2009 04 26 larry clinton isa overview presentation for ed stull
TRANSCRIPT
-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for Ed Stull
1/13
Larry ClintonPresident
Internet Security [email protected]
202-236-0001
-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for Ed Stull
2/13
ISA Board of Directors
Ty Sagalow, Board Chair; President Innovation Division ZurichInsurance
Mike Hickey, Board Vise Chair, VP Government Affairs and NationalSecurity Verizon Corp.
Ken Silva, Chief Security Officer, VeriSign Tim McKnight, VP & CSO Northrop Grumman Jeff Brown, CISO Information Security Raytheon Charlie Croom, VP Cyber Security Solutions, Lockheed Martin Eric Guerrino, CIO, Bank of New York/Mellon Financial Pradeep Khosla, Dean, School of Computer Sciences Carnegie Mellon U Lawrence Dobranski, Chief Security Manager, Nortel Mark Antony Signorino, Director of Technology National Association of
Manufacturers Joe Buonomo, President/CEO Direct Computer Resources Inc.
-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for Ed Stull
3/13
Our Partners
-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for Ed Stull
4/13
Recent research on cyber
security ---not too good
29% senior exec dont know how many cyber events theirorganizations have suffered
50% senior execs dont know how much money they havelost from attacks
Only 59% of orgs have an overall security policy dont know source of security incidents Only 43% monitor compliance w/security policy Only 55% use encryption 1/3 dont use firewalls Only 22% keep an inventory of outside party data use
-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for Ed Stull
5/13
ISA Mission
Integrate technology with
economically practical business
considerations and public policy tocreate a sustainable system of cyber
security
-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for Ed Stull
6/13
-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for Ed Stull
7/13
2009 ISA Priority Projects
1. Create a Cyber Security Social Contract betweenbusiness and government to provide marketincentives for improved security
2. Develop Best Practices for financial riskmanagement of cyber incidents
3. Create a framework for managing conflictinglegal structures and unified communications tech.
4. Develop standards to secure the VOIP platform5. Framework to secure the IT supply Chain
-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for Ed Stull
8/13
Policy: Social Contract
Recommendations to Obama Administration Lead Incentives Committee for DHS Cross Sector
Cyber Security working Group
Appointed to GAO Experts Panel to critique theNational Strategy to Secure Cyber Space forhouse Committee on Homeland Security
Adoption of ISA incentive policies by IT and CommSector Coordinating Councils
Recommendations to NSC 60-day cyber review
-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for Ed Stull
9/13
Securing the VOIP Platform
National Institute of Standards & Technology/ISAlliance partnerto develop SCAP platform for VoIP
ISA panel presentation at NIST Automated Security Conference:John Nagengast, Executive Director, Strategic Initiatives, AT&T,
Ben Halpert, Chief Information Security Officer, Lockheed MartinLawrence Dobranski, Leader, Advanced Security Solutions, Nortel
ISA Open Workshop at NIST Automated Security Conference ISA Project Management committee formed
Applicability & Baseline Standards work groups formed with Co-ChairsTravis Schack, Director, Threat & Vulnerability Management Program, ColorodoGreg Pulos, Sr. VoIP Engineer, Department of Commerce
Deliverables will be presented at 2009 NIST Automated SecurityConference
-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for Ed Stull
10/13
20 century laws vs. 21st
century technology
Many laws (ECPA, 1986; Computer Fraud and AbuseAct, 1994; CALEA 1996) have laudable goals but dont
fit modern technology
E.g. to protect vs. malware in unified communicationssuch as VOIP, packets must be captured, filtered and
analyzed which collide with prohibitions on
interception and monitoring
IP telephony = common carrier ? Confusion retards technology and economy ISA launched study analyze current laws, recommend
how corporations should manage and govt. reform
-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for Ed Stull
11/13
Financial Management of
Cyber Risk
Grows out of 911 Commission Report andSubsequent legislation
DHS Requested ISA and ANSI collaborate 3 conferences 100 participants from industry
government and academia
Phase I Publish Financial Impact of Cyber Risk: 50Questions Every CFO Should Ask Winter 08
Phased II Kick off w/ANSI NIST 2nd 09
-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for Ed Stull
12/13
ISA Supply Chain Project
18 months long (start fall 07) Focus on firmware Carnegie Mellon University and Center for CyberConsequences Unit 3 conferences 100 Gov., Industry and Academic participants Results are strategy and framework provided to
USG for NSC 60-day review of cyber policy
-
7/31/2019 2009 04 26 Larry Clinton ISA Overview Presentation for Ed Stull
13/13
Larry ClintonPresident
Internet Security Alliance
202-236-0001