logging in or signing up Improving the cyber incident damage and mission impact datipa Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 33 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: November 25, 2010 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Improving the cyber incident damage and mission impact assessment : Improving the cyber incident damage and mission impact assessment By Patrick Michel Cyber Incident : Cyber Incident Loss of network connectivity Loss of confidential resources Infrastructure damage Organization experience Cyber Incident : Cyber Incident We must quickly and accurately estimate and report the resulting negative impact. We need to identify, value, track, document and report critical cyber resources. We need to report accurately and timely damage assessment Five phase process for managing Organizational information : Five phase process for managing Organizational information Inspection Protection Detection Reaction Reflection The inspection phase : The inspection phase It requires the identification valuation, and assignment of ownership of information asset and information dependencies critical to the organization before an incident occurs. The protection phase : The protection phase It requires the assignment of the control measures to protect critical information assets commensurate their value The detection phase : The detection phase It requires the development of robust detection capabilities to ensure any breach of the organization is detected in a timely manner The reaction phase : The reaction phase It requires the development by the organization of resources and capabilities to quickly respond, contain, investigate, and remediate breaches. The reflection phase : The reflection phase It requires effective post incident documentation, reporting, and accountability to ensure institutional learning. Neglecting any one of the five phases can expose the organization to excessive losses when it inevitably experiences an information incident : Neglecting any one of the five phases can expose the organization to excessive losses when it inevitably experiences an information incident Unfortunately, The Department of Defense has neglected to properly standardize the first and last phases : Unfortunately, The Department of Defense has neglected to properly standardize the first and last phases We have developed significant expertise and capabilities in the protection, detection and reaction phase : We have developed significant expertise and capabilities in the protection, detection and reaction phase We have failed to adequately identify, value, track, explicitly document, and report cyber resources and hold organizational units accountable for lapses in information security. : We have failed to adequately identify, value, track, explicitly document, and report cyber resources and hold organizational units accountable for lapses in information security. As a result, we artificially constrain ourselves, which seriously limits the timeliness and accuracy of the damage assessment and makes dominant battlespace knowledge n cyberspace virtually impossible : As a result, we artificially constrain ourselves, which seriously limits the timeliness and accuracy of the damage assessment and makes dominant battlespace knowledge n cyberspace virtually impossible The importance of Damage Assessment : The importance of Damage Assessment Accurate and timely damage assessment has been a critical factor in the quality of command and control decision-making Damage Assessment Versus Mission impact Assessment : Damage Assessment Versus Mission impact Assessment Damage Assessment Damage is a reduction in value resulting from some external action. Damage Assessment is concerned with determining damage in terms of value loss of the affected cyber asset resulting from an incident. Impact Assessment Mission impact assessment evaluates how the damage impairs, all of the affected mission’s operations. Cyber incident needs to be reported in a timely manner : Cyber incident needs to be reported in a timely manner We live in the information age, yet our cyber defense strategies tend focus on the infrastructure rather than information contained in the infrastructure. The assumption that technology is an equitable substitute for information is a dangerous assumption. : The assumption that technology is an equitable substitute for information is a dangerous assumption. Slide 19: Information is the center of gravity for daily operation because it holds relevance and value as knowledge to decision makers in the organization. If we accept the idea that information is an asset, we must develop standardized schemes for identifying, valuing, documenting, and reporting information assets. : If we accept the idea that information is an asset, we must develop standardized schemes for identifying, valuing, documenting, and reporting information assets. Slide 21: The identification and valuation of the information assets must occur before an incident occurs. It can be accomplish through an asset-focused risk assessment or another information asset profiling technique. Slide 22: Documentation is required to ensure the value estimation can be refined over time, provide transparency, reduce the time required to understand the impact of the loss of a resource, and reduce the variances in loss estimation. Slide 23: Finally, the infrastructure-based approach to cyber security is easier but it does not provide the information needed to produce accurate and timely damage or mission impact assessment. You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
Improving the cyber incident damage and mission impact datipa Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 33 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: November 25, 2010 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Improving the cyber incident damage and mission impact assessment : Improving the cyber incident damage and mission impact assessment By Patrick Michel Cyber Incident : Cyber Incident Loss of network connectivity Loss of confidential resources Infrastructure damage Organization experience Cyber Incident : Cyber Incident We must quickly and accurately estimate and report the resulting negative impact. We need to identify, value, track, document and report critical cyber resources. We need to report accurately and timely damage assessment Five phase process for managing Organizational information : Five phase process for managing Organizational information Inspection Protection Detection Reaction Reflection The inspection phase : The inspection phase It requires the identification valuation, and assignment of ownership of information asset and information dependencies critical to the organization before an incident occurs. The protection phase : The protection phase It requires the assignment of the control measures to protect critical information assets commensurate their value The detection phase : The detection phase It requires the development of robust detection capabilities to ensure any breach of the organization is detected in a timely manner The reaction phase : The reaction phase It requires the development by the organization of resources and capabilities to quickly respond, contain, investigate, and remediate breaches. The reflection phase : The reflection phase It requires effective post incident documentation, reporting, and accountability to ensure institutional learning. Neglecting any one of the five phases can expose the organization to excessive losses when it inevitably experiences an information incident : Neglecting any one of the five phases can expose the organization to excessive losses when it inevitably experiences an information incident Unfortunately, The Department of Defense has neglected to properly standardize the first and last phases : Unfortunately, The Department of Defense has neglected to properly standardize the first and last phases We have developed significant expertise and capabilities in the protection, detection and reaction phase : We have developed significant expertise and capabilities in the protection, detection and reaction phase We have failed to adequately identify, value, track, explicitly document, and report cyber resources and hold organizational units accountable for lapses in information security. : We have failed to adequately identify, value, track, explicitly document, and report cyber resources and hold organizational units accountable for lapses in information security. As a result, we artificially constrain ourselves, which seriously limits the timeliness and accuracy of the damage assessment and makes dominant battlespace knowledge n cyberspace virtually impossible : As a result, we artificially constrain ourselves, which seriously limits the timeliness and accuracy of the damage assessment and makes dominant battlespace knowledge n cyberspace virtually impossible The importance of Damage Assessment : The importance of Damage Assessment Accurate and timely damage assessment has been a critical factor in the quality of command and control decision-making Damage Assessment Versus Mission impact Assessment : Damage Assessment Versus Mission impact Assessment Damage Assessment Damage is a reduction in value resulting from some external action. Damage Assessment is concerned with determining damage in terms of value loss of the affected cyber asset resulting from an incident. Impact Assessment Mission impact assessment evaluates how the damage impairs, all of the affected mission’s operations. Cyber incident needs to be reported in a timely manner : Cyber incident needs to be reported in a timely manner We live in the information age, yet our cyber defense strategies tend focus on the infrastructure rather than information contained in the infrastructure. The assumption that technology is an equitable substitute for information is a dangerous assumption. : The assumption that technology is an equitable substitute for information is a dangerous assumption. Slide 19: Information is the center of gravity for daily operation because it holds relevance and value as knowledge to decision makers in the organization. If we accept the idea that information is an asset, we must develop standardized schemes for identifying, valuing, documenting, and reporting information assets. : If we accept the idea that information is an asset, we must develop standardized schemes for identifying, valuing, documenting, and reporting information assets. Slide 21: The identification and valuation of the information assets must occur before an incident occurs. It can be accomplish through an asset-focused risk assessment or another information asset profiling technique. Slide 22: Documentation is required to ensure the value estimation can be refined over time, provide transparency, reduce the time required to understand the impact of the loss of a resource, and reduce the variances in loss estimation. Slide 23: Finally, the infrastructure-based approach to cyber security is easier but it does not provide the information needed to produce accurate and timely damage or mission impact assessment.