the growing threat to information security: a focus on ism
TRANSCRIPT
![Page 1: The growing threat to information security: a focus on ISM](https://reader036.vdocuments.net/reader036/viewer/2022081514/55a77a071a28ab534e8b4584/html5/thumbnails/1.jpg)
The Growing Threat to Information Security: A focus on ISM Prisons 2015, Melbourne Travis Chehab [email protected] www.ndy.com
![Page 2: The growing threat to information security: a focus on ISM](https://reader036.vdocuments.net/reader036/viewer/2022081514/55a77a071a28ab534e8b4584/html5/thumbnails/2.jpg)
The Threat... Australian networks face an unprecedented threat of malicious activity and loss of information.
Malicious Actors: 1. State-Sponsored
Attackers 2. Cyber Criminals 3. Issue-Motivated Groups
CSOC Update, Cyber Security Picture 2013 , June 2014
![Page 3: The growing threat to information security: a focus on ISM](https://reader036.vdocuments.net/reader036/viewer/2022081514/55a77a071a28ab534e8b4584/html5/thumbnails/3.jpg)
The Threat...
CSOC Update, Cyber Security Picture 2013 , June 2014
![Page 4: The growing threat to information security: a focus on ISM](https://reader036.vdocuments.net/reader036/viewer/2022081514/55a77a071a28ab534e8b4584/html5/thumbnails/4.jpg)
The Threat... A new piece of malware is created every 1.5 seconds!
Source: ISM -‐ Trend Micro, Trend Micro Annual Report: The Future of Threats and Threat Technologies, 2009. ISM -‐ RSA, Cybercrime Trends Report – The Current State of Cybercrime and What to Expect in 2011
![Page 5: The growing threat to information security: a focus on ISM](https://reader036.vdocuments.net/reader036/viewer/2022081514/55a77a071a28ab534e8b4584/html5/thumbnails/5.jpg)
Prison Technology Drivers... • Reduced rates of recidivism
• PILS
• Energy & Sustainability • Co/Tr-Gen
• Water Treatment & Recycling Plants • Lighting control
• System Resilience & Uptime • Back-up generation and UPS
• N +1 systems / system redundancy
• Streamlining Process & Flexibility • Centralised control, management, monitoring
and response
Technology Convergence The Integrated Communica7ons Network (ICN)
![Page 6: The growing threat to information security: a focus on ISM](https://reader036.vdocuments.net/reader036/viewer/2022081514/55a77a071a28ab534e8b4584/html5/thumbnails/6.jpg)
Important Questions
What would a serious cyber security incident cost our organisation?
Who would benefit from having access to our information?
What makes us secure against threats?
Is the behaviour of our staff enabling a strong security culture?
Are we ready to respond to a cyber security incident?
![Page 7: The growing threat to information security: a focus on ISM](https://reader036.vdocuments.net/reader036/viewer/2022081514/55a77a071a28ab534e8b4584/html5/thumbnails/7.jpg)
The Information Security Manual (ISM)
h>p://www.asd.gov.au/infosec/ism/index.htm
![Page 8: The growing threat to information security: a focus on ISM](https://reader036.vdocuments.net/reader036/viewer/2022081514/55a77a071a28ab534e8b4584/html5/thumbnails/8.jpg)
ISM Principles Volume Policy and procedure: ! Information security policy ! Security risk management plan ! System security plan ! Standard operating procedures ! Incident response plan ! Emergency procedures ! Business continuity and disaster recovery plans
![Page 9: The growing threat to information security: a focus on ISM](https://reader036.vdocuments.net/reader036/viewer/2022081514/55a77a071a28ab534e8b4584/html5/thumbnails/9.jpg)
ISM Controls Volume
‘Applicability’ of a control, i.e. Classifica7ons TOP SECRET
SECRET
CONFIDENTIAL
PROTECTED
GOVERNMENT/UNCLASS
‘Compliance’ language – Should vs. Must
‘Authority’ and approval of non-‐compliances: • DSD – Director DSD (ASD) • AH – Agency Head • AA – Accredita@on Authority
Precinct/Facility Classifica7on...who’s on the other side of the wall? • Non-‐Shared Government Facility • Shared Government Facility • Shared Non-‐Government Facility
![Page 10: The growing threat to information security: a focus on ISM](https://reader036.vdocuments.net/reader036/viewer/2022081514/55a77a071a28ab534e8b4584/html5/thumbnails/10.jpg)
ISM Controls Volume
1. Information Security Governance
2. Physical Security
3. Personnel Security
4. Communications Security *
5. Information Technology Security
Control: 1117; Revision: 0; Updated: Nov-‐10; Applicability: G, P, C, S, TS; Compliance: should; Authority: AA
Agencies should use fibre op@c cabling.
What does a ‘control’ look like?
How do we use controls and for what project aspects?
Statement of Applicability
(SoA)
![Page 11: The growing threat to information security: a focus on ISM](https://reader036.vdocuments.net/reader036/viewer/2022081514/55a77a071a28ab534e8b4584/html5/thumbnails/11.jpg)
ISM in Construction Identification, Inspectability and the ‘By-Association Factor’
My PROTECTED network is the blue one!?
![Page 12: The growing threat to information security: a focus on ISM](https://reader036.vdocuments.net/reader036/viewer/2022081514/55a77a071a28ab534e8b4584/html5/thumbnails/12.jpg)
ISM in Construction
SoA Design & Construc7on
IRAP verifica7on Risk Plan System Plan
![Page 13: The growing threat to information security: a focus on ISM](https://reader036.vdocuments.net/reader036/viewer/2022081514/55a77a071a28ab534e8b4584/html5/thumbnails/13.jpg)
Thanks any questions?
The NDY communications group is a dedicated team looking after the specific ICT needs of our clients