+ All Categories
Home > Documents > Paul De Souza

Paul De Souza

Date post: 04-Dec-2014
Category:
Upload: cebit-australia
View: 1,117 times
Download: 5 times
Share this document with a friend
Description:
 
19
Unclassified August 2010
Transcript
Page 1: Paul De Souza

Unclassified

August  2010

Page 2: Paul De Souza

Without a cyber strategy, survival in cyberspace is left to chance!

Page 3: Paul De Souza

1 - SET OF IDEAS

2 - INTRUMENTS OF POWER

3 - SYNCHRONIZED EFFORTS (COORDINATED)

4 - OBJECTIVES AND DIRECTION

DOD Dictionary of Military and Associated Termshttp://www.dtic.mil/doctrine/new_pubs/jp1_02.pdf

Page 4: Paul De Souza

5 pillars of cyber security strategy

Defense Deputy Secretary William Lynn III

Page 5: Paul De Souza

Rec

ogni

zeTh

reat

Ext

end

Inte

rnal

D

efen

se

Ext

end

Pro

tect

ion

To C

ritic

al

Infra

stru

ctur

e

Inte

rnat

iona

l C

olla

bora

tion

Mai

ntai

n Te

chni

cal

Dom

inan

ce

http://www.govinfosecurity.com/articles.php?art_id=2872

Page 6: Paul De Souza

Recognize cyberspace as a new war fighting domain

You are doing business in a COMBAT ZONE!

US Air Force Mission

USAF Cyberspace Operator Badge

Page 7: Paul De Souza

MORE THAN good hygiene and perimeter defenses as intrusion

detectionMORE THAN Firewalls, MORE THAN IPS appliances, MORE THAN Web Proxy servers, MORE THAN VPN tunnels, MORE THAN SIEM, etc…

Page 8: Paul De Souza

“The military networks do not exists in a vacuum; we depend heavily on commercial networks for logistics, transportation, for power”Defense Deputy Secretary William Lynn III

Help Protect your business partners

Understand their strategies

Page 9: Paul De Souza
Page 10: Paul De Souza
Page 11: Paul De Souza

1 Understand what cyber strategy is NOT

2 Understand and Accept the UNIQUE threats that apply to you –Know your Enemy! (CyberINT, Attack Analysis and Strategy Analysis

3 Know yourself and how vulnerable you are. Understand your capabilities

4 Create a SET of Ideas (the WHAT of things and not necessary the HOW of things)

5 Develop your INTRUMENTS of POWER to counter the threat and minimize the risk (the HOW of things)

6 Synchronize , Collaborate , Integrate and Coordinate

7 List Objectives and expand on direction

8 Write down your strategy

9 Repeat the cycle

Page 12: Paul De Souza

A Goal

Tactics

A Security Policy

Doctrine

Compliance

Page 13: Paul De Souza

"It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles“ Sun Tzu

Page 14: Paul De Souza

Define what’s critical

Understand what’s wanted by your adversary

Understand your vulnerabilities by running vulnerability assessments

engage trusted but external partners to test your systems

Understand your “Instruments of Power” – Set of skills, technology, knowledge

Page 15: Paul De Souza
Page 16: Paul De Souza

Adobe Acrobat Document

The Cyber Security Operations Centre (CSOC)

http://www.dsd.gov.au/infosec/top35mitigationdetails.htm

Page 17: Paul De Souza

Strategy goals must be well defined

Define success and appropriate metrics

Create a strategy forecast and future direction

Page 18: Paul De Souza

Your cyber strategy must keep security events in sync with timeYour cyber strategy must cover collaboration,

integration and coordination efforts with other cyber entities of interest

Page 19: Paul De Souza

Your cyber strategy is a sensitive living document that is dynamic and ever changing


Recommended