The Internet Security Alliance The Internet Security Alliance is a - - PowerPoint PPT Presentation

the internet security alliance
SMART_READER_LITE
LIVE PREVIEW

The Internet Security Alliance The Internet Security Alliance is a - - PowerPoint PPT Presentation

May 10, 2023 190 likes •299 views

The Internet Security Alliance The Internet Security Alliance is a collaborative effort between Carnegie Mellon Universitys Software Engineering Institute (SEI) and its CERT Coordination Center (CERT/CC) and the Electronic Industries Alliance

slide-1
SLIDE 1

The Internet Security Alliance

The Internet Security Alliance is a collaborative effort between Carnegie Mellon University’s Software Engineering Institute (SEI) and its CERT Coordination Center (CERT/CC) and the Electronic Industries Alliance (EIA), a federation of trade associations with

  • ver 2,500 members.
slide-2
SLIDE 2

Sponsors

slide-3
SLIDE 3

National Infrastructure Protection Plan 2.0(NIPP)

  • GOAL: Protect v terrorist attack and enable

national preparedness, timely response and rapid recovery.

  • THREE KEY PRINCIPLES
  • Building Security Partnerships
  • Implementing Risk Reduction Program
  • Maximizing Efficient Use of Resources
slide-4
SLIDE 4

Organizing & Partnering for CI/KR Protection

  • Homeland Security Act and Homeland Security

Directive 7 (HSPD-7) provide DHS with authority and responsibility to work with private sector on securing Critical Infrastructure (CI) and Key Resources (KR) through partnerships

  • Sector Coordinating Councils (SCCs) each Sector is

to create one to define planning and coordination for prevention and response

slide-5
SLIDE 5

Key Elements of the NIPP

  • National Awareness—to build support
  • Education and Training of workforce
  • R & D to lower costs improve capabilities
  • Building and Maintaining data bases and risk

management systems

  • Continuously Improve plans and activities based on

feedback and research

slide-6
SLIDE 6

NIPP Private Sector Responsibilities

  • Be aware of their systems vulnerabilities & not allowing

their system to be used in an attack

  • Reviewing and exercising continuity plans
  • Active involvement in industry information sharing programs
  • Evaluate Your System by:
  • Conducting audits
  • Participate in info share and Best Practices
  • Develop continuity plans w/ off-site equipment
slide-7
SLIDE 7

NIPP Private Sector Responsibilities (Cont.)

  • Promote instillation and implementation of security

by:

  • Increasing user awareness
  • Consider ease of use in system procurement
  • Promote industry guidelines and best practices that

support such efforts

slide-8
SLIDE 8

ISA Programs to Assist

  • PUBLIC POLICY
  • Chaired National Cyber Security Partnership

Private Sector Retreat (Wye II) to develop interim agenda

  • Information Sharing
  • Roles and Responsibilities
  • Incentive development
slide-9
SLIDE 9

Incentives

  • Procurement as an incentive to security
  • Use of Contracts to expand security
  • Build insurance discounts into best practices
  • Create civil liability benefits for good actors
  • Establish Vulnerability Markets
  • Semi-Tech R & D Program on Security
slide-10
SLIDE 10

ISA Services

  • Brief Congress each Quarter
  • Daily Information Sharing on threats vulnerabilities

and incidents

  • Weekly CMU webinars on technical, business and

security trends

  • Quarterly Reports on “Hot Issues” (Audit costs,

Privacy, Insider Threats etc.)

  • “Qualified Member” Program