the economy is reliant on the internet
play

The Economy is reliant on the Internet The state of Internet - PowerPoint PPT Presentation

Jan 17, 2024 •128 likes •433 views

The Economy is reliant on the Internet The state of Internet security is eroding quickly. Trust in online transactions is evaporating, and it will require strong security leadership for that trust to be restored. For the Internet to remain the

  1. The Economy is reliant on the Internet The state of Internet security is eroding quickly. Trust in online transactions is evaporating, and it will require strong security leadership for that trust to be restored. For the Internet to remain the juggernaut of commerce and productivity it has become, it will require more, not less, input from security. PWC Global Cyber Security Survey 2008

  2. Digital Immigrants need education more than Digital natives • Demographers refer to the current k-12 cohort as the “digital natives” • The US workplace is mostly populated by “digital immigrants” • The current private sector is the most vulnerable to national security • We will have the current workforce of “digital immigrants” there for decades

  3. President Obama’s Report on Cyber Security (May 30, 2009) The United States faces the dual challenge of maintaining an environment that promotes efficiency, innovation, economic prosperity, and free trade while also promoting safety, security, civil liberties, and privacy rights. President’s Cyber Space Policy Review, May 30, 2009 page iii Quoting from Internet Security Alliance Cyber Security Social Contract: Recommendations to the Obama Administration and the 111th Congress November 2008

  4. CURRENT ECONOMIC INCENTIVES FAVOR ATTACKERS • Attacks are cheap and easy • Vulnerabilities are almost infinite • Profits from attacks are enormous ($ 1 TRILLION in 08) • Defense is costly (Usually no ROI) • Defense is often futile • Costs of attacks are distributed

  5. Financial Management of Cyber Risk It is not enough for the information technology workforce to understand the importance of cybersecurity; leaders at all levels of government and industry need to be able to make business and investment decisions based on knowledge of risks and potential impacts. President’s Cyber Space Policy Review May 30, 2009 page 15

  6. Senior Executives ARE NOT analyzing Cyber Risk adequately There is still a gap between IT and enterprise risk management. Survey results confirm the belief among IT security professionals that Boards and senior executives are not adequately involved in key areas related to the governance of enterprise security. 2008 Carnegie Mellon University CyLab Governance of enterprise Security Survey

  7. Cyber RISK is not being Appreciated • 75% of US corporations do NOT have a Chief Risk Officer • 5% of US corporations report to the CFO on security risks • 65% of US corporations either do not have a documented process to assess cyber risk, or do not have a person in charge of the process ---meaning they have no process Deloitte “Enterprise Risk,” 2007

  8. Communication Across Corporate Structures is Inadequate • Intra company communication on privacy and security risks was lacking. Only 17% of respondents indicated they had a cross organizational privacy/security team. • Less than half had a formal enterprise risk management plan. (47%) • 1/3 of those with a plan did not include IT-related risks in the plan. 2008 Carnegie Mellon University CyLab Governance of Enterprise Security Survey

  9. Many Corp Info Security Budgets are DECREASING 47% of all enterprises are deferring or reducing future budgets for information security initiatives PricewaterhouseCoopers 2009 Global Information Security Survey

  10. Problem is more than just “awareness” • 42% of survey respondents acknowledge that threats to information security are increasing • 52% acknowledge that cost reductions to info security initiatives will make adequate security more difficult PricewaterhouseCoopers Global Information Security Survey 2009

  11. Financial Impact of Cyber Risk October, 2008

  12. Design of ISA/ANSI Program • Open to all (Gov as well as industry), • No Charge to Participate • Cross sectors and departments • 7 full day working sessions over 2 years • Phase I (“Questions”) complete Nov 08 • Phase II (“Responses”) complete Dec 09 • “Red Teams” Review findings

  13. ISA/ANSI Fund Financial Risk Management Program 42 Private Sector Organizations, volunteer plus U.S. Department of Commerce U.S. Securities and Exchange Commission Department of Justice Department of Transportation National Credit Union Administration U.S. Cyber Consequences Unit U.S. Department of Homeland Security U .S. DHS – Science & Technology (S&T) Directorate U.S. DHS – National Cyber Security Division (NCSD) U.S. DHS – Office of Infrastructure Protection U.S. DHS – Policy Directorate U.S. DHS – Science & Technology (S&T) Directorate California Office of Homeland Security Peacecorps

  14. The need to understand business economics to address cyber issues If the risks and consequences can be assigned monetary value, organizations will have greater ability and incentive to address cybersecurity. In particular, the private sector often seeks a business case to justify the resource expenditures needed for integrating information and communications system security into corporate risk management and for engaging partnerships to mitigate collective risk. President’s Cyber Space Policy Review May 30, 2009 page 18

  15. The Economic Assessment of Cyber Security: 50 ?s for CFOs • Business Operations • General Counsel • Compliance Officer • Media (Investors and PR) • Human Resources • Risk Manager/ Insurance

  16. Calculate Net Financial Risk • Threat (frequency of risk event/probability number of events per year) X • Consequence (Severity of risk event/possible loss form event) X • Vulnerability (likelihood or % of damages/ given mitigation actions) MINUS • Risk Transferred (e.g. insurance) = • NET FINANCIAL RISK

  17. Sample Questions: Legal • Analyzed liabilities? • What legal rules apply to us or 3-parties? • Vulnerable class action/shareholder suits? • Legal Exposure to Gov investigations? • Do our contracts protect us enough? • Multi-state laws apply? • Exposed to trade secret theft?

  18. Sample Questions: Compliance • Inventory of applicable regulations? • Where is our “regulated” data”? • Valid reasons for holding all our data? • Policies & procedures documented? • Can we opt-out of reg requirements? • Are we tracking compliance? • Are we reviewing and updating privacy compliance?

  19. Sample Questions: Risk Manger/Insurance • Are we insured for this? (probably no) • What can we get insurance for? • What is the D & O Exposure? • Where can we find cyber insurance and what does it cover (& doesn’t it cover)? • What’s the cost benefit to insurance? • How do we evaluate policies?

  20. Sample Questions: Business Operations • What’s our single biggest vulnerability? • How long are we down? Want to be up? • Are we complying w/ SoA standards? • Are we properly staffed? • Have we assessed physical security • Incident response/continuity plans? • Risk exposure from vendors? • How often do we re-evaluate risks?

  21. Sample Questions: Media/Crisis Management Team • Do we have segmented responses for all stakeholders? • Documented crisis communication plan? • Identified and trained all who need to be? • Have the external contacts we need? • Have we run a mock trial? • Are we budgeted for a crisis?

  22. Sample Questions: Human Resources • Does everyone understand our $ Risk? • Attract/retain the right personnel? • Do we provide training to mitigate risk? • Is the org structured for team work? • Audit network access (esp. at termination)? • Address social networking & pub sites? • HR assessment include cyber security? • Discipline policy adequate for monitoring?

  23. PROPOSAL • Build a grounded Enterprise Education program consistent with Cyber Space Policy Review • Based on 2-years open forum of industry and government • Initial 2-year program completed and funded by ISA and ANSI • DoC fund final development and testing

  24. Three Phase Program • Phase I: take 50 Questions and 60 Responses documents and reformulate into enterprise training program • Phase II: Beta test Enterprise Education Program w/multiple methods and Evaluate • Phase III: Final National Roll Out using most cost effective model

  25. Deliverables • Quarterly Status Updates • Final Business Plan & launch Phase II 12 months from approval • Pilot strategy report 10 days after beginning of Phase II • Metrics on overall effectiveness 12 months following Phase II beginning Phase II • Modified Program based on Phase II 12 months from beginning Phase II

  26. Phase III National Roll Out • Dependent on Phase II Results & metrics • Final Business Plan and Implimentation 10 days after contract signing Phase III • Quarterly Reports • Final Summary and Evaluation 36 months following beginning of National Roll Out

  27. Budget Phase I - Design and development of a comprehensive business plan • Integrates 2008 and 2009 ISA/ANSI Financial Risk Management Reports (50 Questions for corporate CFOs and Responses) into technical course development • Includes various management and direct costs • Projected cost - $300,000

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Promoting African Internet Economy Dawit Bekele Director, African Regional Bureau Internet

Promoting African Internet Economy Dawit Bekele Director, African Regional Bureau Internet

Promoting African Internet Economy Dawit Bekele Director, African Regional Bureau Internet Society 2 Introduction 1/3 rd of Africans have access to the Internet Contribution of Internet to the GDP: 1.1 Source: McKinsey Global

839 views • 10 slides
MANAGING THE GLOBAL INTERNET ECONOMY: Keio International Center for the A NEW CHALLENGE FOR THE

MANAGING THE GLOBAL INTERNET ECONOMY: Keio International Center for the A NEW CHALLENGE FOR THE

Jim Foster, Executive Director MANAGING THE GLOBAL INTERNET ECONOMY: Keio International Center for the A NEW CHALLENGE FOR THE US AND JAPAN internet & society WHAT IS THE INTERNET? A global technology without borders A distributed,

500 views • 11 slides
Attention Sovereignty. Attention Economy. Since the 2000s, internet companies like Google,

Attention Sovereignty. Attention Economy. Since the 2000s, internet companies like Google,

Attention Sovereignty. Attention Economy. Since the 2000s, internet companies like Google, Facebook or Twitter became the few 1 giants having the internet in their hands. A reason for that is their perfection in hook - ing us to their services.

274 views • 4 slides
Identifying core skills required for the digital economy: Internet of Things Prof. Dr. Anna

Identifying core skills required for the digital economy: Internet of Things Prof. Dr. Anna

Identifying core skills required for the digital economy: Internet of Things Prof. Dr. Anna Frster Sustainable Communication Networks University of Bremen Germany ITU-CBS, Santo Domingo, June 19 th 2018 Core Questions What is the Internet

135 views • 12 slides
Building Ventures for the Internet & Blockchain Economy Investo r P resenta tio n 8 M a

Building Ventures for the Internet & Blockchain Economy Investo r P resenta tio n 8 M a

Building Ventures for the Internet & Blockchain Economy Investo r P resenta tio n 8 M a y 2 0 1 8 Aus tra lia | Singa po re | M a la y s ia | UK | Sw eden Disc sclaimer The information contained in this document (this

490 views • 30 slides
THREE BREAKTHROUGHS POISED TO TRANSFORM THE US ECONOMY 1. Big data internet as a cloud

THREE BREAKTHROUGHS POISED TO TRANSFORM THE US ECONOMY 1. Big data internet as a cloud

JACK LEWIN, MD HON. FACC LEWIN AND ASSOCIATES HEALTH INNOVATION STRATEGIES LLC THREE BREAKTHROUGHS POISED TO TRANSFORM THE US ECONOMY 1. Big data internet as a cloud 2. Smart manufacturing materials science and supply chain

321 views • 15 slides
Mission ASDSW is a non-profit organization building the capacity of self-reliant partnerships to

Mission ASDSW is a non-profit organization building the capacity of self-reliant partnerships to

Mission ASDSW is a non-profit organization building the capacity of self-reliant partnerships to plan, implement and manage community-driven clean water and sanitation solutions through sustainable organizational strategies, WASH Education

606 views • 47 slides
AID AND SUPPORT NETWORK FOR AUTONOMOUS AND SELF- RELIANT LIVING FOR ELDERLY PEOPLE IN THE

AID AND SUPPORT NETWORK FOR AUTONOMOUS AND SELF- RELIANT LIVING FOR ELDERLY PEOPLE IN THE

AID AND SUPPORT NETWORK FOR AUTONOMOUS AND SELF- RELIANT LIVING FOR ELDERLY PEOPLE IN THE NEIGHBOURHOOD SPEAKERS: Maren Puttfarcken - TK Hamburg State Representative Office Ralf Zastrau - Albertinen-Haus GmbH in Hamburg, Centre for Geriatrics

486 views • 15 slides
What is a Mori enterprise? Economy An economy is a system Mori economy is What is an

What is a Mori enterprise? Economy An economy is a system Mori economy is What is an

What is a Mori enterprise? Economy An economy is a system Mori economy is What is an of actors (organisations, highly integrated economy? institutions, individuals withy the New etc) which interacts to Zealand economy produce

287 views • 16 slides
Macro- and Microscopic Analysis of the Internet Economy from Network Measurements Jakub Mikians

Macro- and Microscopic Analysis of the Internet Economy from Network Measurements Jakub Mikians

Introduction Macroscopic view: Interdomain Traffic Matrix Microscopic view: Price Discrimination Conclusions and Further Work Contributions Backup Macro- and Microscopic Analysis of the Internet Economy from Network Measurements Jakub Mikians

1.04k views • 78 slides
Public Goods, Bounded Attention Spans and Equilibrium in the Internet Economy John P. Conley

Public Goods, Bounded Attention Spans and Equilibrium in the Internet Economy John P. Conley

Public Goods, Bounded Attention Spans and Equilibrium in the Internet Economy John P. Conley Vanderbilt University Paul J. Healy Ohio State University SWET14 - Paris - June 2014 1 Introduction The only justification for thinking about

586 views • 43 slides
The global economy The global economy is currently in a state of Secular Stagnation. This

The global economy The global economy is currently in a state of Secular Stagnation. This

23/02/2016 How can the NI economy become more competitive in the 21st century global economy? Rob Gilles Professor of Economics Management School Queens University of Belfast The global economy The global economy is currently in a

370 views • 5 slides
1 2 Auditory processing is crucial because our learning is heavily reliant on auditory system---=

1 2 Auditory processing is crucial because our learning is heavily reliant on auditory system---=

1 2 Auditory processing is crucial because our learning is heavily reliant on auditory system---= think of how teachers teach from early age- talking, singing, etc. Auditory processing issues can be inherited, or acquired (e.g. by problems at

532 views • 41 slides
No Yes Do you use the Internet to do homework? Do you use the Internet to follow your

No Yes Do you use the Internet to do homework? Do you use the Internet to follow your

No Yes Do you use the Internet to do homework? Do you use the Internet to follow your favourite team? Do you use the internet to watch music videos? Do you use the Internet to read the news? Do you use the Internet to play games? Shared

997 views • 51 slides
10thWEST AFRICAN INTERNET GOVERNANCE FORUM (WAIGF 2018) BURKINA FASO TOPIC : Digital Economy and

10thWEST AFRICAN INTERNET GOVERNANCE FORUM (WAIGF 2018) BURKINA FASO TOPIC : Digital Economy and

10thWEST AFRICAN INTERNET GOVERNANCE FORUM (WAIGF 2018) BURKINA FASO TOPIC : Digital Economy and Blockchain Technology Dr. Steven Bassey (Ph.D., DTh, CPMA, CEH, CHFI, USLPI/CSM, EC Council Certified) Chair Subcommittee on Data Protection

866 views • 14 slides
PhysikClub Students Research Centre Understanding Science by doing self-reliant and independent

PhysikClub Students Research Centre Understanding Science by doing self-reliant and independent

PhysikClub Students Research Centre Understanding Science by doing self-reliant and independent research Part 1 Inquiry based learning IBL and the constructivist learning theory Learning is like exploring an undiscovered country Follow

562 views • 33 slides
TAC KBP 2016 Linguistic Resources: Event Arguments (EA), Event Nuggets (EN) and Belief/Sentiment

TAC KBP 2016 Linguistic Resources: Event Arguments (EA), Event Nuggets (EN) and Belief/Sentiment

TAC KBP 2016 Linguistic Resources: Event Arguments (EA), Event Nuggets (EN) and Belief/Sentiment (BeSt) Joe Ellis (presenter), Jennifer Tracey (presenter), Jeremy Getman, Zhiyi Song, Ann Bies, Stephanie Strassel Linguistic Data Consortium

433 views • 18 slides
Hardware Security Modules: Attacks and Secure Configuration Graham Steel Graham Steel April

Hardware Security Modules: Attacks and Secure Configuration Graham Steel Graham Steel April

Hardware Security Modules: Attacks and Secure Configuration Graham Steel Graham Steel April 2014 Graham Steel - HSM Attacks and Secure Configuration April 2014 - 2/ 56 Secure Hardware History Military: WW2 Enigma machines - captured

667 views • 56 slides
20 16 CEO Address to Shareholders B USINESS OVERVIEW Leading >1 million scans per

20 16 CEO Address to Shareholders B USINESS OVERVIEW Leading >1 million scans per

Integral Diagnostics Limited A NNUAL G ENERAL M EETING 20 16 CEO Address to Shareholders B USINESS OVERVIEW Leading >1 million scans per annum diagnostic Network of 45 sites including 13 hospital sites imaging 3 brands:

354 views • 23 slides
Agenda What is The Access Point? Integra3on of

Agenda What is The Access Point? Integra3on of

Agenda What is The Access Point? Integra3on of Coordinated Access to Suppor3ve Housing (CASH) and Access 1 What is Suppor3ve Housing?

359 views • 16 slides
CyberTruck Challenge 1 Connecting next generation talent with the heavy duty industry to keep

CyberTruck Challenge 1 Connecting next generation talent with the heavy duty industry to keep

CyberTruck Challenge 1 Connecting next generation talent with the heavy duty industry to keep vehicles secure. What is the CyberTruck Challenge? 2 A hands- on learning and active hacking event focused on trucks (Class 7 & 8) and

315 views • 16 slides
Integrating Device Registries and Innovative Tools for Enhanced Medical Device Evaluation and

Integrating Device Registries and Innovative Tools for Enhanced Medical Device Evaluation and

Integrating Device Registries and Innovative Tools for Enhanced Medical Device Evaluation and Tracking An Update to the IMDRF Management Committee September 2015 Scope Evaluate, compare & contrast current approaches to international

457 views • 11 slides
New Jersey Sustainable Business Program NJDEP Sustainable Business Initiative March 3, 2015 NJ

New Jersey Sustainable Business Program NJDEP Sustainable Business Initiative March 3, 2015 NJ

New Jersey Sustainable Business Program NJDEP Sustainable Business Initiative March 3, 2015 NJ Sustainable Business Program Two-prong program led by NJSBDC- aimed at helping small/mid-sized businesses start or expand sustainable

312 views • 6 slides
ECRF Conference 2018 Zvonko Obradovi 5 - 7 June / Gibraltar Serbian Business Registers Agency

ECRF Conference 2018 Zvonko Obradovi 5 - 7 June / Gibraltar Serbian Business Registers Agency

ECRF Conference 2018 Zvonko Obradovi 5 - 7 June / Gibraltar Serbian Business Registers Agency Governance, Rule of Law KEY REGIONAL and Prevention and Fight against Corruption ANALYTICS FOR Cross-border institutional connectivity

416 views • 7 slides

More recommend