#38 – CERM RISK INSIGHTS 2014 CYBERSECURITY WEBINAR SERIES

The title of the proposed 2014 cyber series is:  Changing Cyber Landscape

This year is going to be a banner year for cyber security.  Take a look at the following events.  The number of data breaches will increase.  More state actors from China, Russia, and even our allies will attempt to penetrate critical infrastructure.  More revelations on cyber intrusion of Federal facilities.  Further losses of personal identification information.  Heightened cyber warfare.  Significant data breaches growing exponentially.  Increasing cyber crime with material impacts.  Additional NSA revelations.  Increased privacy law breaches.  More regulatory penalties, shareholder lawsuits, and reputational damage.  And, the list goes on.

The Changing Cyber Landscape series will emphasize growing cyber threats and discuss risk management solutions to mitigate cyber threats.

DIFFERENTIATING AND VALUE ADDED CHARACTERISTICS
The Changing Cyber Landscape offers the webinar attendees I the following differentiating and value added characteristics:

  • Subject matter expert (s) presents each webinar.
  • US Federal statute, rules, and standards requirements drive the content of each webinar and are fully explained in each webinar.
  • Speakers describe solutions based on US Federal (Critical Infrastructure Protection, SEC, OCC, etc), international (AEC, ISO, etc) or US national (NIST, DHS, ANSI) standards.
  • Speakers are objective and independent.  They are vendor agnostic and do not have vendor affiliations.

TOPICS
We are proposing the following set of six webinar topics.

1)  Cyber Crime – 2014

Stealing a few thousand dollars from a bank was considered the ultimate crime.  Now, the stakes are much higher through cyber crime is hundreds of million of dollars, Euros, or virtual money.  Look at the 100 million dollar loss of Bitcoin.

This webinar will define cyber crime, discuss why law enforcement agencies are slow to react, discuss the scale of the potential threats and risks, and finally discuss risk management strategies that are being developed.

2)  Cyber (Asymmetric) Warfare

Stuxnet, a worm in Irans nuclear plant control system, was the beginning.  We are seeing foreign cyber penetration into the North American power grid, water plants, chemical plants and other critical infrastructure facilities.

Mistakes in cyber space mean adversaries can penetrate networks not at the speed of people, but through the speed of the network.  Cyber experts now believe the cyber domain is most vulnerable point for US defenses.  General McChrystal, Joint Chiefs of Staff and other military experts believe that we’re not ready for cyber war.

3)  NIST Risk Framework – New Cyber Standard of Due Care

President Obama issued his cyber presidential order in February 2013.  In February 2014, the NIST Risk Management Framework will be issued.   This framework applies to government control and IT systems.  This standard is also anticipated to become the new corporate standard for best cyber risk practices and the new cyber standard of due care.

Speaker will cover, the NIST risk framework, risk capability maturity, cyber threats, vulnerabilities, probability of a threat exploiting a vulnerability, and potential impacts.

4)  Managing Risk in Data Supply Chains

Information is processed through data supply chains.  Chain of custody of critical information will become more critical as companies work closely with third parties, contractors, subcontractors, and other who process and store data.

Critical infrastructure information is classified or highly confidential.  Critical business information is material.  Personal identification information is protected.  Bottom line: critical information requirements impact national security and commercial financial well being.  Security agencies protect critical information with top secret clearances.  Commercial companies are similarly protecting information ad the duty to protect against the loss of information, address vulnerabilities, and report material risks are now SEC and board issues.   Learn how it will impact suppliers, partners and other interacting with the Federal government.

5) Cyber Risk Assurance

The Office of Management and Budget issued an order (M-14-03) to the heads of all executive departments and agencies requiring guidance for management information security risk on a continuous basis and building the cyber security framework.  This will include the requirement to monitor security controls in Federal information systems on a continuous basis, one of the six steps of the NIST Cyber Risk Management framework.

This webinar will discuss the application of state-of-the-art architectural, governance, and risk engineering solutions for cyber risk assurance and continuous monitoring of IT and controls systems.

6) Cyber Warriors – Who Are They and How Do You Become One?

What is a Cyber Warrior?  What does this person need to know and be able to do?  Who is hiring these professionals?

Common belief is there is a cyber security workforce crisis.  US cyber command requires 5,000 cyber pros.  Federal government required 10,000 cyber experts.  Every military service is developing cyber commands to address state actor threats.

Every commercial global organization is developing cyber risk assessment programs.  Tens of thousands of cyber experts are required by commercial and civilian agencies.

The speaker will then address Federal and commercial bodies of knowledge and how IT and engineering professionals can migrate into cyber security and become cyber warriors.

 

Leave a Reply

Your email address will not be published. Required fields are marked *