helen patton - cross-industry collaboration
TRANSCRIPT
Cross Industry CollaborationHelen Patton
Chief Information Security OfficerThe Ohio State University
2
• What’s Happening in Higher Ed Security?
• Research Data of Interest
• What It Means for Security Teams
Today We Will Discuss:“If you really want to do something, you’ll find a
way. If you don’t, you’ll find an excuse”
- Jim Rohn, American Entrepreneur
3
Agenda• What is Cross Industry Collaboration?
• What do they have in common?
• What problems are not yet being addressed?
4
What is Cross-Industry Collaboration?• ISACs: Information Sharing Analysis Centers
• Physical and Cyber threats, vulnerabilities and events
• Two-way sharing between private and public sector
• Organized by Industry
• REACTIVE
5
What is Cross-Industry Collaboration?• Cyber Vendor Collaboration
• e.g. Coordinated Malware Eradication Program (CME) – Operation SMN
• Goal: “ To remediate the adverse impact of professional cyber espionage groups”
• Novetta, Cisco, FireEye, Tenable, Microsoft, Symantec, etc. – Private Sector Only
• Technology Driven – Focus on Malware
• PROACTIVE
6
What is Cross-Industry Collaboration?• Federal/Military and Industry
• e.g. NIST Cyber Center of Excellence
• e.g. DHS Cyber Information Sharing and Collaboration Platform (CISCP)
• Often includes Academic research
• Mostly REACTIVE, some PROACTIVE
7
What is Cross-Industry Collaboration?• Columbus Collaboratory
• Cyber Security and Data Analytics
8
What Do They Have In Common?• Technology Driven
• Threat Focused
• Some Research Backing
• Not solving biggest problems (yet)
9
Other Issues For ConsiderationTalent
Development, Recruitment
and Retention
Security Assessment
Results
Board Cyber Expertise and
Buy InBuilding Trust (in Contracts)
10
Talent Acquisition and RetentionAvailable Now:
• ISSA and others
• Diversity Groups and Job Sites
• Internship programs with Colleges and Universities
Scarce/Non-Existent:
• Encourage HR groups to collaborate on Cyber issues
• Are you willing to sponsor sessions to help HR professionals learn??
11
Board Cyber Experience and Buy InAvailable Now
• Opportunities to serve on Boards – Volunteer today!
• Individual company Board training events – are you engaged?
Scarce/Non-Existent
• Partnering with Board Recruitment Firms to help them tap into Cyber community to find and train Board Candidates
12
Security Assessment ResultsAvailable Now
• Vendors offering cloud assessments based on external/public data reporting
• Large Company SSAE16/other audit reports
• $$
Scarce/Non-Existent
• Sharing assessment results with your supply train or industry partners, so assessments don’t have to be duplicated
13
Contract TrustAvailable Now
• ISAC data sharing
Scarce/Non-Existent
• Training of legal community and business to allow information sharing between business partners without implying liability
14
• What’s Happening in Higher Ed Security?
• Research Data of Interest
• What It Means for Security Teams
Today We Will Discuss:
Thank You!
[email protected]@OSUCISOHelen