SlideShare ist ein Scribd-Unternehmen logo

U.S. Approach to Cybersecurity Governance

Gwanhoo Lee
Gwanhoo Lee

Presents U.S. Federal Cybersecurity Programs, the Cybersecurity Act (CSA) of 2015, NIST Framework for Improving Critical Infrastructure Cybersecurity, and Private Sector Best Practices in Cybersecurity Governance

Technologie
1 von 26
The U.S. Approach to Cybersecurity Governance Gwanhoo, Ph.D. Professor of IT Management Director, Kogod Cybersecurity Governance Center Kogod School of Business American University, Washington D.C. @gwanhoolee
Data Breach in the U.S. IRS (Internal Revenue Service) 100,000 tax accounts were breached. Stolen data include social security information, date of birth, and street address (February, 2015)
Largest Data Breach in U.S. Government Hackers stole personnel data including Social Security numbers for over 21 million U.S. federal employees from the Office of Personnel Management’s databases (June, 2015)
And the Panama Papers…. (April 2016) 11.5 million documents for 200K offshore companies
Increasing Sense of Crisis from the Leaders in USA
“Cybersecurity is not a technology issue but a business imperative” Dr. Reatha Clark King, Chair, National Association of Corporate Directors
U.S. Federal Cybersecurity Programs
The White House Initiatives • The Comprehensive National Cybersecurity Initiative (CNCI), 2008 • The National Initiative for Cybersecurity Education (NICE), 2008 • Presidential Policy Directive 21: Critical Infrastructure Security and Resilience, 2013 • Executive Order 13636: Improving Critical Infrastructure Cybersecurity, 2013 • Executive Order 13691: Promoting Private Sector Cybersecurity Information Sharing, 2015
Knowledge sharing is a key element of cybersecurity governance
Obama’s executive order promoting private sector cybersecurity information sharing (February 2015) • Encouraging private-sector cybersecurity collaboration • Enabling better private-public information sharing
THE CYBERSECURITY ACT (CSA) OF 2015
THE CYBERSECURITY ACT (CSA) OF 2015 • Signed into law on December 18, 2015 • Calls on public and private entities to share information relevant to cybersecurity • Four subsections: – Cybersecurity Information Sharing – Federal Cybersecurity Enhancement – Federal Cybersecurity Workforce Assessment – Other Cybersecurity Matters
THE CYBERSECURITY ACT (CSA) OF 2015 • Businesses have the option of participation • DHS is designated as the consolidator of cyber threat information – cyber threat indicators & cyber defensive measures • Information shared must be sanitized of customer and company employee personal identifiable information
THE CYBERSECURITY ACT (CSA) OF 2015 • The government can share a company’s cyber threat indicators (if volunteered) with federal agencies and non-federal entities • Companies are granted immunity if they are compliant in data sharing policies – Protections from liability, non-waiver of privilege, protections from FOIA disclosure
CSA 2015: Corporate Governance Implications The legislation Intent Governance Implications Participation is optional To encourage the private sector to participate without the mandates from the government. Need to understand the pros and cons of voluntary participation. Need to discover what this means for their company in terms of whether to report, when to report, and whether to report anonymously Authorizes companies to monitor cyber threat information Permission to create a more “active” monitoring environment inside of companies. Need guidance as to the level of monitoring outside of its own firewalls. Need to set parameters to concepts like “pro-active defense.”
CSA 2015: Corporate Governance Implications The legislation Intent Governance Implications The government can share a company’s cyber threat indicators with federal agencies and non-federal entities To increase the ability for the government (DHS) to share anonymous information with other agencies Need to understand the risks and benefits of becoming a cooperative partner with the federal government. Boards will have to collaborate with the cyber management team. Authorizes knowledge distribution to federal agencies To get a big picture view of how bad actors are organizing and behaving. Need to understand the trends related to the larger cyber picture for their company.
CSA 2015: Corporate Governance Implications The legislation Intent Governance Implications Immunity is granted if compliant in the private entities’ data sharing Private sector can be released of liability when reporting compromises systematically. Need to understand that the process of information sharing under CSA of 2015 is still in its infancy. The intent is still resting on fragile interpretations. The government will be required to create a portal for information sharing with the limited purposes The government wants to make it easy for a company to share its information, ultimately in automated exchanges. Need to understand pros and cons of directly interacting with federal agencies in this fashion as it has potential risks.
NIST (National Institute of Standards and Technology) Framework for Improving Critical Infrastructure Cybersecurity • Released on February 12, 2014 • In response to the U.S. President’s Executive Order 13636 (February 12, 2013) • Assembles standards, guidelines, and best practices in industry today • References global standards such as ISO/IEC 27001, ISA 62443, COBIT 5
NIST Cybersecurity Framework • Provides a common taxonomy and mechanism for organizations to: 1) Describe their current cybersecurity posture; 2) Describe their target state for cybersecurity; 3) Identify and prioritize opportunities for improvement; 4) Assess progress toward the target state; 5) Communicate among internal and external stakeholders about cybersecurity risk.
NIST Cybersecurity Framework • Risk-based approach • Voluntary adoption • Three parts: – Core – Implementation Tiers – Profile
NIST Cybersecurity Framework: Core Function  Category  Subcategory  References
NIST Cybersecurity Framework: Tiers Tier 1 – Partial Tier 2 – Risk- informed Tier 3 – Risk- informed & repeatable Tier 4 – Adaptive
NIST Cybersecurity Framework: Profile
Private Sector Best Practices: Discovery Communications • Educate the workforce • Frequent renewal of administrative credentials (every 10 hours) • Multi-factor authentication (e.g. message to cell) • Monitor outbound traffic • Network segmentation • Explore cyber insurance
Cybersecurity Assessment Framework: Discovery Communications
Cyber-Risk Oversight Principles for Corporate Boards (National Association of Corporate Board) • Cybersecurity is an enterprise-wide risk management issue • Understand the legal implications of cyber risks • Access to Cybersecurity expertise (CIO & CISO) • Enterprise-wide cyber-risk management program with adequate staffing & budget using NIST framework • Identify risks to avoid, accept, mitigate and transfer via insurance

Empfohlen

Mobile health plaform strategy
Mobile health plaform strategyMobile health plaform strategy
Mobile health plaform strategyGwanhoo Lee
 
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...Procurement & Government Contracting Compliance (Series: Corporate & Regulato...
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...Financial Poise
 
LAK16 privacy and analytics (2016)
LAK16 privacy and analytics (2016)LAK16 privacy and analytics (2016)
LAK16 privacy and analytics (2016)Wolfgang Greller
 
BCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government NeedsBCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government NeedsDuane Blackburn
 
8 Questions for 2016 Federal Cybersecurity National Action Plan (CNAP)
8 Questions for 2016 Federal Cybersecurity National Action Plan (CNAP) 8 Questions for 2016 Federal Cybersecurity National Action Plan (CNAP)
8 Questions for 2016 Federal Cybersecurity National Action Plan (CNAP) Evolver Inc.
 
S719a
S719aS719a
S719aecommerce
 
Assessing Risk: How Organizations Can Proactively Manage Privacy Risk
Assessing Risk: How Organizations Can Proactively Manage Privacy RiskAssessing Risk: How Organizations Can Proactively Manage Privacy Risk
Assessing Risk: How Organizations Can Proactively Manage Privacy RiskTrustArc
 
Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)
Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)
Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)Alejandro Barros
 

Empfohlen

Mobile health plaform strategy
Mobile health plaform strategyMobile health plaform strategy
Mobile health plaform strategyGwanhoo Lee
 
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...Procurement & Government Contracting Compliance (Series: Corporate & Regulato...
Procurement & Government Contracting Compliance (Series: Corporate & Regulato...Financial Poise
 
LAK16 privacy and analytics (2016)
LAK16 privacy and analytics (2016)LAK16 privacy and analytics (2016)
LAK16 privacy and analytics (2016)Wolfgang Greller
 
BCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government NeedsBCC (2012): Federal Panel Identifying Future Government Needs
BCC (2012): Federal Panel Identifying Future Government NeedsDuane Blackburn
 
8 Questions for 2016 Federal Cybersecurity National Action Plan (CNAP)
8 Questions for 2016 Federal Cybersecurity National Action Plan (CNAP) 8 Questions for 2016 Federal Cybersecurity National Action Plan (CNAP)
8 Questions for 2016 Federal Cybersecurity National Action Plan (CNAP) Evolver Inc.
 
S719a
S719aS719a
S719aecommerce
 
Assessing Risk: How Organizations Can Proactively Manage Privacy Risk
Assessing Risk: How Organizations Can Proactively Manage Privacy RiskAssessing Risk: How Organizations Can Proactively Manage Privacy Risk
Assessing Risk: How Organizations Can Proactively Manage Privacy RiskTrustArc
 
Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)
Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)
Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)Alejandro Barros
 
Non-Price Effects of Mergers – LYNSKEY – June 2018 OECD discussion
Non-Price Effects of Mergers – LYNSKEY – June 2018 OECD discussionNon-Price Effects of Mergers – LYNSKEY – June 2018 OECD discussion
Non-Price Effects of Mergers – LYNSKEY – June 2018 OECD discussionOECD Directorate for Financial and Enterprise Affairs
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsUlf Mattsson
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer PrivacyAshish Jain
 
5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for YouTrustArc
 
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...IDC4EU
 
Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? N-iX
 
Legal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology RiskLegal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology RiskWilliam Gamble
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
 
Regulating Access to Information - Alex Parsons, mySociety (UK)
Regulating Access to Information - Alex Parsons, mySociety (UK)Regulating Access to Information - Alex Parsons, mySociety (UK)
Regulating Access to Information - Alex Parsons, mySociety (UK)mysociety
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesMeg Weber
 
Data Portability and Interoperability –GAL – June 2021 OECD discussion
Data Portability and Interoperability –GAL – June 2021 OECD discussionData Portability and Interoperability –GAL – June 2021 OECD discussion
Data Portability and Interoperability –GAL – June 2021 OECD discussionOECD Directorate for Financial and Enterprise Affairs
 
Working with law enforcement
Working with law enforcementWorking with law enforcement
Working with law enforcementMeg Weber
 
CBIZ Banking & Financial Services Hot Topics - January 2018
CBIZ Banking & Financial Services Hot Topics - January 2018CBIZ Banking & Financial Services Hot Topics - January 2018
CBIZ Banking & Financial Services Hot Topics - January 2018CBIZ, Inc.
 
Value for money meets value for many: open contracting and civic participatio...
Value for money meets value for many: open contracting and civic participatio...Value for money meets value for many: open contracting and civic participatio...
Value for money meets value for many: open contracting and civic participatio...mysociety
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsJon Bosco
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
 
Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security Richik Sarkar
 
Cloud primer
Cloud primerCloud primer
Cloud primerZeno Idzerda
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data PrivacyWilmerHale
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age padler01
 
When Tech Giants Take Control
When Tech Giants Take ControlWhen Tech Giants Take Control
When Tech Giants Take ControlHEC Paris
 
Governance - how does information & security drive your architecture
Governance - how does information & security drive your architectureGovernance - how does information & security drive your architecture
Governance - how does information & security drive your architectureRandy Williams
 

Weitere ähnliche Inhalte

Was ist angesagt?

GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsUlf Mattsson
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer PrivacyAshish Jain
 
5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for YouTrustArc
 
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...IDC4EU
 
Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? N-iX
 
Legal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology RiskLegal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology RiskWilliam Gamble
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
 
Regulating Access to Information - Alex Parsons, mySociety (UK)
Regulating Access to Information - Alex Parsons, mySociety (UK)Regulating Access to Information - Alex Parsons, mySociety (UK)
Regulating Access to Information - Alex Parsons, mySociety (UK)mysociety
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesMeg Weber
 
Working with law enforcement
Working with law enforcementWorking with law enforcement
Working with law enforcementMeg Weber
 
CBIZ Banking & Financial Services Hot Topics - January 2018
CBIZ Banking & Financial Services Hot Topics - January 2018CBIZ Banking & Financial Services Hot Topics - January 2018
CBIZ Banking & Financial Services Hot Topics - January 2018CBIZ, Inc.
 
Value for money meets value for many: open contracting and civic participatio...
Value for money meets value for many: open contracting and civic participatio...Value for money meets value for many: open contracting and civic participatio...
Value for money meets value for many: open contracting and civic participatio...mysociety
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsJon Bosco
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
 
Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security Richik Sarkar
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data PrivacyWilmerHale
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age padler01
 

Was ist angesagt? (20)

Non-Price Effects of Mergers – LYNSKEY – June 2018 OECD discussion
Non-Price Effects of Mergers – LYNSKEY – June 2018 OECD discussionNon-Price Effects of Mergers – LYNSKEY – June 2018 OECD discussion
Non-Price Effects of Mergers – LYNSKEY – June 2018 OECD discussion
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer Privacy
 
5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You
 
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
 
Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing?
 
Legal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology RiskLegal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology Risk
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
 
Regulating Access to Information - Alex Parsons, mySociety (UK)
Regulating Access to Information - Alex Parsons, mySociety (UK)Regulating Access to Information - Alex Parsons, mySociety (UK)
Regulating Access to Information - Alex Parsons, mySociety (UK)
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security Strategies
 
Data Portability and Interoperability –GAL – June 2021 OECD discussion
Data Portability and Interoperability –GAL – June 2021 OECD discussionData Portability and Interoperability –GAL – June 2021 OECD discussion
Data Portability and Interoperability –GAL – June 2021 OECD discussion
 
Working with law enforcement
Working with law enforcementWorking with law enforcement
Working with law enforcement
 
CBIZ Banking & Financial Services Hot Topics - January 2018
CBIZ Banking & Financial Services Hot Topics - January 2018CBIZ Banking & Financial Services Hot Topics - January 2018
CBIZ Banking & Financial Services Hot Topics - January 2018
 
Value for money meets value for many: open contracting and civic participatio...
Value for money meets value for many: open contracting and civic participatio...Value for money meets value for many: open contracting and civic participatio...
Value for money meets value for many: open contracting and civic participatio...
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity Regulations
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
 
Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security
 
Cloud primer
Cloud primerCloud primer
Cloud primer
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data Privacy
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
 

Andere mochten auch

When Tech Giants Take Control
When Tech Giants Take ControlWhen Tech Giants Take Control
When Tech Giants Take ControlHEC Paris
 
Governance - how does information & security drive your architecture
Governance - how does information & security drive your architectureGovernance - how does information & security drive your architecture
Governance - how does information & security drive your architectureRandy Williams
 
Introduction to cyber security by cyber security infotech (csi)
Introduction to cyber security by cyber security infotech (csi)Introduction to cyber security by cyber security infotech (csi)
Introduction to cyber security by cyber security infotech (csi)Cyber Security Infotech
 
What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?IT Governance Ltd
 
DocomUSA Cyber Security
DocomUSA Cyber SecurityDocomUSA Cyber Security
DocomUSA Cyber Securitydocomusa
 
Cybersecurity Guide for the State of Washington Critical Infrastructure_9_2015
Cybersecurity Guide for the State of Washington Critical Infrastructure_9_2015Cybersecurity Guide for the State of Washington Critical Infrastructure_9_2015
Cybersecurity Guide for the State of Washington Critical Infrastructure_9_2015tmuehleisen
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2Kyle Lai
 
Hacking Critical Infrastructure Like You’re Not a N00b
Hacking Critical Infrastructure Like You’re Not a N00bHacking Critical Infrastructure Like You’re Not a N00b
Hacking Critical Infrastructure Like You’re Not a N00bPriyanka Aash
 
VIVA LA COMPLEJIDAD ! BIG DATA Y TECNOLOGÍA : ELEFANTES EN CIUDADES DE PORCE...
VIVA LA COMPLEJIDAD ! BIG DATA Y TECNOLOGÍA : ELEFANTES EN CIUDADES DE PORCE...VIVA LA COMPLEJIDAD ! BIG DATA Y TECNOLOGÍA : ELEFANTES EN CIUDADES DE PORCE...
VIVA LA COMPLEJIDAD ! BIG DATA Y TECNOLOGÍA : ELEFANTES EN CIUDADES DE PORCE...Carlos Moreno
 
Cybersecurity: Critical Infrastructure Threats from Main Street to Wall Street
Cybersecurity: Critical Infrastructure Threats from Main Street to Wall StreetCybersecurity: Critical Infrastructure Threats from Main Street to Wall Street
Cybersecurity: Critical Infrastructure Threats from Main Street to Wall StreetJuniper Networks
 
Critical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation SectorCritical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation SectorEuropean Services Institute
 
City Infrastructure Cybersecurity
City Infrastructure CybersecurityCity Infrastructure Cybersecurity
City Infrastructure CybersecurityLogitek Solutions
 
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropeIndustrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropePositive Hack Days
 
Symantec 2010 Critical Infrastructure Protection Study
Symantec 2010 Critical Infrastructure Protection StudySymantec 2010 Critical Infrastructure Protection Study
Symantec 2010 Critical Infrastructure Protection StudySymantec
 
Cybersecurity Critical Infrastructure Framework Course Textbook and the class...
Cybersecurity Critical Infrastructure Framework Course Textbook and the class...Cybersecurity Critical Infrastructure Framework Course Textbook and the class...
Cybersecurity Critical Infrastructure Framework Course Textbook and the class...AVEVA
 
Network security and policies
Network security and policiesNetwork security and policies
Network security and policieswardjo
 

Andere mochten auch (20)

When Tech Giants Take Control
When Tech Giants Take ControlWhen Tech Giants Take Control
When Tech Giants Take Control
 
Governance - how does information & security drive your architecture
Governance - how does information & security drive your architectureGovernance - how does information & security drive your architecture
Governance - how does information & security drive your architecture
 
Introduction to cyber security by cyber security infotech (csi)
Introduction to cyber security by cyber security infotech (csi)Introduction to cyber security by cyber security infotech (csi)
Introduction to cyber security by cyber security infotech (csi)
 
What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?
 
DocomUSA Cyber Security
DocomUSA Cyber SecurityDocomUSA Cyber Security
DocomUSA Cyber Security
 
Cybersecurity Guide for the State of Washington Critical Infrastructure_9_2015
Cybersecurity Guide for the State of Washington Critical Infrastructure_9_2015Cybersecurity Guide for the State of Washington Critical Infrastructure_9_2015
Cybersecurity Guide for the State of Washington Critical Infrastructure_9_2015
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
 
Hacking Critical Infrastructure Like You’re Not a N00b
Hacking Critical Infrastructure Like You’re Not a N00bHacking Critical Infrastructure Like You’re Not a N00b
Hacking Critical Infrastructure Like You’re Not a N00b
 
Data Driven Cybersecurity Governance
Data Driven Cybersecurity GovernanceData Driven Cybersecurity Governance
Data Driven Cybersecurity Governance
 
VIVA LA COMPLEJIDAD ! BIG DATA Y TECNOLOGÍA : ELEFANTES EN CIUDADES DE PORCE...
VIVA LA COMPLEJIDAD ! BIG DATA Y TECNOLOGÍA : ELEFANTES EN CIUDADES DE PORCE...VIVA LA COMPLEJIDAD ! BIG DATA Y TECNOLOGÍA : ELEFANTES EN CIUDADES DE PORCE...
VIVA LA COMPLEJIDAD ! BIG DATA Y TECNOLOGÍA : ELEFANTES EN CIUDADES DE PORCE...
 
Cybersecurity: Critical Infrastructure Threats from Main Street to Wall Street
Cybersecurity: Critical Infrastructure Threats from Main Street to Wall StreetCybersecurity: Critical Infrastructure Threats from Main Street to Wall Street
Cybersecurity: Critical Infrastructure Threats from Main Street to Wall Street
 
Presentation
Presentation Presentation
Presentation
 
Critical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation SectorCritical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation Sector
 
City Infrastructure Cybersecurity
City Infrastructure CybersecurityCity Infrastructure Cybersecurity
City Infrastructure Cybersecurity
 
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropeIndustrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
 
Symantec 2010 Critical Infrastructure Protection Study
Symantec 2010 Critical Infrastructure Protection StudySymantec 2010 Critical Infrastructure Protection Study
Symantec 2010 Critical Infrastructure Protection Study
 
Cybersecurity Critical Infrastructure Framework Course Textbook and the class...
Cybersecurity Critical Infrastructure Framework Course Textbook and the class...Cybersecurity Critical Infrastructure Framework Course Textbook and the class...
Cybersecurity Critical Infrastructure Framework Course Textbook and the class...
 
Critical infrastructure
Critical infrastructureCritical infrastructure
Critical infrastructure
 
Bio Daniel Donatelli
Bio Daniel DonatelliBio Daniel Donatelli
Bio Daniel Donatelli
 
Network security and policies
Network security and policiesNetwork security and policies
Network security and policies
 

Ähnlich wie U.S. Approach to Cybersecurity Governance

7 Steps to Better Cybersecurity Hygiene
7 Steps to Better Cybersecurity Hygiene 7 Steps to Better Cybersecurity Hygiene
7 Steps to Better Cybersecurity Hygiene Microsoft
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelPaul Di Gangi
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software developmentMuhammadArif823
 
Cyber Security Agenda for 45th President
Cyber Security Agenda for 45th PresidentCyber Security Agenda for 45th President
Cyber Security Agenda for 45th PresidentInternet Law Center
 
2. IntroductionYou are employed with Government Security Consu.docx
2. IntroductionYou are employed with Government Security Consu.docx2. IntroductionYou are employed with Government Security Consu.docx
2. IntroductionYou are employed with Government Security Consu.docxstandfordabbot
 
1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx
1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx
1.    TitleIT Security Risk Assessment2.    IntroductionYo.docxcroysierkathey
 
The Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityThe Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityMarkLogic
 
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...Cohesive Networks
 
Ac breaking cyber-sharinglogjam_web
Ac breaking cyber-sharinglogjam_webAc breaking cyber-sharinglogjam_web
Ac breaking cyber-sharinglogjam_webatlanticcouncil
 
The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurityMark Albala
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things NetIQ
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planCameron Forbes Over
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planCameron Forbes Over
 
Identity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaIdentity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaLizbethQuinonez813
 
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docxhyacinthshackley2629
 
The top trends changing the landscape of Information Management
The top trends changing the landscape of Information ManagementThe top trends changing the landscape of Information Management
The top trends changing the landscape of Information ManagementVelrada
 
1. Sean WroteThe first and most critical success factor is effe.docx
1. Sean WroteThe first and most critical success factor is effe.docx1. Sean WroteThe first and most critical success factor is effe.docx
1. Sean WroteThe first and most critical success factor is effe.docxjackiewalcutt
 
Cyber capability brochureCybersecurity Today A fresh l.docx
Cyber capability brochureCybersecurity Today A fresh l.docxCyber capability brochureCybersecurity Today A fresh l.docx
Cyber capability brochureCybersecurity Today A fresh l.docxfaithxdunce63732
 
Dealing Data Leaks: Creating Your Data Breach Response Plan
Dealing Data Leaks: Creating Your Data Breach Response PlanDealing Data Leaks: Creating Your Data Breach Response Plan
Dealing Data Leaks: Creating Your Data Breach Response Planbenefitexpress
 
The Cybersecurity Executive Order
The Cybersecurity Executive OrderThe Cybersecurity Executive Order
The Cybersecurity Executive OrderBooz Allen Hamilton
 

Ähnlich wie U.S. Approach to Cybersecurity Governance (20)

7 Steps to Better Cybersecurity Hygiene
7 Steps to Better Cybersecurity Hygiene 7 Steps to Better Cybersecurity Hygiene
7 Steps to Better Cybersecurity Hygiene
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework Panel
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software development
 
Cyber Security Agenda for 45th President
Cyber Security Agenda for 45th PresidentCyber Security Agenda for 45th President
Cyber Security Agenda for 45th President
 
2. IntroductionYou are employed with Government Security Consu.docx
2. IntroductionYou are employed with Government Security Consu.docx2. IntroductionYou are employed with Government Security Consu.docx
2. IntroductionYou are employed with Government Security Consu.docx
 
1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx
1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx
1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx
 
The Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityThe Three Pitfalls of Data Security
The Three Pitfalls of Data Security
 
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
 
Ac breaking cyber-sharinglogjam_web
Ac breaking cyber-sharinglogjam_webAc breaking cyber-sharinglogjam_web
Ac breaking cyber-sharinglogjam_web
 
The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurity
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit plan
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit plan
 
Identity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaIdentity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expa
 
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
 
The top trends changing the landscape of Information Management
The top trends changing the landscape of Information ManagementThe top trends changing the landscape of Information Management
The top trends changing the landscape of Information Management
 
1. Sean WroteThe first and most critical success factor is effe.docx
1. Sean WroteThe first and most critical success factor is effe.docx1. Sean WroteThe first and most critical success factor is effe.docx
1. Sean WroteThe first and most critical success factor is effe.docx
 
Cyber capability brochureCybersecurity Today A fresh l.docx
Cyber capability brochureCybersecurity Today A fresh l.docxCyber capability brochureCybersecurity Today A fresh l.docx
Cyber capability brochureCybersecurity Today A fresh l.docx
 
Dealing Data Leaks: Creating Your Data Breach Response Plan
Dealing Data Leaks: Creating Your Data Breach Response PlanDealing Data Leaks: Creating Your Data Breach Response Plan
Dealing Data Leaks: Creating Your Data Breach Response Plan
 
The Cybersecurity Executive Order
The Cybersecurity Executive OrderThe Cybersecurity Executive Order
The Cybersecurity Executive Order
 

Kürzlich hochgeladen

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 

Kürzlich hochgeladen (20)

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 

U.S. Approach to Cybersecurity Governance

  • 1. The U.S. Approach to Cybersecurity Governance Gwanhoo, Ph.D. Professor of IT Management Director, Kogod Cybersecurity Governance Center Kogod School of Business American University, Washington D.C. @gwanhoolee
  • 2. Data Breach in the U.S. IRS (Internal Revenue Service) 100,000 tax accounts were breached. Stolen data include social security information, date of birth, and street address (February, 2015)
  • 3. Largest Data Breach in U.S. Government Hackers stole personnel data including Social Security numbers for over 21 million U.S. federal employees from the Office of Personnel Management’s databases (June, 2015)
  • 4. And the Panama Papers…. (April 2016) 11.5 million documents for 200K offshore companies
  • 5. Increasing Sense of Crisis from the Leaders in USA
  • 6. “Cybersecurity is not a technology issue but a business imperative” Dr. Reatha Clark King, Chair, National Association of Corporate Directors
  • 8. The White House Initiatives • The Comprehensive National Cybersecurity Initiative (CNCI), 2008 • The National Initiative for Cybersecurity Education (NICE), 2008 • Presidential Policy Directive 21: Critical Infrastructure Security and Resilience, 2013 • Executive Order 13636: Improving Critical Infrastructure Cybersecurity, 2013 • Executive Order 13691: Promoting Private Sector Cybersecurity Information Sharing, 2015
  • 9. Knowledge sharing is a key element of cybersecurity governance
  • 10. Obama’s executive order promoting private sector cybersecurity information sharing (February 2015) • Encouraging private-sector cybersecurity collaboration • Enabling better private-public information sharing
  • 11. THE CYBERSECURITY ACT (CSA) OF 2015
  • 12. THE CYBERSECURITY ACT (CSA) OF 2015 • Signed into law on December 18, 2015 • Calls on public and private entities to share information relevant to cybersecurity • Four subsections: – Cybersecurity Information Sharing – Federal Cybersecurity Enhancement – Federal Cybersecurity Workforce Assessment – Other Cybersecurity Matters
  • 13. THE CYBERSECURITY ACT (CSA) OF 2015 • Businesses have the option of participation • DHS is designated as the consolidator of cyber threat information – cyber threat indicators & cyber defensive measures • Information shared must be sanitized of customer and company employee personal identifiable information
  • 14. THE CYBERSECURITY ACT (CSA) OF 2015 • The government can share a company’s cyber threat indicators (if volunteered) with federal agencies and non-federal entities • Companies are granted immunity if they are compliant in data sharing policies – Protections from liability, non-waiver of privilege, protections from FOIA disclosure
  • 15. CSA 2015: Corporate Governance Implications The legislation Intent Governance Implications Participation is optional To encourage the private sector to participate without the mandates from the government. Need to understand the pros and cons of voluntary participation. Need to discover what this means for their company in terms of whether to report, when to report, and whether to report anonymously Authorizes companies to monitor cyber threat information Permission to create a more “active” monitoring environment inside of companies. Need guidance as to the level of monitoring outside of its own firewalls. Need to set parameters to concepts like “pro-active defense.”
  • 16. CSA 2015: Corporate Governance Implications The legislation Intent Governance Implications The government can share a company’s cyber threat indicators with federal agencies and non-federal entities To increase the ability for the government (DHS) to share anonymous information with other agencies Need to understand the risks and benefits of becoming a cooperative partner with the federal government. Boards will have to collaborate with the cyber management team. Authorizes knowledge distribution to federal agencies To get a big picture view of how bad actors are organizing and behaving. Need to understand the trends related to the larger cyber picture for their company.
  • 17. CSA 2015: Corporate Governance Implications The legislation Intent Governance Implications Immunity is granted if compliant in the private entities’ data sharing Private sector can be released of liability when reporting compromises systematically. Need to understand that the process of information sharing under CSA of 2015 is still in its infancy. The intent is still resting on fragile interpretations. The government will be required to create a portal for information sharing with the limited purposes The government wants to make it easy for a company to share its information, ultimately in automated exchanges. Need to understand pros and cons of directly interacting with federal agencies in this fashion as it has potential risks.
  • 18. NIST (National Institute of Standards and Technology) Framework for Improving Critical Infrastructure Cybersecurity • Released on February 12, 2014 • In response to the U.S. President’s Executive Order 13636 (February 12, 2013) • Assembles standards, guidelines, and best practices in industry today • References global standards such as ISO/IEC 27001, ISA 62443, COBIT 5
  • 19. NIST Cybersecurity Framework • Provides a common taxonomy and mechanism for organizations to: 1) Describe their current cybersecurity posture; 2) Describe their target state for cybersecurity; 3) Identify and prioritize opportunities for improvement; 4) Assess progress toward the target state; 5) Communicate among internal and external stakeholders about cybersecurity risk.
  • 20. NIST Cybersecurity Framework • Risk-based approach • Voluntary adoption • Three parts: – Core – Implementation Tiers – Profile
  • 21. NIST Cybersecurity Framework: Core Function  Category  Subcategory  References
  • 22. NIST Cybersecurity Framework: Tiers Tier 1 – Partial Tier 2 – Risk- informed Tier 3 – Risk- informed & repeatable Tier 4 – Adaptive
  • 24. Private Sector Best Practices: Discovery Communications • Educate the workforce • Frequent renewal of administrative credentials (every 10 hours) • Multi-factor authentication (e.g. message to cell) • Monitor outbound traffic • Network segmentation • Explore cyber insurance
  • 26. Cyber-Risk Oversight Principles for Corporate Boards (National Association of Corporate Board) • Cybersecurity is an enterprise-wide risk management issue • Understand the legal implications of cyber risks • Access to Cybersecurity expertise (CIO & CISO) • Enterprise-wide cyber-risk management program with adequate staffing & budget using NIST framework • Identify risks to avoid, accept, mitigate and transfer via insurance