SlideShare a Scribd company logo

Growing Threat to Australian Network Security

Norman Disney & Young
Norman Disney & Young

As correctional facilities adopt an expanding technology platform to improve operations, facility management and correctional education, new modes of risk are continuing to grow. NDY associate Travis Chehab was a featured speaker at the 2015 Prisons Conference where he presented on the Australian Government Information Security Manual (ISM).

Technology
1 of 13
Download to read offline
The Growing Threat to Information Security: A focus on ISM Prisons 2015, Melbourne Travis Chehab t.chehab@ndy.com www.ndy.com
The Threat... Australian networks face an unprecedented threat of malicious activity and loss of information. Malicious Actors: 1.  State-Sponsored Attackers 2.  Cyber Criminals 3.  Issue-Motivated Groups CSOC  Update,  Cyber  Security   Picture  2013  ,  June  2014  
The Threat... CSOC  Update,  Cyber  Security   Picture  2013  ,  June  2014  
The Threat... A new piece of malware is created every 1.5 seconds! Source:    ISM  -­‐  Trend  Micro,  Trend  Micro  Annual  Report:  The  Future  of  Threats  and  Threat  Technologies,  2009.                                    ISM  -­‐    RSA,  Cybercrime  Trends  Report  –  The  Current  State  of  Cybercrime  and  What  to  Expect  in  2011  
Prison Technology Drivers... •  Reduced rates of recidivism •  PILS •  Energy & Sustainability •  Co/Tr-Gen •  Water Treatment & Recycling Plants •  Lighting control •  System Resilience & Uptime •  Back-up generation and UPS •  N +1 systems / system redundancy •  Streamlining Process & Flexibility •  Centralised control, management, monitoring and response Technology  Convergence   The  Integrated  Communica7ons  Network  (ICN)  
Important Questions What would a serious cyber security incident cost our organisation? Who would benefit from having access to our information? What makes us secure against threats? Is the behaviour of our staff enabling a strong security culture? Are we ready to respond to a cyber security incident?
The Information Security Manual (ISM) h>p://www.asd.gov.au/infosec/ism/index.htm  
ISM Principles Volume Policy and procedure: !  Information security policy !  Security risk management plan !  System security plan !  Standard operating procedures !  Incident response plan !  Emergency procedures !  Business continuity and disaster recovery plans
ISM Controls Volume ‘Applicability’  of  a  control,  i.e.  Classifica7ons   TOP   SECRET   SECRET   CONFIDENTIAL   PROTECTED   GOVERNMENT/UNCLASS   ‘Compliance’  language  –  Should  vs.  Must   ‘Authority’  and  approval  of  non-­‐compliances:   •     DSD  –  Director  DSD  (ASD)   •     AH  –  Agency  Head   •     AA  –  Accredita@on  Authority   Precinct/Facility  Classifica7on...who’s  on  the  other  side  of  the  wall?   •       Non-­‐Shared  Government  Facility   •       Shared  Government  Facility   •       Shared  Non-­‐Government  Facility  
ISM Controls Volume 1. Information Security Governance 2. Physical Security 3. Personnel Security 4. Communications Security * 5. Information Technology Security Control:  1117;  Revision:  0;  Updated:  Nov-­‐10;  Applicability:  G,  P,  C,  S,  TS;  Compliance:  should;  Authority:  AA     Agencies  should  use  fibre  op@c  cabling.     What  does  a  ‘control’  look  like?   How  do  we  use  controls  and  for  what  project  aspects?   Statement  of   Applicability   (SoA)  
ISM in Construction Identification, Inspectability and the ‘By-Association Factor’ My  PROTECTED   network  is  the   blue  one!?  
ISM in Construction SoA   Design  &   Construc7on   IRAP   verifica7on   Risk  Plan   System  Plan  
Thanks any questions? The NDY communications group is a dedicated team looking after the specific ICT needs of our clients

Recommended

Cyber security from military point of view
Cyber security from military point of viewCyber security from military point of view
Cyber security from military point of viewS.E. CTS CERT-GOV-MD
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructureNeha Agarwal
 
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...Papadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionWilliam McBorrough
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatuChinatu Uzuegbu
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
Cyber security report in m asteral
Cyber security report in m asteralCyber security report in m asteral
Cyber security report in m asteralwhilma teodoro
 

Recommended

Cyber security from military point of view
Cyber security from military point of viewCyber security from military point of view
Cyber security from military point of viewS.E. CTS CERT-GOV-MD
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructureNeha Agarwal
 
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...Papadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionWilliam McBorrough
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatuChinatu Uzuegbu
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
Cyber security report in m asteral
Cyber security report in m asteralCyber security report in m asteral
Cyber security report in m asteralwhilma teodoro
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Stephen Abram
 
Information Is Power! Using Defensive Solutions in Cybersecurity
Information Is Power! Using Defensive Solutions in CybersecurityInformation Is Power! Using Defensive Solutions in Cybersecurity
Information Is Power! Using Defensive Solutions in CybersecurityCareer Communications Group
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksTripwire
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...Cybersecurity Education and Research Centre
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistancePaul-Charife Allen
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?John Gilligan
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire
 
Hiring for cybersecurity
Hiring for cybersecurityHiring for cybersecurity
Hiring for cybersecurityHays Recruitment North America
 
Cyber Security in the time of COVID -19
Cyber Security in the time of COVID -19Cyber Security in the time of COVID -19
Cyber Security in the time of COVID -19fingerprint.sh
 
Leveraging Change Control for Security
Leveraging Change Control for SecurityLeveraging Change Control for Security
Leveraging Change Control for SecurityTripwire
 
Infrastructure security
Infrastructure security Infrastructure security
Infrastructure security Adhar kashyap
 
ISTR XV
ISTR XVISTR XV
ISTR XVSymantec
 
2010 State Of Enterprise Security
2010 State Of Enterprise Security2010 State Of Enterprise Security
2010 State Of Enterprise SecuritySymantec
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismNihal Jani
 
ITS Datamatix Gitex Conference 2009 New ICT Security V2
ITS Datamatix Gitex Conference 2009 New ICT Security V2ITS Datamatix Gitex Conference 2009 New ICT Security V2
ITS Datamatix Gitex Conference 2009 New ICT Security V2Jorge Sebastiao
 
Cyber war scenario what are the defenses
Cyber war scenario what are the defenses Cyber war scenario what are the defenses
Cyber war scenario what are the defenses A. V. Rajabahadur
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilienceSymantec
 
A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingSPI Conference
 
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...Using Technology and Techno-People to Improve your Threat Resistance and Cybe...
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...Stephen Cobb
 
Threat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachThreat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachRahul Neel Mani
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 

More Related Content

What's hot

Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Stephen Abram
 
Information Is Power! Using Defensive Solutions in Cybersecurity
Information Is Power! Using Defensive Solutions in CybersecurityInformation Is Power! Using Defensive Solutions in Cybersecurity
Information Is Power! Using Defensive Solutions in CybersecurityCareer Communications Group
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksTripwire
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...Cybersecurity Education and Research Centre
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistancePaul-Charife Allen
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?John Gilligan
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire
 
Cyber Security in the time of COVID -19
Cyber Security in the time of COVID -19Cyber Security in the time of COVID -19
Cyber Security in the time of COVID -19fingerprint.sh
 
Leveraging Change Control for Security
Leveraging Change Control for SecurityLeveraging Change Control for Security
Leveraging Change Control for SecurityTripwire
 
Infrastructure security
Infrastructure security Infrastructure security
Infrastructure security Adhar kashyap
 
2010 State Of Enterprise Security
2010 State Of Enterprise Security2010 State Of Enterprise Security
2010 State Of Enterprise SecuritySymantec
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismNihal Jani
 
ITS Datamatix Gitex Conference 2009 New ICT Security V2
ITS Datamatix Gitex Conference 2009 New ICT Security V2ITS Datamatix Gitex Conference 2009 New ICT Security V2
ITS Datamatix Gitex Conference 2009 New ICT Security V2Jorge Sebastiao
 
Cyber war scenario what are the defenses
Cyber war scenario what are the defenses Cyber war scenario what are the defenses
Cyber war scenario what are the defenses A. V. Rajabahadur
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilienceSymantec
 
A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingSPI Conference
 
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...Using Technology and Techno-People to Improve your Threat Resistance and Cybe...
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...Stephen Cobb
 

What's hot (20)

Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)
 
Information Is Power! Using Defensive Solutions in Cybersecurity
Information Is Power! Using Defensive Solutions in CybersecurityInformation Is Power! Using Defensive Solutions in Cybersecurity
Information Is Power! Using Defensive Solutions in Cybersecurity
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber Attacks
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistance
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale Peterson
 
Hiring for cybersecurity
Hiring for cybersecurityHiring for cybersecurity
Hiring for cybersecurity
 
Cyber Security in the time of COVID -19
Cyber Security in the time of COVID -19Cyber Security in the time of COVID -19
Cyber Security in the time of COVID -19
 
Leveraging Change Control for Security
Leveraging Change Control for SecurityLeveraging Change Control for Security
Leveraging Change Control for Security
 
Infrastructure security
Infrastructure security Infrastructure security
Infrastructure security
 
ISTR XV
ISTR XVISTR XV
ISTR XV
 
2010 State Of Enterprise Security
2010 State Of Enterprise Security2010 State Of Enterprise Security
2010 State Of Enterprise Security
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
ITS Datamatix Gitex Conference 2009 New ICT Security V2
ITS Datamatix Gitex Conference 2009 New ICT Security V2ITS Datamatix Gitex Conference 2009 New ICT Security V2
ITS Datamatix Gitex Conference 2009 New ICT Security V2
 
Cyber war scenario what are the defenses
Cyber war scenario what are the defenses Cyber war scenario what are the defenses
Cyber war scenario what are the defenses
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilience
 
A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm Approaching
 
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...Using Technology and Techno-People to Improve your Threat Resistance and Cybe...
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...
 

Viewers also liked

Threat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachThreat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachRahul Neel Mani
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
 
The significance of the Shift to Risk Management from Threat & Vulnerability ...
The significance of the Shift to Risk Management from Threat & Vulnerability ...The significance of the Shift to Risk Management from Threat & Vulnerability ...
The significance of the Shift to Risk Management from Threat & Vulnerability ...PECB
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementMel Drews
 
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingHow to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingTony Martin-Vegue
 
Threat modeling web application: a case study
Threat modeling web application: a case studyThreat modeling web application: a case study
Threat modeling web application: a case studyAntonio Fontes
 
Threat Modeling web applications (2012 update)
Threat Modeling web applications (2012 update)Threat Modeling web applications (2012 update)
Threat Modeling web applications (2012 update)Antonio Fontes
 
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkMapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkAndrew Gerber
 
Threat Modeling And Analysis
Threat Modeling And AnalysisThreat Modeling And Analysis
Threat Modeling And AnalysisLalit Kale
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskSecurity Innovation
 
The importance of information security risk management
The importance of information security risk managementThe importance of information security risk management
The importance of information security risk managementMichael Francis
 
Risk assessment presentation
Risk assessment presentationRisk assessment presentation
Risk assessment presentationmmagario
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat ModelingCigital
 

Viewers also liked (16)

Threat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachThreat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a Breach
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize Risk
 
The significance of the Shift to Risk Management from Threat & Vulnerability ...
The significance of the Shift to Risk Management from Threat & Vulnerability ...The significance of the Shift to Risk Management from Threat & Vulnerability ...
The significance of the Shift to Risk Management from Threat & Vulnerability ...
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk Management
 
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingHow to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
 
Threat modeling web application: a case study
Threat modeling web application: a case studyThreat modeling web application: a case study
Threat modeling web application: a case study
 
Threat Modeling web applications (2012 update)
Threat Modeling web applications (2012 update)Threat Modeling web applications (2012 update)
Threat Modeling web applications (2012 update)
 
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkMapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
 
Threat Modeling And Analysis
Threat Modeling And AnalysisThreat Modeling And Analysis
Threat Modeling And Analysis
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security Risk
 
The importance of information security risk management
The importance of information security risk managementThe importance of information security risk management
The importance of information security risk management
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk Assessment
 
Risk assessment presentation
Risk assessment presentationRisk assessment presentation
Risk assessment presentation
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
 

Similar to Growing Threat to Australian Network Security

Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMAlienVault
 
CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19IBM Sverige
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxmccormicknadine86
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxsleeperharwell
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionDLT Solutions
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
Creating a Culture of Security
Creating a Culture of SecurityCreating a Culture of Security
Creating a Culture of SecurityTechSoup
 
Federal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practicesFederal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practicesJohn Gilligan
 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance EnergyTech2015
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityAhmed Habib
 
SEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewSEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewStephen Bates
 
The Economics of Cyber Security
The Economics of Cyber SecurityThe Economics of Cyber Security
The Economics of Cyber SecurityJohn Gilligan
 
2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew RosenquistMatthew Rosenquist
 
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09Tammy Clark
 
2017 InfraGard Atlanta Conference - Matthew Rosenquist
2017 InfraGard Atlanta Conference - Matthew Rosenquist2017 InfraGard Atlanta Conference - Matthew Rosenquist
2017 InfraGard Atlanta Conference - Matthew RosenquistMatthew Rosenquist
 
Cybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafelCybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafelSURFnet
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]APNIC
 

Similar to Growing Threat to Australian Network Security (20)

Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19
 
1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security Solution
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
 
Creating a Culture of Security
Creating a Culture of SecurityCreating a Culture of Security
Creating a Culture of Security
 
Federal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practicesFederal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practices
 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network security
 
SEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewSEB Forcepoint Corporate Overview
SEB Forcepoint Corporate Overview
 
The Economics of Cyber Security
The Economics of Cyber SecurityThe Economics of Cyber Security
The Economics of Cyber Security
 
2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist
 
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
 
2017 InfraGard Atlanta Conference - Matthew Rosenquist
2017 InfraGard Atlanta Conference - Matthew Rosenquist2017 InfraGard Atlanta Conference - Matthew Rosenquist
2017 InfraGard Atlanta Conference - Matthew Rosenquist
 
Cybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafelCybersecurity op de bestuurstafel
Cybersecurity op de bestuurstafel
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
 

Recently uploaded

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 

Recently uploaded (20)

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 

Growing Threat to Australian Network Security

  • 1. The Growing Threat to Information Security: A focus on ISM Prisons 2015, Melbourne Travis Chehab t.chehab@ndy.com www.ndy.com
  • 2. The Threat... Australian networks face an unprecedented threat of malicious activity and loss of information. Malicious Actors: 1.  State-Sponsored Attackers 2.  Cyber Criminals 3.  Issue-Motivated Groups CSOC  Update,  Cyber  Security   Picture  2013  ,  June  2014  
  • 3. The Threat... CSOC  Update,  Cyber  Security   Picture  2013  ,  June  2014  
  • 4. The Threat... A new piece of malware is created every 1.5 seconds! Source:    ISM  -­‐  Trend  Micro,  Trend  Micro  Annual  Report:  The  Future  of  Threats  and  Threat  Technologies,  2009.                                    ISM  -­‐    RSA,  Cybercrime  Trends  Report  –  The  Current  State  of  Cybercrime  and  What  to  Expect  in  2011  
  • 5. Prison Technology Drivers... •  Reduced rates of recidivism •  PILS •  Energy & Sustainability •  Co/Tr-Gen •  Water Treatment & Recycling Plants •  Lighting control •  System Resilience & Uptime •  Back-up generation and UPS •  N +1 systems / system redundancy •  Streamlining Process & Flexibility •  Centralised control, management, monitoring and response Technology  Convergence   The  Integrated  Communica7ons  Network  (ICN)  
  • 6. Important Questions What would a serious cyber security incident cost our organisation? Who would benefit from having access to our information? What makes us secure against threats? Is the behaviour of our staff enabling a strong security culture? Are we ready to respond to a cyber security incident?
  • 7. The Information Security Manual (ISM) h>p://www.asd.gov.au/infosec/ism/index.htm  
  • 8. ISM Principles Volume Policy and procedure: !  Information security policy !  Security risk management plan !  System security plan !  Standard operating procedures !  Incident response plan !  Emergency procedures !  Business continuity and disaster recovery plans
  • 9. ISM Controls Volume ‘Applicability’  of  a  control,  i.e.  Classifica7ons   TOP   SECRET   SECRET   CONFIDENTIAL   PROTECTED   GOVERNMENT/UNCLASS   ‘Compliance’  language  –  Should  vs.  Must   ‘Authority’  and  approval  of  non-­‐compliances:   •     DSD  –  Director  DSD  (ASD)   •     AH  –  Agency  Head   •     AA  –  Accredita@on  Authority   Precinct/Facility  Classifica7on...who’s  on  the  other  side  of  the  wall?   •       Non-­‐Shared  Government  Facility   •       Shared  Government  Facility   •       Shared  Non-­‐Government  Facility  
  • 10. ISM Controls Volume 1. Information Security Governance 2. Physical Security 3. Personnel Security 4. Communications Security * 5. Information Technology Security Control:  1117;  Revision:  0;  Updated:  Nov-­‐10;  Applicability:  G,  P,  C,  S,  TS;  Compliance:  should;  Authority:  AA     Agencies  should  use  fibre  op@c  cabling.     What  does  a  ‘control’  look  like?   How  do  we  use  controls  and  for  what  project  aspects?   Statement  of   Applicability   (SoA)  
  • 11. ISM in Construction Identification, Inspectability and the ‘By-Association Factor’ My  PROTECTED   network  is  the   blue  one!?  
  • 12. ISM in Construction SoA   Design  &   Construc7on   IRAP   verifica7on   Risk  Plan   System  Plan  
  • 13. Thanks any questions? The NDY communications group is a dedicated team looking after the specific ICT needs of our clients