Sharing Information to Manage Risk USCIS /SEVP Joint Initiative - - PowerPoint PPT Presentation

sharing information to
SMART_READER_LITE
LIVE PREVIEW

Sharing Information to Manage Risk USCIS /SEVP Joint Initiative - - PowerPoint PPT Presentation

Dec 20, 2022 168 likes •316 views

Sharing Information to Manage Risk USCIS /SEVP Joint Initiative Briefing December 18, 2015 What happened? What is current status? How do we prepare for whatever is next? Two related, but different perspectives 2 Information Sharing

slide-1
SLIDE 1

USCIS /SEVP Joint Initiative Briefing

Sharing Information to Manage Risk

slide-2
SLIDE 2

December 18, 2015

What happened? What is current status? How do we prepare for whatever is next? Two related, but different perspectives

2

slide-3
SLIDE 3

3

Information Sharing Considerations

  • Purpose for sharing
  • Sharing community
  • Fitness
  • Transactional matters
  • Feedback
  • Security, privacy, civil liberties and anonymization
  • Trust, trust, trust
slide-4
SLIDE 4

4

Information Sharing Considerations

  • We can and should learn lessons from experience sharing across

various risk management perspectives

  • One interesting lesson:

Nobody wants to be the first one to share (dance)

slide-5
SLIDE 5

5

The CIDAWG

  • DHS established the Cyber Incident Data and Analysis Working Group

(CIDAWG) in February 2015 to explore the benefits and the feasibility of a cyber incident data repository.

  • CIDAWG participants include private sector IT risk management professionals

representing various critical infrastructure sectors and functions and insurance companies.

  • The CIDAWG identified:
  • The value proposition
  • Information sharing challenges and solutions
  • 16 comprehensive incident data categories CIDAR Data Input Fields

DHS’s role is to facilitate the dialogue and shepherd the effort. CIDAWG conclusions and key finding are NOT DHS positions. EVERYONE HAS A STAKE

slide-6
SLIDE 6

6 Build up information to better understand impacts, and frequency

  • f cyber events and “best

in class” controls More coverage at lower rates for those who invest in “best in class” controls identified by the repository Incentives for

  • rganizations to improve

their overall cyber risk management practices

Peer to peer benchmarking New security solutions Vendors Insurers CISOs

Why do we need a repository?

slide-7
SLIDE 7

7

CIDAR

A trusted and secure repository that enterprise risk owners and insurers could use to voluntarily and anonymously share, store, aggregate, and analyze sensitive cyber incident data.

What it’s NOT envisioned to be:

  • NOT a repository of specific insurance claims!
  • NOT a platform to share cyber threat indicators for immediate action! – it’s

a loss library

  • NOT to be built and operated by the Government – could be managed by an

industry or academic consortium

What it IS envisioned to be:

slide-8
SLIDE 8

The Value Proposition

8

Identifying Top Risks and Effective Controls Informing Peer-to-Peer Benchmarking Showing Return on Investment Allowing for Sector Differentiation Supporting Forecasting, Trending, and Modeling Advancing Risk Management Culture

slide-9
SLIDE 9

The Challenge

  • A particular exploit could be connected with a contributing company or

companies (large-scale incidents)

  • A robust anonymization protocol could lead to a situation where the
  • bfuscation of the data source makes the data unverifiable
  • Who can access the data? – Ensure information is not disseminated to
  • utside (unvetted) parties
  • How will the data be protected and managed?
  • What’s the extent of third party insight into the contributors’ identity and

data?

  • WHO SHOULD OPERATE THE REPOSITORY?

9

Primary Fear: Sensitive incident data would open organizations to liability, exposure, and/or otherwise negatively affect their businesses Nobody wants to be the first one to share (dance)

slide-10
SLIDE 10

10

CIDAR Data Points

Profile Posture Incident Data

slide-11
SLIDE 11

Back-Up

11

slide-12
SLIDE 12

Methodology

  • Data collected is basic, useful and should be easy-to-acquire – answering the

questions requires minimum resources.

  • Optimally the data provides a comprehensive picture of incidents including

impact and costs associated with their recovery and mitigation yet at the same time:

  • Each data point is analytically independent of the others to the greatest

degree possible so that lack of data in one area does not hinder analysis in another.

  • CIDAR can function with incomplete data.
  • The anonymity of the submitting organization is safeguarded – avoiding the

possibility of inference.

  • Contributors can periodically change data and/or input additional data as they

learn more about the outcome of incidents.

  • Common taxonomy is used such as NISTIR 8138, and the NIST Cybersecurity

Framework.

  • Design allows for future automation and scaling.
  • Questions posed avoid speculations.

12

slide-13
SLIDE 13

13

Illustrative Questions

slide-14
SLIDE 14

Next Steps

  • Collect feedback from the public on Data Input Fields:
  • Do you already track data sought after in the questions? If not, could it be

easily obtained and tracked and what would be the additional cost of tracking these new data points?

  • Would you be willing to share data associated with these data points?
  • Which data would you be willing to share and which of these data would you

be hesitant to share? Why?

  • Under what circumstances would you be willing to share the information

sought after in this repository?

  • What additional data points should be collected into the repository?
  • Solidify cyber incident data ontology/taxonomy in order to standardize

data collection

  • Design and prototype a CIDAR Portal
  • combines a robust, secure and highly cost effective platform architecture and

advanced functionality

  • explore what kind of analytic products a CIDAR could produce based on the

data resulting from responses to the cyber incident reporting questionnaire

14