th the ooda a loop oop for or cisos
play

Th The OODA A Loop oop for or CISOs Roselle Safran - PowerPoint PPT Presentation

Nov 17, 2023 •338 likes •531 views

Th The OODA A Loop oop for or CISOs Roselle Safran roselle@keycaliber.com Background KeyCaliber Uplevel Security Executive Office of the President (Obama Administration) Department of Homeland Security (US-CERT) NY NYMJCSC 2020 NY

  1. Th The OODA A Loop oop for or CISOs Roselle Safran roselle@keycaliber.com

  2. Background KeyCaliber Uplevel Security Executive Office of the President (Obama Administration) Department of Homeland Security (US-CERT) NY NYMJCSC 2020 NY NYMJCSC 2020

  3. What is the OODA Loop? Observe Act Orient Decide NY NYMJCSC 2020 NY NYMJCSC 2020

  4. Benefits of the OODA Loop Increases agility Optimizes decision-making process Ensures continuous knowledge transfer Enables constant improvement NY NYMJCSC 2020 NY NYMJCSC 2020

  5. Tactical Versus Strategic OODA Loop Tactical: Strategic: Address immediate threats Achieve long-term goals Optimize speed Optimize resource allocation “Block & tackle” Prioritize projects Narrow scope “Big picture” NY NYMJCSC 2020 NY NYMJCSC 2020

  6. Common Challenges to Strategic OODA Loop Implementation Observe/Orient cannot keep up with Decide/Act Decide/Act impact cannot be adequately measured Act requires collaboration with other teams Manual processes create bottlenecks NY NYMJCSC 2020 NY NYMJCSC 2020

  7. Thoroughly Observe Observe Your Your Frequency Organization Adversaries Orient • • • Match cadence of Leverage existing Utilize internal Decide decisions-making security stack and external info process Act NYMJCSC 2020 NYMJCSC 2020 NY NY

  8. Know Your Organization – Data Sources Cloud & Observe GRC Application Endpoint Network Data Data Data Data Orient • • • • Critical Firewall Email EDR Decide • • assets IDS gateway AV • • • Risks Cloud mgmt Vulnerability Act scanner NYMJCSC 2020 NYMJCSC 2020 NY NY

  9. Know Your Adversaries – Data Sources Observe Threat Alert/Incident Open Source Intelligence Data Data Orient • • • Tactics, techniques, Attribution Current events Decide • • and procedures (TTPs) Attack type Industry news • • Internal Targeted assets • Act External NYMJCSC 2020 NYMJCSC 2020 NY NY

  10. Orient By Strategic Impact Observe Critical to Valuable to Monetary Operations Organization Savings Orient • • • Mission functions Intellectual property Risk reduction Decide • • Business continuity Financial data • Customer data • Act PII / PHI NYMJCSC 2020 NYMJCSC 2020 NY NY

  11. Slice and Dice Observed Data Observe Aggregates Trends Orient • • Asset types Monthly Decide • • Business units Quarterly • • Locations Yearly Act NYMJCSC 2020 NYMJCSC 2020 NY NY

  12. Decide Based on the Numbers Observe Increase Reduce Reduce Revenue Risk Costs Orient • • • Technology Added capability Quantified current state Decide • • • People Differentiator Quantified future state • Processes Act NYMJCSC 2020 NYMJCSC 2020 NY NY

  13. Decide Based on Comparisons Observe Industry Frameworks Peers Orient • • NIST CSF Open source data Decide • • CMMC Sector information • CIS 20 sharing centers Act NYMJCSC 2020 NYMJCSC 2020 NY NY

  14. Decide Based on Priorities of Others CIO/ Observe CSO/ Board CEO CRO Orient • • • Fiduciary Bottom line Regulations Decide • responsibilities Accountability Act NYMJCSC 2020 NYMJCSC 2020 NY NY

  15. Define Actions with OODA Loop Data Observe We have X [O [Observe] , Orient which means Y [O [Orient] , so we will accomplish Z [D [Decide] Decide by doing A [ Ac Act] t]. Act NYMJCSC 2020 NYMJCSC 2020 NY NY

  16. Track Actions Observe What Why Who When Orient • • • • Decide & Act Observe & Responsible Deadline Decide (project/task) Orient individual/ group Act NYMJCSC 2020 NYMJCSC 2020 NY NY

  17. Implementation Tips Develop each step of the process Measure with key performance indicators (KPIs) and metrics Document procedures with other business units Automate, automate, automate NY NYMJCSC 2020 NY NYMJCSC 2020

  18. Th Thank You! Roselle Safran roselle@keycaliber.com https://www.linkedin.com/in/rosellesafran/ @rosellesafran

Recommend

Front-End Ops and the OODA Loop: A Decision Cycle-Time Strategy for Winning in a Hostile Internet

Front-End Ops and the OODA Loop: A Decision Cycle-Time Strategy for Winning in a Hostile Internet

Front-End Ops and the OODA Loop: A Decision Cycle-Time Strategy for Winning in a Hostile Internet Environment Erik Sowa, VP Engineering, ulive @eriksowa esowa@ulive.com erik.sowa@gmail.com Hello! Im here to talk to you about Front-End

433 views • 41 slides
Coarse-Grained Parallelism Variable Privatization, Loop Alignment, Loop Fusion, Loop

Coarse-Grained Parallelism Variable Privatization, Loop Alignment, Loop Fusion, Loop

Coarse-Grained Parallelism Variable Privatization, Loop Alignment, Loop Fusion, Loop interchange and skewing, Loop Strip-mining cs6363 1 Introduction Our previous loop transformations target vector and superscalar architectures Now

538 views • 32 slides
Repetition Types of Loops Counting loop Know how many times to loop

Repetition Types of Loops Counting loop Know how many times to loop

Repetition Types of Loops Counting loop Know how many times to loop Sentinel-controlled loop Expect specific input value to end loop Endfile-controlled loop End of data file is end of loop Input validation loop

257 views • 8 slides
Trading Strategies Introduction Trading Loop Trading Loop Trading Loop Trading Loop Three

Trading Strategies Introduction Trading Loop Trading Loop Trading Loop Trading Loop Three

Trading Strategies Introduction Trading Loop Trading Loop Trading Loop Trading Loop Three Strategies 1. Mean Reversion 2. Momentum 3. Pairs Trading Budish, E., Cramton, P ., & Shim, J. (2015). The high-frequency trading arms race:

803 views • 22 slides
CISOs Guide To Shutting Down Attacks Using The Dark Web Agenda The Dark Web: Whats At

CISOs Guide To Shutting Down Attacks Using The Dark Web Agenda The Dark Web: Whats At

CISOs Guide To Shutting Down Attacks Using The Dark Web Agenda The Dark Web: Whats At Stake Gain Visibility, Take Control Leveraging Splunk & Phantom Key Recommendations Agenda The Dark Web: Whats At Stake Gain

800 views • 41 slides
1 Checking Legality in Kelly & Pugh Framework Loop Fusion Example (cont) For each dependence,

1 Checking Legality in Kelly & Pugh Framework Loop Fusion Example (cont) For each dependence,

Loop Transformations for Parallelism & Locality Loop Fusion Example Last time What are the dependences? Unimodular transformation framework do i = 1,n What are the dependences? Loop permutation s 1 A(i) = B(i) + 1 Loop

201 views • 3 slides
Loop Optimizations Important because lots of execution Loop Optimizations Loop Optimizations

Loop Optimizations Important because lots of execution Loop Optimizations Loop Optimizations

Loop Optimizations Important because lots of execution Loop Optimizations Loop Optimizations time occurs in loops First, we will identify loops We will study three optimizations Loop-invariant code motion This lecture is

249 views • 5 slides
B A Y C P L E I T S C U PART II univalence n loop e w ? p a t h s loop l o

B A Y C P L E I T S C U PART II univalence n loop e w ? p a t h s loop l o

B A Y C P L E I T S C U PART II univalence n loop e w ? p a t h s loop l o o p A By Jonah Kan - Own work, CC BY-SA 3.0, h ps://commons.wikimedia.org/w/index.php?curid=27584059 I know how to guarantee a combinatorial

571 views • 22 slides
2-loop 1-loop 0.4 0.3 0.2 V I N C I A R O O T 0.1 0 0 0.5 1 1.5 2 log (Q/GeV) 10

2-loop 1-loop 0.4 0.3 0.2 V I N C I A R O O T 0.1 0 0 0.5 1 1.5 2 log (Q/GeV) 10

0.6 (Q) (Q) s s 0.5 2-loop 1-loop 0.4 0.3 0.2 V I N C I A R O O T 0.1 0 0 0.5 1 1.5 2 log (Q/GeV) 10 Skands, TASI Lectures, arXiv:1207.2389 Hartgring, Laenen, Skands, arXiv:1303.4974 Z 3

238 views • 9 slides
Loop Transformations for Parallelism & Locality Previously Loop transformations,

Loop Transformations for Parallelism & Locality Previously Loop transformations,

Loop Transformations for Parallelism & Locality Previously Loop transformations, unimodular transformation framework Loop interchange/permutation Loop reversal Checking transformation legality Today

211 views • 9 slides
Loop Invariants: Part 2 7 January 2019 OSU CSE 1 Maintaining the Loop Invariant A claimed

Loop Invariants: Part 2 7 January 2019 OSU CSE 1 Maintaining the Loop Invariant A claimed

Loop Invariants: Part 2 7 January 2019 OSU CSE 1 Maintaining the Loop Invariant A claimed loop invariant is valid only if the loop body actually maintains the property, i.e., the loop invariant remains true at the end of each execution of

386 views • 20 slides
Loop Statements & Vectorizing Code Chapter 5 Attaway MATLAB 4E for loop used as a

Loop Statements & Vectorizing Code Chapter 5 Attaway MATLAB 4E for loop used as a

Loop Statements & Vectorizing Code Chapter 5 Attaway MATLAB 4E for loop used as a counted loop repeats an action a specified number of times an iterator or loop variable specifies how many times to repeat the action general

745 views • 31 slides
c } false loop body P (postcondition) Loop Invariant Defn : A boolean condition that

c } false loop body P (postcondition) Loop Invariant Defn : A boolean condition that

while (c) { loop body true c } false loop body P (postcondition) Loop Invariant Defn : A boolean condition that is checked immediately before every evaluation of the loop guard . while (c) I //@loop_invariant I; true c { loop

362 views • 8 slides
Trace while Loop, cont. Trace while Loop, cont. Print Welcome to Java Print Welcome to Java int

Trace while Loop, cont. Trace while Loop, cont. Print Welcome to Java Print Welcome to Java int

while Loop Flow Chart int count = 0; while (loop-continuation-condition) { while (count < 100) { // loop-body; Chapter 4 Loops System.out.println("Welcome to Java!"); Statement(s); count++; } } count = 0; Loop false false

215 views • 9 slides
Repetition Examples When is repetition necessary/useful? Types of Loops Counting loop

Repetition Examples When is repetition necessary/useful? Types of Loops Counting loop

Repetition Examples When is repetition necessary/useful? Types of Loops Counting loop Know how many times to loop Sentinel-controlled loop Expect specific input value to end loop Endfile-controlled loop End of

425 views • 16 slides
Upper and Lower Loop Bound Estimation by Symbolic Execution and Loop Acceleration Pavel Cadek

Upper and Lower Loop Bound Estimation by Symbolic Execution and Loop Acceleration Pavel Cadek

Upper and Lower Loop Bound Estimation by Symbolic Execution and Loop Acceleration Pavel Cadek 1 1 TU Wien, Austria Formal Methods in Computer-Aided Design 30 Oct - 2 Nov, 2018 Loop Bound Analysis Upper loop bound: max { n , 0 } Lower loop

248 views • 5 slides
Loop invariants <precondition: n>0> int i = 0; while (i < n){ i = i+1; We want to

Loop invariants <precondition: n>0> int i = 0; while (i < n){ i = i+1; We want to

4/23/16 Loop invariants as a way of reasoning about the state of your program Loop invariants <precondition: n>0> int i = 0; while (i < n){ i = i+1; We want to prove: } i==n right after the loop <post condition: i==n>

80 views • 7 slides
SECTION 2: What is a loop invariant? Loop Reasoning An assertion that always holds at

SECTION 2: What is a loop invariant? Loop Reasoning An assertion that always holds at

Review: Reasoning about loops SECTION 2: What is a loop invariant? Loop Reasoning An assertion that always holds at the top of a loop & HW3 Setup Why do we need invariants? Most code is not straight line Most

451 views • 14 slides
Enhancing Fine- Grained Parallelism Loop vectorization, Loop distribution, Scalar expansion

Enhancing Fine- Grained Parallelism Loop vectorization, Loop distribution, Scalar expansion

Enhancing Fine- Grained Parallelism Loop vectorization, Loop distribution, Scalar expansion Scalar and array renaming 1 Fine-Grained Parallelism Theorem 2.8. A sequential loop can be converted to a parallel loop if the loop carries no

606 views • 41 slides
Unlike in the open loop case, the closed loop has two independent inputs, viz. the set point and

Unlike in the open loop case, the closed loop has two independent inputs, viz. the set point and

Department of Chemical Engineering I.I.T. Bombay, India Closed Loop Transfer Functions Unlike in the open loop case, the closed loop has two independent inputs, viz. the set point and the disturbance. Assuming that all other elements such as

467 views • 13 slides
1 Legality of Loop Interchange (cont) Loop Interchange Example Case analysis of the direction

1 Legality of Loop Interchange (cont) Loop Interchange Example Case analysis of the direction

Loop Transformations for Parallelism & Locality Loop Permutation Idea Previously Swap the order of two loops to increase parallelism, to improve spatial Data dependences and loops locality, or to enable other transformations

604 views • 5 slides
The for Loop 10-8-2010 Opening Discussion Solutions to the interclass problem. Minute

The for Loop 10-8-2010 Opening Discussion Solutions to the interclass problem. Minute

The for Loop 10-8-2010 Opening Discussion Solutions to the interclass problem. Minute essay comments: Can you forget about recursion and only use loops? The for Loop The most commonly used loop in most languages is the for loop.

327 views • 14 slides
Closing the Loop Closing the Loop Closing the Loop Closing the Loop Closing the Loop Closing

Closing the Loop Closing the Loop Closing the Loop Closing the Loop Closing the Loop Closing

10/19/2010 Closing the Loop Closing the Loop Closing the Loop Closing the Loop Closing the Loop Closing the Loop Closing the Loop Closing the Loop (Continuous Quality Improv (Continuous Quality Improvement (Continuous Quality Improv

888 views • 45 slides
The main loop in ray tracing for ( each pixel row y ) // This loop is in the render function of

The main loop in ray tracing for ( each pixel row y ) // This loop is in the render function of

The main loop in ray tracing for ( each pixel row y ) // This loop is in the render function of RenderEngine for ( each pixel column x ) { // Implement this loop (first assignment) // In the compute pixel function of RayCaster r = ray through

267 views • 3 slides

More recommend