resilience via measurement
play

Resilience via Measurement Mike Lloyd, CTO Presentation at 9 th - PowerPoint PPT Presentation

Jan 15, 2024 •336 likes •462 views

Resilience via Measurement Mike Lloyd, CTO Presentation at 9 th Workshop on Internet Economics Problem to Address: Lack of Digital Resilience Breaches are all too common Marriott is just the latest 500 million customers affected

  1. Resilience via Measurement Mike Lloyd, CTO Presentation at 9 th Workshop on Internet Economics

  2. Problem to Address: Lack of Digital Resilience • Breaches are all too common • Marriott is just the latest • 500 million customers affected • Open Question: are breaches getting worse? • Some signs say “not really” • Measure them like earthquakes? • Log scale, annual hazard rate

  3. Root Cause: Complexity • We know a great deal about making elements secure • Checklists, frameworks, hardening guides • We know people do not follow all this advice • Cost? Time? Attention? Scale? • Every network has an error rate • Networks cause complex interactions • Creates fragile systems

  4. Everyday Hard Decisions • Defenders can’t tell where to focus: 1. Hardening elements 2. Understanding networked dependencies 3. Launching new control or tech 4. Improving process or training 5. Connecting security to other objectives • Need better ways to prioritize • Could we ever tell we’ve done enough?

  5. Where Resilience Gets Lost Central Nervous System Business • GRC • Qualitative Systems Business Units Assessments Maps Zones Networks Networks Neurons Applications • Hardening Rules Synapses Software • Checklists Molecules Hardware

  6. Policy Goals, worst to best Regulation is here Vendors (like me) are here Open space for: Research Insurance

  7. A Simple Three-Step Plan 1. Measure defensive posture 2. Gather breach records 3. Correlate How hard can it be?

  8. Insurance – on a Parallel Track • Insurers have one massive asset • Claims data, as a proxy for breach data • Similar goals, but: • Not keen on disclosure • Focused on insurable events • Two major measurement problems • Resilience of one organization • “Non-smokers discount” • Portfolio correlation risk • Monoculture, group-think, systemic risk • Open space for research?

  9. Measurement Problem: Easy vs Good • Outside measurement is easy, but … • No visibility of internal processes or readiness • Often looks at “proxies” of security • e.g., expired certs, not actual attack pathways • Does it drive the wrong behavior? • Imagine insuring a building against fire, based on a photo across the street • Inside measurement is great, but … • Invasive; requires permission • Not easily shared/compared • Vendors (like me) do this in proprietary ways

  10. WIE Goals 1. Policy goal • Improving digital resilience 2. Data needed to measure progress: • How well secured are real networks? • What is the hazard rate? 3. Methods: • Compare inside vs outside measurements • Establish hazard rates from public sources 4. Who/how • Good question …

  11. Discussion Areas • Context for sharing of risk measurements • Anonymized? But how would we correlate against breach reports? • Every company wants comparison to peer groups • Can we extract “group X commonly does Y, hazard rate R”? • Establish true hazard rates • Are breaches getting more/less common? • More disclosure, more better • How to correlate • Indicator variables: “I bought tech X” or “adopted framework Y” • Don’t we need to study whether it was used sensibly/effectively? • Does shelfware indicate anything?

  12. Thank you.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Resilience and Resilience Capacities Measurement Options November 8, 2018 at 9:00 10:30 am ET

Resilience and Resilience Capacities Measurement Options November 8, 2018 at 9:00 10:30 am ET

Resilience and Resilience Capacities Measurement Options November 8, 2018 at 9:00 10:30 am ET Agenda T witter info: Welcome Remarks @USAID @REAL_Award Introduction @USAIDFFP @FeedtheFuture Overview of Measurement Options @TANGOInt

538 views • 28 slides
Empirical Requirements of Resilience Measurement Focus on Shocks and Stressors Mark A. Constas

Empirical Requirements of Resilience Measurement Focus on Shocks and Stressors Mark A. Constas

Empirical Requirements of Resilience Measurement Focus on Shocks and Stressors Mark A. Constas Applied Economics and Policy Cornell University Presented at the USAID Evidence Forum on Resilience October 2, 2017 Washington D.C. Background

178 views • 14 slides
resilience Professor Kate Thomas c.p.thomas@bham.ac.uk What is resilience? Resilience is the

resilience Professor Kate Thomas c.p.thomas@bham.ac.uk What is resilience? Resilience is the

How to improve our resilience Professor Kate Thomas c.p.thomas@bham.ac.uk What is resilience? Resilience is the process of adapting well in the face of adversity, trauma, tragedy, threats or significant sources of stress Resilience is

287 views • 9 slides
Measurement There are two main systems of measurement: - The English system

Measurement There are two main systems of measurement: - The English system

4 - 1 Introduction Measurement is finding a number that shows the size or amount of something. Measurement is done using measuring tools. Measurement There are two main systems of measurement: - The

438 views • 4 slides
Do Now: Resilience 1. Create a Circle Map for resilience. 2. Look at the pictures. What

Do Now: Resilience 1. Create a Circle Map for resilience. 2. Look at the pictures. What

Do Now: Resilience 1. Create a Circle Map for resilience. 2. Look at the pictures. What do you think resilience means? 3. Write your ideas in a Circle Map. Unit 3 Stories of Resilience 1. Write your definition of Resilience is...

455 views • 6 slides
Developing Resilience Parent Council Meeting What is resilience . Resilience is the ability to

Developing Resilience Parent Council Meeting What is resilience . Resilience is the ability to

Developing Resilience Parent Council Meeting What is resilience . Resilience is the ability to bounce back after something negative like a tough situation or difficult time and then get back to feeling just about as good as you felt

517 views • 12 slides
How do we assess resilience? Paul Ryan, Australian Resilience Centre Allyson Quinlan, Resilience

How do we assess resilience? Paul Ryan, Australian Resilience Centre Allyson Quinlan, Resilience

How do we assess resilience? Paul Ryan, Australian Resilience Centre Allyson Quinlan, Resilience Alliance Introduction q Presenters q Structure of this weeks session q Overview (Paul) Conceptual framing Overview of resilience assessment

644 views • 26 slides
SAME Resilience Webinar Dedicated to National Security Since 1920 JETC Resilience Program Wed, 23

SAME Resilience Webinar Dedicated to National Security Since 1920 JETC Resilience Program Wed, 23

SAME Resilience Webinar Dedicated to National Security Since 1920 JETC Resilience Program Wed, 23 May Government Panel on Priority Resilience Issues Cyber Resiliency of Mission Critical Automation Systems Thr, 24 May Resilience

564 views • 27 slides
Measurement 4 - 1 Introduction Measurement is finding a number

Measurement 4 - 1 Introduction Measurement is finding a number

Measurement 4 - 1 Introduction Measurement is finding a number that shows the size or amount of something. Measurement is done using measuring tools. There are two main systems of measurement: - The

308 views • 8 slides
Mission: Resilience Keeping going & not giving up! We are going to learn all about the

Mission: Resilience Keeping going & not giving up! We are going to learn all about the

Mission: Resilience Keeping going & not giving up! We are going to learn all about the importance of resilience and what it means. Video What is resilience and when do we need it? Who has heard of resilience? Resilience is being able to

295 views • 12 slides
RESILIENCE THROUGH MOBILITY DEPARTMENT OF OPERATIONS & EMERGENCIES RESILIENCE AND DRR

RESILIENCE THROUGH MOBILITY DEPARTMENT OF OPERATIONS & EMERGENCIES RESILIENCE AND DRR

RESILIENCE THROUGH MOBILITY DEPARTMENT OF OPERATIONS & EMERGENCIES RESILIENCE AND DRR Reduce the impacts of natural hazards Activities Enhance the peoples resilience Frameworks Analyze root causes of disasters Reduce

686 views • 10 slides
Bridging social and physical measurement: measurement is not scale construction; measurement is

Bridging social and physical measurement: measurement is not scale construction; measurement is

Bridging social and physical measurement: measurement is not scale construction; measurement is not quantification Luca Mari Universit Cattaneo LIUC, Italy lmari@liuc.it Arctic Workshop on Measurement in Economics 14-15 December

822 views • 38 slides
Measurement of Measurement of e BR(K )/BR(K e e ) BR(K e

Measurement of Measurement of e BR(K )/BR(K e e ) BR(K e

Measurement of Measurement of e BR(K )/BR(K e e ) BR(K e )/BR(K ) Roberto Piandani INFN Perugia & CERN Work supported by for the NA62 collaboration (Bern ITP, Birmingham, CERN, Dubna, Fairfax,

565 views • 20 slides
Overview Resilience defined The roots of resilience Self Relationships

Overview Resilience defined The roots of resilience Self Relationships

5/10/2010 Bouncing back! How parents, peers and professionals enable young people towards resilience Linda Theron (D.Ed.) Linda.Theron@nwu.ac.za Overview Resilience defined The roots of resilience Self Relationships

663 views • 10 slides
The Active Resilience Wellbeing Serv rvice What t is is The Acti tive Resilience Well

The Active Resilience Wellbeing Serv rvice What t is is The Acti tive Resilience Well

The Active Resilience Wellbeing Serv rvice What t is is The Acti tive Resilience Well llbeing Service? A partnership between Active Resilience & HEADSSUP. We offer an online portal which empowers organisations to enable employees to

585 views • 15 slides
The Concept of Resilience Developing Supports to Build Resilience Julia ten Hove What is

The Concept of Resilience Developing Supports to Build Resilience Julia ten Hove What is

The Concept of Resilience Developing Supports to Build Resilience Julia ten Hove What is Resilience? A network of resources, patterns of adaptation and supportive relationships A dynamic concept or state that is promoted and enhanced

391 views • 17 slides
Elected Officials Must Themselves be Resilient: Social Media Survival Strategies UBCM 2019 Sukh

Elected Officials Must Themselves be Resilient: Social Media Survival Strategies UBCM 2019 Sukh

Elected Officials Must Themselves be Resilient: Social Media Survival Strategies UBCM 2019 Sukh Manhas Jan Enns, MA Young Anderson Jan Enns Communications Welcome Why this matters Legal issues What can be done or not

630 views • 35 slides
Multivariate Quadratic Public-Key Cryptography Part 3: Small Field Schemes Bo-Yin Yang Academia

Multivariate Quadratic Public-Key Cryptography Part 3: Small Field Schemes Bo-Yin Yang Academia

Multivariate Quadratic Public-Key Cryptography Part 3: Small Field Schemes Bo-Yin Yang Academia Sinica Taipei, Taiwan Friday, 28.06.2018 B.-Y. Yang (Academia Sinica) UOV and Rainbow PQC Mini School 1 / 27 Oil-Vinegar Polynomials [Patarin

1.38k views • 79 slides
Computing CS 7 : Introduction to Programming and Computer Science in the news Python is TIOBE's

Computing CS 7 : Introduction to Programming and Computer Science in the news Python is TIOBE's

Computing CS 7 : Introduction to Programming and Computer Science in the news Python is TIOBE's programming language of the year 2018! www.tiobe.com/tiobe-index The Python programming language has won the title "programming language of

848 views • 63 slides
INF 111 / CSE 121: Software Tools and Methods Lecture Notes for Summer, 2008 Michele Rousseau

INF 111 / CSE 121: Software Tools and Methods Lecture Notes for Summer, 2008 Michele Rousseau

INF 111 / CSE 121: Software Tools and Methods Lecture Notes for Summer, 2008 Michele Rousseau Lecture Notes 1 Administrative / Intro to Software Eng. Announcements 1. Brush up on your Java 2. Read Van Vliet Chs. 1, 3 and 15 3. Lab 1 & 2

534 views • 24 slides
General Comments Good connection between the themes: evolvability, assessability, usability,

General Comments Good connection between the themes: evolvability, assessability, usability,

Comments on Resilience Scaling Technologies Usability: presented by Philippe Palanque Colin Corbridge DSTL, UK General Comments Good connection between the themes: evolvability, assessability, usability, and diversity.

286 views • 3 slides
OBSFUSCATION THE HIDING OF INTENDED MEANING, MAKING COMMUNICATION CONFUSING, WILFULLY AMBIGUOUS,

OBSFUSCATION THE HIDING OF INTENDED MEANING, MAKING COMMUNICATION CONFUSING, WILFULLY AMBIGUOUS,

OBSFUSCATION THE HIDING OF INTENDED MEANING, MAKING COMMUNICATION CONFUSING, WILFULLY AMBIGUOUS, AND HARDER TO INTERPRET. Ken Birman CS6410 Spaffords Concern Widely circulated memo by Gene Spafford: Consolidation and virtualization

922 views • 33 slides
Lecture 14: Cilk Shankar Balachandran bshankar@ee.iitb.ac.in The lecture is partly based on

Lecture 14: Cilk Shankar Balachandran bshankar@ee.iitb.ac.in The lecture is partly based on

Lecture 14: Cilk Shankar Balachandran bshankar@ee.iitb.ac.in The lecture is partly based on Charles Leisersons Slides on Cilk EE717 Cilk A C language for programming dynamic multithreaded applications on shared-memory multiprocessors.

852 views • 26 slides
Origin of brane cosmological constant in warped geometry models Soumitra SenGupta IACS, Kolkata

Origin of brane cosmological constant in warped geometry models Soumitra SenGupta IACS, Kolkata

Origin of brane cosmological constant in warped geometry models Soumitra SenGupta IACS, Kolkata 26 July, 2013 S.SenGupta (IACS, Kolkata, India) () Origin of brane cosmological Constant in warped geometry models 1 / 51 The talk is based on my

888 views • 51 slides

More recommend