View
217
Download
0
Category
Preview:
Citation preview
ISSA Intl Women in Security Special Interest Group (WIS SIG)
Technology Leadership Series – Part III
A look at the increasingly complex critical infrastructure protection landscape
1
July 10, 2017
3
Connecting the Information Security Community With Opportunity
Post Your Resume
Find a New Position
Access Our Calendar of Worldwide Security Events
INFO SEC CONNECT
https://www.infosecconnect.com/
MissionConnecting the World,
One Cybersecurity
Practitioner at a Time.
VisionThe WIS SIG is committed
to developing women
leaders globally, building a
stronger cybersecurity
community fabric, and
enabling success across
the globe.
Creating Leaders Together ISSA WIS SIG embraces a spirit of collaboration within its organization and
throughout the industry. We partner with organizations to provide leadership programs and services, and challenge these companies to create
cybersecurity-oriented professional advancement opportunities for women.
4
5
• Foster the recruitment, retention and promotion of women within the cybersecurity industry
• Enhance women’s career growth by providing professional development events, career path information, mentoring and coaching services, and networking opportunities
• Cultivate leadership and technical competencies for women within the cybersecurity field
• Provide a global cybersecurity forum which recognizes women's professional contributions
• Continuously improve the ISSA WIS SIG's value proposition and ability to attract, develop, and retain a diverse community of women worldwide
WIS SIG Goals
6
WIS SIG PARTNERS
Ms. Deanna Boyden
Ms. Domini Clark
Ms. Lisa Jiggetts, Founder, President, and CEO
Mr. Jeff Steiner & Mr. David Leighton
Nanci Schimizzi, Board Member
Ms. Marlene Veum
Ms. Deidre Diamond
Lorena Fimbres & Jeff Terhune & Jeanne
Martin & Carole Inge
Nanci Cronk, Account Executive
Paige Needling, President and CEO
Kristen Lamoreaux, Founder, SIM Women
Ms. DeeDee Smartt Lynch, President
Ms. Laurie Wiggins, Founder, President, and CEO
Dori Farah // Director, Workforce & Affinity Alliances
7
WIS SIG PARTNERS
Mr. John von Ruden
Eric Berkowitz
Ms. Susan Leister Ms. Janice Comer Bradley, Ms. Leah Lewis & Mr. Matt LoFiego
Ms. Vera Lichtenberg & Mr. Scott Martin
Mr. Bill Smith
Ms. Melissa Butler
Mr. Scott Binder
NoVA Section
Gustavo Hinojosa, Executive Director, National Cybersecurity Student Association
Mr. David Eber & Ms. Teresa Allison
8
Million Women Mentors
Become A Sponsor
Become A Mentor
Become A Partner
Call to Action Our Structure
5 Pathways to Mentorship
We have surpassed 1 million!
OUR GOAL
Million Women Mentors (MWM), a STEMconnector initiative aims to increase the number of women and girls entering STEM fields through mentorship, thus increasing their interest and confidence in STEM areas.
stemconnector.org, www.millionwomenmentors.org
9
Carole Dicker,
Principal -
FEDROCK
Security, LLC
Fedrock
Security LLC is in
the Security Systems
Services business.
Connie Justice, CISSP,
Ph.D. CybersecurityClinical Associate Professor
of Computer Information
Technology. Director of IT
Security Education and
Experiential Learning,
http://livlab.org. Purdue
Technical Assistance Program
(TAP) Faculty,
http://tap.purdue.edu/
NEW 2017 WIS SIG
Volunteers
Dr. Maxine Henry,
PhD MAOM,
CGEIT, GRISC,
CISA, ITIL Dr. Henry is a global
strategist and
consultant focused on
the impact of GRC
and information
technology.
Christy Lodwick
VP of Marketing & Business Development Tyde Systems, LLC -- Six Sigma Green Belt, Cisco Certified Sales Expert, CyberSAFE, CCNA,HIPAA
10
Lauren Rousseau-Ball,
WIS SIG Volunteer
Extraordinaire
Paige NeedlingPaige brings 20 years of “in-the-trenches” experience to solve realworld data security andcompliance challenges for herclients. She has been recognizedas one of the Game Changers inInformation Security by HUBMagazine and has been featuredin Compliance Weekly and otherindustry publications. She hasshared her expertise as a speakerat ISACA and IIA.
NEW 2017 WIS SIG
Volunteers
Marlys Rodgers, CISM, MBATenured technology leaderexperienced in enterprisedeployments of cloud, onpremise and mobile (BYOD) forFortune 100 financial institution.Transitioned career by buildingon IS/governance work to GRCand now leading riskmeasurement for global digitalwallet company with a focus oninfo sec/cyber.
Hanna Sicker, CISM, CISSPOver 25 years of technical and management experience, including 10 years in information security operations. As Head of Global Security and Network Operations for StubHub, Sicker oversees a team of SOC analysts and NOC Engineers who provide support to all StubHub sites globally in 48 countries.
WIS SIG Advisors
12
Andrea Hoy
Candy Alexander
Anne Rogers
Debbie Christofferson
Jean Pawluk
Sandra M.Lambert
SIG Liaisons
13
Central & South FLMaureen Premo
AtlantaCassandra Dacus
Colorado SpringsDonna Kimberling,
Colleen Murphy
Central MD & NOVA Rhonda Farrell
National CapitalNicole Grey
Chicago, IllValerie Baldwin
Denver COMarlen Veum, DJ McArthur, Christy
Lodwick, Deb Peinert
MinnesotaBetty Burke
Central TXTenille Jones
PortlandBrian Ventura
San FranciscoJoan Rose, Tamara
Thompson, and Terry Quan
SingaporeMagda Chelly
14
Support Our SIGs!
• Financial
• Ms. Andrea Hoy
• Healthcare
• Mr. Andy Reeder
• Security Awareness
• Ms. Jill Feagans
• Mr. Kelley Archer
• Women In Security
• Ms. Domini Clark
• Rhonda Farrell
http://www.issa.org/?page=SIGs
15
2017 ISSA INTL Global SIG Lineup
* Additional Mentoring Meet-Ups, SANS Hosted Connect Events, Student Security, and Local Outreach and Membership Drive Events Planned
JAN 2017 FEB 2017 MAR 2017 APR 2017 MAY 2016 JUNE 2017
9th – WIS
SIG*
13th - WIS
SIG; 15th –
SEA SIG
13th - WIS
SIG; 16th –
Financial SIG
Security
Summit;
16th – HC
SIG
10th – WIS
SIG
8th – WIS
SIG; 10th –
SEA SIG
12th – WIS
SIG; 15th –
HC SIG; 16th
– FIN SIG
JUL 2017 AUG 2017 SEP 2017 OCT 2017 NOV 2017 DEC 2017
10th – WIS
SIG
9th – SEA
SIG;14th –
WIS SIG;
11th – WIS
SIG; 14th –
HC SIG; 15th
– FIN SIG
16th – WIS
SIG
8th – SEA
SIG; 13th –
WIS SIG
11th – WIS
SIG; 14th –
HC SIG; 15th
– FIN SIG
16
ISSA INTL SIG Membership Drive
*NOT APPLICABLE TO STUDENT MEMBERSHIPS
ISSA International Memberships* are
20% off for SIG Members, use Discount
Codes at Checkout: 20FSIG16, 20HCSIG16,
20SEASIG16, 20WISSIG16
17
Presenter: Dr. Diana Burley
Dr. Diana Burley
A look at the increasingly complex critical infrastructure protection landscape.
Diana L. Burley, Ph.D. is executive director and chair of the Institute for Information Infrastructure Protection (I3P) and full professor of human & organizational learning at The George Washington University. She is a globally recognized cybersecurity expert who currently co-chairs the ACM/IEEE-Computer Society Joint Task Force on Cybersecurity Education.
She is a 2016 recipient of the Executive Women’s Forum in Information Security, Risk Management and Privacy Woman of Influence award. In 2014, Dr. Burley was named the cybersecurity educator of the year as well as one of the top ten influencers in information security careers. In 2013, she served as co-Chair of the US National Research Council Committee on Professionalizing the Nation’s Cybersecurity Workforce.
18
Presenter: Dr. Diana BurleyPrior to joining GW, she managed a multi-million-dollar computer science education and research portfolio and led the CyberCorps program for the National Science Foundation. She is the sole recipient of both educator of the year and government leader of the year awards from the Colloquium for Information Systems Security Education and has been honored by the Federal CIO Council for her work on developing the federal cyber security workforce. She served two appointments on the Cyber Security Advisory Committee of the Virginia General Assembly Joint Commission on Technology & Science (2012, 2013) and has secured nearly $10 million in sponsored research support. Dr. Burley has testified before the US Congress, conducted international cybersecurity training, and written more than 80 publications on cybersecurity, information sharing, and IT-enabled change.
She holds a BA in Economics from the Catholic University of America; M.S. in Public Management and Policy, M.S. in Organization Science, and Ph.D. in Organization Science and Information Technology from Carnegie Mellon University where she studied as a Woodrow Wilson Foundation Fellow.
The Increasingly Complex Critical Infrastructure Protection Landscape
Dr. Diana L. Burley
Institute for Information Infrastructure Protection
The George Washington University
10 July 2017
19
WIS SIG July 2017 Webinar
CIP Landscape
• Overview and context
• Risk management and mitigation
• Collaboration and information sharing
• Public and international policy
• Workforce analysis and development
• Concluding thoughts
20
DiscussionTopics
“Critical infrastructure, also referred to asnationally significant infrastructure, can bebroadly defined as the systems, assets, facilitiesand networks that provide essential servicesand are necessary for the national security,economic security, prosperity, and health andsafety of their respective nations.”
21
Critical 5:Forging a Common Understanding for Critical Infrastructure
Overview and Context
In the last 12 months, we have confirmed…
• An attack on SWIFT global banking system
• Foreign interference in US election systems
• Ukrainian power grid attacks
• A ransomware attack that shutdown major hospital systems in the UK and around the world
• The infiltration of computer networks in a US nuclear power operation
23
In the last 12 months, we have confirmed…
• An attack on SWIFT global banking system
• Foreign interference in US election systems
• Ukrainian power grid attacks
• A ransomware attack that shutdown major hospital systems in the UK
• The infiltration of computer networks in a US nuclear power operation
24
What about the
unconfirmed or suspected incidents??
“Most information security professionals believe that the US critical infrastructure will bebreached by a cyber attack within the next two years.”
BlackHat 2017 Survey
26
Overview and Context
Critical infrastructure protection in theage of “SMART” everything is a multi-faceted task that becomes more difficultevery day as we add more intelligenceand complexity to the systems anddevices we rely on in a wide range ofdomains.
27
Overview and Context
➢ Risk management and mitigation
➢ Collaboration and information sharing
➢ Public and international policy
➢ Workforce analysis and development
28
CIP Discussion Topics
Risk Management and Mitigation
• Risks associated with human, economic and public/societal loss should be considered
• Risk assessments should not be considered in isolation
• Assessments include: identification, analysis, and evaluation
30
Risk Management and Mitigation
NIST Framework for improving CIP provides a common mechanism to: [ref.]
1. Describe their current cybersecurity posture;
2. Describe their target state for cybersecurity;
3. Identify and prioritize opportunities for improvement within the context of a continuous and repeatable process;
4. Assess progress toward the target state;
5. Communicate among internal and external stakeholders about cybersecurity risk.
31
Risk Management and Mitigation
NIST Framework components: [ref.]
• Core: activities, outcomes and standards related to the functions - Identify, Protect, Detect, Respond, Recover.
• Implementation Tiers: context on organization views of cybersecurity risk and the processes in place to manage that risk
• Profiles: desired outcomes based on business needs
32
Collaboration and Information Sharing
• Benefits• Situational awareness to support normal
operations and incident response.
• Preventative operational and tactical risk management actions.
• Strategic planning and investment to build capabilities and resilience.
33
Collaboration and Information Sharing
• DHS Critical Infrastructure Threat Information Sharing Framework • Report suspicious or known threats, incidents, and
activities
• Receive Threat Information Relevant to Your Sector
• Access Threat Prevention and Protection Related Training and Exercises
34
Collaboration and Information Sharing
• Public Private Partnerships• Information Sharing and Analysis Centers (ISACs) • Information Sharing and Analysis Organizations (ISAOs)• Regional collaborations
• Interoperability and integration issues that must be addressed • Aligning mission, value• Identifying leadership and funding sources • Developing trust • Determining what information is to be shared
35
Public and International Policy
• Presidential Executive Order
• Department of Homeland Security Role • Provide strategic guidance to public and private
partners
• Promote a national unity of effort
• Coordinate the overall Federal effort to promote the security and resilience of the nation's critical infrastructure.
36
Public and International Policy
• The Critical Five • Established in 2012 to enhance information sharing and
work on issues of mutual interest between Australia, Canada, New Zealand, the United Kingdom and the United States.
• Published in March 2014, a shared narrative, “Forging a Common Understanding of Critical Infrastructure”
• Global Commission on the Stability of Cyberspace (cyberstabiity.org)• 1st GCSC meeting: Tallinn, Estonia June 2017• 2017 priorities include the “public core of the Internet”
and “critical infrastructures”
37
Workforce Analysis and Development
Regarding the recent cyber attack at the Wolf Creek Nuclear Operating Corporation …
“In most cases, the attacks targeted people — industrial control engineers who have direct access to systems…Hackers wrote highly targeted email messages containing fake résumés [as infected Microsoft Word documents] for control engineering jobs and sent them to the senior industrial control engineers who maintain broad access to critical industrial control systems, the government report said.” [ref]
38
Workforce Analysis and Development
• Structuring the cybersecurity field• National Cybersecurity Workforce Framework
• Joint Task Force on Cybersecurity Education
39
But… Are industrial control engineers part of the
cybersecurity workforce?
Structuring the Field
• National Cybersecurity Workforce Framework [ref.]
The National Cybersecurity Workforce Framework provides a blueprint to categorize, organize, and describe cybersecurity work …[,] provides a common language to speak about cyber roles and jobs[,] and helps define personal requirements in cybersecurity.
40
Structuring the Field
• Joint Task Force on Cybersecurity Education [ref.]
• The Joint Task Force on Cybersecurity Education (JTF) is developing comprehensive curricular guidance in cybersecurity education that will support future program development and associated educational efforts.
• Global collaboration between major computing societies: ACM, IEEE-Computer Society, Association for Information Systems, and International Federal of Information Processors
• Draft and more information available at csec2017.org. Final version to be released in December 2017.
41
Workforce Development Challenges
• Analyzing and defining workforce needs
• Contextualizing learning and development experiences
• Balancing breadth and depth of content
• Advancing hands-on skill development
• Integrating technical and non-technical content
42
Engaging the Whole Workforce
Robust “awareness” programs change behavior
43
Raise
Awareness
Promote
Understanding
Increase
Engagement
Support
Action
ChangeBehavior
Concluding Thoughts
“When governments focus on making criticalinfrastructure more secure and resilient by managingrisk, trust and confidence is enhanced in the public-private relationship, which then facilitates economicgrowth. This trust and confidence in criticalinfrastructure is essential to achieving safe, secureand prosperous societies.”
44
Critical 5:Forging a Common Understanding for Critical Infrastructure
46
▪ ISSA International Members
▪ ISSA INTL WIS SIG Members
▪ IEEE WIE Members
▪ Strategic Partners
THANK YOU TO OUR ATENDEES &
SUPPORTERS
47
• ISSA International Service Offerings
• CISO Executive Forum (Meets Quarterly)
• Domestic and International Chapter Base
• E-News
• ISSA Intl Special Interest Groups
• ISSA Industry Webinars
• ISSA Journal
• ISSA Web Conferences
• Mentoring Programs
• US and European Conferences
48
CISO Executive Forum Info
Security Awareness & TrainingEnlisting your Entire Workforce into your
Security Team
July 23-24, 2017Bally's Las Vegas
Questions: Leah Lewis (llewis@issa.org)https://www.issa.org/page/CISO2017July
49
ISSA INTERNATIONAL
CONFERENCE 2017
October 9-11, 2017San Diego, CA, USA
#ISSAConfSave the date and join us for solution-oriented and innovative sessions, all designed to help you get your hands around some of security's hottest topics.
https://www.issa.org/page/IIC2017RSVP
51
2017 SANS & ISSA WIS SIG CONNECT
EVENTS
▪ VetSuccess▪ Women’s Academy
+
Cross Country Connect Event Tour 2017
55
2017 SANS & ISSA WIS SIG CONNECT
EVENTS
Cross Country Connect Event Tour 2017
https://www.issa.org/events/event_list.asp?show=&group=107122
▪ July 27, 2017 – Washington, DC
▪ August 22, 2017 – Chicago, Illinois
▪ December 14, 2017 – Washington, DC
56
2017 Scholarship Giving Program
▪ Donate Online:http://issa-foundation.org
▪ Email Us for Info:wissig@issa.org
WIS SIG Scholarship Fund
57
ISSA International Journal Articles
http://www.issa.org/?page=ISSAJournal
Please contact SIGs@issa.org if you are interested in submitting a SIG column entry!
58
SPONSORSHIP OPPORTUNITIES
•Financial
• Ms. Andrea Hoy
•Healthcare
• Mr. Andy Reeder
•Security Awareness
• Ms. Jill Feagans, Mr. Kelley Archer
•Women In Security
• Ms. Rhonda Farrell
SIGS@issa.org
60
Registration Info for our WIS SIG Portal
• Non-members:
https://www.issa.org/general/register_member_type.asp?
• Members: WISSIG@issa.org or Press Join on our SIG page
once you are logged in!
61
Monthly WIS SIG & WIE Webinar Driving Innovation within STEM & Cyber Across the
Generations – Part III
Privacy as a Component of the Cybersecurity World or is it?
August 14th, 2017 (1600-1700 Eastern)
Ms. Monique Morrow, Chief Technology Strategist
https://www.issa.org/events/EventDetails.aspx?id=911311&group=107122
Join US at our NEXT Event!
Recommended