Date post: | 05-Apr-2018 |
Category: |
Documents |
Upload: | isalliance |
View: | 225 times |
Download: | 0 times |
of 17
7/31/2019 2003 11 13 Larry Clinton India Security Anchor Proposal
1/17
Larry ClintonOperations Officer
Internet Security [email protected]
7/31/2019 2003 11 13 Larry Clinton India Security Anchor Proposal
2/17
Growth in Incidents Reported to the CERT/CC
1988 1989 1990 19911992
1993 1994 1995 1996 1997 1998 1999 2000 2001 2002
132
110,000
55,100
21,756
9,8593,7342,1342,5732,4122,3401,3347734062526
0
20000
40000
60000
80000
100000
120000
7/31/2019 2003 11 13 Larry Clinton India Security Anchor Proposal
3/17
The Dilemma: Growth in Number of Vulnerabilities Reported to CERT/CC
4,129
2,437
171345 311 262
417
1,090
0
500
1,000
1,500
2,000
2,500
3,000
3,500
4,000
4,500
1995 2002
7/31/2019 2003 11 13 Larry Clinton India Security Anchor Proposal
4/17
Attack Sophistication v. Intruder Technical Knowledge
High
Low
1980 1985 1990 1995 2000
password guessing
self-replicating code
password cracking
exploiting known vulnerabilities
disabling auditsback doors
hijackingsessions
sweepers
sniffers
packet spoofing
GUI
automated probes/scans
denial of service
www attacks
Tools
Attackers
Intruder Knowledge
AttackSophistication
stealth / advancedscanning techniques
burglaries
ne
twork mgmt. diagnostics
DDOSattacks
7/31/2019 2003 11 13 Larry Clinton India Security Anchor Proposal
5/17
Computer Virus Costs (inbillions)
0
30
60
90
120
150
'96 '97 '98 '99 '00 '01 '02 '03
Ran e
(Through Oct 7)
$billion
7/31/2019 2003 11 13 Larry Clinton India Security Anchor Proposal
6/17
Implications for Indian
Companies Corporate Financial Implications
Legal Liability Could Effect Partnerships
Cyber Security Could be Written into TradeAgreements
7/31/2019 2003 11 13 Larry Clinton India Security Anchor Proposal
7/17
Corporate Finances
Attacks are inevitable
You can mitigate risk, but not eliminate it.
Many Companies are not insured
7/31/2019 2003 11 13 Larry Clinton India Security Anchor Proposal
8/17
Chief Technology Officers Knowledge of their Cyber Insurance
34% Incorrectlythought they werecovered
36% Did not haveInsurance
23% Did not know if they had insurance
7% Knew that theywere insured by aspecific policy
7/31/2019 2003 11 13 Larry Clinton India Security Anchor Proposal
9/17
ISAlliance Cyber-InsuranceProgram
Coverage for members
Free Assessment through AIG Market incentive for increased security practices
10% discount off best prices from AIG
Additional 5% discount for implementing ISAllianceBest Practices (July 2002)
7/31/2019 2003 11 13 Larry Clinton India Security Anchor Proposal
10/17
Legal Liability
US State law already specifies liability
Jones-Day review suggests companies must showthey are above the mean in cyber security
Partners will have to show security for its own sakeand to fend off liability
7/31/2019 2003 11 13 Larry Clinton India Security Anchor Proposal
11/17
Regulatory/TradeImplications
Intensive Interest in US Congress on Cyber Security
Regulatory Proposals are being circulateddemanding audits for cyber security
Congressional Internet Committee 11/6/03
Should we write cyber security requirements into ourfuture trade agreements?
7/31/2019 2003 11 13 Larry Clinton India Security Anchor Proposal
12/17
Sponsors
7/31/2019 2003 11 13 Larry Clinton India Security Anchor Proposal
13/17
What ISAlliance Does
Successful Information Sharing Develops Widely Approved Best Practices and
standards Develops Tools for Assessment Creates/advocates market incentives to improve
cyber security
Education and Training Outreach e.g. Security Anchor Program+
7/31/2019 2003 11 13 Larry Clinton India Security Anchor Proposal
14/17
Cooperative work onassessment/certification
TechNet CEO Self-Assessment Program
Bring cyber security to theC-level based on ISA BestPractices
Create a baseline ofsecurity even CEOs canunderstand
American SecurityConsortium 3-PartyAssessment program
Risk Preparedness Indexfor assessment andcertification
Develop quantitativeindependent ROI for cybersecurity
7/31/2019 2003 11 13 Larry Clinton India Security Anchor Proposal
15/17
ISAlliance/CERT Training
Concepts and Trends In Information Security Information Security for Technical Staff
OCTAVE Method Training Workshop Overview of Managing Computer Security IncidentResponse Teams
Fundamentals of Incident Handling Advanced Incident Handling for Technical Staff Information Survivability an Executive Perspective
7/31/2019 2003 11 13 Larry Clinton India Security Anchor Proposal
16/17
India Security Anchor Proposal
Security Anchors are organizations who:---Provide secure channel for receiving reports about
vulnerabilities and incidents---Provide assistance to members of its constituency
ion handling incidents---Disseminate incident related information
---License and provide CERT training---Expand the culture of security
7/31/2019 2003 11 13 Larry Clinton India Security Anchor Proposal
17/17
Larry ClintonOperations Officer
Internet Security [email protected]