndertake the Risk Analysis Policy
Undertake the Risk Analysis Policy
Komal Zahra
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Shawn Tuma
 
ch14.ppt
ch14.pptch14.ppt
ch14.ppt
FizZaShYkh
 
Elements of security risk assessment and risk management
Elements of security risk assessment and risk managementElements of security risk assessment and risk management
Elements of security risk assessment and risk management
healthpoint
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
Shawn Tuma
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk Managment
MLG College of Learning, Inc
 

More Related Content

Viewers also liked

Rise and Growth of OTT Video Market in Asia
Rise and Growth of OTT Video Market in AsiaRise and Growth of OTT Video Market in Asia
Rise and Growth of OTT Video Market in Asia
Muvi.com
 
Deloitte-fast-500-2014-winners'-brochure-121114
Deloitte-fast-500-2014-winners'-brochure-121114Deloitte-fast-500-2014-winners'-brochure-121114
Deloitte-fast-500-2014-winners'-brochure-121114
Yaphett Powell
 

Viewers also liked (8)

Critica del sistema etico legal de la contaduria en colombia
Critica del sistema etico legal de la contaduria en colombiaCritica del sistema etico legal de la contaduria en colombia
Critica del sistema etico legal de la contaduria en colombia
 
Degree
DegreeDegree
Degree
 
Launch Your Own Video Streaming Platform in 24 hrs with Muvi Studio
Launch Your Own Video Streaming Platform in 24 hrs with Muvi StudioLaunch Your Own Video Streaming Platform in 24 hrs with Muvi Studio
Launch Your Own Video Streaming Platform in 24 hrs with Muvi Studio
 
Build Video Streaming Platform at ZERO Investment & within few Hours
Build Video Streaming Platform at ZERO Investment & within few HoursBuild Video Streaming Platform at ZERO Investment & within few Hours
Build Video Streaming Platform at ZERO Investment & within few Hours
 
Rise and Growth of OTT Video Market in Asia
Rise and Growth of OTT Video Market in AsiaRise and Growth of OTT Video Market in Asia
Rise and Growth of OTT Video Market in Asia
 
Overview : Mapping VoD Growth Across Regions, Industries and Platforms
Overview : Mapping VoD Growth Across Regions, Industries and PlatformsOverview : Mapping VoD Growth Across Regions, Industries and Platforms
Overview : Mapping VoD Growth Across Regions, Industries and Platforms
 
Deloitte-fast-500-2014-winners'-brochure-121114
Deloitte-fast-500-2014-winners'-brochure-121114Deloitte-fast-500-2014-winners'-brochure-121114
Deloitte-fast-500-2014-winners'-brochure-121114
 
Linux mint
Linux mint Linux mint
Linux mint
 

Similar to Women in Cybersecurity_InfraGard Cybersecurity Symposium_11.17.2015

1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmt
madunix
 
Undertake the Risk Analysis Policy
Undertake the Risk Analysis PolicyUndertake the Risk Analysis Policy
Undertake the Risk Analysis Policy
Komal Zahra
 
INFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTSINFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTS
henlydailymotion
 

Similar to Women in Cybersecurity_InfraGard Cybersecurity Symposium_11.17.2015 (20)

Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmt
 
Building Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsBuilding Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & Metrics
 
ISAA PPt
ISAA PPtISAA PPt
ISAA PPt
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
 
Technology Issues and Cybersecurity Strategies
Technology Issues and Cybersecurity StrategiesTechnology Issues and Cybersecurity Strategies
Technology Issues and Cybersecurity Strategies
 
Undertake the Risk Analysis Policy
Undertake the Risk Analysis PolicyUndertake the Risk Analysis Policy
Undertake the Risk Analysis Policy
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
ch14.ppt
ch14.pptch14.ppt
ch14.ppt
 
Elements of security risk assessment and risk management
Elements of security risk assessment and risk managementElements of security risk assessment and risk management
Elements of security risk assessment and risk management
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk Managment
 
Everything you need to implement a data forensics program
Everything you need to implement a data forensics programEverything you need to implement a data forensics program
Everything you need to implement a data forensics program
 
4 Operations Security
4 Operations Security4 Operations Security
4 Operations Security
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 
Security.ppt
Security.pptSecurity.ppt
Security.ppt
 
assessment.ppt
assessment.pptassessment.ppt
assessment.ppt
 
INFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTSINFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTS
 

Women in Cybersecurity_InfraGard Cybersecurity Symposium_11.17.2015

  • 1. “Bringing You the Science in Security” Piece of (i) Proprietary – Do Not Distribute Women in Cybersecurity Panel Connie Vaughn Cvaughn@pieceofi.com 916-472-5614 InfraGard 11th Annual Security Symposium November 17, 2015 Rancho Cordova, California Piece of (i) Security Solutions
  • 2. Piece of (i) Proprietary – Do Not Distribute Outline • Define the Terms used for Vulnerability and Risk Assessments • Discuss Analysis Approaches • Discuss Future Threats and Challenges • References • Question & Answers 2
  • 3. Piece of (i) Proprietary – Do Not Distribute Definitions • Vulnerability Assessment – A systematic evaluation process in which qualitative and/or quantitative techniques are applied to detect vulnerabilities and to arrive at an effectiveness level for a security system to protect specific targets from specific adversaries and their acts 3
  • 4. Piece of (i) Proprietary – Do Not Distribute Definitions (cont’d) • Risk Assessment – A process of analyzing threats and vulnerabilities of a facility, determining the potential for losses, and identifying cost-effective corrective measures and residual risk 4
  • 5. Piece of (i) Proprietary – Do Not Distribute Physical and Cyber Consequences 8 Physical Attack Cyber Attack
  • 6. Piece of (i) Proprietary – Do Not Distribute “The Science in Security” 10 R = PA * [ 1 – PE ] * CR = PA * [ 1 – PE ] * C Frequency of EventFrequency of Event Impact of EventImpact of Event Security  Risk Probability of Adversary  Success Probability of NeutralizationProbability of Neutralization PNPN Probability of InterruptionProbability of Interruption PIPI Probability “Options to Mitigate” will Prevent EventProbability “Options to Mitigate” will Prevent Event What Your System Can Do And More Importantly What Your System Can Not Do!
  • 7. Piece of (i) Proprietary – Do Not Distribute Adversary Task Time T0T0 Detection Alarm Assessed TATA Response Adversary Interrupted TITI System Delay PPS Time Required Begin Action Task Complete Adversary Task  Time First System Alarm TCTC Time DelayDelay 11
  • 8. Piece of (i) Proprietary – Do Not Distribute Recent Physical Security Examples • Man Enters White House • Two NY Prisoners Escape • El Chapo Prison Escape • Smugglers Tried Selling Nuclear Material to ISIS • London Jewelry Theft • Pedophiles Finding a Safe Haven on the Dark Net • Russian Plane Bombing • Unmanned Aircraft Systems (UAS) Events (airports, fire zones, White House, etc.) 15
  • 9. Piece of (i) Proprietary – Do Not Distribute Key Steps • Establish a team • Define or characterize objectives of PPS • Analyze PPS • Redesign if necessary • Conduct performance tests • Determine risk level 16
  • 10. Piece of (i) Proprietary – Do Not Distribute Security Management • Who has the Chief Security Officer Responsibilities – Devise policies and procedures • Loss & fraud prevention • Privacy – Oversee and coordinate security efforts • Information technology • Human resources • Communications • Legal • Facilities – Develop procedures to ensure physical safety • Management • Employees • Visitors – Maintain relationships with local, state and federal law enforcement – Develop emergency procedures and incident responses – Conduct risk management assessments 18
  • 11. Piece of (i) Proprietary – Do Not Distribute Emerging Threats & Challenges • Unmanned Aircraft Systems (UAS) – Government policies? – Enforcement? • Lone Wolf – Anti-government – Economic disparity – Increase in violence – Attracted to soft targets • History of Low Crime – I can’t believe it happened here! 19
  • 12. Piece of (i) Proprietary – Do Not Distribute UAS Challenges • Over 1 Million Expected Sells this Year • Lack of Regulations and Laws • Detecting and Assessment – Many sizes, shapes, payloads, and materials – Determining intent (commercial delivers vs malicious) • Tracking – High speeds (over 70mph) • Neutralization – Kinetic or passive – Unintended consequences 20
  • 13. Piece of (i) Proprietary – Do Not Distribute Wireless Technology Challenges • Evolving Smart Technologies – Smart homes – Smart cars – Baby monitors 21
  • 14. Piece of (i) Proprietary – Do Not Distribute Reference Material • ASIS International Risk Assessment Standard (2015) • Design and Evaluation of Physical Protection Systems (2007), Mary Lynn Garcia, CPP - Butterworth Heinemann - ISBN 978-0-7506-8352-X • Vulnerability Assessment of Physical Protection Systems (2006), Mary Lynn Garcia, CPP - Butterworth Heinemann- ISBN 0-7506-7788-0 • Security Risk Assessment and Management (2007), Betty Biringer - John Wiley & Sons, Inc. - ISBN 978-0-471-79352-6 22
  • 15. Piece of (i) Proprietary – Do Not Distribute Questions/Answers 23 WWW.pieceofi.com