SlideShare a Scribd company logo

Understanding Technology Stakeholders: Their Progress and Challenges

Download as PPT, PDF
J
John Gilligan

The document discusses cybersecurity threats and recommendations to address them. It begins with historical perspectives on the development of technology and shifts in the cyber landscape. It then outlines the current national crisis of cyber threats, with attacks increasing exponentially and vulnerabilities unable to be fixed quickly. The Cyber Security Commission's key recommendations are presented, including developing a national cybersecurity strategy led from the White House. Longer-term recommendations involve fundamentally changing the software industry business model, redesigning the internet, and developing a professional cyber workforce. The document closes by emphasizing that cybersecurity requires urgent priority and leadership from government and industry.

Technology
1 of 12
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
Understanding Technology Stakeholders: Their Progress and Challenges John M. Gilligan Software Assurance Forum November 4, 2009 1
Topics • Historical Perspectives • Cyber Security Threats--A National Crisis • Cyber Security Commission Recommendations • Near Term Opportunities • Longer-Term Game Changing Initiatives • Closing Thoughts 2
Historical Perspectives • Internet, software industry, (personal) computers —rooted in creativity not engineering • Security in the Cold War Era – Security “Gurus”—Keepers of the Kingdom • The World Wide Web changes the security landscape-- forever • Post Cold War: The Age of Information Sharing 3Legacy of the past is now our “Achilles Heel”
Cyber Security Threats Today— A New “Ball Game” • Our way of life depends on a reliable cyberspace • Intellectual property is being downloaded at an alarming rate • Cyberspace is now a warfare domain • Attacks increasing at an exponential rate • Fundamental network and system vulnerabilities cannot be fixed quickly • Entire industries exist to “Band Aid” over engineering and operational Cyber Security is a National Security Crisis! 4
Commission Cyber Security for the 44th Presidency: Key Recommendations • Create a comprehensive national security strategy for cyberspace • Lead from the White House • Reinvent public-private partnerships • Regulate cyberspace • Modernize authorities • Leverage government procurement (Supply Chain Risk Management) • Build on recent progress with CNCI (comprehensive national cyber-security initiative) 5
Use Government IT Procurement • Cyber security needs to be reflected in our contractual requirements • Many “locked down” configuration defined • Use government-industry partnership to accelerate implementation of secure configurations • Get started now, improve configuration guidelines over time and leverage SCAP! 6 Build on FDCC Successes and Lessons Learned
Longer-Term: IT Reliably Enabling Economy • Change the dialogue: Reliable, resilient IT is fundamental to future National Security and Economic Growth • New business model for software industry • Redesign the Internet • Get the “man out of the loop”—use automated tools (e.g., SCAP) • Develop professional cyberspace workforce • Foster new IT services models Need to Fundamentally “Change the Game” to Make Progress7
Security Content Automation Protocol (SCAP) • What is it: A set of open standards that allows for the monitoring, positive control, and reporting of security posture of every device in a network. • How is it implemented: Commercial products implement SCAP protocols to exchange and enforce configuration, security policy, and vulnerability information. • Where is it going: Extensions in development to address software design weaknesses, attack patterns, and malware attributes. 8 SCAP Enables Automated Tools To Implement And Enforce Secure Operations
Consensus Audit Guide (CAG) • What is it: 20 key actions (called security “controls”) that organizations must take if they hope to block or mitigate top known attacks. • How is it implemented: (Mostly) automated means used to implement and continuously enforce/monitor controls. Consensus Audit Guidelines permits organizations to prioritize security implementation and continuously enforce controls 9
Summary of Ideas for this Technology Working Group • How do we make measurable progress in improving security? • How do we assess the effectiveness of security tools? • How do we change the software industry to produce reliable and secure products? It is time to get off the treadmill and start making measurable progress in securing our systems! 10
Closing Thoughts • Government and Industry need to treat cyber security as an urgent priority • Near-term actions important but need to fundamentally change the game to get ahead of threat • IT community needs to reorient the dialogue on cyber security—the objective is reliable and resilient information • Cyber Security in DoD is more mature—but still woefully inadequate 11Cyber Security is Fundamentally a Leadership Issue!
Contact Information jgilligan@gilligangroupinc.com www.gilligangroupinc.com John M. Gilligan 12

More Related Content

PPT
Understanding Technology Stakeholders
John Gilligan
 
PPTX
Cyber Security: Past and Future
John Gilligan
 
PPTX
Cyber Security: Past and Future
John Gilligan
 
PPTX
Cyber Security: Threats and Needed Actions
John Gilligan
 
PPTX
Cybersecurity: Challenges, Initiatives, and Best Practices
John Gilligan
 
PPT
Lesson 1
MLG College of Learning, Inc
 
PPTX
7 Habits of Highly Secure Organizations
HelpSystems
 
PDF
Next-Generation SIEM: Delivered from the Cloud
Alert Logic
 
Understanding Technology Stakeholders
John Gilligan
 
Cyber Security: Past and Future
John Gilligan
 
Cyber Security: Past and Future
John Gilligan
 
Cyber Security: Threats and Needed Actions
John Gilligan
 
Cybersecurity: Challenges, Initiatives, and Best Practices
John Gilligan
 
Lesson 1
MLG College of Learning, Inc
 
7 Habits of Highly Secure Organizations
HelpSystems
 
Next-Generation SIEM: Delivered from the Cloud
Alert Logic
 

What's hot (20)

PPT
Information Assurance And Security - Chapter 1 - Lesson 3
MLG College of Learning, Inc
 
PPT
Commercial And Government Cyberwarfare
Nicholas Davis
 
PPT
Intro to Security
primeteacher32
 
PPTX
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Digital Bond
 
PPTX
Leveraging Federal Procurement to Improve Cyber Security
John Gilligan
 
PPT
Ch01
Alitta Aisyawati
 
PDF
Cybersecurity Summit AHR20 Protect Cimetrics
Cimetrics Inc
 
PDF
Network and Endpoint Security v1.0 (2017)
Rui Miguel Feio
 
PPTX
Technology: Built for Attack : Dr. Emma Garrison-Alexander
EC-Council
 
PPTX
The privacy and security implications of AI, big data and predictive analytics
Dan Michaluk
 
PPTX
It and-cyber-module-2
Marneil Sanchez
 
PPT
Lesson 2
MLG College of Learning, Inc
 
PDF
Cybersecurity Summit 2020 Slide Deck
Cimetrics Inc
 
PPTX
What's New In CompTIA Security+ - Course Technology Computing Conference
Cengage Learning
 
PPT
Qualys user group presentation - vulnerability management - November 2009 v1 3
Tom King
 
PPTX
Recent changes to the 20 critical controls
EnclaveSecurity
 
PPT
Leone ct#4 presentation
vincentleone
 
PPTX
Overview of the 20 critical controls
EnclaveSecurity
 
PPTX
More practical insights on the 20 critical controls
EnclaveSecurity
 
PPT
Chapter 1 Presentation
Amy McMullin
 
Information Assurance And Security - Chapter 1 - Lesson 3
MLG College of Learning, Inc
 
Commercial And Government Cyberwarfare
Nicholas Davis
 
Intro to Security
primeteacher32
 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Digital Bond
 
Leveraging Federal Procurement to Improve Cyber Security
John Gilligan
 
Ch01
Alitta Aisyawati
 
Cybersecurity Summit AHR20 Protect Cimetrics
Cimetrics Inc
 
Network and Endpoint Security v1.0 (2017)
Rui Miguel Feio
 
Technology: Built for Attack : Dr. Emma Garrison-Alexander
EC-Council
 
The privacy and security implications of AI, big data and predictive analytics
Dan Michaluk
 
It and-cyber-module-2
Marneil Sanchez
 
Lesson 2
MLG College of Learning, Inc
 
Cybersecurity Summit 2020 Slide Deck
Cimetrics Inc
 
What's New In CompTIA Security+ - Course Technology Computing Conference
Cengage Learning
 
Qualys user group presentation - vulnerability management - November 2009 v1 3
Tom King
 
Recent changes to the 20 critical controls
EnclaveSecurity
 
Leone ct#4 presentation
vincentleone
 
Overview of the 20 critical controls
EnclaveSecurity
 
More practical insights on the 20 critical controls
EnclaveSecurity
 
Chapter 1 Presentation
Amy McMullin
 
Ad

Viewers also liked (13)

PDF
Campa A Animaauna Amiga
manita
 
PDF
Lindsey Hamilton, Exploring drivers of fecal coliform pollution trends in Sou...
Northwest Indian Fisheries Commission
 
PPTX
Tendencias pedagógicas
hiunday123
 
PPT
Social media
cursoturin
 
PDF
Obra cultural resumen de catecismo
Hxavi
 
PDF
Expresión corporal y creatividad
Nataly Ascencion Reyes
 
PDF
Fundamentos de marketing
Wilder Samo Castillo
 
PDF
Factores de riesgo
Tania Hernandez
 
PDF
Shipbuilding Industry Final
Enrico Astegiano
 
PPTX
Construindo e realizando o roteiro de plano por
Ilza Brito
 
DOC
Limpiando la memoria celular
SpiritualBalance
 
PPT
MBF Publication
Charles C Nuccio
 
PDF
APRESENTAÇÃO_JMC ENTERPRISES_email
Caio Oliveira
 
Campa A Animaauna Amiga
manita
 
Lindsey Hamilton, Exploring drivers of fecal coliform pollution trends in Sou...
Northwest Indian Fisheries Commission
 
Tendencias pedagógicas
hiunday123
 
Social media
cursoturin
 
Obra cultural resumen de catecismo
Hxavi
 
Expresión corporal y creatividad
Nataly Ascencion Reyes
 
Fundamentos de marketing
Wilder Samo Castillo
 
Factores de riesgo
Tania Hernandez
 
Shipbuilding Industry Final
Enrico Astegiano
 
Construindo e realizando o roteiro de plano por
Ilza Brito
 
Limpiando la memoria celular
SpiritualBalance
 
MBF Publication
Charles C Nuccio
 
APRESENTAÇÃO_JMC ENTERPRISES_email
Caio Oliveira
 
Ad

Similar to Understanding Technology Stakeholders: Their Progress and Challenges (20)

PPTX
Cyber Security: Threats and Needed Actions
John Gilligan
 
PDF
Embedded Systems Security
Malachi Jones
 
PPTX
Lecture 3 Country Specific Strategy.pptx
jitendrachettri894
 
PPTX
Federal Cybersecurity: The latest challenges, initiatives and best practices
John Gilligan
 
PDF
Soc analyst course content v3
ShivamSharma909
 
PDF
Soc analyst course content
ShivamSharma909
 
PPTX
Keynote Information Security days Luxembourg 2015
Claus Cramon Houmann
 
PPTX
Cyber Crimes: The next five years.
Gregory McCardle
 
PPTX
2016 to 2021
Gregory McCardle
 
PPTX
CRI Cyber Board Briefing
OCTF Industry Engagement
 
PPT
Lecture 4 presentation of cyber security
jitendrachettri894
 
PPT
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
John Gilligan
 
PDF
Today's Cyber Challenges: Methodology to Secure Your Business
JoAnna Cheshire
 
PPT
CyberCrime in the Cloud and How to defend Yourself
Alert Logic
 
PPTX
Solving the CIO’s Cybersecurity Dilemma
John Gilligan
 
PDF
ICION 2016 - Cyber Security Governance
Charles Lim
 
PPTX
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
KEY
Application Security Done Right
pvanwoud
 
PPTX
Cyber security for business
Daniel Thomas
 
PDF
Vulnerability Management: A Comprehensive Overview
Steven Carlson
 
Cyber Security: Threats and Needed Actions
John Gilligan
 
Embedded Systems Security
Malachi Jones
 
Lecture 3 Country Specific Strategy.pptx
jitendrachettri894
 
Federal Cybersecurity: The latest challenges, initiatives and best practices
John Gilligan
 
Soc analyst course content v3
ShivamSharma909
 
Soc analyst course content
ShivamSharma909
 
Keynote Information Security days Luxembourg 2015
Claus Cramon Houmann
 
Cyber Crimes: The next five years.
Gregory McCardle
 
2016 to 2021
Gregory McCardle
 
CRI Cyber Board Briefing
OCTF Industry Engagement
 
Lecture 4 presentation of cyber security
jitendrachettri894
 
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
John Gilligan
 
Today's Cyber Challenges: Methodology to Secure Your Business
JoAnna Cheshire
 
CyberCrime in the Cloud and How to defend Yourself
Alert Logic
 
Solving the CIO’s Cybersecurity Dilemma
John Gilligan
 
ICION 2016 - Cyber Security Governance
Charles Lim
 
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Application Security Done Right
pvanwoud
 
Cyber security for business
Daniel Thomas
 
Vulnerability Management: A Comprehensive Overview
Steven Carlson
 

More from John Gilligan (8)

PPTX
Practical approaches to address government contracting problems
John Gilligan
 
PPTX
The Economics of Cyber Security
John Gilligan
 
PPTX
Top Level Cyber Security Strategy
John Gilligan
 
PPTX
Automating Enterprise IT Management by Leveraging Security Content Automation...
John Gilligan
 
PDF
Is Cyber Resilience Really That Difficult?
John Gilligan
 
PPTX
Implementing Continuous Monitoring
John Gilligan
 
PPTX
Federal Risk and Authorization Management Program: Assessment and Recommendat...
John Gilligan
 
PPTX
Cybersecurity Priorities and Roadmap: Recommendations to DHS
John Gilligan
 
Practical approaches to address government contracting problems
John Gilligan
 
The Economics of Cyber Security
John Gilligan
 
Top Level Cyber Security Strategy
John Gilligan
 
Automating Enterprise IT Management by Leveraging Security Content Automation...
John Gilligan
 
Is Cyber Resilience Really That Difficult?
John Gilligan
 
Implementing Continuous Monitoring
John Gilligan
 
Federal Risk and Authorization Management Program: Assessment and Recommendat...
John Gilligan
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
John Gilligan
 

Recently uploaded (20)

PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Teaching material agriculture food technology
LiaRayya
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Encapsulation theory and applications.pdf
gurumoop
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 

Understanding Technology Stakeholders: Their Progress and Challenges

  • 1. Understanding Technology Stakeholders: Their Progress and Challenges John M. Gilligan Software Assurance Forum November 4, 2009 1
  • 2. Topics • Historical Perspectives • Cyber Security Threats--A National Crisis • Cyber Security Commission Recommendations • Near Term Opportunities • Longer-Term Game Changing Initiatives • Closing Thoughts 2
  • 3. Historical Perspectives • Internet, software industry, (personal) computers —rooted in creativity not engineering • Security in the Cold War Era – Security “Gurus”—Keepers of the Kingdom • The World Wide Web changes the security landscape-- forever • Post Cold War: The Age of Information Sharing 3Legacy of the past is now our “Achilles Heel”
  • 4. Cyber Security Threats Today— A New “Ball Game” • Our way of life depends on a reliable cyberspace • Intellectual property is being downloaded at an alarming rate • Cyberspace is now a warfare domain • Attacks increasing at an exponential rate • Fundamental network and system vulnerabilities cannot be fixed quickly • Entire industries exist to “Band Aid” over engineering and operational Cyber Security is a National Security Crisis! 4
  • 5. Commission Cyber Security for the 44th Presidency: Key Recommendations • Create a comprehensive national security strategy for cyberspace • Lead from the White House • Reinvent public-private partnerships • Regulate cyberspace • Modernize authorities • Leverage government procurement (Supply Chain Risk Management) • Build on recent progress with CNCI (comprehensive national cyber-security initiative) 5
  • 6. Use Government IT Procurement • Cyber security needs to be reflected in our contractual requirements • Many “locked down” configuration defined • Use government-industry partnership to accelerate implementation of secure configurations • Get started now, improve configuration guidelines over time and leverage SCAP! 6 Build on FDCC Successes and Lessons Learned
  • 7. Longer-Term: IT Reliably Enabling Economy • Change the dialogue: Reliable, resilient IT is fundamental to future National Security and Economic Growth • New business model for software industry • Redesign the Internet • Get the “man out of the loop”—use automated tools (e.g., SCAP) • Develop professional cyberspace workforce • Foster new IT services models Need to Fundamentally “Change the Game” to Make Progress7
  • 8. Security Content Automation Protocol (SCAP) • What is it: A set of open standards that allows for the monitoring, positive control, and reporting of security posture of every device in a network. • How is it implemented: Commercial products implement SCAP protocols to exchange and enforce configuration, security policy, and vulnerability information. • Where is it going: Extensions in development to address software design weaknesses, attack patterns, and malware attributes. 8 SCAP Enables Automated Tools To Implement And Enforce Secure Operations
  • 9. Consensus Audit Guide (CAG) • What is it: 20 key actions (called security “controls”) that organizations must take if they hope to block or mitigate top known attacks. • How is it implemented: (Mostly) automated means used to implement and continuously enforce/monitor controls. Consensus Audit Guidelines permits organizations to prioritize security implementation and continuously enforce controls 9
  • 10. Summary of Ideas for this Technology Working Group • How do we make measurable progress in improving security? • How do we assess the effectiveness of security tools? • How do we change the software industry to produce reliable and secure products? It is time to get off the treadmill and start making measurable progress in securing our systems! 10
  • 11. Closing Thoughts • Government and Industry need to treat cyber security as an urgent priority • Near-term actions important but need to fundamentally change the game to get ahead of threat • IT community needs to reorient the dialogue on cyber security—the objective is reliable and resilient information • Cyber Security in DoD is more mature—but still woefully inadequate 11Cyber Security is Fundamentally a Leadership Issue!