Helen Patton - Cross-Industry Collaboration
-
Upload
centralohioissa -
Category
Technology
-
view
762 -
download
1
Transcript of Helen Patton - Cross-Industry Collaboration
![Page 1: Helen Patton - Cross-Industry Collaboration](https://reader035.fdocuments.us/reader035/viewer/2022070523/58edc1581a28abae538b4645/html5/thumbnails/1.jpg)
Cross Industry CollaborationHelen Patton
Chief Information Security OfficerThe Ohio State University
![Page 2: Helen Patton - Cross-Industry Collaboration](https://reader035.fdocuments.us/reader035/viewer/2022070523/58edc1581a28abae538b4645/html5/thumbnails/2.jpg)
2
• What’s Happening in Higher Ed Security?
• Research Data of Interest
• What It Means for Security Teams
Today We Will Discuss:“If you really want to do something, you’ll find a
way. If you don’t, you’ll find an excuse”
- Jim Rohn, American Entrepreneur
![Page 3: Helen Patton - Cross-Industry Collaboration](https://reader035.fdocuments.us/reader035/viewer/2022070523/58edc1581a28abae538b4645/html5/thumbnails/3.jpg)
3
Agenda• What is Cross Industry Collaboration?
• What do they have in common?
• What problems are not yet being addressed?
![Page 4: Helen Patton - Cross-Industry Collaboration](https://reader035.fdocuments.us/reader035/viewer/2022070523/58edc1581a28abae538b4645/html5/thumbnails/4.jpg)
4
What is Cross-Industry Collaboration?• ISACs: Information Sharing Analysis Centers
• Physical and Cyber threats, vulnerabilities and events
• Two-way sharing between private and public sector
• Organized by Industry
• REACTIVE
![Page 5: Helen Patton - Cross-Industry Collaboration](https://reader035.fdocuments.us/reader035/viewer/2022070523/58edc1581a28abae538b4645/html5/thumbnails/5.jpg)
5
What is Cross-Industry Collaboration?• Cyber Vendor Collaboration
• e.g. Coordinated Malware Eradication Program (CME) – Operation SMN
• Goal: “ To remediate the adverse impact of professional cyber espionage groups”
• Novetta, Cisco, FireEye, Tenable, Microsoft, Symantec, etc. – Private Sector Only
• Technology Driven – Focus on Malware
• PROACTIVE
![Page 6: Helen Patton - Cross-Industry Collaboration](https://reader035.fdocuments.us/reader035/viewer/2022070523/58edc1581a28abae538b4645/html5/thumbnails/6.jpg)
6
What is Cross-Industry Collaboration?• Federal/Military and Industry
• e.g. NIST Cyber Center of Excellence
• e.g. DHS Cyber Information Sharing and Collaboration Platform (CISCP)
• Often includes Academic research
• Mostly REACTIVE, some PROACTIVE
![Page 7: Helen Patton - Cross-Industry Collaboration](https://reader035.fdocuments.us/reader035/viewer/2022070523/58edc1581a28abae538b4645/html5/thumbnails/7.jpg)
7
What is Cross-Industry Collaboration?• Columbus Collaboratory
• Cyber Security and Data Analytics
![Page 8: Helen Patton - Cross-Industry Collaboration](https://reader035.fdocuments.us/reader035/viewer/2022070523/58edc1581a28abae538b4645/html5/thumbnails/8.jpg)
8
What Do They Have In Common?• Technology Driven
• Threat Focused
• Some Research Backing
• Not solving biggest problems (yet)
![Page 9: Helen Patton - Cross-Industry Collaboration](https://reader035.fdocuments.us/reader035/viewer/2022070523/58edc1581a28abae538b4645/html5/thumbnails/9.jpg)
9
Other Issues For ConsiderationTalent
Development, Recruitment
and Retention
Security Assessment
Results
Board Cyber Expertise and
Buy InBuilding Trust (in Contracts)
![Page 10: Helen Patton - Cross-Industry Collaboration](https://reader035.fdocuments.us/reader035/viewer/2022070523/58edc1581a28abae538b4645/html5/thumbnails/10.jpg)
10
Talent Acquisition and RetentionAvailable Now:
• ISSA and others
• Diversity Groups and Job Sites
• Internship programs with Colleges and Universities
Scarce/Non-Existent:
• Encourage HR groups to collaborate on Cyber issues
• Are you willing to sponsor sessions to help HR professionals learn??
![Page 11: Helen Patton - Cross-Industry Collaboration](https://reader035.fdocuments.us/reader035/viewer/2022070523/58edc1581a28abae538b4645/html5/thumbnails/11.jpg)
11
Board Cyber Experience and Buy InAvailable Now
• Opportunities to serve on Boards – Volunteer today!
• Individual company Board training events – are you engaged?
Scarce/Non-Existent
• Partnering with Board Recruitment Firms to help them tap into Cyber community to find and train Board Candidates
![Page 12: Helen Patton - Cross-Industry Collaboration](https://reader035.fdocuments.us/reader035/viewer/2022070523/58edc1581a28abae538b4645/html5/thumbnails/12.jpg)
12
Security Assessment ResultsAvailable Now
• Vendors offering cloud assessments based on external/public data reporting
• Large Company SSAE16/other audit reports
• $$
Scarce/Non-Existent
• Sharing assessment results with your supply train or industry partners, so assessments don’t have to be duplicated
![Page 13: Helen Patton - Cross-Industry Collaboration](https://reader035.fdocuments.us/reader035/viewer/2022070523/58edc1581a28abae538b4645/html5/thumbnails/13.jpg)
13
Contract TrustAvailable Now
• ISAC data sharing
Scarce/Non-Existent
• Training of legal community and business to allow information sharing between business partners without implying liability
![Page 14: Helen Patton - Cross-Industry Collaboration](https://reader035.fdocuments.us/reader035/viewer/2022070523/58edc1581a28abae538b4645/html5/thumbnails/14.jpg)
14
• What’s Happening in Higher Ed Security?
• Research Data of Interest
• What It Means for Security Teams
Today We Will Discuss:
Thank You!
[email protected]@OSUCISOHelen