Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
Cyber Security is one of the major challenges facing organisations within all industries. This presentation will examine the integration of an Enterprise Architecture approach with an Enterprise Security Architecture approach (TOGAF and SABSA) and propose a generic framework.
Download this presentation at http://opengroup.co.za/presentations
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
Cyber Security is one of the major challenges facing organisations within all industries. This presentation will examine the integration of an Enterprise Architecture approach with an Enterprise Security Architecture approach (TOGAF and SABSA) and propose a generic framework.
Download this presentation at http://opengroup.co.za/presentations
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
Security and Virtualization in the Data CenterCisco Canada
This presentation will discuss, effectively integrating security, core Data Center fabric technologies and features, secutiry as part of the core design, designs to enforce micro segmentation in the data center, enforce separation of duties in virtualized and cloud environments and security to enforce continuous compliance.
Cyber Security Layers - Defense in Depth
7P's, 2D's & 1 N
People
Process
Perimeter
Physical
Points (End)
Network
Platform
Programs (Apps)
Database
Data
Building an effective Information Security RoadmapElliott Franklin
As company information security functions continue to grow each year with increasing attacks and regulations, how are you handling the
pressure? Are you constantly battling to run the business projects and reacting to customer requests? Have you blocked off a few hours each week
on your calendar to close your email, turn off your phone and try to build, assess and maintain an effective vision for your security team? This
presentation will discuss a cascading approach to creating such a roadmap that is easily understood by executives and has helped gain quick buy
in for multiple enterprise wide security projects.
the IBM Security Intelligence Platform, also known as QRadar®, integrates SIEM, log management, anomaly detection, vulnerability management, risk management and incident forensics into a unified, highly scalable, real-time solution that provides superior threat detection, greater ease of use, and low total cost of ownership compared with competitive products
Presentation on Zero Trust model, used for the Codecademy Manipal Chapter event. Covers basic information about the Zero trust model, implementation, and benefits.
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
Learn about Sogeti’s journey of creating a new Security Operation Center, and how and why we leveraged QRadar solutions. We explore the full program lifecycle, from strategic choices to technical analysis and benchmarking on the product. We explain how QRadar accelerates the go-to-market of the SOC, and how we embed IBM Security Intelligence offerings in our solution. Having a strong collaboration between different IBM stakeholders such as Software Group, Global Technology Services, as well as the Labs, was key to client satisfaction and operational effectiveness. We also show the value of integrating new QRadar features in our SOC roadmap, in order to constantly stay ahead in the cyber security game.
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
Information Security
1.Why the need to think about it?
2.What exactly are we talking about?
3.How do we go about doing something about it?
4.Is there a one-size-fits-all framework?
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
What is the NIST Cybersecurity Framework?
Why YOU should care?
How would I apply it?
Would you drive BLINDFOLDED?
A false sense of security?
Without a Security Framework…
Why Cyber Security Framework?
How would I measure my effectiveness?
Presentation for March 2017 webcast by NIST.
www.nist.gov/cyberframework
Webcast video: https://www.nist.gov/news-events/events/2017/03/cybersecurity-framework-virtual-events
This presentation introduces the audience to the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”). It provides a brief history about why and how the Framework was developed, and an understanding of each of the three primary Framework components (the Core, Implementation Tiers, and Profiles). It covers potential benefits of Framework, and how the Framework can be used. It highlights industry resources, progress in Roadmap areas, and future direction of the Framework program.
An in-depth look at:
1. Disruptive Technology and its impact on organizations.
2. Need for a Security Operations Center (SOC) for the 21st century businesses
3. Designing and operating an effective SOC - what it takes to run a successful SOC starting from how we should prepare our minds in terms of approach to the actual implementation and operation.
4. Qualities any SOC Analyst should possess
5. Measuring the success of a SOC - We discuss critical factors to consider when determining the success of a SOC.
PaloAlto Networks is world’s Cyber Security leader. Their technologies give 65,000 enterprise customers the power to
protect billions of people worldwide.
Cortex, Demisto & Prisma are the few flagship products to prevent attacks with industry-defining enterprise security platforms. Tightly integrated innovations, cloud delivered and easy to deploy and operate.
Certified Ethical Hacker is a qualification obtained in assessing the security of computer systems, using penetration testing techniques. The code for the CEH exam is 312-50, the certification is in Version 9 as of late 2015.
Office Chief of Cyber Personnel Presentation: TechNet Augusta 2015AFCEA International
LTC Chris Wade, USA
The Office Chief of Cyber will provide a Cyber Personnel Overview focusing on the military occupational specialties (MOS) and areas of concentration (AOC) that enable Cyber Defensive and Offensive Operations.
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
Security and Virtualization in the Data CenterCisco Canada
This presentation will discuss, effectively integrating security, core Data Center fabric technologies and features, secutiry as part of the core design, designs to enforce micro segmentation in the data center, enforce separation of duties in virtualized and cloud environments and security to enforce continuous compliance.
Cyber Security Layers - Defense in Depth
7P's, 2D's & 1 N
People
Process
Perimeter
Physical
Points (End)
Network
Platform
Programs (Apps)
Database
Data
Building an effective Information Security RoadmapElliott Franklin
As company information security functions continue to grow each year with increasing attacks and regulations, how are you handling the
pressure? Are you constantly battling to run the business projects and reacting to customer requests? Have you blocked off a few hours each week
on your calendar to close your email, turn off your phone and try to build, assess and maintain an effective vision for your security team? This
presentation will discuss a cascading approach to creating such a roadmap that is easily understood by executives and has helped gain quick buy
in for multiple enterprise wide security projects.
the IBM Security Intelligence Platform, also known as QRadar®, integrates SIEM, log management, anomaly detection, vulnerability management, risk management and incident forensics into a unified, highly scalable, real-time solution that provides superior threat detection, greater ease of use, and low total cost of ownership compared with competitive products
Presentation on Zero Trust model, used for the Codecademy Manipal Chapter event. Covers basic information about the Zero trust model, implementation, and benefits.
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
Learn about Sogeti’s journey of creating a new Security Operation Center, and how and why we leveraged QRadar solutions. We explore the full program lifecycle, from strategic choices to technical analysis and benchmarking on the product. We explain how QRadar accelerates the go-to-market of the SOC, and how we embed IBM Security Intelligence offerings in our solution. Having a strong collaboration between different IBM stakeholders such as Software Group, Global Technology Services, as well as the Labs, was key to client satisfaction and operational effectiveness. We also show the value of integrating new QRadar features in our SOC roadmap, in order to constantly stay ahead in the cyber security game.
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
Information Security
1.Why the need to think about it?
2.What exactly are we talking about?
3.How do we go about doing something about it?
4.Is there a one-size-fits-all framework?
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
What is the NIST Cybersecurity Framework?
Why YOU should care?
How would I apply it?
Would you drive BLINDFOLDED?
A false sense of security?
Without a Security Framework…
Why Cyber Security Framework?
How would I measure my effectiveness?
Presentation for March 2017 webcast by NIST.
www.nist.gov/cyberframework
Webcast video: https://www.nist.gov/news-events/events/2017/03/cybersecurity-framework-virtual-events
This presentation introduces the audience to the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”). It provides a brief history about why and how the Framework was developed, and an understanding of each of the three primary Framework components (the Core, Implementation Tiers, and Profiles). It covers potential benefits of Framework, and how the Framework can be used. It highlights industry resources, progress in Roadmap areas, and future direction of the Framework program.
An in-depth look at:
1. Disruptive Technology and its impact on organizations.
2. Need for a Security Operations Center (SOC) for the 21st century businesses
3. Designing and operating an effective SOC - what it takes to run a successful SOC starting from how we should prepare our minds in terms of approach to the actual implementation and operation.
4. Qualities any SOC Analyst should possess
5. Measuring the success of a SOC - We discuss critical factors to consider when determining the success of a SOC.
PaloAlto Networks is world’s Cyber Security leader. Their technologies give 65,000 enterprise customers the power to
protect billions of people worldwide.
Cortex, Demisto & Prisma are the few flagship products to prevent attacks with industry-defining enterprise security platforms. Tightly integrated innovations, cloud delivered and easy to deploy and operate.
Certified Ethical Hacker is a qualification obtained in assessing the security of computer systems, using penetration testing techniques. The code for the CEH exam is 312-50, the certification is in Version 9 as of late 2015.
Office Chief of Cyber Personnel Presentation: TechNet Augusta 2015AFCEA International
LTC Chris Wade, USA
The Office Chief of Cyber will provide a Cyber Personnel Overview focusing on the military occupational specialties (MOS) and areas of concentration (AOC) that enable Cyber Defensive and Offensive Operations.
LTC Jonathan Long, USA
Assistant TRADOC Capability Manager for Network & Services (TCM N&S)
Capability Development Integration Directorate, U.S. Army Cyber Center of Excellence
1. China leverages computer network attack and exploitation techniques, harvesting information critical to building a modern nation-state and "informationalized", technical military forces.
2. China adapted ancient stratagems for CNA & CNE operations.
3. China can claim plausible denial for nation-sponsored hacking activities, hiding within the sea of everyday hackers.
4. On the other hand, north Korea must take CNA & CNE operations outside its country's boundaries.
Office Chief of Signal Personnel Presentation: TechNet Augusta 2015AFCEA International
Dale Manion and Phil Sines.
The Office Chief of Signal (OCOS) provides the strategic human resources planning and career programs management for approximately 60,000 Signal Enlisted, Warrant Officer and Officer’s that are critical to mission success of the Department of Defense Information Network (DoDIN) Operations worldwide.
The Elements of Offensive Cyber Warfare OperationsMikko Jakonen
This document defines a concept of operations for cyber warfare in targeting, accessing and running operations within allocated information space. Maneuvering offensive operations in such an information space requires a framework to handle operational tasks such as target recognition, payload delivery and execution. The joint requirements such as planning and tasking with other interoperable dimensions make
things very difficult without such a framework approach. In the worst case each of the elements is being
handled in un-coordinated manner, rendering effects of potential capabilities low and simultaneously
possessing a threat for manipulating organizations.
Based on the understanding shown, offensive cyber warfare operates quite differently compared to its
kinetic counterparts. It creates its own operational theory and models not directly aligned with others.
However, the need for tactical interoperability is obvious but quite controversial. Offensive capabilities in
the larger context up to a specific mission area for other domains and disciplines. This breaks the uniform
model.
Please note that this is excerpt from larger study related to maneuvering and tactics in cyber warfare. It
focuses only on elements that can be found in offensive capabilities
LTE - Advancing the Intelligent Edge with Public Safety LTE White PaperBrian Mollett
Learn more at: http://www.motorolasolutions.com/en_us/products/public-safety-lte.html
Data is the critical choice beyond voice
In many incidents, voice communication is not enough. The right data can be more concise while telling a more complete story. Converged with mission critical voice, secure, streaming multimedia broadband empowers first responders with the real-time information they need to improve situational awareness and better prepare for the incident.
Cybercrime and Cybersecurity Governance: A Kenyan PerspectiveIvan Sang
Achieving effective cybersecurity and governance is a complex challenge for states, businesses and individuals. Recent empirical analyses indicate that cybercrime now costs the global economy over USD 600 billion annually, but many experts believe that this is a conservative figure that understates the actual amount. Reports of cyber breaches that affect democracy, financial services, retail, healthcare, defence, utilities, and infrastructure are becoming more frequent. Also, this trend is projected to increase in the near future. Governments of developing countries, including Kenya, are slowly adopting technology as a tool to offer efficient services. In contrast, cybercriminals use some of the most cutting edge cyber technologies to commit criminal offences and to outfox state countermeasures. Another trend is that cyber threats originate not only from individual actors or highly organized groups, but are also increasingly states-sponsored. Weaknesses in the cyber domain such as deficient cyber or law enforcement capabilities and poor legislation have been exploited to cause harm and impede socio-economic progress. Using a comparative approach, this presentation shows that cybersecurity is a shared responsibility for private citizens, communities, corporations and states alike. It also illustrates that professionals should play a more active role in minimizing and deterring cyber incidents. This session will explore the case of Kenya as country-specific yet comparatively relevant jurisdiction to explore strategic responses to cybercrime, the operational limits of cybersecurity governance and propose ways to mitigate cyber risks.
Cyber Operations in Smart Megacities: TechNet Augusta 2015AFCEA International
Eric Bassel
SANS Director
SANS Institute
There has been a great deal of research about the future of warfare and it seems clear that the US Military’s strategy is intimately tied to highly-interconnected Megacities where over 80% of the world’s population currently resides.
Philippines Cybersecurity Conference 2021: The role of CERTsAPNIC
APNIC Senior Security Specialist Adli Wahid spoke on the importance and role of CERTs in helping prevent cyber attacks at the Philippines Cybersecurity Conference 2021, held online from 13 to 29 October 2021.
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSMarco Lisi
Lesson on "Security in large, Strategic and Complex Systems" at the "Master di II Livello" in "Homeland Security" -
Università degli Studi Campus Bio-Medico di Roma, A. A. 2012-2013
Securing the Hastily Formed Network: Infosec for Disaster Relief and Emergenc...Cisco Crisis Response
Effectively responding to modern disasters and humanitarian emergencies requires a substantial amount of connectivity. Whether for cloud, social media, GIS, or other critical access, emergency managers increasingly rely upon Internet access as a key service alongside traditional emergency and humanitarian support, such as search and rescue and medical support. "Hastily Formed Networks" are the networks that are created in the immediate aftermath of a disaster. While they perform vital services, most HFN deployments are significantly lacking in security management and oversight. This talk discussed HFNs, and the evolution of security on these networks using examples from Hurricane Katrina to the ongoing Ebola Virus crisis in West Africa.
AFCEA Defense Health Agency (DHA) Brainstorming Session NotesAFCEA International
Results from a one day, invitation only non-attribution session to discuss DHA current information technology and related issues and brainstorm to generate a list of potential priorities
and focus areas for a new incoming CIO.
List of participating organizations:
AFCEA International
Booz Allen Hamilton
Deloitte
DLT Solutions
Hewlett Packard Enterprise
Microsoft
Mitre
Noblis
Price Waterhouse Coopers
Wells Analytics
Mike Novak
Tellabs
This session will focus on the underlying GPON (Gigabit Passive Optical Network) and All-Secure PON infrastructure, the implications to the Layer-1 design, using Armored Interlocking Fiber to deploy NIPR/SIPR data and voice requirements.
Expeditionary Network Communications (Engagement Theater Session 3): TechNet ...AFCEA International
COL James P. Ross, USA
Military Deputy to the Armaments Research, Development and Engineering Center
Project Manager Tactical Radios
COL Michael J. Thurston, USA
Project Manager Mission Command
Paul Chernek
Deputy, TRADOC Capability Manager for Tactical Radios (TCM-TR)
Capability Development Integration Directorate, U.S. Army Cyber Center of Excellence
David Brown
Director of CyberTalent
SANS Institute
Jim Michaud
Director of HR Business Development
SANS Institute
The SANS Institute, in partnership with selected veteran-friendly employers, has established VetSuccess in Cybersecurity to match skilled U.S. military veterans with today’s most compelling cybersecurity-related jobs.
Defending Your Base of Operations: How Industrial Control Systems are Being T...AFCEA International
Mike Assante
Lead for Training for ICS and SCADA
SANS Industrial Control
We are used to taking the fight to the enemy, but we are entering into an age where it is expected that the enemy will be doing the same.
Expeditionary Network Communications: Engagement Theater Session 3 at TechNet...AFCEA International
August 25, 2015
COL James P. Ross, USA
Military Deputy to the Armaments Research, Development and Engineering Center
Project Manager Tactical Radios
COL Michael J. Thurston, USA
Project Manager Mission Command
Key highlights include how developers have implemented Soldier feedback into improved operational network capability, fielding priorities for Army network Capability Set efforts, and discussion of needed technology to enhance these capabilities.
Jennifer Schaus and Associates hosts a complimentary webinar series on The FAR in 2024. Join the webinars on Wednesdays and Fridays at noon, eastern.
Recordings are on YouTube and the company website.
https://www.youtube.com/@jenniferschaus/videos
Monitoring Health for the SDGs - Global Health Statistics 2024 - WHOChristina Parmionova
The 2024 World Health Statistics edition reviews more than 50 health-related indicators from the Sustainable Development Goals and WHO’s Thirteenth General Programme of Work. It also highlights the findings from the Global health estimates 2021, notably the impact of the COVID-19 pandemic on life expectancy and healthy life expectancy.
ZGB - The Role of Generative AI in Government transformation.pdfSaeed Al Dhaheri
This keynote was presented during the the 7th edition of the UAE Hackathon 2024. It highlights the role of AI and Generative AI in addressing government transformation to achieve zero government bureaucracy
Donate to charity during this holiday seasonSERUDS INDIA
For people who have money and are philanthropic, there are infinite opportunities to gift a needy person or child a Merry Christmas. Even if you are living on a shoestring budget, you will be surprised at how much you can do.
Donate Us
https://serudsindia.org/how-to-donate-to-charity-during-this-holiday-season/
#charityforchildren, #donateforchildren, #donateclothesforchildren, #donatebooksforchildren, #donatetoysforchildren, #sponsorforchildren, #sponsorclothesforchildren, #sponsorbooksforchildren, #sponsortoysforchildren, #seruds, #kurnool
Jennifer Schaus and Associates hosts a complimentary webinar series on The FAR in 2024. Join the webinars on Wednesdays and Fridays at noon, eastern.
Recordings are on YouTube and the company website.
https://www.youtube.com/@jenniferschaus/videos
Presentation by Jared Jageler, David Adler, Noelia Duchovny, and Evan Herrnstadt, analysts in CBO’s Microeconomic Studies and Health Analysis Divisions, at the Association of Environmental and Resource Economists Summer Conference.
Understanding the Challenges of Street ChildrenSERUDS INDIA
By raising awareness, providing support, advocating for change, and offering assistance to children in need, individuals can play a crucial role in improving the lives of street children and helping them realize their full potential
Donate Us
https://serudsindia.org/how-individuals-can-support-street-children-in-india/
#donatefororphan, #donateforhomelesschildren, #childeducation, #ngochildeducation, #donateforeducation, #donationforchildeducation, #sponsorforpoorchild, #sponsororphanage #sponsororphanchild, #donation, #education, #charity, #educationforchild, #seruds, #kurnool, #joyhome
This session provides a comprehensive overview of the latest updates to the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (commonly known as the Uniform Guidance) outlined in the 2 CFR 200.
With a focus on the 2024 revisions issued by the Office of Management and Budget (OMB), participants will gain insight into the key changes affecting federal grant recipients. The session will delve into critical regulatory updates, providing attendees with the knowledge and tools necessary to navigate and comply with the evolving landscape of federal grant management.
Learning Objectives:
- Understand the rationale behind the 2024 updates to the Uniform Guidance outlined in 2 CFR 200, and their implications for federal grant recipients.
- Identify the key changes and revisions introduced by the Office of Management and Budget (OMB) in the 2024 edition of 2 CFR 200.
- Gain proficiency in applying the updated regulations to ensure compliance with federal grant requirements and avoid potential audit findings.
- Develop strategies for effectively implementing the new guidelines within the grant management processes of their respective organizations, fostering efficiency and accountability in federal grant administration.
1. Approved for Public Release
Approved for Public Release
Cyber Situational Awareness
AFCEA Technet
25 August, 2015
Mr. Malcolm Martin
US Army Cyber Center of Excellence
Chief, Cyber Support Element-Ft. Leavenworth, KS.
2. Approved for Public Release
Approved for Public Release
Purpose
Provide discussion of Army Cyber Situational
Awareness (Cyber SA): “what it is, who uses it, and
how Cyber SA may be applied”, today and in the
future, for Unified Land Operations (ULO).
– What has changed? Conflicts and Impacts of Cyber.
– The Cyber Domain - How is it defined?
– Constant threat and actors
– Cyber SA Concept and Operational framework
– Cyber SA Impact as holistic aspect of ULO
– Army Cyber SA applied
– Culture change
3. Approved for Public Release
Approved for Public Release
2007: Syria – Israel
• September 2007 – Israeli Air Force
attacks suspected nuclear facility under
construction in Syria.
• First large-scale example of combined
cyber and electromagnetic means –
believed that Israelis used EW to deliver
a cyber attack/network control
capability to the Syrian radar which
executed the code on receipt.
• Prior to attack, Syrian IADS along
ingress/egress routes could not ‘see’,
allowing IAF planes to fly undetected by
radar into Syria and attack the site
unimpeded.
• Overall result was disruption of Syrian
IADS by an electronic/cyber attack
that enabled kinetic strike of nuclear
site.
4. Approved for Public Release
Approved for Public Release
Georgia-Russia 2008
• August 2008 – Russian troops
cross into South Ossetia w/
stated intent to defend their
“Russian compatriots”.
• Combined Arms assault was
preceded and enabled by a
multifaceted cyber attack
against Georgian gov’t and
military infrastructure and
defacement of web sites
• Distributed denial of service
(DDoS) attacks combined with
EW jamming disrupted and
denied comms simultaneous to
an integrated propaganda
(MISO and MILDEC) campaign
• Overall operation should be
considered the first large scale
‘hybrid’ combined arms
operation (air, land, cyber).
5. Approved for Public Release
Approved for Public Release
Ukraine-Russia 2015
Russia’s battle with Ukraine is being fought partly in cyberspace where it may have greater room for escalation
because nations increasingly accept covert cyber attack as a valid form of international pressure when more
traditional options are too violent – or too visible.
The rule of thumb for seeing disruptive cyber attacks before they happen
is that “physical conflicts beget cyber conflicts.”
The current cyber battle also could spread if the overall strategic
confrontation deepens, say toward a second Cold War. Such a stand-off,
pitting Russia against the United States, NATO, and Ukraine
“The Russian occupation of Ukraine in 2014 was carried out with a
military show of force – informed and supported by a coordinated cyber-
spying campaign”.
• The situation in Ukraine has seen relations between Russia and the West deteriorate
to almost Cold War levels
6. Approved for Public Release
Approved for Public Release
Cyberspace Domain
CYBERSPACE: Cyberspace is a global
domain within the information environment
consisting of the interdependent network of
information technology infrastructures and
resident data, including the Internet,
telecommunications networks, computer
systems, and embedded processors and
controllers (JP 1-02).
Characteristics:
• Manmade domain…ever changing
• Physical, functional, cognitive, logical/virtual and social
• Programming code and protocols define rules of the domain
• Environment and TTPs evolve at speed of code
• Constant presence – Phase 0 on-going
• Unlimited, instantaneous (operational) reach
Success in this domain means being smarter, more creative, faster,
and stealthier than your opponent
7. Approved for Public Release
Approved for Public Release
Back Up Slides
UNCLASSIFIED
7
The Growth of the Cyber Domain
Everyone, including the adversary, uses the Internet
Size of the Internet
1.2 Zetta bytes
Size of the Internet
16 Exabytes
Size of the Internet
1 Exabytes
DECEMBER 1995
16 million Internet users
MARCH 2001
458 million Internet users
March 2014
2.5 billion Internet users
8. Approved for Public Release
Approved for Public Release
Cyber Adversary Tactics, Techniques, and Procedures
Hostile Actor
Planning /
Scanning
Web Server/
Webpages
Users
Exploitation Lateral Movement Adversary Intent /
Exfiltration
Reconnaissance
Espionage
Destructive Malware
Email
Target System
- Users/decision-makers
- Their devices
and associated
IP addresses
- Data, databases,
and websites
- Network infrastructure
- Physical locations
Cyberspace Threats
9. Approved for Public Release
Approved for Public Release
Cyber Situational Awareness Defined
JP 3-12 Cyberspace Operations (CO)
• Cyberspace SA is the requisite current and predictive knowledge of
cyberspace and the OE upon which CO depend, including all factors affecting
friendly and adversary cyberspace forces.
• DODIN operations activities are the foundation of cyberspace SA, therefore,
DODIN operations are fundamental to the commander’s SA of the OE.
• Accurate and comprehensive SA is critical for rapid decision making in a
constantly changing OE and engaging an elusive adaptive adversary.”
• SA of friendly cyberspace is provided today by the Services and agencies
operating their portions of the DODIN. DISA does this through the theater
NETOPS centers to the CCMD theater/global NETOPS control centers,
USCYBERCOM Joint Operations Center, Joint Functional Component
Command for Space’s Joint Space Operations Center and their
Service/agency leadership. They coordinate with each other as required to
ensure operational effectiveness.
10. Approved for Public Release
Approved for Public Release
Why do we need Cyber SA?
• The Internet was originally designed as an open system to allow scientists
and researchers to send data to one another quickly, rather than with built in
security measures.
• Without stronger investments in cyber security and cyber defenses, data
systems across the world remain open and susceptible to exploitation and
attack.
• Malicious actors use cyberspace to steal data and intellectual property for
their own economic or political goals.
• The increased use of cyber attacks as a political instrument reflects a
dangerous trend for international relations.
• Therefore, the U.S. assumes that potential adversaries will seek to target
U.S. or allied critical infrastructure and military networks to gain a strategic
advantage.
Source: THE DEPARTMENT OF DEFENSE CYBER STRATEGY, April 2015
11. Approved for Public Release
Approved for Public Release
The Operational Framework
“The inclusion of the cyberspace domain and the EMS greatly expands and complicates the
operational framework transforming a limited physical battlefield to a global battlefield.” – FM 3-38
FM 3-12 (TBP)/FM 3-38: Operate in the
Cyberspace Domain / Electromagnetic
Spectrum
xx
xx
x
x
x
x
x
DIV
x
SUST
ADRP 3-0: Operate in the Land Domain
“The operational framework provides Army leaders with basic conceptual
options for visualizing and describing operations.” – ADRP 3-0
12. Approved for Public Release
Approved for Public Release
Cyber SA Functional Elements
(U) TRADOC Pamphlet (TP) 525-3-0, The Army Capstone Concept (ACC), asserts
that future Army requires the capability to provide leaders and Soldiers that
understand how and when adversaries employ CO and cyberspace capabilities,
how to mitigate adversary actions, and how to respond to gain and maintain the
cyberspace advantage within the OE in support of ULO
13. Approved for Public Release
Approved for Public Release
Army Cyber SA CONOPS
13
Cyber SA Functional Delineation
Big Data Network View
Cyber Mission Forces
DODIN, DCO and OCO
CONUS and Expeditionary
JIE, COE, LWN
Corps, Division and BCT
Commanders & Staffs
Home Station and Deployed
Command Post Computing
Environment
Contextualizes three interrelated
“Awareness” outputs:
Threat, Network, and Mission;
And the ability to plan operations!
xxx
CEM
x
xx
CEM
CEM
e.g.Big Data
Analytics/ Dagger-like
e.g. GoogleEarth-like
Cyber Analytics (Big Data)
JIMIndustry Commercial
JTF-L
“What is needed to achieve Cyber SA; how will Cyber SA be integrated into the COP;
and how will Cyber SA be used to plan, prepare, execute, and assess operations?”
JTF-C
14. Approved for Public Release
Approved for Public Release
Depicting Cyber in ULO
Cyber SA utilizes standard geospatial reference map displays resident in future
command post computing environment. Overlay creation tools available and provide
export/sharing of displayed data directly to the Common Operational Picture (COP).
Standard geospatial
reference maps
Web application
accessibility through future
computing environment
1
4
15. Approved for Public Release
Approved for Public Release
Aspects of Cyber SA
• Cyber SIGACTS
• Display Active Emitters
• Filters: 3G, 4G, WiFi, Radar
• Cyber actors & activity
1
5
• Should be able to
select actors by
multiple functions or
entities*
* Entity refers to operational units &
organizations w/n AOR
16. Approved for Public Release
Approved for Public Release
Unified Land/Cyber Ops & Planning
• CEMA Running Estimate
• Mission Analysis, COA
Development, Wargaming
1
6
17. Approved for Public Release
Approved for Public Release
“Changing your organizational culture is the toughest task you will ever take on. Your
organizational culture was formed over years of interaction between the participants in the
organization. Changing the accepted organizational culture can feel like rolling rocks uphill.”
“How to Change Your Culture: Organizational Culture Change”
Susan M. Heathfield
Management and Organization Development
“The most important area for transformation is the space "between our
warfighters' ears," said the chairman of the Joint Chiefs of Staff. "If you don't
try, and you stay locked in the doctrine that brought you there, you're going
to fail. You've got to adapt." “Changing military culture key to transformation”
General Richard B. Myers
Chairman, Joint Chiefs of Staff
“Transforming the Army means more of a mindset change, as
opposed to just changing wiring diagrams or equipment.
Transformation is a journey, not a destination.”
Army Chief of Staff Gen. George W. Casey Jr.
Change in Cultural Thinking
18. Approved for Public Release
Approved for Public Release
Mr. Malcolm W. “Mack” Martin
US Army Cyber Center of Excellence
Chief, Cyber Support Element – Fort Leavenworth, KS.
malcolm.w.martin2.civ@mail.mil
Office: (913) 684-4600
Mobile: (913) 991-3505
Questions?