Cyber Security Risk Assessment Awareness for Emergency Managers

50 %
50 %
Information about Cyber Security Risk Assessment Awareness for Emergency Managers
Technology

Published on February 6, 2014

Author: dgsweigert

Source: slideshare.net

Description

Cyber Security Risk Assessment Awareness for Emergency Managers

Developing Emergency Support Function (ESF) no. 18 Dave Sweigert, EMS, CISSP, CISA, PMP February, 2014 Dave Sweigert, EMS, PMP, CISA, CISSP 2/5/2014

Audience and Objectives • Objective: Provide non-cyber experts an awareness of the core concepts and terms used by cyber security professionals to facilitate better dialogue in the emergency planning process. • Primary audience: Emergency Managers tasked with developing an ESF 18 Annex Dave Sweigert, EMS, PMP, CISA, CISSP 2/5/2014

Basic concepts in addressing risk • Plan risk management • Identify risks • Quantitative risk analysis • Qualitative risk analysis • Plan risk responses • Control risk Dave Sweigert, EMS, PMP, CISA, CISSP 2/5/2014

CPG-201 and THIRA approach: Dave Sweigert, EMS, PMP, CISA, CISSP 2/5/2014

PMBOK Chapter 11 (RISK): Dave Sweigert, EMS, PMP, CISA, CISSP 2/5/2014

Risk assessment life cycle: • Identify what assets you need to protect • What are the vulnerabilities? • Types of risks and likelihood of exploit? • What are the downstream consequences if vulnerability is exploited by a threat agent? Dave Sweigert, EMS, PMP, CISA, CISSP 2/5/2014

Asset inventory and service questions: • What and where are the data “family jewels” (sensitive data)? • Are there service level expectations (24x7 public safety, no interruptions)? • Criticality of life safety systems (hospital systems used in life support)? Dave Sweigert, EMS, PMP, CISA, CISSP 2/5/2014

Identification of cyber assets: Dave Sweigert, EMS, PMP, CISA, CISSP 2/5/2014

Assess core security components: • Who are the cognizant personnel involved? • What are relevant policies, procedures, standards and guidelines (PSGs)? • What tools will be used to mitigate a cyber event? Dave Sweigert, EMS, PMP, CISA, CISSP 2/5/2014

Use a consistent risk model: Dave Sweigert, EMS, PMP, CISA, CISSP 2/5/2014

Understand the risks around assets: Dave Sweigert, EMS, PMP, CISA, CISSP 2/5/2014

Who are the exploiters? • Disgruntled employees (see disruption of traffic signals during union negotiations) • White/Gray/Black hat hackers • Cyber terrorists (Estonia cyber militias, Syrian Electronic Army) • Script kiddies (hacktivists) Dave Sweigert, EMS, PMP, CISA, CISSP 2/5/2014

How will you deal with exploit? • Accept the consequences (TARGET) • Diminish consequences with mitigation strategies • Transfer the risk to another party (outsource) Dave Sweigert, EMS, PMP, CISA, CISSP 2/5/2014

CONCLUSION Dave Sweigert, EMS, PMP, CISA, CISSP 2/5/2014

Conclusion • Embrace a consistent risk assessment framework • Have “all parties” at the table to identify key assets, threats and vulnerabilities • Seek guidance from leadership regarding on how you will deal with consequences • Strive for multi-discipline team Dave Sweigert, EMS, PMP, CISA, CISSP 2/5/2014

About the author: An Air Force veteran, Dave Sweigert acquired significant security engineering experience with military and defense contractors before earning two Masters’ degrees (Project Management and Information Security). He holds the following certifications: California Emergency Management Specialist (EMS), Project Management Professional (PMP) , Certified Information Security Systems Professional (CISSP), and Certified Information Systems Auditor (CISA). Mr. Sweigert has over twenty years experience in information assurance, risk management, governance frameworks and litigation support. Dave Sweigert, EMS, PMP, CISA, CISSP 2/5/2014

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

CRI – "We Identify, Mitigate and Manage Cyber Risks"

CYBER RISK ASSESSMENT. ... Our approach at CRI is about marrying cyber security with risk management to deliver effective ... Cyber Awareness Training ...
Read more

Cybersecurity | Homeland Security

... and national security depend ... Cyber Safety; Cybersecurity ... vulnerable to a wide range of risk stemming from both physical and cyber threats ...
Read more

CYBER SECURITY AND RISK MANAGEMENT - NCSC

Managing cyber security risk as ... risk assessment results, ... Situational awareness of an organisation’s cyber risk environment involves
Read more

Cyber Security Program - Washington State Military Department

... raising awareness of emergency managers across ... cyber incidents. The Cybersecurity Annex ... and Risk Assessment ...
Read more

Security Engineering Risk Analysis | Cybersecurity Engineering

Cyber Risk and Resilience Management; ... Security Engineering Risk Analysis ... A Guide for Project Managers; Managing Information Security Risks: ...
Read more

“Cyber Incident Response: Bridging the Gap between ...

... Bridging the Gap between Cybersecurity and Emergency Management” ... National Cyber Security Awareness ... Sector Cyber Risk Assessment.
Read more

OCTAVE | Cyber Risk and Resilience ... - The CERT Division

Cyber Risk and Resilience ... Network Situational Awareness; ... necessary to perform an information security assessment based on the OCTAVE Allegro ...
Read more

Aon Global Risk Management Survey - Risk | Reinsurance

Completion of cyber risk assessment ... Global Risk Management Survey is ... While new risks such as cyber security
Read more

Risk Assessment | Ready.gov

A risk assessment is a process to identify potential ... security, protection systems ... (Chemical, Biological, Radiological, Nuclear, Explosives), Arson ...
Read more