resilience via measurement
play

Resilience via Measurement Mike Lloyd, CTO Presentation at 9 th - PowerPoint PPT Presentation

Jan 15, 2024 •336 likes •462 views

Resilience via Measurement Mike Lloyd, CTO Presentation at 9 th Workshop on Internet Economics Problem to Address: Lack of Digital Resilience Breaches are all too common Marriott is just the latest 500 million customers affected

  1. Resilience via Measurement Mike Lloyd, CTO Presentation at 9 th Workshop on Internet Economics

  2. Problem to Address: Lack of Digital Resilience • Breaches are all too common • Marriott is just the latest • 500 million customers affected • Open Question: are breaches getting worse? • Some signs say “not really” • Measure them like earthquakes? • Log scale, annual hazard rate

  3. Root Cause: Complexity • We know a great deal about making elements secure • Checklists, frameworks, hardening guides • We know people do not follow all this advice • Cost? Time? Attention? Scale? • Every network has an error rate • Networks cause complex interactions • Creates fragile systems

  4. Everyday Hard Decisions • Defenders can’t tell where to focus: 1. Hardening elements 2. Understanding networked dependencies 3. Launching new control or tech 4. Improving process or training 5. Connecting security to other objectives • Need better ways to prioritize • Could we ever tell we’ve done enough?

  5. Where Resilience Gets Lost Central Nervous System Business • GRC • Qualitative Systems Business Units Assessments Maps Zones Networks Networks Neurons Applications • Hardening Rules Synapses Software • Checklists Molecules Hardware

  6. Policy Goals, worst to best Regulation is here Vendors (like me) are here Open space for: Research Insurance

  7. A Simple Three-Step Plan 1. Measure defensive posture 2. Gather breach records 3. Correlate How hard can it be?

  8. Insurance – on a Parallel Track • Insurers have one massive asset • Claims data, as a proxy for breach data • Similar goals, but: • Not keen on disclosure • Focused on insurable events • Two major measurement problems • Resilience of one organization • “Non-smokers discount” • Portfolio correlation risk • Monoculture, group-think, systemic risk • Open space for research?

  9. Measurement Problem: Easy vs Good • Outside measurement is easy, but … • No visibility of internal processes or readiness • Often looks at “proxies” of security • e.g., expired certs, not actual attack pathways • Does it drive the wrong behavior? • Imagine insuring a building against fire, based on a photo across the street • Inside measurement is great, but … • Invasive; requires permission • Not easily shared/compared • Vendors (like me) do this in proprietary ways

  10. WIE Goals 1. Policy goal • Improving digital resilience 2. Data needed to measure progress: • How well secured are real networks? • What is the hazard rate? 3. Methods: • Compare inside vs outside measurements • Establish hazard rates from public sources 4. Who/how • Good question …

  11. Discussion Areas • Context for sharing of risk measurements • Anonymized? But how would we correlate against breach reports? • Every company wants comparison to peer groups • Can we extract “group X commonly does Y, hazard rate R”? • Establish true hazard rates • Are breaches getting more/less common? • More disclosure, more better • How to correlate • Indicator variables: “I bought tech X” or “adopted framework Y” • Don’t we need to study whether it was used sensibly/effectively? • Does shelfware indicate anything?

  12. Thank you.

Recommend

Resilience and Resilience Capacities Measurement Options November 8, 2018 at 9:00 10:30 am ET

Resilience and Resilience Capacities Measurement Options November 8, 2018 at 9:00 10:30 am ET

Resilience and Resilience Capacities Measurement Options November 8, 2018 at 9:00 10:30 am ET Agenda T witter info: Welcome Remarks @USAID @REAL_Award Introduction @USAIDFFP @FeedtheFuture Overview of Measurement Options @TANGOInt

538 views • 28 slides
Empirical Requirements of Resilience Measurement Focus on Shocks and Stressors Mark A. Constas

Empirical Requirements of Resilience Measurement Focus on Shocks and Stressors Mark A. Constas

Empirical Requirements of Resilience Measurement Focus on Shocks and Stressors Mark A. Constas Applied Economics and Policy Cornell University Presented at the USAID Evidence Forum on Resilience October 2, 2017 Washington D.C. Background

178 views • 14 slides
resilience Professor Kate Thomas c.p.thomas@bham.ac.uk What is resilience? Resilience is the

resilience Professor Kate Thomas c.p.thomas@bham.ac.uk What is resilience? Resilience is the

How to improve our resilience Professor Kate Thomas c.p.thomas@bham.ac.uk What is resilience? Resilience is the process of adapting well in the face of adversity, trauma, tragedy, threats or significant sources of stress Resilience is

287 views • 9 slides
Measurement There are two main systems of measurement: - The English system

Measurement There are two main systems of measurement: - The English system

4 - 1 Introduction Measurement is finding a number that shows the size or amount of something. Measurement is done using measuring tools. Measurement There are two main systems of measurement: - The

438 views • 4 slides
Do Now: Resilience 1. Create a Circle Map for resilience. 2. Look at the pictures. What

Do Now: Resilience 1. Create a Circle Map for resilience. 2. Look at the pictures. What

Do Now: Resilience 1. Create a Circle Map for resilience. 2. Look at the pictures. What do you think resilience means? 3. Write your ideas in a Circle Map. Unit 3 Stories of Resilience 1. Write your definition of Resilience is...

455 views • 6 slides
Developing Resilience Parent Council Meeting What is resilience . Resilience is the ability to

Developing Resilience Parent Council Meeting What is resilience . Resilience is the ability to

Developing Resilience Parent Council Meeting What is resilience . Resilience is the ability to bounce back after something negative like a tough situation or difficult time and then get back to feeling just about as good as you felt

517 views • 12 slides
How do we assess resilience? Paul Ryan, Australian Resilience Centre Allyson Quinlan, Resilience

How do we assess resilience? Paul Ryan, Australian Resilience Centre Allyson Quinlan, Resilience

How do we assess resilience? Paul Ryan, Australian Resilience Centre Allyson Quinlan, Resilience Alliance Introduction q Presenters q Structure of this weeks session q Overview (Paul) Conceptual framing Overview of resilience assessment

644 views • 26 slides
SAME Resilience Webinar Dedicated to National Security Since 1920 JETC Resilience Program Wed, 23

SAME Resilience Webinar Dedicated to National Security Since 1920 JETC Resilience Program Wed, 23

SAME Resilience Webinar Dedicated to National Security Since 1920 JETC Resilience Program Wed, 23 May Government Panel on Priority Resilience Issues Cyber Resiliency of Mission Critical Automation Systems Thr, 24 May Resilience

564 views • 27 slides
Measurement 4 - 1 Introduction Measurement is finding a number

Measurement 4 - 1 Introduction Measurement is finding a number

Measurement 4 - 1 Introduction Measurement is finding a number that shows the size or amount of something. Measurement is done using measuring tools. There are two main systems of measurement: - The

308 views • 8 slides
Mission: Resilience Keeping going & not giving up! We are going to learn all about the

Mission: Resilience Keeping going & not giving up! We are going to learn all about the

Mission: Resilience Keeping going & not giving up! We are going to learn all about the importance of resilience and what it means. Video What is resilience and when do we need it? Who has heard of resilience? Resilience is being able to

295 views • 12 slides
RESILIENCE THROUGH MOBILITY DEPARTMENT OF OPERATIONS & EMERGENCIES RESILIENCE AND DRR

RESILIENCE THROUGH MOBILITY DEPARTMENT OF OPERATIONS & EMERGENCIES RESILIENCE AND DRR

RESILIENCE THROUGH MOBILITY DEPARTMENT OF OPERATIONS & EMERGENCIES RESILIENCE AND DRR Reduce the impacts of natural hazards Activities Enhance the peoples resilience Frameworks Analyze root causes of disasters Reduce

686 views • 10 slides
Bridging social and physical measurement: measurement is not scale construction; measurement is

Bridging social and physical measurement: measurement is not scale construction; measurement is

Bridging social and physical measurement: measurement is not scale construction; measurement is not quantification Luca Mari Universit Cattaneo LIUC, Italy lmari@liuc.it Arctic Workshop on Measurement in Economics 14-15 December

822 views • 38 slides
Measurement of Measurement of e BR(K )/BR(K e e ) BR(K e

Measurement of Measurement of e BR(K )/BR(K e e ) BR(K e

Measurement of Measurement of e BR(K )/BR(K e e ) BR(K e )/BR(K ) Roberto Piandani INFN Perugia & CERN Work supported by for the NA62 collaboration (Bern ITP, Birmingham, CERN, Dubna, Fairfax,

565 views • 20 slides
Overview Resilience defined The roots of resilience Self Relationships

Overview Resilience defined The roots of resilience Self Relationships

5/10/2010 Bouncing back! How parents, peers and professionals enable young people towards resilience Linda Theron (D.Ed.) Linda.Theron@nwu.ac.za Overview Resilience defined The roots of resilience Self Relationships

663 views • 10 slides
The Active Resilience Wellbeing Serv rvice What t is is The Acti tive Resilience Well

The Active Resilience Wellbeing Serv rvice What t is is The Acti tive Resilience Well

The Active Resilience Wellbeing Serv rvice What t is is The Acti tive Resilience Well llbeing Service? A partnership between Active Resilience & HEADSSUP. We offer an online portal which empowers organisations to enable employees to

585 views • 15 slides
The Concept of Resilience Developing Supports to Build Resilience Julia ten Hove What is

The Concept of Resilience Developing Supports to Build Resilience Julia ten Hove What is

The Concept of Resilience Developing Supports to Build Resilience Julia ten Hove What is Resilience? A network of resources, patterns of adaptation and supportive relationships A dynamic concept or state that is promoted and enhanced

391 views • 17 slides
East Central Flo lorida Regional Resilience Coll llaborative Resilience EDA funded

East Central Flo lorida Regional Resilience Coll llaborative Resilience EDA funded

East Central Flo lorida Regional Resilience Coll llaborative Resilience EDA funded opportunity to develop and implement a program focusing on regional disaster resilience. March, 2018 Cultivating resilience (coll llaborative

444 views • 21 slides
Talk Outline Introduction to continuous quantum measurement, quantum

Talk Outline Introduction to continuous quantum measurement, quantum

Twisting the Quantu m: from measurement- induced chaos to measurement-powered engines Conference on Quantum Andrew N. Jordan Measurement: Fundamentals, Twists, and Applications ICTP, Trieste,

762 views • 47 slides
10/15/2019 FOSTERING 1 2 3 4 5 RESILIENCE IN REFUGEE Refugee 101 Resilience Refugee

10/15/2019 FOSTERING 1 2 3 4 5 RESILIENCE IN REFUGEE Refugee 101 Resilience Refugee

10/15/2019 FOSTERING 1 2 3 4 5 RESILIENCE IN REFUGEE Refugee 101 Resilience Refugee Family Strengths-based Review & Wellbeing Strategies Conclusion Overview of Introduction to CHILDREN & indicators of refugees globally,

461 views • 7 slides
Kent Resilience Forum Activity 2017 Steve Scully KCC Senior Resilience Officer Kent Resilience

Kent Resilience Forum Activity 2017 Steve Scully KCC Senior Resilience Officer Kent Resilience

Kent Resilience Forum Activity 2017 Steve Scully KCC Senior Resilience Officer Kent Resilience Team 2017 Grenfell Tower Fire June 2017 Westminster March 2017 East Coast Tidal Surge January 2017 Manchester May 2017 London

538 views • 6 slides
Resilience Is Key CHORUS AMERICA VIRTUAL CONFERENCE JUNE 2020 NADINE WETHINGTON FORTE

Resilience Is Key CHORUS AMERICA VIRTUAL CONFERENCE JUNE 2020 NADINE WETHINGTON FORTE

Maintain Your Edge: Resilience Is Key CHORUS AMERICA VIRTUAL CONFERENCE JUNE 2020 NADINE WETHINGTON FORTE LEADERSHIP LLC Resilience Resilience is a measure of Resilience means knowing how much you want Resilience has to do with how to

580 views • 38 slides
Resilience resilience across and within cultures Describe the features of successful school

Resilience resilience across and within cultures Describe the features of successful school

10/12/2018 Many children may have Promoting Resilience in Migrant experienced a disruption in what we Children with the Support of their call the scaffolding of childhood the basic experiences we expect to Families and Communities

463 views • 7 slides
Texarkana MPO Integrating Resilience into MTP Development June 26 th , 2019 What is Resilience?

Texarkana MPO Integrating Resilience into MTP Development June 26 th , 2019 What is Resilience?

Texarkana MPO Integrating Resilience into MTP Development June 26 th , 2019 What is Resilience? Reducing vulnerability to chronic and acute stressors by ensuring redundancy and reliability to meet essential travel needs Implementing a

439 views • 19 slides
The Climate Resilience Principles A preliminary framework for assessing climate resilience

The Climate Resilience Principles A preliminary framework for assessing climate resilience

The Climate Resilience Principles A preliminary framework for assessing climate resilience investments Building Resilience through Green Bonds 23 April 2019 1 Climate Bonds Initiative: Mobilizing debt for climate solutions Mobilise : act as a

1.05k views • 17 slides

More recommend