Upload
stephen-cobb
View
220
Download
1
Tags:
Embed Size (px)
DESCRIPTION
My take on the main themes and topic of National Cyber Security Awareness Month, including shared responsibility, the Internet of Things, STEM education and the cyber workforce.
Citation preview
National Cyber Security Awareness Month 2014: Major trends and resources
Stephen Cobb, CISSPSecurity Researcher, ESET NA
National Cyber Security Awareness Month
• Happens in October• This is the 11th year • A coordinated series of events • A useful way to look at cyber
security• An official theme each year• Other themes emerge Follow
hashtag #NCSAM
Question #1Is your organization doing anything special for National Cyber Security Awareness Month?
Yes No I’m not sure I don’t work for an
organization
www.StaySafeOnline.org/ncsam
#NCSAM in 2014
• Official theme:– Our shared responsibility
• Other themes emerge:– The Internet of Things– Security Standards– STEM and the cyber workforce– A wealth of resources
The Internet of Things
• Trade and Industry• Health and Healthcare• Infrastructure• Homes and Cars• IoT glossary and acronym soup:– Sensors, GPS, RFID, WNS, LRCD, ICLR,
SDR, Wi-Fi, BlueTooth, Zigbee, Z-Wave
Trade and Industry
Homes and cars
Health andHealthcare
Infrastructure
Track vehicles and goods, enable smart factories, improve supply chain logistics
Monitor critical systems, alert, balance loads, enable smart grid efficiency
Diagnose remotely, monitor patients, deliver medication
Protect, monitor, control, entertain
What can IoT do? Monitor, warn, alarm, control, inform, communicate, entertain, track, enable, treat, respond, enable
What things?smartphones, smart watches, wearables, sensors, smart appliances, smart cars, medical devices, drones, network cameras
IoT: THE INTERNET OF THINGS
What’s the awareness aspect?
• The IoT is happening now• Early indications are that security
and privacy are not top of mind with many makers or users
• A chance to get security baked in rather than added later
• And temperexpectations
Security Standards
• Looks like we have a winner:– NIST Cybersecurity Framework– www.nist.gov/cyberframework
• A voluntary framework for reducing cyber risks to critical infrastructure
• And the rest of cyberspace as well• May be a “reasonableness test”• Default standard of due care
STEM and the cyber workforce
• Securing all this stuff is going to take a lot more skilled people than we have on hand right now
• Steps are being taken to increase the supply of cyber skilled people
• Areas of discussion:– Professional certification vs. college– Better human resource management– Vets, women, minorities– Immigration
Question #2Does your organization have difficulty finding the computer security expertise it needs?
Yes No Not sure I don’t work for an organization
A wealth of resources
• National Initiative for Cybersecurity Education (NICE)
• Cybersecurity Lesson Plans• Cybersecurity Internship Program• National Initiative for Cybersecurity
Careers and Studies (NICCS)– niccs.us-cert.gov
• And that’s just on workforce development
Free awareness materials
www.StopThinkConnect.org/resourcesEmail: [email protected]
Official NCSAM Theme:Our shared responsibility
Each and every one of us needs to do our part to make sure that our online lives are kept safe and secure. That's what National Cyber Security Awareness Month—observed in October —is all about!
Who is responsible?
• Individuals• Companies• Government• Communities
Individuals
• Check your cyber hygiene– Password protection, backups, privacy
settings, mobiles, laptops, tablets, etc.
• Talk cyber with parents, kids, friends…
• stopthinkconnect.org/tips-and-advice
Companies
• A good time to have everyone read the company security policies and procedures
• Awareness and education days• Use free materials, competitions,
volunteer
Government
• Local– Mayor’s office– City IT
• Regional & State– MS-ISAC– State Cyber Task Force
• National – NIST, DHS, FBI
• International– More resources please!– Cooperation between nation states
Communities
• Businesses• College Administrators• Community-Based
Organizations• Faith-Based Organizations• Home Users• K-12 Administrators• Libraries• Local governments• Local law enforcement• Teachers
Communities
• A community example of “Our Shared Responsibility”
• Securing Our eCity• Greater San Diego area• Non-profit organization• Volunteers and donations• Public/private cooperation
And it’s not over yet…
5 Thursdays in October 2014!
Thank you!
• [email protected]• www.eset.com• www.WeLiveSecurity.com• Twitter @zcobb• www.SecuringOureCity.org