The Internet Security Alliance The Internet Security Alliance is a collaborative effort between Carnegie Mellon University’s Software Engineering Institute (SEI) and its CERT Coordination Center (CERT/CC) and the Electronic Industries Alliance (EIA ), a federation of trade associations with over 2,500 members.
Sponsors
National Infrastructure Protection Plan 2.0(NIPP) • GOAL: Protect v terrorist attack and enable national preparedness, timely response and rapid recovery. • THREE KEY PRINCIPLES • Building Security Partnerships • Implementing Risk Reduction Program • Maximizing Efficient Use of Resources
Organizing & Partnering for CI/KR Protection • Homeland Security Act and Homeland Security Directive 7 (HSPD-7) provide DHS with authority and responsibility to work with private sector on securing Critical Infrastructure (CI) and Key Resources (KR) through partnerships • Sector Coordinating Councils (SCCs) each Sector is to create one to define planning and coordination for prevention and response
Key Elements of the NIPP • National Awareness—to build support • Education and Training of workforce • R & D to lower costs improve capabilities • Building and Maintaining data bases and risk management systems • Continuously Improve plans and activities based on feedback and research
NIPP Private Sector Responsibilities • Be aware of their systems vulnerabilities & not allowing their system to be used in an attack • Reviewing and exercising continuity plans • Active involvement in industry information sharing programs • Evaluate Your System by: • Conducting audits • Participate in info share and Best Practices • Develop continuity plans w/ off-site equipment
NIPP Private Sector Responsibilities (Cont.) • Promote instillation and implementation of security by: • Increasing user awareness • Consider ease of use in system procurement • Promote industry guidelines and best practices that support such efforts
ISA Programs to Assist • PUBLIC POLICY • Chaired National Cyber Security Partnership Private Sector Retreat (Wye II) to develop interim agenda • Information Sharing • Roles and Responsibilities • Incentive development
Incentives • Procurement as an incentive to security • Use of Contracts to expand security • Build insurance discounts into best practices • Create civil liability benefits for good actors • Establish Vulnerability Markets • Semi-Tech R & D Program on Security
ISA Services • Brief Congress each Quarter • Daily Information Sharing on threats vulnerabilities and incidents • Weekly CMU webinars on technical, business and security trends • Quarterly Reports on “Hot Issues” (Audit costs, Privacy, Insider Threats etc.) • “Qualified Member” Program
Recommend
More recommend
