The growing threat to information security: a focus on ISM
-
Upload
ric-navarro -
Category
Technology
-
view
65 -
download
0
Transcript of The growing threat to information security: a focus on ISM
The Growing Threat to Information Security: A focus on ISM Prisons 2015, Melbourne Travis Chehab [email protected] www.ndy.com
The Threat... Australian networks face an unprecedented threat of malicious activity and loss of information.
Malicious Actors: 1. State-Sponsored
Attackers 2. Cyber Criminals 3. Issue-Motivated Groups
CSOC Update, Cyber Security Picture 2013 , June 2014
The Threat...
CSOC Update, Cyber Security Picture 2013 , June 2014
The Threat... A new piece of malware is created every 1.5 seconds!
Source: ISM -‐ Trend Micro, Trend Micro Annual Report: The Future of Threats and Threat Technologies, 2009. ISM -‐ RSA, Cybercrime Trends Report – The Current State of Cybercrime and What to Expect in 2011
Prison Technology Drivers... • Reduced rates of recidivism
• PILS
• Energy & Sustainability • Co/Tr-Gen
• Water Treatment & Recycling Plants • Lighting control
• System Resilience & Uptime • Back-up generation and UPS
• N +1 systems / system redundancy
• Streamlining Process & Flexibility • Centralised control, management, monitoring
and response
Technology Convergence The Integrated Communica7ons Network (ICN)
Important Questions
What would a serious cyber security incident cost our organisation?
Who would benefit from having access to our information?
What makes us secure against threats?
Is the behaviour of our staff enabling a strong security culture?
Are we ready to respond to a cyber security incident?
The Information Security Manual (ISM)
h>p://www.asd.gov.au/infosec/ism/index.htm
ISM Principles Volume Policy and procedure: ! Information security policy ! Security risk management plan ! System security plan ! Standard operating procedures ! Incident response plan ! Emergency procedures ! Business continuity and disaster recovery plans
ISM Controls Volume
‘Applicability’ of a control, i.e. Classifica7ons TOP SECRET
SECRET
CONFIDENTIAL
PROTECTED
GOVERNMENT/UNCLASS
‘Compliance’ language – Should vs. Must
‘Authority’ and approval of non-‐compliances: • DSD – Director DSD (ASD) • AH – Agency Head • AA – Accredita@on Authority
Precinct/Facility Classifica7on...who’s on the other side of the wall? • Non-‐Shared Government Facility • Shared Government Facility • Shared Non-‐Government Facility
ISM Controls Volume
1. Information Security Governance
2. Physical Security
3. Personnel Security
4. Communications Security *
5. Information Technology Security
Control: 1117; Revision: 0; Updated: Nov-‐10; Applicability: G, P, C, S, TS; Compliance: should; Authority: AA
Agencies should use fibre op@c cabling.
What does a ‘control’ look like?
How do we use controls and for what project aspects?
Statement of Applicability
(SoA)
ISM in Construction Identification, Inspectability and the ‘By-Association Factor’
My PROTECTED network is the blue one!?
ISM in Construction
SoA Design & Construc7on
IRAP verifica7on Risk Plan System Plan
Thanks any questions?
The NDY communications group is a dedicated team looking after the specific ICT needs of our clients