SlideShare a Scribd company logo

Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115

James Bryce Clark
James Bryce Clark

Shared with permission from author. Analysis from individual members of OASIS, presented at a recent meeting of the OASIS Cyber Threat Intelligence TC (the development platform for STIX/TAXII). Extracted from a broader set posted to: https://lists.oasis-open.org/archives/cti/201601/msg00000/_cybersecurity_act_reference-model_1.1.pptx This information is provided for information, but does not represent the output or official views of OASIS or its technical committees..

Internet
1 of 10
Download to read offline
Deconstructing the Cybersecurity Act of 2015: model, architecture, interfaces, expressions Tony Rutkowski, mailto:tony@yaanatech.com 15 Jan 2016 V1.0 Copyright © Yaana Technologies LLC 2016
[USA] Cybersecurity Act of 2015 15 Jan 2016 Title I: Basic purposes and requirements Title II.A: Sharing architecture around the National Cybersecurity and Communications Integration Center (NCCIC) instantiated by amending Homeland Security Act of 2002 as amended Title II.B: Steps to improve Federal agency cybersecurity Title III: Cybersecurity education Title IV: Miscellaneous 15 Jan 2016 2
[USA] Cybersecurity Act of 2015 Cirrus Word Cloud Display 15 Jan 2016 3
FEDERAL ENTITYFEDERAL ENTITY APPROPRIATE FEDERAL ENTITYAPPROPRIATE FEDERAL ENTITY Entity ontology of the Cybersecurity Act of 2015 15 Jan 2016 4 NON-FEDERAL ENTITYNON-FEDERAL ENTITY PRIVATE ENTITYPRIVATE ENTITY 103(a) ENTITIES103(a) ENTITIES DHS - DEPARTMENT OF HOMELAND SECURITY DNI – OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE DOD - DEPARTMENT OF DEFENSE DOJ - DEPARTMENT OF JUSTICE NSA – NATIONAL SECURITY AGENCY FOREIGN POWER Notes: 1 See 50 U.S. Code § 3003(4) * No definition ISAO -INFORMATION SHARING AND ANALYSIS ORGANIZATION COLLABORATES WITH STATE AND LOCAL GOVERNMENTS [SECTOR-SPECIFIC] ISAC - INFORMATION SHARING AND ANALYSIS CENTER SECTOR COORDINATING COUNCILS OWNERS AND OPERATORS OF CRITICAL INFORMATION SYSTEMS OTHER APPROPRIATE NON-FEDERAL PARTNERS VOLUNTARY INFORMATION SHARING RELATIONSHIP “ OTHER DETERMINED BY THE SECRETARY INTERNATIONAL PARTNERS STATE, TRIBAL, OR LOCAL GOVERNMENT INTELLIGENCE COMMUNITY 1 NCCIC - NATIONAL CYBERSECURITY AND COMMUNICATIONS INTEGRATION CENTER DOE - DEPARTMENT OF ENERGY - DEPARTMENT OF TREASURY DOC - DEPARTMENT OF COMMERCE/NIST DOS - DEPARTMENT OF STATE OMB – OFFICE OF MANAGEMENT AND THE BUDGET HHT – DEPARTMENT OF HEALTH AND HUMAN SERVICES GAO – GOVERNMENT ACCOUNTING OFFICE
InternationalPartners5 Non-Federal entities4 Federal entities Cybersecurity Act architecture & interfaces NCCIC(NationalCybersecurityand CommunicationsIntegrationCenter HSA§227 [NCCIC] 1 to acquire, identify, or scan, or to possess, information that is stored on, processed by, or transiting an information system. CA §103 2 an action, device, procedure, signature, technique, or other measure applied to an information system or information that is stored on, processed by, or transiting an information system that detects, prevents, or mitigates a known or suspected cybersecurity threat or security vulnerability. CA §103 3 Includes removal of certain personal information filtering function per CA §104(d)(2). 4 Such as State, local, and tribal governments, ISAOs, ISACs including information sharing and analysis centers, owners and operators of critical information systems, and private entities. 5 Collaborate on cyber threat indicators, defensive measures, and information related to cybersecurity risks and incidents; and enhance the security and resilience of global cybersecurity Partners. HAS §227(c)(8) •cyber threat indicators •defensive measures •cybersecurity risks •incidents pursuant to §103(a) Mediation andFiltering3 Monitor1 & defend2 information system + information that is stored on, processed by, or transiting the information system CA §103 Monitor1 & defend2 information system + information that is stored on, processed by, or transiting the information system CA §103 interfaces FE-NCCIC NFE-NCCIC IP-NCCIC Mediation andFiltering3 [NCCIC][NCCIC] 15 Jan 2016 5
Cybersecurity Act information exchange expressions cyber threat  indicator information that is necessary to describe or identify (A) malicious reconnaissance, including anomalous patterns of communications that appear to be transmitted for the purpose of gathering technical  information related to a cybersecurity threat or security vulnerability [malicious reconnaissance: a method for actively probing or passively monitoring an information system for the purpose of discerning security  vulnerabilities of the information system, if such method is associated with a known or suspected cybersecurity threat.] (B) a method of defeating a security control or exploitation of a security vulnerability; (C) a security vulnerability, including anomalous activity that appears to indicate the existence of a security vulnerability; (D) a method of causing a user with legitimate access to an information system or information that is stored on, processed by, or transiting an information  system to unwittingly enable the defeat of a security control or exploitation of a security vulnerability; (E) malicious cyber command and control [a method for unauthorized remote identification of, access to, or use of, an information system or information that is stored on, processed by, or  transiting an information system.] (F) the actual or potential harm caused by an incident, including a description of the information exfiltrated as a result of a particular cybersecurity threat; (G) any other attribute of a cybersecurity threat, if disclosure of such attribute is not otherwise prohibited by law; or (H) any combination thereof. [Cybersecurity threat: an action,...on or through an information system that may result in an unauthorized effort to adversely impact the security,  availability, confidentiality, or integrity of an information system or information that is stored on, processed by, or transiting an information system.] defensive  measure an action, device, procedure, signature, technique, or other measure applied to an information system or information that is stored on, processed by, or  transiting an information system that detects, prevents, or mitigates a known or suspected cybersecurity threat or security vulnerability.  [Defensive measure does not include a measure that destroys, renders unusable, provides unauthorized access to, or substantially harms an information  system or information stored on, processed by, or transiting such information system not owned by (i) the private entity operating the measure; or (ii)  another entity or Federal entity that is authorized to provide consent and has provided consent to that private entity for operation of such measure.] cybersecurity  risk threats to and vulnerabilities of information or information systems and any related consequences caused by or resulting from unauthorized access, use,  disclosure, degradation, disruption, modification, or destruction of such information or information systems  [Includes related consequences caused by an act of terrorism] incident an occurrence that actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information on an  information system, or actually or imminently jeopardizes, without lawful authority, an information system 15 Jan 2016 6
Cybersecurity Act of 2015 Timeline – first year actionsEnacted,18Dec2015 OneYear,18Dec2016 180days,15Jun2016 90days,17Mar2016 60days,16Feb2016 Pursuant to 2 USC Sec. 394, FRCP Rule 26. N.B., 6 months treated as 180 days, 9 months as 270 days, 18 months as 548 days, 1 year and annual as 365 days 240days,15Aug2016 9months,13Sep2016 DHS(2), DNI, DOJ+DHS(3), Judicial DHS(4), DOS, HHS DHS(3), DNI, DNI+OMB, Federal CIO, NIST(2), OMB, DOJ+DHS(2) Federal agencies NIST DHS(7), DOS(1), Federal agencies (5), HHS, OMB(4) 15 Jan 2016 7
Cybersecurity Act of 2015 Timeline – actions after the first year 2years,18Dec2017 DHS(5), DHS+DOJ, DHS+ NIST(2), Federal agencies, DOS, GAO, NIST, OMB 3years,18Dec2018 4years,18Dec2019 5years,18Dec2020 6years,20Dec2021 7years,19Dec2022 DHS(2), DHS+NIST, Federal agencies, GAO(3), OMB Additional ad hoc reporting requirements exist for DHS (Sec. 105 & 223), DHS+NIST (Sec. 229), HHS (Sec. 405), NIST (Sec. 303), and OMB (Sec. 226) DHS, Federal agencies DHS(3), DHS+NIST, DOS, Federal agencies, OMB 18months,19Jun2017 Federal CIO, NIST, OMB 15 Jan 2016 8
EU NIS (Network and Information Security) Directive • Tentative agreement on same date as Cybersecurity Act of 2015 – 18 Dec • Requires implementation by each of the 28 Member States • Creates a bifurcation – Applies to “operators of essential services and digital service providers” that are active in energy, transport, banking, financial services, healthcare and other critical industry segments – “Should…not apply to undertakings providing public communication networks or publicly available electronic communication services within the meaning of Directive 2002/21/EC” • Relies on a “cooperation group” composed of Member States´ representatives, the Commission and ENISA to support and facilitate strategic cooperation • Member States can “take the necessary measures to ensure the protection of its essential security interests, to safeguard public policy and public security, and to permit the investigation, detection and prosecution of criminal offences” • All Member States should be adequately equipped, both in terms of technical and organisational capabilities, to prevent, detect, respond to and mitigate network and information systems' incidents and risks • A need for closer international cooperation to improve security standards and information exchange, and promote a common global approach to NIS issues; might be helpful to draft harmonised standards • Includes sharing information on risks and incidents,” especially including notification of personal data breaches 15 Jan 2016 9
Meeting the challenge: questions and options • What information exchange requirements exist at the three identified NCCIC interfaces? – Federal-Entity, Non-Federal Entity, International Partner • What assumptions should be made about the capabilities and architectures within these three domains? • Are other interfaces needed? • What are the sector-specific interface sub-types? • What are the required information sharing expressions and other capabilities at these interfaces, and to what extent can existing specifications be mapped to these requirements? • What are the algorithms for the “personal information of a specific individual or information that identifies a specific individual” filter function? • Can an ad-hoc TC CTI or OASIS group assist in the Act’s implementation? • How can the TC CTI standards also be applied to meet EU NIS Directive 15 Jan 2016 10

Recommended

National Strategy to Secure 5G of the United States of America
National Strategy to Secure 5G of the United States of AmericaNational Strategy to Secure 5G of the United States of America
National Strategy to Secure 5G of the United States of AmericaNeil McDonnell
 
Final presentation cyber security submit copy
Final presentation cyber security submit copyFinal presentation cyber security submit copy
Final presentation cyber security submit copysmita mitra
 
How to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsHow to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsKyle Brown
 
Security and Privacy in Pegulated Environments
Security and Privacy in Pegulated EnvironmentsSecurity and Privacy in Pegulated Environments
Security and Privacy in Pegulated EnvironmentsFrancis Amaning
 
Michigan Cyber TTX response planning ESF 18
Michigan Cyber TTX response planning ESF 18 Michigan Cyber TTX response planning ESF 18
Michigan Cyber TTX response planning ESF 18 David Sweigert
 
Integrating the prevention of cyber crime into the overall anti-crime strateg...
Integrating the prevention of cyber crime into the overall anti-crime strateg...Integrating the prevention of cyber crime into the overall anti-crime strateg...
Integrating the prevention of cyber crime into the overall anti-crime strateg...Jacqueline Fick
 
Akolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'ConnorAkolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'ConnorPaul O'Connor
 
New York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulationsNew York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulationsBrunswick Group
 

Recommended

National Strategy to Secure 5G of the United States of America
National Strategy to Secure 5G of the United States of AmericaNational Strategy to Secure 5G of the United States of America
National Strategy to Secure 5G of the United States of AmericaNeil McDonnell
 
Final presentation cyber security submit copy
Final presentation cyber security submit copyFinal presentation cyber security submit copy
Final presentation cyber security submit copysmita mitra
 
How to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsHow to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsKyle Brown
 
Security and Privacy in Pegulated Environments
Security and Privacy in Pegulated EnvironmentsSecurity and Privacy in Pegulated Environments
Security and Privacy in Pegulated EnvironmentsFrancis Amaning
 
Michigan Cyber TTX response planning ESF 18
Michigan Cyber TTX response planning ESF 18 Michigan Cyber TTX response planning ESF 18
Michigan Cyber TTX response planning ESF 18 David Sweigert
 
Integrating the prevention of cyber crime into the overall anti-crime strateg...
Integrating the prevention of cyber crime into the overall anti-crime strateg...Integrating the prevention of cyber crime into the overall anti-crime strateg...
Integrating the prevention of cyber crime into the overall anti-crime strateg...Jacqueline Fick
 
Akolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'ConnorAkolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'ConnorPaul O'Connor
 
New York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulationsNew York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulationsBrunswick Group
 
Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategiesBenjamin Ang
 
Guideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital EconomyGuideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital EconomySettapong_CyberSecurity
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...Cybersecurity Education and Research Centre
 
Mon cirt khaltar
Mon cirt khaltarMon cirt khaltar
Mon cirt khaltarKhaltar Togtuun
 
Government and Enterprise Collaboration in Cybersecurity
Government and Enterprise Collaboration in CybersecurityGovernment and Enterprise Collaboration in Cybersecurity
Government and Enterprise Collaboration in CybersecurityCharles Mok
 
National policy and strategy
National policy and strategyNational policy and strategy
National policy and strategyBright Boateng
 
10 the-finstix-data-model
10 the-finstix-data-model10 the-finstix-data-model
10 the-finstix-data-modelChristos Laganas
 
2016 02-14 - tlp-white ce2016 presentation
2016 02-14 - tlp-white ce2016 presentation2016 02-14 - tlp-white ce2016 presentation
2016 02-14 - tlp-white ce2016 presentationisc2-hellenic
 
Gifec
GifecGifec
GifecFrancis Amaning
 
2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapter2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapterisc2-hellenic
 
Curbing Cyber Menace BY: Kenneth Adu Amanfoh Deputy Director IT,NCA
Curbing Cyber Menace BY: Kenneth Adu Amanfoh Deputy Director IT,NCACurbing Cyber Menace BY: Kenneth Adu Amanfoh Deputy Director IT,NCA
Curbing Cyber Menace BY: Kenneth Adu Amanfoh Deputy Director IT,NCAFrancis Amaning
 
Lessons learned from the SingHealth Data Breach COI Report
Lessons learned from the SingHealth Data Breach COI ReportLessons learned from the SingHealth Data Breach COI Report
Lessons learned from the SingHealth Data Breach COI ReportBenjamin Ang
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Benjamin Ang
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
 
Cyber crime (prohibition,prevention,etc)_act,_2015
Cyber crime (prohibition,prevention,etc)_act,_2015Cyber crime (prohibition,prevention,etc)_act,_2015
Cyber crime (prohibition,prevention,etc)_act,_2015Chinatu Uzuegbu
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructureNeha Agarwal
 
Singapore Asean cyber conflict and cybersecurity strategy - for Columbia Univ...
Singapore Asean cyber conflict and cybersecurity strategy - for Columbia Univ...Singapore Asean cyber conflict and cybersecurity strategy - for Columbia Univ...
Singapore Asean cyber conflict and cybersecurity strategy - for Columbia Univ...Benjamin Ang
 
ICAANZ VPDSS presentation by Paul O'Connor
ICAANZ VPDSS presentation by Paul O'ConnorICAANZ VPDSS presentation by Paul O'Connor
ICAANZ VPDSS presentation by Paul O'ConnorPaul O'Connor
 
Brunswick Intelligence - Building reputational resilience to cyber attack
Brunswick Intelligence - Building reputational resilience to cyber attackBrunswick Intelligence - Building reputational resilience to cyber attack
Brunswick Intelligence - Building reputational resilience to cyber attackBrunswick Group
 
Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Brian Honan
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...centralohioissa
 
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...at MicroFocus Italy ❖✔
 

More Related Content

What's hot

Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategiesBenjamin Ang
 
Guideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital EconomyGuideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital EconomySettapong_CyberSecurity
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...Cybersecurity Education and Research Centre
 
Government and Enterprise Collaboration in Cybersecurity
Government and Enterprise Collaboration in CybersecurityGovernment and Enterprise Collaboration in Cybersecurity
Government and Enterprise Collaboration in CybersecurityCharles Mok
 
National policy and strategy
National policy and strategyNational policy and strategy
National policy and strategyBright Boateng
 
2016 02-14 - tlp-white ce2016 presentation
2016 02-14 - tlp-white ce2016 presentation2016 02-14 - tlp-white ce2016 presentation
2016 02-14 - tlp-white ce2016 presentationisc2-hellenic
 
2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapter2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapterisc2-hellenic
 
Curbing Cyber Menace BY: Kenneth Adu Amanfoh Deputy Director IT,NCA
Curbing Cyber Menace BY: Kenneth Adu Amanfoh Deputy Director IT,NCACurbing Cyber Menace BY: Kenneth Adu Amanfoh Deputy Director IT,NCA
Curbing Cyber Menace BY: Kenneth Adu Amanfoh Deputy Director IT,NCAFrancis Amaning
 
Lessons learned from the SingHealth Data Breach COI Report
Lessons learned from the SingHealth Data Breach COI ReportLessons learned from the SingHealth Data Breach COI Report
Lessons learned from the SingHealth Data Breach COI ReportBenjamin Ang
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Benjamin Ang
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
 
Cyber crime (prohibition,prevention,etc)_act,_2015
Cyber crime (prohibition,prevention,etc)_act,_2015Cyber crime (prohibition,prevention,etc)_act,_2015
Cyber crime (prohibition,prevention,etc)_act,_2015Chinatu Uzuegbu
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructureNeha Agarwal
 
Singapore Asean cyber conflict and cybersecurity strategy - for Columbia Univ...
Singapore Asean cyber conflict and cybersecurity strategy - for Columbia Univ...Singapore Asean cyber conflict and cybersecurity strategy - for Columbia Univ...
Singapore Asean cyber conflict and cybersecurity strategy - for Columbia Univ...Benjamin Ang
 
ICAANZ VPDSS presentation by Paul O'Connor
ICAANZ VPDSS presentation by Paul O'ConnorICAANZ VPDSS presentation by Paul O'Connor
ICAANZ VPDSS presentation by Paul O'ConnorPaul O'Connor
 
Brunswick Intelligence - Building reputational resilience to cyber attack
Brunswick Intelligence - Building reputational resilience to cyber attackBrunswick Intelligence - Building reputational resilience to cyber attack
Brunswick Intelligence - Building reputational resilience to cyber attackBrunswick Group
 
Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Brian Honan
 

What's hot (20)

Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategies
 
Guideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital EconomyGuideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital Economy
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
 
Mon cirt khaltar
Mon cirt khaltarMon cirt khaltar
Mon cirt khaltar
 
Government and Enterprise Collaboration in Cybersecurity
Government and Enterprise Collaboration in CybersecurityGovernment and Enterprise Collaboration in Cybersecurity
Government and Enterprise Collaboration in Cybersecurity
 
National policy and strategy
National policy and strategyNational policy and strategy
National policy and strategy
 
10 the-finstix-data-model
10 the-finstix-data-model10 the-finstix-data-model
10 the-finstix-data-model
 
2016 02-14 - tlp-white ce2016 presentation
2016 02-14 - tlp-white ce2016 presentation2016 02-14 - tlp-white ce2016 presentation
2016 02-14 - tlp-white ce2016 presentation
 
Gifec
GifecGifec
Gifec
 
2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapter2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapter
 
Curbing Cyber Menace BY: Kenneth Adu Amanfoh Deputy Director IT,NCA
Curbing Cyber Menace BY: Kenneth Adu Amanfoh Deputy Director IT,NCACurbing Cyber Menace BY: Kenneth Adu Amanfoh Deputy Director IT,NCA
Curbing Cyber Menace BY: Kenneth Adu Amanfoh Deputy Director IT,NCA
 
Lessons learned from the SingHealth Data Breach COI Report
Lessons learned from the SingHealth Data Breach COI ReportLessons learned from the SingHealth Data Breach COI Report
Lessons learned from the SingHealth Data Breach COI Report
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)
 
Cyber crime (prohibition,prevention,etc)_act,_2015
Cyber crime (prohibition,prevention,etc)_act,_2015Cyber crime (prohibition,prevention,etc)_act,_2015
Cyber crime (prohibition,prevention,etc)_act,_2015
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructure
 
Singapore Asean cyber conflict and cybersecurity strategy - for Columbia Univ...
Singapore Asean cyber conflict and cybersecurity strategy - for Columbia Univ...Singapore Asean cyber conflict and cybersecurity strategy - for Columbia Univ...
Singapore Asean cyber conflict and cybersecurity strategy - for Columbia Univ...
 
ICAANZ VPDSS presentation by Paul O'Connor
ICAANZ VPDSS presentation by Paul O'ConnorICAANZ VPDSS presentation by Paul O'Connor
ICAANZ VPDSS presentation by Paul O'Connor
 
Brunswick Intelligence - Building reputational resilience to cyber attack
Brunswick Intelligence - Building reputational resilience to cyber attackBrunswick Intelligence - Building reputational resilience to cyber attack
Brunswick Intelligence - Building reputational resilience to cyber attack
 
Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...
 

Viewers also liked

Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...centralohioissa
 
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...at MicroFocus Italy ❖✔
 
Denning_Todd_Report
Denning_Todd_ReportDenning_Todd_Report
Denning_Todd_ReportTodd Denning
 
December ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security PresentationDecember ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security Presentationwhmillerjr
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Securityinside-BigData.com
 
Data security risks and the cost of business continuity (slideshare) tmcs q...
Data security risks and the cost of business continuity (slideshare) tmcs q...Data security risks and the cost of business continuity (slideshare) tmcs q...
Data security risks and the cost of business continuity (slideshare) tmcs q...tmcscs
 
FINAL 15-RUMC-3020-Annual-Report-Final_web
FINAL 15-RUMC-3020-Annual-Report-Final_webFINAL 15-RUMC-3020-Annual-Report-Final_web
FINAL 15-RUMC-3020-Annual-Report-Final_webWilliam J Smith, MBA
 
Display_OneSheet
Display_OneSheetDisplay_OneSheet
Display_OneSheetSana Ahmed
 
The Foreign Investment Regulation Review, 3rd edition
The Foreign Investment Regulation Review, 3rd editionThe Foreign Investment Regulation Review, 3rd edition
The Foreign Investment Regulation Review, 3rd editionMatheson Law Firm
 
Human Development Report 2013 and Ukraine Presentation [ENG]
Human Development Report 2013 and Ukraine Presentation [ENG]Human Development Report 2013 and Ukraine Presentation [ENG]
Human Development Report 2013 and Ukraine Presentation [ENG]UNDP Ukraine
 
Companies. - Free Online Library
Companies. - Free Online LibraryCompanies. - Free Online Library
Companies. - Free Online Libraryplayergamer13
 
BSHS LMC 2009 2010 Annual Report
BSHS LMC 2009 2010 Annual ReportBSHS LMC 2009 2010 Annual Report
BSHS LMC 2009 2010 Annual ReportFran Bullington
 
Data-Ed Online: How Safe is Your Data? Data Security Webinar
Data-Ed Online: How Safe is Your Data? Data Security WebinarData-Ed Online: How Safe is Your Data? Data Security Webinar
Data-Ed Online: How Safe is Your Data? Data Security WebinarData Blueprint
 
2015 Cyber Security Strategy
2015 Cyber Security Strategy 2015 Cyber Security Strategy
2015 Cyber Security Strategy Mohit Kumar
 
Sustainable and organic F&B
Sustainable and organic F&BSustainable and organic F&B
Sustainable and organic F&Bgarloyd
 
2014 PERE 50
2014 PERE 502014 PERE 50
2014 PERE 50Erik Kolb
 
Accelerating government agility with cloud computing v1
Accelerating government agility with cloud computing v1Accelerating government agility with cloud computing v1
Accelerating government agility with cloud computing v1David Linthicum
 

Viewers also liked (20)

Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
 
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
 
Denning_Todd_Report
Denning_Todd_ReportDenning_Todd_Report
Denning_Todd_Report
 
December ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security PresentationDecember ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security Presentation
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Security
 
Data security risks and the cost of business continuity (slideshare) tmcs q...
Data security risks and the cost of business continuity (slideshare) tmcs q...Data security risks and the cost of business continuity (slideshare) tmcs q...
Data security risks and the cost of business continuity (slideshare) tmcs q...
 
FINAL 15-RUMC-3020-Annual-Report-Final_web
FINAL 15-RUMC-3020-Annual-Report-Final_webFINAL 15-RUMC-3020-Annual-Report-Final_web
FINAL 15-RUMC-3020-Annual-Report-Final_web
 
Display_OneSheet
Display_OneSheetDisplay_OneSheet
Display_OneSheet
 
Edelman 11on11
Edelman 11on11Edelman 11on11
Edelman 11on11
 
The Foreign Investment Regulation Review, 3rd edition
The Foreign Investment Regulation Review, 3rd editionThe Foreign Investment Regulation Review, 3rd edition
The Foreign Investment Regulation Review, 3rd edition
 
Human Development Report 2013 and Ukraine Presentation [ENG]
Human Development Report 2013 and Ukraine Presentation [ENG]Human Development Report 2013 and Ukraine Presentation [ENG]
Human Development Report 2013 and Ukraine Presentation [ENG]
 
Authentic Leadership
Authentic LeadershipAuthentic Leadership
Authentic Leadership
 
Companies. - Free Online Library
Companies. - Free Online LibraryCompanies. - Free Online Library
Companies. - Free Online Library
 
BSHS LMC 2009 2010 Annual Report
BSHS LMC 2009 2010 Annual ReportBSHS LMC 2009 2010 Annual Report
BSHS LMC 2009 2010 Annual Report
 
Data-Ed Online: How Safe is Your Data? Data Security Webinar
Data-Ed Online: How Safe is Your Data? Data Security WebinarData-Ed Online: How Safe is Your Data? Data Security Webinar
Data-Ed Online: How Safe is Your Data? Data Security Webinar
 
2015 Cyber Security Strategy
2015 Cyber Security Strategy 2015 Cyber Security Strategy
2015 Cyber Security Strategy
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
 
Sustainable and organic F&B
Sustainable and organic F&BSustainable and organic F&B
Sustainable and organic F&B
 
2014 PERE 50
2014 PERE 502014 PERE 50
2014 PERE 50
 
Accelerating government agility with cloud computing v1
Accelerating government agility with cloud computing v1Accelerating government agility with cloud computing v1
Accelerating government agility with cloud computing v1
 

Similar to Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115

2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
Critical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCritical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCommunity Protection Forum
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Preventionfmi_igf
 
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Leonardo ENERGY
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2Kyle Lai
 
Report to congressional committees
Report to congressional committeesReport to congressional committees
Report to congressional committeesAndrey Apuhtin
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyShiva Bissessar
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-statusRama Reddy
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy finalIndian Air Force
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesUlf Mattsson
 
National_Cyber_Security_Strategy.pdf
National_Cyber_Security_Strategy.pdfNational_Cyber_Security_Strategy.pdf
National_Cyber_Security_Strategy.pdfAlexandre Pinheiro
 
Robots in The Chemical Industry
Robots in The Chemical IndustryRobots in The Chemical Industry
Robots in The Chemical IndustryIJRTEMJOURNAL
 
Cybersecurity for Chemical Industry
Cybersecurity for Chemical IndustryCybersecurity for Chemical Industry
Cybersecurity for Chemical Industryjournal ijrtem
 
Cyber Security for Oil and Gas
Cyber Security for Oil and Gas Cyber Security for Oil and Gas
Cyber Security for Oil and Gas mariaidga
 
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...Cade Zvavanjanja
 
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...ijtsrd
 
The Present and the Future ISAC in Taiwan
The Present and the Future ISAC in TaiwanThe Present and the Future ISAC in Taiwan
The Present and the Future ISAC in TaiwanAPNIC
 
Cyber Insurance as Digital Strategy
Cyber Insurance as Digital StrategyCyber Insurance as Digital Strategy
Cyber Insurance as Digital StrategyRandeep Sudan
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sDr Lendy Spires
 

Similar to Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115 (20)

2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector
 
Critical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCritical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challenges
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Prevention
 
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
 
Report to congressional committees
Report to congressional committeesReport to congressional committees
Report to congressional committees
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-status
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy final
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best Practices
 
National_Cyber_Security_Strategy.pdf
National_Cyber_Security_Strategy.pdfNational_Cyber_Security_Strategy.pdf
National_Cyber_Security_Strategy.pdf
 
Robots in The Chemical Industry
Robots in The Chemical IndustryRobots in The Chemical Industry
Robots in The Chemical Industry
 
Cybersecurity for Chemical Industry
Cybersecurity for Chemical IndustryCybersecurity for Chemical Industry
Cybersecurity for Chemical Industry
 
Cyber Security for Oil and Gas
Cyber Security for Oil and Gas Cyber Security for Oil and Gas
Cyber Security for Oil and Gas
 
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
 
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
 
The Present and the Future ISAC in Taiwan
The Present and the Future ISAC in TaiwanThe Present and the Future ISAC in Taiwan
The Present and the Future ISAC in Taiwan
 
Cyber Insurance as Digital Strategy
Cyber Insurance as Digital StrategyCyber Insurance as Digital Strategy
Cyber Insurance as Digital Strategy
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
 

More from James Bryce Clark

NSTIC IDESG Baseline Requirements for Security, Privacy, UX and Interop
NSTIC IDESG Baseline Requirements for Security, Privacy, UX and InteropNSTIC IDESG Baseline Requirements for Security, Privacy, UX and Interop
NSTIC IDESG Baseline Requirements for Security, Privacy, UX and InteropJames Bryce Clark
 
OASIS Open Stds and FOSS Nov 2019
OASIS Open Stds and FOSS Nov 2019OASIS Open Stds and FOSS Nov 2019
OASIS Open Stds and FOSS Nov 2019James Bryce Clark
 
OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...
OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...
OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...James Bryce Clark
 
OASIS at ETSI on Open Standards and Open Source 2015
OASIS at ETSI on Open Standards and Open Source 2015OASIS at ETSI on Open Standards and Open Source 2015
OASIS at ETSI on Open Standards and Open Source 2015James Bryce Clark
 
Struse 2015 A funny thing happened on the way to OASIS: standarising STIX +...
Struse 2015 A funny thing happened on the way to OASIS: standarising STIX +...Struse 2015 A funny thing happened on the way to OASIS: standarising STIX +...
Struse 2015 A funny thing happened on the way to OASIS: standarising STIX +...James Bryce Clark
 
NSTIC IDESG Functional Requirements status report from FMO
NSTIC IDESG Functional Requirements status report from FMONSTIC IDESG Functional Requirements status report from FMO
NSTIC IDESG Functional Requirements status report from FMOJames Bryce Clark
 
OASIS PMRM overview and tools #EIC2014: Sabo and Janssen
OASIS PMRM overview and tools #EIC2014: Sabo and JanssenOASIS PMRM overview and tools #EIC2014: Sabo and Janssen
OASIS PMRM overview and tools #EIC2014: Sabo and JanssenJames Bryce Clark
 
OASIS: How open source and open standards work together: the Internet of Things
OASIS: How open source and open standards work together: the Internet of ThingsOASIS: How open source and open standards work together: the Internet of Things
OASIS: How open source and open standards work together: the Internet of ThingsJames Bryce Clark
 

More from James Bryce Clark (8)

NSTIC IDESG Baseline Requirements for Security, Privacy, UX and Interop
NSTIC IDESG Baseline Requirements for Security, Privacy, UX and InteropNSTIC IDESG Baseline Requirements for Security, Privacy, UX and Interop
NSTIC IDESG Baseline Requirements for Security, Privacy, UX and Interop
 
OASIS Open Stds and FOSS Nov 2019
OASIS Open Stds and FOSS Nov 2019OASIS Open Stds and FOSS Nov 2019
OASIS Open Stds and FOSS Nov 2019
 
OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...
OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...
OASIS at ITU/NGMN: Convergence, Collaboration and Smart Shopping in Open Stan...
 
OASIS at ETSI on Open Standards and Open Source 2015
OASIS at ETSI on Open Standards and Open Source 2015OASIS at ETSI on Open Standards and Open Source 2015
OASIS at ETSI on Open Standards and Open Source 2015
 
Struse 2015 A funny thing happened on the way to OASIS: standarising STIX +...
Struse 2015 A funny thing happened on the way to OASIS: standarising STIX +...Struse 2015 A funny thing happened on the way to OASIS: standarising STIX +...
Struse 2015 A funny thing happened on the way to OASIS: standarising STIX +...
 
NSTIC IDESG Functional Requirements status report from FMO
NSTIC IDESG Functional Requirements status report from FMONSTIC IDESG Functional Requirements status report from FMO
NSTIC IDESG Functional Requirements status report from FMO
 
OASIS PMRM overview and tools #EIC2014: Sabo and Janssen
OASIS PMRM overview and tools #EIC2014: Sabo and JanssenOASIS PMRM overview and tools #EIC2014: Sabo and Janssen
OASIS PMRM overview and tools #EIC2014: Sabo and Janssen
 
OASIS: How open source and open standards work together: the Internet of Things
OASIS: How open source and open standards work together: the Internet of ThingsOASIS: How open source and open standards work together: the Internet of Things
OASIS: How open source and open standards work together: the Internet of Things
 

Recently uploaded

VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaimessage0108
 

Recently uploaded (20)

VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
 

Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115

  • 1. Deconstructing the Cybersecurity Act of 2015: model, architecture, interfaces, expressions Tony Rutkowski, mailto:tony@yaanatech.com 15 Jan 2016 V1.0 Copyright © Yaana Technologies LLC 2016
  • 2. [USA] Cybersecurity Act of 2015 15 Jan 2016 Title I: Basic purposes and requirements Title II.A: Sharing architecture around the National Cybersecurity and Communications Integration Center (NCCIC) instantiated by amending Homeland Security Act of 2002 as amended Title II.B: Steps to improve Federal agency cybersecurity Title III: Cybersecurity education Title IV: Miscellaneous 15 Jan 2016 2
  • 3. [USA] Cybersecurity Act of 2015 Cirrus Word Cloud Display 15 Jan 2016 3
  • 4. FEDERAL ENTITYFEDERAL ENTITY APPROPRIATE FEDERAL ENTITYAPPROPRIATE FEDERAL ENTITY Entity ontology of the Cybersecurity Act of 2015 15 Jan 2016 4 NON-FEDERAL ENTITYNON-FEDERAL ENTITY PRIVATE ENTITYPRIVATE ENTITY 103(a) ENTITIES103(a) ENTITIES DHS - DEPARTMENT OF HOMELAND SECURITY DNI – OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE DOD - DEPARTMENT OF DEFENSE DOJ - DEPARTMENT OF JUSTICE NSA – NATIONAL SECURITY AGENCY FOREIGN POWER Notes: 1 See 50 U.S. Code § 3003(4) * No definition ISAO -INFORMATION SHARING AND ANALYSIS ORGANIZATION COLLABORATES WITH STATE AND LOCAL GOVERNMENTS [SECTOR-SPECIFIC] ISAC - INFORMATION SHARING AND ANALYSIS CENTER SECTOR COORDINATING COUNCILS OWNERS AND OPERATORS OF CRITICAL INFORMATION SYSTEMS OTHER APPROPRIATE NON-FEDERAL PARTNERS VOLUNTARY INFORMATION SHARING RELATIONSHIP “ OTHER DETERMINED BY THE SECRETARY INTERNATIONAL PARTNERS STATE, TRIBAL, OR LOCAL GOVERNMENT INTELLIGENCE COMMUNITY 1 NCCIC - NATIONAL CYBERSECURITY AND COMMUNICATIONS INTEGRATION CENTER DOE - DEPARTMENT OF ENERGY - DEPARTMENT OF TREASURY DOC - DEPARTMENT OF COMMERCE/NIST DOS - DEPARTMENT OF STATE OMB – OFFICE OF MANAGEMENT AND THE BUDGET HHT – DEPARTMENT OF HEALTH AND HUMAN SERVICES GAO – GOVERNMENT ACCOUNTING OFFICE
  • 5. InternationalPartners5 Non-Federal entities4 Federal entities Cybersecurity Act architecture & interfaces NCCIC(NationalCybersecurityand CommunicationsIntegrationCenter HSA§227 [NCCIC] 1 to acquire, identify, or scan, or to possess, information that is stored on, processed by, or transiting an information system. CA §103 2 an action, device, procedure, signature, technique, or other measure applied to an information system or information that is stored on, processed by, or transiting an information system that detects, prevents, or mitigates a known or suspected cybersecurity threat or security vulnerability. CA §103 3 Includes removal of certain personal information filtering function per CA §104(d)(2). 4 Such as State, local, and tribal governments, ISAOs, ISACs including information sharing and analysis centers, owners and operators of critical information systems, and private entities. 5 Collaborate on cyber threat indicators, defensive measures, and information related to cybersecurity risks and incidents; and enhance the security and resilience of global cybersecurity Partners. HAS §227(c)(8) •cyber threat indicators •defensive measures •cybersecurity risks •incidents pursuant to §103(a) Mediation andFiltering3 Monitor1 & defend2 information system + information that is stored on, processed by, or transiting the information system CA §103 Monitor1 & defend2 information system + information that is stored on, processed by, or transiting the information system CA §103 interfaces FE-NCCIC NFE-NCCIC IP-NCCIC Mediation andFiltering3 [NCCIC][NCCIC] 15 Jan 2016 5
  • 6. Cybersecurity Act information exchange expressions cyber threat  indicator information that is necessary to describe or identify (A) malicious reconnaissance, including anomalous patterns of communications that appear to be transmitted for the purpose of gathering technical  information related to a cybersecurity threat or security vulnerability [malicious reconnaissance: a method for actively probing or passively monitoring an information system for the purpose of discerning security  vulnerabilities of the information system, if such method is associated with a known or suspected cybersecurity threat.] (B) a method of defeating a security control or exploitation of a security vulnerability; (C) a security vulnerability, including anomalous activity that appears to indicate the existence of a security vulnerability; (D) a method of causing a user with legitimate access to an information system or information that is stored on, processed by, or transiting an information  system to unwittingly enable the defeat of a security control or exploitation of a security vulnerability; (E) malicious cyber command and control [a method for unauthorized remote identification of, access to, or use of, an information system or information that is stored on, processed by, or  transiting an information system.] (F) the actual or potential harm caused by an incident, including a description of the information exfiltrated as a result of a particular cybersecurity threat; (G) any other attribute of a cybersecurity threat, if disclosure of such attribute is not otherwise prohibited by law; or (H) any combination thereof. [Cybersecurity threat: an action,...on or through an information system that may result in an unauthorized effort to adversely impact the security,  availability, confidentiality, or integrity of an information system or information that is stored on, processed by, or transiting an information system.] defensive  measure an action, device, procedure, signature, technique, or other measure applied to an information system or information that is stored on, processed by, or  transiting an information system that detects, prevents, or mitigates a known or suspected cybersecurity threat or security vulnerability.  [Defensive measure does not include a measure that destroys, renders unusable, provides unauthorized access to, or substantially harms an information  system or information stored on, processed by, or transiting such information system not owned by (i) the private entity operating the measure; or (ii)  another entity or Federal entity that is authorized to provide consent and has provided consent to that private entity for operation of such measure.] cybersecurity  risk threats to and vulnerabilities of information or information systems and any related consequences caused by or resulting from unauthorized access, use,  disclosure, degradation, disruption, modification, or destruction of such information or information systems  [Includes related consequences caused by an act of terrorism] incident an occurrence that actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information on an  information system, or actually or imminently jeopardizes, without lawful authority, an information system 15 Jan 2016 6
  • 7. Cybersecurity Act of 2015 Timeline – first year actionsEnacted,18Dec2015 OneYear,18Dec2016 180days,15Jun2016 90days,17Mar2016 60days,16Feb2016 Pursuant to 2 USC Sec. 394, FRCP Rule 26. N.B., 6 months treated as 180 days, 9 months as 270 days, 18 months as 548 days, 1 year and annual as 365 days 240days,15Aug2016 9months,13Sep2016 DHS(2), DNI, DOJ+DHS(3), Judicial DHS(4), DOS, HHS DHS(3), DNI, DNI+OMB, Federal CIO, NIST(2), OMB, DOJ+DHS(2) Federal agencies NIST DHS(7), DOS(1), Federal agencies (5), HHS, OMB(4) 15 Jan 2016 7
  • 8. Cybersecurity Act of 2015 Timeline – actions after the first year 2years,18Dec2017 DHS(5), DHS+DOJ, DHS+ NIST(2), Federal agencies, DOS, GAO, NIST, OMB 3years,18Dec2018 4years,18Dec2019 5years,18Dec2020 6years,20Dec2021 7years,19Dec2022 DHS(2), DHS+NIST, Federal agencies, GAO(3), OMB Additional ad hoc reporting requirements exist for DHS (Sec. 105 & 223), DHS+NIST (Sec. 229), HHS (Sec. 405), NIST (Sec. 303), and OMB (Sec. 226) DHS, Federal agencies DHS(3), DHS+NIST, DOS, Federal agencies, OMB 18months,19Jun2017 Federal CIO, NIST, OMB 15 Jan 2016 8
  • 9. EU NIS (Network and Information Security) Directive • Tentative agreement on same date as Cybersecurity Act of 2015 – 18 Dec • Requires implementation by each of the 28 Member States • Creates a bifurcation – Applies to “operators of essential services and digital service providers” that are active in energy, transport, banking, financial services, healthcare and other critical industry segments – “Should…not apply to undertakings providing public communication networks or publicly available electronic communication services within the meaning of Directive 2002/21/EC” • Relies on a “cooperation group” composed of Member States´ representatives, the Commission and ENISA to support and facilitate strategic cooperation • Member States can “take the necessary measures to ensure the protection of its essential security interests, to safeguard public policy and public security, and to permit the investigation, detection and prosecution of criminal offences” • All Member States should be adequately equipped, both in terms of technical and organisational capabilities, to prevent, detect, respond to and mitigate network and information systems' incidents and risks • A need for closer international cooperation to improve security standards and information exchange, and promote a common global approach to NIS issues; might be helpful to draft harmonised standards • Includes sharing information on risks and incidents,” especially including notification of personal data breaches 15 Jan 2016 9
  • 10. Meeting the challenge: questions and options • What information exchange requirements exist at the three identified NCCIC interfaces? – Federal-Entity, Non-Federal Entity, International Partner • What assumptions should be made about the capabilities and architectures within these three domains? • Are other interfaces needed? • What are the sector-specific interface sub-types? • What are the required information sharing expressions and other capabilities at these interfaces, and to what extent can existing specifications be mapped to these requirements? • What are the algorithms for the “personal information of a specific individual or information that identifies a specific individual” filter function? • Can an ad-hoc TC CTI or OASIS group assist in the Act’s implementation? • How can the TC CTI standards also be applied to meet EU NIS Directive 15 Jan 2016 10