1 / 13

Information Security: It’s Everyone’s Business

Information Security: It’s Everyone’s Business. September 16, 2003 Greg Garcia, Vice President, Information Security ITAA. Information Security: It’s Everyone’s Business. About ITAA National 450+ Member Company Association Leading Corporate Names in IT Established in 1961

ivie
Download Presentation

Information Security: It’s Everyone’s Business

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security: It’s Everyone’s Business September 16, 2003 Greg Garcia, Vice President, Information SecurityITAA

  2. Information Security: It’s Everyone’s Business • About ITAA • National 450+ Member Company Association • Leading Corporate Names in IT • Established in 1961 • Leader in Public Policy Advocacy, Business Development, Networking Programs • Capitol Hill and White House Liaisons • 200 Member-Driven InfoSec Committee • DC and West Coast Offices

  3. Information Security: It’s Everyone’s Business A Brief History of Time – Cyber Attacks Increase • Denial of Service Attacks in 2000…. • …Spurred implementation of PDD 63 and establishment of sector coordinators (ITAA) • More attacks from Anna Kournikova, ILoveYou virus, Code Red, NIMDA • Cyber security makes its way onto the nation’s radar (and computer) screens

  4. Information Security: It’s Everyone’s Business A Brief History of Time – Government Focuses • 2002-03, White House releases National Strategy to Secure Cyberspace with 5 priorities: • National Cyberspace Security Response System • Threat and Vulnerability Reduction Program • Awareness and Training Program • Securing Governments’ Cyberspace • National Security and International Cyberspace Security Cooperation Included creation of Cyber Security “Czar”, which ITAA began advocating in 1999 Public/Private Partnership is Overriding Theme as 85% of the network is owned and operated by private enterprise

  5. Information Security: It’s Everyone’s Business A Brief History of Time – Government Focuses • …After Cyber Security leadership left the White House, the National Strategy was in suspended animation without someone in charge to implement it • Physical security wasn’t enough; no physical security without cyber security • At urgings of ITAA, and many inside government, Homeland Security Department created the National Cyber Security Division within IAIP • New NCSD Director, Amit Yoran, will have large job surmounting bureaucratic obstacles, but ITAA committed to helping make it work

  6. Information Security: It’s Everyone’s Business A Brief History of Time – NCSD Mission Defined • Identify risks and vulnerabilities, and coordinate with the private sector • Oversee a consolidated “war room” Cyber Security Tracking, Analysis, & Response Center (CSTARC) for advance warning and incident response coordination with federal, state, local, private sector and international partners; • CSTARC absorbed into new “U.S. CERT” announced September 15, 2003 • Help build cyber security awareness and education programs and partnerships with consumers, businesses, governments, academia, and international communities.

  7. Information Security: It’s Everyone’s Business Costs of Cyber Security Breaches are Real • CERT reports more than 76,000 incidents in the first half of 2003, almost as many as the 82,000 reported in all of 2002 • CSI/FBI 2003 report found 75% of respondents with financial losses • $202 million in losses for those reporting • Proprietary information losses over $70 million • Denial of Service losses pegged at $65 million • But still no good national metrics exist for evaluating our readiness and measuring improvement

  8. Information Security: It’s Everyone’s Business What We Do About It Information Sharing is Paramount… • within the company: training and awareness; e.g., ITAA I–ACERT Online Awareness Test • Within the industry: ISAC’s • Across industries: Partnership for Critical Infrastructure Protection – (PCIS) • With government and law enforcement: FOIA exemption helps • Internationally: OECD Guidelines

  9. Information Security: It’s Everyone’s Business What We Do About It • Private Sector Response Must Adapt and Mobilize • Without action, government mandates will result • CA – Identity Theft Law is a good example • Government is watching private sector leadership and action • Develop infosec metrics and constantly review our progress

  10. Information Security: It’s Everyone’s Business What ITAA is Doing About Itwww.itaa.org/infosec • Established Information Security Committee in 1997 • PDD 63 Sector Coordinator • “National Strategy to Secure Cyberspace” • “The Long Campaign: Information Assurance in the Age of Cyber Terror” • Information Assurance in the States and Other National and Regional Events • IT Information Sharing and Analysis co-founder and partner, www.it-isac.org • Founding Sponsor, National Cyber Safety Alliance • CyberCitizen -- www.cybercitizenship.org • Founder and Board Member, PCIS • Created “I-ACERT”, an online information security awareness test – “for the rest of us” • Building a National Information Security Metrics Survey to Determine a Baseline, Measure Progress, and Inform Public Policy and Investment

  11. Information Security: It’s Everyone’s Business • What Government Can Do About It • Strengthen Infosec requirements and accountability • Fund and Spend on Infosec in DHS and Elsewhere • Implement National Plan • Defend FOIA Exemption • Implement Safety Act Regulations

  12. Information Security: It’s Everyone’s Business • Going Forward … • The Challenges are Many • Industry and Government are Stepping Up, but… • More Can Be Done • Collaboration is Key • Need to solidify the “culture of security”

  13. Thank You! To Follow Up… Greg Garcia Vice President, Information Security ITAA703-284-5357 Ggarcia@itaa.org

More Related