SlideShare a Scribd company logo
1 of 58
SECURITY VULNERABILITY ASSESSMENT (SVA) & LIABILITY
TODAY’S PRESENTATION WILL ENCOMPASS THE FOLLOWING: ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
THE BASICS OF AN SVA ,[object Object],[object Object],[object Object],[object Object]
THE BASICS OF AN SVA ,[object Object],[object Object],[object Object],[object Object]
AS A NATION THE US REMAINS AT ELEVATED THREAT LEVELS Current Prevailing Nationwide Threat Level: It was Raised to   High   around the Anniversary of Sept. 11
CURRENT STATE OF SECURITY… OUTSIDER - PHYSICAL ATTACKS Type of Adversary Criminal Foreign State-Sponsored Terrorist Domestic Terrorist Environmental Extremist Vandals Threat Level Many users have historically protected at this level.
VANDAL (LOWEST RISK) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Vandal: Usually between the ages of  7 – 19
FOREIGN STATE-SPONSORED TERRORIST (HIGHEST RISK) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],International Terrorist: Adult, Male or Female, Ideology Driven
LET’S EXAMINE INSIDER  THREAT SPECTRUM Type of Adversary Disgruntled  (Sending a Message) Super-Insider (coercion) Disgruntled (Revenge) Threat Level Criminal Acts (Personal Gain) Disgruntled (Collusion) ,[object Object],[object Object],[object Object],Increased Access, Motivation, & Skill Level increases threat
CYBER DBT IS AMATEUR HACKER & INSIDER WITH OPERATIONAL PRIVILEGES Novice Amateur  Hacker Organized  Crime Government  Sponsored Type of Cyber Terrorist Knowledge
THE BASICS OF AN SVA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
THE BASICS OF AN SVA ,[object Object],[object Object],[object Object],[object Object],[object Object]
THE BASICS OF AN SVA ,[object Object],[object Object],[object Object],[object Object],[object Object]
Client XXX Security Improvement Cost Estimate Sandia Methodology Approach Summary of Risk Reduction Solutions for Client XXX RISK REDUCTION SOLUTION CRITICAL ASSET DESCRIPTION ESTIMATED COST (1A) Control # X Relocate with New Housing $TBD (1B) Control # X Perimeter Security Improvements & Upgrades $600,000 (2A) Control # Y & I-XX/C-XX Culverts Perimeter Security Improvements $200,000 (2B) As Above Hardening Measures $190,000 (3A) WTP Facility Perimeter Security Improvements & Upgrade 1,240,000 (3B) As Above Perimeter Security Improvements & Upgrade 300,000 (3C) As Above Hardening Measures 1,060,000 TOTAL $3,590,000
Client XXX Security Improvement Cost Estimate Deterrent Methodology Approach Summary of Risk Reduction Solutions for Client XXX RISK REDUCTION SOLUTION CRITICAL ASSET DESCRIPTION ESTIMATED COST (1A) Control # X Relocate with New Housing $TBD (1B) Control # X Perimeter Security Improvements & Upgrades $276,000 (2A) Control # Y & I-XX/C-XX Culverts Perimeter Security Improvements $105,400 (2B) As Above Hardening Measures N/A (3A) WTP Facility Perimeter Security Improvements & Upgrade $560,500 (3B) As Above Perimeter Security Improvements & Upgrade $192,000 (3C) As Above Hardening Measures $1,060,000 TOTAL  REDUCTION OF 68.42% $1,133,900
WHY IS AN SVA SO IMPORTANT?
A PROPERLY EXECUTED SVA PROVIDES: ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
WITHOUT PERFORMING A VA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
HISTORY OF SVA LEGISLATION ,[object Object],[object Object],[object Object]
CRITICAL INFRASTRUCTURES SUPPORT COMMAND AND CONTROL
HISTORY OF SVA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
HISTORY OF SVA ,[object Object],Since1998 the National Petroleum Council has been reviewing the vulnerabilities of oil & gas industry to attack (both physical and cyber).  Post 9/11, oil and gas has been monitoring the security of its oil and gas transportation network, its refineries and its distribution facilities The American Petroleum Institute is coordinating information sharing among members.  ISAC (Information Sharing and Analysis Center) has been promoting collection, assessment, and sharing of oil & gas member information on physical and electronic threats, vulnerabilities, incidents, and solutions/best practices.
HISTORY OF SVA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
NEW INITIATIVES BY STATE ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
NEW JERSEY ,[object Object],[object Object],[object Object],[object Object],[object Object]
MARYLAND ,[object Object],[object Object],[object Object],[object Object]
ILLINOIS ,[object Object],[object Object],[object Object]
HISTORY OF SVA ,[object Object],[object Object],[object Object],[object Object],[object Object]
HISTORY OF SVA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
NEW LEGISLATION ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
CLEAR PATTERN ,[object Object],[object Object],[object Object]
LIABILITY
LIABILITY ISSUES ,[object Object],[object Object]
LIABILITY ISSUES ,[object Object]
LIABILITY ISSUES ,[object Object],[object Object]
LIABILITY ISSUES ,[object Object],[object Object]
NEGLIGENCE ISSUES ,[object Object],[object Object]
NEGLIGENCE ISSUES ,[object Object],[object Object]
NEGLIGENCE ISSUES ,[object Object],[object Object]
FURTHER LIABILITY ISSUES ,[object Object],[object Object]
STATEMENT ,[object Object]
FURTHER LIABILITY ISSUES ,[object Object]
 
LACK OF DESIGN CRITERIA ,[object Object],[object Object],[object Object],[object Object],[object Object]
INADEQUATE SECURITY ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
QUESTIONS THAT CAN BE ANSWERED BY PROPER SECURITY DESIGN CRITERIA
LIKELY QUESTIONS…. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
LIKELY QUESTIONS… ,[object Object],[object Object],[object Object],[object Object],[object Object]
FURTHER LIABILITY ISSUES ,[object Object],[object Object],[object Object],[object Object]
FURTHER LIABILITY ISSUES ,[object Object],[object Object],[object Object],[object Object],[object Object]
SOLUTIONS
SECURITY VULNERABILITY ASSESSMENT (SVA) ,[object Object],[object Object]
SECURITY VULNERABILITY ASSESSMENT (SVA) ,[object Object],[object Object],[object Object]
SECURITY VULNERABILITY ASSESSMENT (SVA) ,[object Object],[object Object]
SOLUTIONS ,[object Object],[object Object],[object Object]
SOLUTIONS ,[object Object],[object Object],[object Object]
SOLUTIONS ,[object Object],[object Object],[object Object]
QUESTIONS www.wivenhoegroup.com Phone: 609-208-0112 E-mail: info@wivenhoegroup.com

More Related Content

What's hot

Scammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringScammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringResolver Inc.
 
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Citrin Cooperman
 
An Intro to Resolver's InfoSec Application (RiskVision)
An Intro to Resolver's InfoSec Application (RiskVision)An Intro to Resolver's InfoSec Application (RiskVision)
An Intro to Resolver's InfoSec Application (RiskVision)Resolver Inc.
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye, Inc.
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
 
MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider...
MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider...MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider...
MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider...Citrin Cooperman
 
Security Trends: From "Silos" to Integrated Risk Management
Security Trends: From "Silos" to Integrated Risk ManagementSecurity Trends: From "Silos" to Integrated Risk Management
Security Trends: From "Silos" to Integrated Risk ManagementResolver Inc.
 
New York Cybersecurity Requirements for Financial Services Companies
New York Cybersecurity Requirements for Financial Services CompaniesNew York Cybersecurity Requirements for Financial Services Companies
New York Cybersecurity Requirements for Financial Services CompaniesCitrin Cooperman
 
Risk Assessment
Risk AssessmentRisk Assessment
Risk Assessmentaeaguinot
 
Risk Assessment
Risk AssessmentRisk Assessment
Risk Assessmentaeaguinot
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19Citrin Cooperman
 

What's hot (20)

Resilience is the new cyber security
Resilience is the new cyber securityResilience is the new cyber security
Resilience is the new cyber security
 
Scammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringScammed: Defend Against Social Engineering
Scammed: Defend Against Social Engineering
 
Pitfalls of Cyber Data
Pitfalls of Cyber DataPitfalls of Cyber Data
Pitfalls of Cyber Data
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
Countering Cyber Threats
Countering Cyber ThreatsCountering Cyber Threats
Countering Cyber Threats
 
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
 
An Intro to Resolver's InfoSec Application (RiskVision)
An Intro to Resolver's InfoSec Application (RiskVision)An Intro to Resolver's InfoSec Application (RiskVision)
An Intro to Resolver's InfoSec Application (RiskVision)
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the risk
 
MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider...
MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider...MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider...
MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider...
 
Security Trends: From "Silos" to Integrated Risk Management
Security Trends: From "Silos" to Integrated Risk ManagementSecurity Trends: From "Silos" to Integrated Risk Management
Security Trends: From "Silos" to Integrated Risk Management
 
New York Cybersecurity Requirements for Financial Services Companies
New York Cybersecurity Requirements for Financial Services CompaniesNew York Cybersecurity Requirements for Financial Services Companies
New York Cybersecurity Requirements for Financial Services Companies
 
Bay Dynamics
Bay DynamicsBay Dynamics
Bay Dynamics
 
Modern Security Risk
Modern Security RiskModern Security Risk
Modern Security Risk
 
Risk Assessment
Risk AssessmentRisk Assessment
Risk Assessment
 
Risk Assessment
Risk AssessmentRisk Assessment
Risk Assessment
 
Cissp combined notes
Cissp combined notesCissp combined notes
Cissp combined notes
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
 

Viewers also liked

A Method for Prioritization of Vulnerability Assessment of Technical Transpor...
A Method for Prioritization of Vulnerability Assessment of Technical Transpor...A Method for Prioritization of Vulnerability Assessment of Technical Transpor...
A Method for Prioritization of Vulnerability Assessment of Technical Transpor...Global Risk Forum GRFDavos
 
Network Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision PointsNetwork Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision PointsPivotPointSecurity
 
2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...Neil Matatall
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentMarcelo Silva
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesKellep Charles
 

Viewers also liked (6)

A Method for Prioritization of Vulnerability Assessment of Technical Transpor...
A Method for Prioritization of Vulnerability Assessment of Technical Transpor...A Method for Prioritization of Vulnerability Assessment of Technical Transpor...
A Method for Prioritization of Vulnerability Assessment of Technical Transpor...
 
Network Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision PointsNetwork Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision Points
 
Lect 3
Lect 3Lect 3
Lect 3
 
2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best Practices
 

Similar to Security vulnerability assessment & liability(li)

Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Lawguest8b10a3
 
The Department of Homeland Security.pdfThe Department Of Homeland Security
The Department of Homeland Security.pdfThe Department Of Homeland SecurityThe Department of Homeland Security.pdfThe Department Of Homeland Security
The Department of Homeland Security.pdfThe Department Of Homeland SecurityAmber Wheeler
 
Terrorism Vulnerability Assessments
Terrorism Vulnerability AssessmentsTerrorism Vulnerability Assessments
Terrorism Vulnerability AssessmentsShannon Sand
 
Addressing cyber security
Addressing cyber securityAddressing cyber security
Addressing cyber securityFemi Ashaye
 
Case Study For Defence In Depth
Case Study For Defence In DepthCase Study For Defence In Depth
Case Study For Defence In DepthSherry Bailey
 
Physical Status Score Improves Predictions Of Survival...
Physical Status Score Improves Predictions Of Survival...Physical Status Score Improves Predictions Of Survival...
Physical Status Score Improves Predictions Of Survival...April Lacey
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
 
CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022SophiaPalmira1
 
CTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxCTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxSophia Price
 
RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™CPaschal
 
Massachusetts data privacy rules v6.0
Massachusetts data privacy rules v6.0Massachusetts data privacy rules v6.0
Massachusetts data privacy rules v6.0stevemeltzer
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousEthan S. Burger
 
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Wendy Knox Everette
 
Unconventional Risks Presented by Synergy Assoc
Unconventional Risks Presented by Synergy AssocUnconventional Risks Presented by Synergy Assoc
Unconventional Risks Presented by Synergy AssocSujit Ghosh
 
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachLegal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachDawn Yankeelov
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Michael C. Keeling, Esq.
 
Essay On Wireshark And Nmap Vulnerability Assessment Tools
Essay On Wireshark And Nmap Vulnerability Assessment ToolsEssay On Wireshark And Nmap Vulnerability Assessment Tools
Essay On Wireshark And Nmap Vulnerability Assessment ToolsTiffany Carpenter
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overviewdr_edw777
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementKeelan Stewart
 

Similar to Security vulnerability assessment & liability(li) (20)

Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Law
 
The Department of Homeland Security.pdfThe Department Of Homeland Security
The Department of Homeland Security.pdfThe Department Of Homeland SecurityThe Department of Homeland Security.pdfThe Department Of Homeland Security
The Department of Homeland Security.pdfThe Department Of Homeland Security
 
Terrorism Vulnerability Assessments
Terrorism Vulnerability AssessmentsTerrorism Vulnerability Assessments
Terrorism Vulnerability Assessments
 
Wastewater Workshop Presentation 2007[2 R]
Wastewater  Workshop  Presentation 2007[2 R]Wastewater  Workshop  Presentation 2007[2 R]
Wastewater Workshop Presentation 2007[2 R]
 
Addressing cyber security
Addressing cyber securityAddressing cyber security
Addressing cyber security
 
Case Study For Defence In Depth
Case Study For Defence In DepthCase Study For Defence In Depth
Case Study For Defence In Depth
 
Physical Status Score Improves Predictions Of Survival...
Physical Status Score Improves Predictions Of Survival...Physical Status Score Improves Predictions Of Survival...
Physical Status Score Improves Predictions Of Survival...
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
 
CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022
 
CTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxCTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptx
 
RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™
 
Massachusetts data privacy rules v6.0
Massachusetts data privacy rules v6.0Massachusetts data privacy rules v6.0
Massachusetts data privacy rules v6.0
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
 
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
 
Unconventional Risks Presented by Synergy Assoc
Unconventional Risks Presented by Synergy AssocUnconventional Risks Presented by Synergy Assoc
Unconventional Risks Presented by Synergy Assoc
 
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachLegal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
 
Essay On Wireshark And Nmap Vulnerability Assessment Tools
Essay On Wireshark And Nmap Vulnerability Assessment ToolsEssay On Wireshark And Nmap Vulnerability Assessment Tools
Essay On Wireshark And Nmap Vulnerability Assessment Tools
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overview
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk Management
 

More from Wivenhoe Management Group

More from Wivenhoe Management Group (7)

Multi elementary school security case study. Preventing a "Newtown"
Multi elementary school security case study. Preventing a "Newtown"Multi elementary school security case study. Preventing a "Newtown"
Multi elementary school security case study. Preventing a "Newtown"
 
AWWA 2012 St Louis Security Presentation
AWWA 2012 St Louis Security PresentationAWWA 2012 St Louis Security Presentation
AWWA 2012 St Louis Security Presentation
 
AWWAWCEnv1102.009
AWWAWCEnv1102.009AWWAWCEnv1102.009
AWWAWCEnv1102.009
 
Security awareness exampletr(rev1)1011.015
Security awareness exampletr(rev1)1011.015Security awareness exampletr(rev1)1011.015
Security awareness exampletr(rev1)1011.015
 
Pa awwa2006 presentationrev1fin_feb
Pa awwa2006 presentationrev1fin_febPa awwa2006 presentationrev1fin_feb
Pa awwa2006 presentationrev1fin_feb
 
The New Security - Post "9/11"
The New Security - Post "9/11"The New Security - Post "9/11"
The New Security - Post "9/11"
 
Paawwa2008 Cpted(Version 6)Final
Paawwa2008 Cpted(Version 6)FinalPaawwa2008 Cpted(Version 6)Final
Paawwa2008 Cpted(Version 6)Final
 

Recently uploaded

RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIUdaiappa Ramachandran
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataSafe Software
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 

Recently uploaded (20)

RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 

Security vulnerability assessment & liability(li)

  • 2.
  • 3.
  • 4.
  • 5. AS A NATION THE US REMAINS AT ELEVATED THREAT LEVELS Current Prevailing Nationwide Threat Level: It was Raised to High around the Anniversary of Sept. 11
  • 6. CURRENT STATE OF SECURITY… OUTSIDER - PHYSICAL ATTACKS Type of Adversary Criminal Foreign State-Sponsored Terrorist Domestic Terrorist Environmental Extremist Vandals Threat Level Many users have historically protected at this level.
  • 7.
  • 8.
  • 9.
  • 10. CYBER DBT IS AMATEUR HACKER & INSIDER WITH OPERATIONAL PRIVILEGES Novice Amateur Hacker Organized Crime Government Sponsored Type of Cyber Terrorist Knowledge
  • 11.
  • 12.
  • 13.
  • 14. Client XXX Security Improvement Cost Estimate Sandia Methodology Approach Summary of Risk Reduction Solutions for Client XXX RISK REDUCTION SOLUTION CRITICAL ASSET DESCRIPTION ESTIMATED COST (1A) Control # X Relocate with New Housing $TBD (1B) Control # X Perimeter Security Improvements & Upgrades $600,000 (2A) Control # Y & I-XX/C-XX Culverts Perimeter Security Improvements $200,000 (2B) As Above Hardening Measures $190,000 (3A) WTP Facility Perimeter Security Improvements & Upgrade 1,240,000 (3B) As Above Perimeter Security Improvements & Upgrade 300,000 (3C) As Above Hardening Measures 1,060,000 TOTAL $3,590,000
  • 15. Client XXX Security Improvement Cost Estimate Deterrent Methodology Approach Summary of Risk Reduction Solutions for Client XXX RISK REDUCTION SOLUTION CRITICAL ASSET DESCRIPTION ESTIMATED COST (1A) Control # X Relocate with New Housing $TBD (1B) Control # X Perimeter Security Improvements & Upgrades $276,000 (2A) Control # Y & I-XX/C-XX Culverts Perimeter Security Improvements $105,400 (2B) As Above Hardening Measures N/A (3A) WTP Facility Perimeter Security Improvements & Upgrade $560,500 (3B) As Above Perimeter Security Improvements & Upgrade $192,000 (3C) As Above Hardening Measures $1,060,000 TOTAL REDUCTION OF 68.42% $1,133,900
  • 16. WHY IS AN SVA SO IMPORTANT?
  • 17.
  • 18.
  • 19.
  • 20. CRITICAL INFRASTRUCTURES SUPPORT COMMAND AND CONTROL
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.  
  • 44.
  • 45.
  • 46. QUESTIONS THAT CAN BE ANSWERED BY PROPER SECURITY DESIGN CRITERIA
  • 47.
  • 48.
  • 49.
  • 50.
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58. QUESTIONS www.wivenhoegroup.com Phone: 609-208-0112 E-mail: info@wivenhoegroup.com

Editor's Notes

  1. Notes:
  2. Notes:
  3. Notes:
  4. Notes:
  5. Notes:
  6. The wording of these questions will be improved
  7. This is just a slide indicating that I will be happy to answer any questions…