discussion thread and discuss how the types of threats discussed in the article could impact our economy, and how implementing Commonality

Attacks on our national infrastructure are already happening. And the expectation is that they will continue to increase at an accelerated rate. For this week’s discussion, we’ll cover threats to our nation’s pipelines. To get started, read this article:

https://www.eenews.net/stories/1060054924

After reading the article, start a discussion thread and discuss how the types of threats discussed in the article could impact our economy, and how implementing Commonality (as discussed in chapter 5) could help mitigate these threats.

Copyright © 2012, Elsevier Inc. All Rights Reserved

Chapter 5

Commonality

Cyber Attacks

Protecting National Infrastructure, 1st ed.

‹#›

‹#›

The University of Adelaide, School of Computer Science

2 June 2019

Chapter 2 — Instructions: Language of the Computer

1

Certain security attributes must be present in all aspects and areas of national infrastructure to ensure maximum resilience against attack

Best practices, standards, and audits establish a low-water mark for all relevant organizations

Audits must be both meaningful and measurable

Often the most measurable things aren’t all that meaningful

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 5 – Commonality

Introduction

‹#›

The University of Adelaide, School of Computer Science

2 June 2019

Chapter 2 — Instructions: Language of the Computer

2

Common security-related best practice standards

Federal Information Security Management Act (FISMA)

Health Insurance Portability and Accountability Act (HIPAA)

Payment Card Industry Data Security Standard (PCI DSS)

ISO/IEC 27000 Standard (ISO27K)

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 5 – Commonality

Introduction

‹#›

The University of Adelaide, School of Computer Science

2 June 2019

Chapter 2 — Instructions: Language of the Computer

3

Fig. 5.1 – Illustrative security audits for two organizations

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 5 – Commonality

‹#›

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 5 – Commonality

Fig. 5.2 – Relationship between meaningful and measurable requirements

‹#›

The primary motivation for proper infrastructure protection should be success based and economic

Not the audit score

Security of critical components relies on

Step #1: Standard audit

Step #2: World-class focus

Sometimes security audit standards and best practices proven through experience are in conflict

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 5 – Commonality

Meaningful Best Practices for Infrastructure Protection

‹#›

The University of Adelaide, School of Computer Science

2 June 2019

Chapter 2 — Instructions: Language of the Computer

6

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 5 – Commonality

Fig. 5.3 – Methodology to achieve world-class infrastructure protection practices

‹#›

Four basic security policy considerations are recommended

Enforceable: Policies without enforcement are not valuable

Small: Keep it simple and current

Online: Policy info needs to be online and searchable

Inclusive: Good policy requires analysis in order to include computing and networking elements in the local nat’l infrastructure environment

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 5 – Commonality

Locally Relevant and Appropriate Security Policy

‹#›

The University of Adelaide, School of Computer Science

2 June 2019

Chapter 2 — Instructions: Language of the Computer

8

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 5 – Commonality

Fig. 5.4 – Decision process for security policy analysis

‹#›

Create an organizational culture of security protection

Culture of security is one where standard operating procedures provide a secure environment

Ideal environment marries creativity and interest in new technologies with caution and a healthy aversion to risk

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 5 – Commonality

Culture of Security Protection

‹#›

The University of Adelaide, School of Computer Science

2 June 2019

Chapter 2 — Instructions: Language of the Computer

10

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 5 – Commonality

Fig. 5.5 – Spectrum of organizational culture of security options

‹#›

Organizations should be explicitly committed to infrastructure simplification

Common problems found in design and operation of national infrastructure

Lack of generalization

Clouding the obvious

Stream-of-consciousness design

Nonuniformity

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 5 – Commonality

Infrastructure Simplification

‹#›

The University of Adelaide, School of Computer Science

2 June 2019

Chapter 2 — Instructions: Language of the Computer

12

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 5 – Commonality

Fig. 5.6 – Sample cluttered engineering chart

‹#›

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 5 – Commonality

Fig. 5.7 – Simplified engineering chart

‹#›

How to simplify a national infrastructure environment

Reduce its size

Generalize concepts

Clean interfaces

Highlight patterns

Reduce clutter

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 5 – Commonality

Infrastructure Simplification

‹#›

The University of Adelaide, School of Computer Science

2 June 2019

Chapter 2 — Instructions: Language of the Computer

15

Key decision-makers need certification and education programs

Hundred percent end-user awareness is impractical; instead focus on improving security competence of decision-makers

Senior Managers

Designers and developers

Administrators

Security team members

Create low-cost, high-return activities to certify and educate end users

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 5 – Commonality

Certification and Education

‹#›

The University of Adelaide, School of Computer Science

2 June 2019

Chapter 2 — Instructions: Language of the Computer

16

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 5 – Commonality

Fig. 5.8 – Return on investment (ROI) trends for security education

‹#›

Create and establish career paths and reward structures for security professionals

These elements should be present in national infrastructure environments

Attractive salaries

Career paths

Senior managers

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 5 – Commonality

Career Path and Reward Structure

‹#›

The University of Adelaide, School of Computer Science

2 June 2019

Chapter 2 — Instructions: Language of the Computer

18

Companies and agencies being considered for national infrastructure work should be required to demonstrate past practice in live security incidents

Companies and agencies must do a better job of managing their inventory of live incidents

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 5 – Commonality

Responsible Past Security Practice

‹#›

The University of Adelaide, School of Computer Science

2 June 2019

Chapter 2 — Instructions: Language of the Computer

19

Companies and agencies being considered for national infrastructure work should provide evidence of the following past practices

Past damage

Past prevention

Past response

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 5 – Commonality

Responsible Past Security Practice

‹#›

The University of Adelaide, School of Computer Science

2 June 2019

Chapter 2 — Instructions: Language of the Computer

20

A national commonality plan involves balancing the following concerns

Plethora of existing standards

Low-water mark versus world class

Existing commissions and boards

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 5 – Commonality

National Commonality Program

‹#›

The University of Adelaide, School of Computer Science

2 June 2019

Chapter 2 — Instructions: Language of the Computer

21

“Get 15% discount on your first 3 orders with us”
Use the following coupon
FIRST15

Order Now