paul de souza
Post on 04-Dec-2014
1.121 Views
Preview:
DESCRIPTION
TRANSCRIPT
Unclassified
August 2010
Without a cyber strategy, survival in cyberspace is left to chance!
1 - SET OF IDEAS
2 - INTRUMENTS OF POWER
3 - SYNCHRONIZED EFFORTS (COORDINATED)
4 - OBJECTIVES AND DIRECTION
DOD Dictionary of Military and Associated Termshttp://www.dtic.mil/doctrine/new_pubs/jp1_02.pdf
5 pillars of cyber security strategy
Defense Deputy Secretary William Lynn III
Rec
ogni
zeTh
reat
Ext
end
Inte
rnal
D
efen
se
Ext
end
Pro
tect
ion
To C
ritic
al
Infra
stru
ctur
e
Inte
rnat
iona
l C
olla
bora
tion
Mai
ntai
n Te
chni
cal
Dom
inan
ce
http://www.govinfosecurity.com/articles.php?art_id=2872
Recognize cyberspace as a new war fighting domain
You are doing business in a COMBAT ZONE!
US Air Force Mission
USAF Cyberspace Operator Badge
MORE THAN good hygiene and perimeter defenses as intrusion
detectionMORE THAN Firewalls, MORE THAN IPS appliances, MORE THAN Web Proxy servers, MORE THAN VPN tunnels, MORE THAN SIEM, etc…
“The military networks do not exists in a vacuum; we depend heavily on commercial networks for logistics, transportation, for power”Defense Deputy Secretary William Lynn III
Help Protect your business partners
Understand their strategies
1 Understand what cyber strategy is NOT
2 Understand and Accept the UNIQUE threats that apply to you –Know your Enemy! (CyberINT, Attack Analysis and Strategy Analysis
3 Know yourself and how vulnerable you are. Understand your capabilities
4 Create a SET of Ideas (the WHAT of things and not necessary the HOW of things)
5 Develop your INTRUMENTS of POWER to counter the threat and minimize the risk (the HOW of things)
6 Synchronize , Collaborate , Integrate and Coordinate
7 List Objectives and expand on direction
8 Write down your strategy
9 Repeat the cycle
A Goal
Tactics
A Security Policy
Doctrine
Compliance
"It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles“ Sun Tzu
Define what’s critical
Understand what’s wanted by your adversary
Understand your vulnerabilities by running vulnerability assessments
engage trusted but external partners to test your systems
Understand your “Instruments of Power” – Set of skills, technology, knowledge
Adobe Acrobat Document
The Cyber Security Operations Centre (CSOC)
http://www.dsd.gov.au/infosec/top35mitigationdetails.htm
Strategy goals must be well defined
Define success and appropriate metrics
Create a strategy forecast and future direction
Your cyber strategy must keep security events in sync with timeYour cyber strategy must cover collaboration,
integration and coordination efforts with other cyber entities of interest
Your cyber strategy is a sensitive living document that is dynamic and ever changing
top related