Women in Cybersecurity_InfraGard Cybersecurity Symposium_11.17.2015
-
Upload
connie-vaughn -
Category
Documents
-
view
72 -
download
3
Transcript of Women in Cybersecurity_InfraGard Cybersecurity Symposium_11.17.2015
“Bringing You the Science in Security”
Piece of (i) Proprietary – Do Not Distribute
Women in Cybersecurity Panel
Connie [email protected]
916-472-5614
InfraGard11th Annual Security Symposium
November 17, 2015Rancho Cordova, California
Piece of (i) Security Solutions
Piece of (i) Proprietary – Do Not Distribute
Outline
• Define the Terms used for Vulnerability and Risk Assessments
• Discuss Analysis Approaches• Discuss Future Threats and Challenges• References• Question & Answers
2
Piece of (i) Proprietary – Do Not Distribute
Definitions
• Vulnerability Assessment– A systematic evaluation process in which qualitative
and/or quantitative techniques are applied to detect vulnerabilities and to arrive at an effectiveness level for a security system to protect specific targets from specific adversaries and their acts
3
Piece of (i) Proprietary – Do Not Distribute
Definitions (cont’d)
• Risk Assessment– A process of analyzing threats and vulnerabilities of a
facility, determining the potential for losses, and identifying cost-effective corrective measures and residual risk
4
Piece of (i) Proprietary – Do Not Distribute
Physical and Cyber Consequences
8
Physical Attack Cyber Attack
Piece of (i) Proprietary – Do Not Distribute
“The Science in Security”
10
R = PA * [ 1 – PE ] * CR = PA * [ 1 – PE ] * C
Frequency of EventFrequency of Event Impact of EventImpact of Event
Security Risk
Probability ofAdversary Success
Probability of NeutralizationProbability of Neutralization
PNPNProbability of InterruptionProbability of Interruption
PIPI
Probability “Options to Mitigate” will Prevent EventProbability “Options to Mitigate” will Prevent Event
What Your System Can DoAnd More Importantly
What Your System Can Not Do!
Piece of (i) Proprietary – Do Not Distribute
Adversary Task Time
T0T0
Detection
Alarm
Assessed
TATA
Response
Adversary
Interrup
ted
TITI
System Delay
PPS Time Required
Begin Action Task Complete
Adversary Task Time
FirstSystemAlarm
TCTCTime
DelayDelay
11
Piece of (i) Proprietary – Do Not Distribute
Recent Physical Security Examples
• Man Enters White House• Two NY Prisoners Escape• El Chapo Prison Escape• Smugglers Tried Selling Nuclear Material to
ISIS• London Jewelry Theft• Pedophiles Finding a Safe Haven on the Dark
Net• Russian Plane Bombing• Unmanned Aircraft Systems (UAS) Events
(airports, fire zones, White House, etc.)
15
Piece of (i) Proprietary – Do Not Distribute
Key Steps
• Establish a team• Define or characterize objectives of PPS• Analyze PPS• Redesign if necessary• Conduct performance tests• Determine risk level
16
Piece of (i) Proprietary – Do Not Distribute
Security Management• Who has the Chief Security Officer Responsibilities
– Devise policies and procedures• Loss & fraud prevention• Privacy
– Oversee and coordinate security efforts• Information technology• Human resources• Communications• Legal• Facilities
– Develop procedures to ensure physical safety• Management• Employees• Visitors
– Maintain relationships with local, state and federal law enforcement
– Develop emergency procedures and incident responses– Conduct risk management assessments
18
Piece of (i) Proprietary – Do Not Distribute
Emerging Threats & Challenges
• Unmanned Aircraft Systems (UAS)– Government policies?– Enforcement?
• Lone Wolf– Anti-government– Economic disparity– Increase in violence– Attracted to soft targets
• History of Low Crime– I can’t believe it happened here!
19
Piece of (i) Proprietary – Do Not Distribute
UAS Challenges
• Over 1 Million Expected Sells this Year• Lack of Regulations and Laws• Detecting and Assessment
– Many sizes, shapes, payloads, and materials– Determining intent (commercial delivers vs malicious)
• Tracking– High speeds (over 70mph)
• Neutralization– Kinetic or passive– Unintended consequences
20
Piece of (i) Proprietary – Do Not Distribute
Wireless Technology Challenges
• Evolving Smart Technologies– Smart homes– Smart cars– Baby monitors
21
Piece of (i) Proprietary – Do Not Distribute
Reference Material• ASIS International Risk Assessment Standard (2015)• Design and Evaluation of Physical Protection Systems
(2007), Mary Lynn Garcia, CPP - Butterworth Heinemann -ISBN 978-0-7506-8352-X
• Vulnerability Assessment of Physical Protection Systems (2006), Mary Lynn Garcia, CPP - Butterworth Heinemann-ISBN 0-7506-7788-0
• Security Risk Assessment and Management (2007), Betty Biringer - John Wiley & Sons, Inc. - ISBN 978-0-471-79352-6
22
Piece of (i) Proprietary – Do Not Distribute
Questions/Answers
23
WWW.pieceofi.com