...URE , SAFE T Y, AN D E N VIRON ME N T PROGRAM Cybersecurity Economic Issues Corporate Approaches and Challenges to Decisionmaking RAND RESEARCH AREAS THE ARTS CHILD POLICY CIVIL JUSTICE EDUCATION ENERGY AND ENVIRONMENT HEALTH AND HEALTH CARE INTERNATIONAL AFFAIRS NATIONAL SECURITY POPULATION AND AGING PUBLIC SAFETY SCIENCE AND TECHNOLOGY SUBSTANCE ABUSE TERRORISM AND HOMELAND SECURITY TRANSPORTATION AND INFRASTRUCTURE WORKFORCE AND WORKPLACE C ybersecurity economics is an emerging field. There is a significant need for better data, better understanding, and better methods for using resources wisely, not only to protect critical products and services but also to provide assurances that software will work as expected. In two articles, RAND senior scientist Shari Lawrence Pfleeger and her colleagues addressed these key cybersecurity concerns and identified how different types of companies or organizations perceive the importance of cybersecurity and make cybersecurity investment decisions. Abstract The emerging field of cybersecurity economics could benefit from better data, better understanding, and better methods for using resources wisely, not only to protect critical products and services but also to provide assurances that software will work as expected. This research brief presents findings that address these key cybersecurity concerns, perceptions of the importance of cybersecurity, and considerations for cybersecurity investment decisions. In particular, it suggests...
Words: 2167 - Pages: 9
...Emerging Cybersecurity Policies in the Federal Government Information Assurance Officer and Risk Management Analyst Department of Defense. Emerging Cybersecurity Policies in the Federal Government Information Assurance Officer and Risk Management Analyst Department of Defense. CSEC 655 UMUC Individual Assignment 1 September 16, 2014 CSEC 655 UMUC Individual Assignment 1 September 16, 2014 Table of Contents Emerging Cybersecurity Policies in the Federal Government 3 Emerging Policies and Practices 4 Defense in Depth (DID) 5 Security Risk Frameworks 6 Test Driven Development 8 Business Service Frameworks 9 Acceptance and Preparation for Failure 11 The Federal Government and these Emerging Policies and Practices 13 The Feds and Defense in Depth 14 The Feds and Security Risk Frameworks 14 The Feds and Test Driven Development 16 The Feds and Business Service Frameworks 17 The Feds and Acceptance and Preparation for Failure 19 How could the Feds continue to improve 20 References 22 Emerging Cybersecurity Policies in the Federal Government One of the largest and most important enterprises there is to protect in the cyber security realm are the various networks that make up the federal government. This massive undertaking to secure the systems, networks, and data of the various governmental agencies is a never ending uphill battle. The requirements of the federal government enterprise to be globally far reaching, as well...
Words: 6354 - Pages: 26
...Challenges Facing the Finance Industry This paper will explore three problems facing the finance industry. Those problems include cybersecurity, compliance with regulation, and risk management. Three solutions will also be addressed later in this paper. 1 When one thinks about the finance industry, banks, credit agencies, insurance companies, and equity firms may come to mind. Over the years financial institutions have not been up to par. With the financial crisis that happened in 2008, the world is still recovering and paying high taxes for the amount of debt that it acquired. As a result of that crisis, the financial industry faces challenges that include cybersecurity, complying with regulation, and risk management. Although the industry faces these challenges, there are solutions that can make things operate smoother. One of the finance industries biggest challenge this year is cybersecurity. According to Hewitt, “The potential hacking of sensitive customer information is a top threat facing the financial industry in 2014.” Technology is vastly changing, and more people are beginning to use different softwares to handle the financial side of the business. With technology evolving, hackers are getting more experienced, and cyber-attacks are beginning to occur more frequently and more wide spread than they have been in the past. According to Rodriguez, “As the cost of technology decreases, the barriers to entry for cybercrime drop, making it easier...
Words: 2377 - Pages: 10
...Cybersecurity and U.S.-China Relations 网络安全与美中关系 Kenneth Lieberthal and Peter W. Singer 李侃如,彼得. W. 辛格 Cybersecurity and U.S.-China Relations 网络安全与美中关系 Kenneth Lieberthal and Peter W. Singer 李侃如,彼得. W. 辛格 February 2012 Authors’ Note F or the last year, the John L. Thornton China Center and the 21st Century Defense Initiative at Brookings have convened a working group on cybersecurity and U.S.-China relations, which the two authors organized and co-chaired. The research was motivated by our sense that: 1) the many policy issues involved in cybersecurity, especially in its impact on foreign relations, were already significant and would grow rapidly in importance in the coming years; 2) that such issues, if not well managed, could provide a major source of international friction, especially in U.S.-China relations; and 3) the newness of the field added a particularly complicating factor, making cybersecurity one of the most important but least understood emerging flashpoints in global security. A key aspect of the effort was to convene several dozen knowledgeable Americans from both the private and public sector, including the civilian government, military, corporate, think tank, and university communities. With such dynamic and fast-changing events playing out, the Brookings project not only sought to study the key issues in cybersecurity and how they impact U.S.-China relations, but also to break down some of the organizational and bureaucratic stovepipes that have limited...
Words: 17963 - Pages: 72
...Department of Defense INSTRUCTION NUMBER 8500.01 March 14, 2014 DoD CIO SUBJECT: Cybersecurity References: See Enclosure 1 1. PURPOSE. This instruction: a. Reissues and renames DoD Directive (DoDD) 8500.01E (Reference (a)) as a DoD Instruction (DoDI) pursuant to the authority in DoDD 5144.02 (Reference (b)) to establish a DoD cybersecurity program to protect and defend DoD information and information technology (IT). b. Incorporates and cancels DoDI 8500.02 (Reference (c)), DoDD C-5200.19 (Reference (d)), DoDI 8552.01 (Reference (e)), Assistant Secretary of Defense for Networks and Information Integration (ASD(NII))/DoD Chief Information Officer (DoD CIO) Memorandums (References (f) through (k)), and Directive-type Memorandum (DTM) 08-060 (Reference (l)). c. Establishes the positions of DoD principal authorizing official (PAO) (formerly known as principal accrediting authority) and the DoD Senior Information Security Officer (SISO) (formerly known as the Senior Information Assurance Officer) and continues the DoD Information Security Risk Management Committee (DoD ISRMC) (formerly known as the Defense Information Systems Network (DISN)/Global Information Grid (GIG) Flag Panel). d. Adopts the term “cybersecurity” as it is defined in National Security Presidential Directive-54/Homeland Security Presidential Directive-23 (Reference (m)) to be used throughout DoD instead of the term “information assurance (IA).” 2. APPLICABILITY a. This instruction applies to: (1) OSD, the...
Words: 19443 - Pages: 78
...unauthorized access, change or destruction and the process of applying security measures to ensure confidentiality, integrity, and availability of data both in transit and at rest. There are the various elements of the cyber security which are as: 1. Application Security 2. Information Security 3. Network Security 4. Mobile Security 5. Internet Security 6. Cyberwarfare One of the most problematic elements of cybersecurity is the quickly and constantly evolving nature of security risks. The traditional approach has been to focus most resources on the most crucial system components and protect against the biggest known threats, which necessitated leaving some less important system components undefended and some less dangerous risks not protected. "The threat is advancing quicker than we can keep up with it. The threat changes faster than our idea of the risk. It's no longer possible to write a large white paper about the risk to a particular system. You would be rewriting the white paper constantly..." http://whatis.techtarget.com/definition/cybersecurity Cyberspace Cyberspace is a worldwide network of computers and the equipment that connects them, which by its very design is free and open to the public. As Stanley Konter, CEO of Savannah's Sabre...
Words: 3559 - Pages: 15
...Title: IBM and The Emerging Cloud-Computing Industry Case Study Analysis Introduction The character of a company -- the stamp it puts on its products, services and the marketplace -is shaped and defined over time. It evolves. It deepens. It is expressed in an ever-changing corporate culture, in transformational strategies, and in new and compelling offerings for customers. Those are the words that start the chronological history on the IBM website [1]. I couldn’t agree anymore with that statement. I am often very fascinated by the evolvement of technology stories I get to hear quiet often from my fellow senior coworkers. One of the stories I enjoy is about the large IBM370 computer my workplace once owned in 1970’s. From my understanding it occupied a whole room and it required several people to operate. That was less than a half century ago. Today the smart phone’s memory is much higher than that computer. For my time what I could relate to, is the floppy disk which of course is obsolete today. I am sure my kids will be fascinated by the floppy disk someday just like I get fascinated by circular slide rule that predated the calculator era. In place of floppy disks or another external memory, in the cyber world today, cloud computing is taking place of all those external memories. IBM website defines Cloud computing as, the delivery of on-demand computing resources everything from applications to data centers over the Internet on a pay-for-use basis [1]. Background...
Words: 1835 - Pages: 8
...Federal Information Systems and Organizations has been approved as final. To view the full announcement of document release. {Apr. 29, 2013} -- The FISMA Standard / Publication schedule has been updated. Click here to view updated schedule of FISMA documents. {Jan. 18, 2013} – NIST anticipates the release of Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal information Systems and Organizations (Final Public Draft) on Tuesday, February 5th. The final public comment period will run from February 5th through March 1st. Final publication is expected by the end of April. {Nov. 8, 2012} -- Links to keynote presentations on Emerging Risk Management and Cyber Security Strategies are available at: Continuous Monitoring – FCW Executive Briefing Cybersecurity 2013 – Security Management Strategies Keynote Presentation by Dr. Ron Ross and Risk Management – Managing the Problem ITSAF 2012 Closing Remarks by Dr. Ron Ross {July 24, 2012} -- Article by Dr. Ron Ross, What Continuous Monitoring Really Means, posted July 24, 2012 in FedTech magazine MORE...
Words: 599 - Pages: 3
...Guidelines for Secure Use of Social Media by Federal Departments and Agencies Information Security and Identity Management Committee (ISIMC) Network and Infrastructure Security Subcommittee (NISSC) Web 2.0 Security Working Group (W20SWG) Version 1.0 September 2009 This document is publicly releasable Intended Audience This document is intended as guidance for any federal agency that uses social media services to collaborate and communicate among employees, partners, other federal agencies, and the public. Note: The Federal CIO Council does not endorse the use or imply preference for any vendor commercial products or services mentioned in this document. Guidelines for Secure Use of Social Media by Federal Departments and Agencies Page 2 TABLE OF CONTENTS INTENDED AUDIENCE............................................................................................................................................2 REVISION HISTORY ................................................................................................................................................4 ACKNOWLEDGEMENTS ........................................................................................................................................5 EXECUTIVE SUMMARY .........................................................................................................................................6 RISKS ......................................................
Words: 7347 - Pages: 30
...ADAPTIVE RISK MANAGEMENT SYSTEM (ARMS) FOR CRITICAL INFRASTRUCTURE PROTECTION Mihaela Ulieru and Paul Worthington Emergent Information Systems Laboratory The University of Calgary Ulieru@ucalgary.ca http://www.enel.ucalgary.ca/People/Ulieru/ Abstract The purpose of this work is to develop an adaptive risk management framework capable to prevent, identify and respond in critical time to threats. Our focus is on protecting critical infrastructure (e.g. public utilities) which vitally depends on network and information security. As solution we propose a holonic Cybersecurity system that unfolds into an emergency response management infrastructure capable to react in due time to unknown and new kinds of attacks/threats. The system can adapt to its changing environment through its self-organizing capability. Mimicking the way immunity works in biological organisms the system can dynamically adapt to embrace new risk situations and can dynamically create and learn new risk models as it encounters new risk situations. Keywords. Risk management, holonic, self-organization, multi-agent systems. 1. Rationale During the emergency response to the September 11, 2001 attack on the World Trade Centre, emergency response commanders on the scene were unable to communicate to ‘911’ Public Service Access Points (PSAP) that people should evacuate the building. As a result, PSAP operators complied with New York City’s standard operating procedure for hi-rise fires and advised...
Words: 8296 - Pages: 34
...IA1 – EVALUATION OF THE GLOBAL IMPACT OF THE ESTONIA CYBER EVENT Sherquita Tucker CSEC655 Section 9041 Table of Contents 1. Introduction 3 2. Background and Global Impact 4 3. Vulnerabilities in Cybersecurity Policy and Practices 5 4. Advantages of Reducing Vulnerabilities for Future Attacks 8 5. Disadvantages of Reducing Vulnerabilities for Future Attacks 8 6. Advantages of Improving Security Practices or Policies 9 7. Disadvantages of Improving Security Practices or Policies 10 8. Summary and Conclusion 12 References 14 IA1 – Evaluation of the Global Impact of the Estonia Cyber Event 1. Introduction What if suddenly the safety systems of nuclear power plants unexpectedly malfunctioned, or suddenly floods of water was released atop a neighboring community due to a malfunctioning of the control systems of a major dam, or air traffic control systems of major airports was to suddenly render inoperable, or business transactions of stock exchanges or major banks stopped or vanished ? Even worse, what if it all occurred instantaneously? Would this be an idea behind a new movie thriller, or the realism of cyber war in the twenty-first century? The notation of the using computing and networking systems as an alternative method to the traditional terrorist attacks has always been a major concern. In the early 1990s, since the public debut of the Internet, not all consumers have used cyberspace with peaceful intent. This is particularly...
Words: 3346 - Pages: 14
...E-SECURITY REVIEW 2008 Submission from Microsoft Australia Introduction Microsoft Australia welcomes the opportunity to participate through this Submission in the Whole-of Government Review of E-Security. A periodic review of the E-Security framework, in light of the quickly evolving threat landscape, is both timely and appropriate. Over the last thirty years there have been dramatic advances in information technology - the development of the microprocessor, the rise of the personal computer, the emergence of the Internet - which have revolutionised the way information is created, stored, shared, and used. Today, powerful, affordable and diverse devices, together with expanding broadband networks, create a powerful opportunity for connectivity for individuals and communities. Over the past two decades, rapid advances in software, IT services, and communications have enabled many traditionally separate and disparate infrastructures and business operations to become more connected. Through this connectivity virtually every aspect of society has experienced a transformation. Businesses and governments have been able to manage and streamline their operations. Individuals have been offered ready access to multiple sources of information thereby expanding knowledge and choice. Across every field of endeavour – commercial, social, scientific and philanthropic – the power of information has been increased and the transaction costs of engagement have been lowered. Our broad reliance...
Words: 13936 - Pages: 56
...HE, President Mwai Kibaki, presides over the official ground breaking of Konza Technology City. January 2013 2 0 1 7 1 2 Hon. Samuel L.Poghisio, EGH, MP Minister for Information and Communications Minister’s Statement Access to information is crucial to economic growth. Information and communications technology offer a powerful tool that, if deployed equitably, can ensure citizens are empowered and Government can deliver services more effectively. Information is vital for the efficient delivery of public and private sector product and services that are responsive to the needs of citizens and businesses as well as capacity creation. For a variety of reasons (economic and policy), developing countries like Kenya are less equipped to take advantage of the potential in ICT to stimulate growth, and are likely to fall behind advanced economies. The Kenya ICT Master Plan is therefore not designed in isolation, given that there is evidence from developed countries that investment in ICT facilitates economic growth by increasing productivity. As the Kenya Government ensures an enabling ICT environment and regulatory framework, this plan aims at stimulating the setup of ICT-related businesses to enhance employment creation. At the heart of this document is a strategic intent to develop a robust ICT sector that will enhance economic growth through creation of businesses and hence employment. In the execution of this plan, Kenya will become a leading ICT hub...
Words: 4766 - Pages: 20
...Information Technology Public Policy and Technology Name SCHOOL DATE Information Technology: Public Policy and Technology The new U.S. president is counting on technology to help realize his key agenda items. Government policymakers and business leaders also need to consider foundational technology and public policy issues, such as privacy, identity, architecture and the impact of Web 2.0. E-Governments is the future of any nation and as soon as Government moves towards Internet, the internal operations will be faster. More and More Governments are moving towards cloud computing and Web 2.0 service to implement public policy today. The biggest challenge in this is data security and maintaining the integrity of the data. This is one of the most difficult and important task to do. This is the biggest challenge for the governments all over the world. The last time that research houses published a special report on how technology would affect public policy and vice versa in the U.S. was during the aftermath of the 2000 presidential election. That report led to other special reports on the relationship of technology and public policy in other parts of the world. In those reports, we were optimistic about the prospects of technology's enablement of the public policy, including streamlining government in much the same way that IT has helped to improve efficiency in the private sector, and the prospects for the public's involvement in rule making and legislation. Our predictions...
Words: 1589 - Pages: 7
...Russian Patriotic Hacking During Operation Allied Force Introduction. With the increasing number of cyberattacks, many security professionals are greatly troubled by the real threat to the information technology infrastructure in the United States. While safeguarding information has been a major issue for the private and public sectors since the beginning of the computer era, the increased level of concern over the most recent attacks has resulted in devoting more resources to combat this threat. This paper analyzes numerous cyberattacks by Russian computer enthusiast group Chaos Hackers Crew and other hacktivists during Operation Allied Force in 1999, that included taking down and defacing various NATO and US Government websites, several successful virus propagation attempts on military servers and countless spamming storms. This particular case raises curious questions about the legal definition of term cyberconflict itself, magnitude of the damage from a potential cyberattack on U.S. Government by terrorists and the level of preparedness of key military and intelligence units for the cyberwar. The cyberterrorism threat is real, however it’s essential to recognize that preserving the state of continuous distress over computer vulnerabilities can be profitable. Based on this research, cultural differences play a huge role in the world of computer hackers who decide what entity to attack and how, also the scale of a cyberattack doesn’t matter as economic damage can be devastating...
Words: 8586 - Pages: 35
