Barry Foer
Director of Policy & Membership
bfoer@isalliance.org 703-907-7799
Dr. Sagar Vidyasagar, 2nd Vice Chair Marc-Anthony Signorino, Treasurer Director Technology Policy, National Exec VP, Tata Consulting Services
Association of Manufacturers
Tim McKnight, CSO, Northrop Grumman Jeff Brown, CISO/Director IT Infrastructure, Raytheon Eric Guerrino, SVP/CIO, Bank of New York Ken Silva, Chief Technology Officer, VeriSign Lawrence Dobranski, Chief Strategic Security, Nortel Charles Croom, Vice President, Cyber Security Strategy, Lockheed Martin Pradeep Khosla, Dean Carnegie Mellon School of Computer Sciences Joe Buonomo, CEO DCR Software Inc.
Our Partners
Joseph McElroy Hacked US Dept of Energy Chen-Ing Hau CIH Virus Jeffrey Lee Parson Blaster-B Copycat
Newer Threats
Designer malware: Malware designed for a specific target or small set of targets Spear Phishing: Combines Phishing and social engineering Ransomware: Malcode packs important files into encrypted archive & deletes original then ransom is demanded RootKits: shielding technology to make malcode invisible to the op system
Shift to profit motive Zero day exploits Increased investment and innovation in malcode Increased use of stealth techniques
Digital Growth?
Sure
Companies have built into their business models the efficiencies of digital technologies such as real time tracking of supply lines, inventory management and online commerce. The continued expansion of the digital lifestyle is already built into almost every companys assumptions for growth.
---Stanford University Study, July 2006
Legal/Regulatory Issues
Have cyber liabilities been analyzed? What regulations apply to lines of business? Exposed to class action/shareholder suits? Is org protected from business interruptions? Org protected from fed/state govt. investigations? What jurisdictions does date move through? What is in our contracts? What does our privacy policy say?
Compliance/Regulatory
Have an inventory of what regs apply to us? Know what reg data is and where its located? Valid reasons for keeping this data? What have we done to protect the data? Incident response program/notification program? What is impact of possible data loss? Procedures in place for tracking compliance? How are we tracking vendors procedures?
Risk transfer
What is exposure (brand/confidence/physical loss?how do we measure? Are you already covered? D&O? Do we need to bring in expertise? Who? Is insurance available? What is the ROI for insurance and other risk transfer approaches?
Content Sources
Critical Infrastructure Partnership Advisory Council (CIPAC) Cross-Sector Cyber Security Working Group (CSCSWG) Daily Open Source Infrastructure Report Homeland Security Information Network (HSIN) United States Computer Emergency Readiness Team (USCERT) National Infrastructure Partnership Plan (NIPP) Partnership for Critical Infrastructure Security (PCIS) Protective Programs and Research and Development (PPRD)
Content Sources
Software Assurance Working Group DHS Business Opportunities Newsletter Cyber Security Monitor Joint Homeland Security Notes (HSN) Critical Infrastructure Information Notice (CIIN) National Telecommunications and Information Administration (NTIA) Economic Security Work Group (ESWG) InfraGard Information Technology Sector Coordinating Council (IT-SCC) Critical Functions and Information Sharing (CFIS) Group Plans Working Group Communications Sector Coordinating Council Carnegie Mellon University CyLab (CMU) ISAlliance
Content Examples
DHS Business Opportunities Newsletter
Content Examples
Homeland Security Note Critical Infrastructure Information Notice
Content Examples
IT-SCC Calendar
Content Examples
DHS Daily Open Source Infrastructure Report
Content Channels
World Wide Web GovDelivery Digital Subscription Management Excel Electronic Mail Merge Outlook Distribution Lists & Outlook Calendar Invitations US-CERT Portal Secure Communication Direct Mail Outlook Email Telephone
Member/Prospect Examples
Calendar of Events ISAlliance News Project Information & Updates Public GovDelivery Subscription Common Sense Guides ISAlliance Services
GovDelivery
Digital Subscription Management
Total Subscription Items hosted by GovDelivery: 47 Average item subscriptions per subscriber: 9 Total Subscribers: 4021 New Subscribers 2008: 714 (+ 17%) Total bulletins sent 2008: 364,977 Total hits to RSS feeds 2008: 23,783
GovDelivery
Digital Subscription Management
Used for delivery of targeted messages to broad groups with interest in specific subject matter.
Examples
Notice for the Private Sector Preparedness Accreditation and Certification Program Biometric Identification Small Business Issues US-CERT Alerts Meeting Notices & Reminders ISAlliance Calendar of Events ISAlliance Daily Brief Access Control Technical, Operations, Public Policy and/or Legal Perspective - All of Above
Used by members and allies for secure messaging, often between groups, subgroups and various sector coordinating councils, ISACs & organizations.
Examples
Software Assurance Cross Sector Cyber Security Work Group Defense Security Information Exchange White House Cyber Security Initiative AeroSpace Industries Association
1. 2. 3. 4.
5.
Barry Foer
Director of Policy & Membership
bfoer@isalliance.org 703-907-7799