Upload File

angelicaharris manager,cybersecurity canarie · >a successful cybersecurity program requires all...

  • Home
  • Documents
  • AngelicaHarris Manager,Cybersecurity CANARIE · >A successful cybersecurity program requires all employees to be on the same page and requires support and acceptance. >Preventing
20
Cybersecurity for Research Software Angelica Harris | Manager, Cybersecurity | CANARIE 68

Upload: others

Post on 22-Sep-2020

2 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: AngelicaHarris Manager,Cybersecurity CANARIE · >A successful cybersecurity program requires all employees to be on the same page and requires support and acceptance. >Preventing

Cybersecurity for Research SoftwareAngelica Harris | Manager, Cybersecurity | CANARIE

68

Page 2: AngelicaHarris Manager,Cybersecurity CANARIE · >A successful cybersecurity program requires all employees to be on the same page and requires support and acceptance. >Preventing

Wearewitnessestoevolution…

69

Page 3: AngelicaHarris Manager,Cybersecurity CANARIE · >A successful cybersecurity program requires all employees to be on the same page and requires support and acceptance. >Preventing

…advancementsinsoftwareandnetworking

70

Page 4: AngelicaHarris Manager,Cybersecurity CANARIE · >A successful cybersecurity program requires all employees to be on the same page and requires support and acceptance. >Preventing

…anddevelopersofresearchsoftware.(You,notme.)

71

Page 5: AngelicaHarris Manager,Cybersecurity CANARIE · >A successful cybersecurity program requires all employees to be on the same page and requires support and acceptance. >Preventing

Cognitivebiasesarelimitationsinourbrain’sabilitytoprocessinformation,whichcancauseillogicaldecisionmakingandpoorjudgment.

OvercomingCognitiveBiases

72

Page 6: AngelicaHarris Manager,Cybersecurity CANARIE · >A successful cybersecurity program requires all employees to be on the same page and requires support and acceptance. >Preventing

canarie.ca|@canarie_inc 73

Whatdoesthishavetodowithcybersecurity?

Page 7: AngelicaHarris Manager,Cybersecurity CANARIE · >A successful cybersecurity program requires all employees to be on the same page and requires support and acceptance. >Preventing

>Asuccessfulcybersecurityprogramrequiresallemployeestobeonthesamepageandrequiressupportandacceptance.

>Preventingbreachesrequireschangingbehaviourandreducingthenumberofopportunitiesforpeopletomakemistakes.

It’sahumanproblem.

74

Page 8: AngelicaHarris Manager,Cybersecurity CANARIE · >A successful cybersecurity program requires all employees to be on the same page and requires support and acceptance. >Preventing

canarie.ca|@canarie_inc 76

Page 9: AngelicaHarris Manager,Cybersecurity CANARIE · >A successful cybersecurity program requires all employees to be on the same page and requires support and acceptance. >Preventing

canarie.ca|@canarie_inc 77

Confidentiality,Integrity,Availability

Page 10: AngelicaHarris Manager,Cybersecurity CANARIE · >A successful cybersecurity program requires all employees to be on the same page and requires support and acceptance. >Preventing

>NRCChinesehack(CNE)costingCanadians100sofmillionsofdollars• http://www.theglobeandmail.com/news/national/federal-documents-say-2014-china-hack-cost-hundreds-of-millions-of-dollars/article34485219/

>Otherdocumentedcases• https://github.com/trustedci/OSCRP/blob/master/OSCRP.md• Embargoeddatareleased• Researchgrantsandacademicprizeslosttostolenresults• Scienceinstrumentimpairmentandopportunitiesforeverlost

Whenbadthingshappen…

78

Page 11: AngelicaHarris Manager,Cybersecurity CANARIE · >A successful cybersecurity program requires all employees to be on the same page and requires support and acceptance. >Preventing

canarie.ca|@canarie_inc 79

Page 12: AngelicaHarris Manager,Cybersecurity CANARIE · >A successful cybersecurity program requires all employees to be on the same page and requires support and acceptance. >Preventing

CyberKillChain

80

Source: darkreading.comfirstarticulatedbyLockheedMartin“killchain”

“…theonlyrealwaytoachievesounddefensivesecurityisthroughanoffensivemindsetandapproach.”

– KaliLinuxBlogOffensiveSecurity

Page 13: AngelicaHarris Manager,Cybersecurity CANARIE · >A successful cybersecurity program requires all employees to be on the same page and requires support and acceptance. >Preventing

canarie.ca|@canarie_inc 81

Whynotbecomeanethicalhacker?

Page 14: AngelicaHarris Manager,Cybersecurity CANARIE · >A successful cybersecurity program requires all employees to be on the same page and requires support and acceptance. >Preventing

canarie.ca|@canarie_inc 82

Whynotbecomeanethicalhacker?

Hackingtools:

https://kali.orghttps://www.offensive-security.com/https://codingsec.net/category/ethical-hacking-tutorials/https://github.com/secfigo/Awesome-Fuzzinghttps://github.com/dloss/python-pentest-toolshttps://www.metasploit.com/https://www.hex-rays.com/index.shtml

Page 15: AngelicaHarris Manager,Cybersecurity CANARIE · >A successful cybersecurity program requires all employees to be on the same page and requires support and acceptance. >Preventing

MonsterMitigation

83

Source:CommunityWeaknessEnumeration(http://cwe.mitre.org/index.html)

Top25MostDangerousSoftwareErrors

Page 16: AngelicaHarris Manager,Cybersecurity CANARIE · >A successful cybersecurity program requires all employees to be on the same page and requires support and acceptance. >Preventing

MonsterMitigation

84

Source:CommunityWeaknessEnumeration(http://cwe.mitre.org/index.html)

Top25MostDangerousSoftwareErrors

Page 17: AngelicaHarris Manager,Cybersecurity CANARIE · >A successful cybersecurity program requires all employees to be on the same page and requires support and acceptance. >Preventing

>Canada’sCyberSecurityStrategyhttps://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/cbr-scrt-strtgy/index-en.aspx

> CanadianCyberIncidentResponseCentrehttps://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/ccirc-ccric-en.aspx

>CanadianCyberThreatExchangehttps://cctx.ca

> CommunicationsSecurityEstablishmentITSAdviceandGuidancehttps://www.cse-cst.gc.ca/en/group-groupe/its-advice-and-guidance

CanadaandCybersecurity

85

Page 18: AngelicaHarris Manager,Cybersecurity CANARIE · >A successful cybersecurity program requires all employees to be on the same page and requires support and acceptance. >Preventing

canarie.ca|@canarie_inc 86

Soph

istication

2010 2011 2012 2013

Duration:3days4AttackVectorsAttackTarget:Visa,Mastercard

Duration:3days5AttackvectorsAttackTarget:HKEX

Duration:20days7+AttackvectorsAttackTarget:Vatican

Duration:7monthsMultipleattackvectorsAttackTarget:USBanks

Page 19: AngelicaHarris Manager,Cybersecurity CANARIE · >A successful cybersecurity program requires all employees to be on the same page and requires support and acceptance. >Preventing

> MonsterMitigationList• http://cwe.mitre.org/top25

> OpenWebApplicationSecurityProjectOWASP• https://www.owasp.org/index.php/Main_Page

> Microsoft• https://www.microsoft.com/en-us/SDL

> StaticandDynamicAnalysisTools• https://www.owasp.org/index.php/Source_Code_Analysis_Tools• https://en.wikipedia.org/wiki/Dynamic_program_analysis

> OtherLinks• http://www.itsecurityguru.org/2016/06/23/10-steps-to-addressing-the-human-vulnerability-in-cybersecurity/• https://dsimg.ubm-us.net/envelope/385633/510213/DR16_1611055__EditReport_Dec13_SecAppDev_Sponsored-

CloudPassage_FINAL.pdf

Appendix

87

Page 20: AngelicaHarris Manager,Cybersecurity CANARIE · >A successful cybersecurity program requires all employees to be on the same page and requires support and acceptance. >Preventing

Thank you!Questions?

88


TheFunded - Canarie

Viaggio Fotografico a Tenerife Canarie

Cybersecurity success requires a change of mind requires a ...€¦ · And the goal for cybersecurity software vendors is to prolong product effectiveness by anticipating potential

VDA China - Automotive SPICE for Cybersecurity · 2021. 4. 12. · The performance of the Cybersecurity PAM requires a VDA scope assessment of Automotive SPICE 3.1. The Cybersecurity

Cybersecurity for School Districts · Do not assume that information security is only an IT issue. • Cybersecurity is a District issue that requires the assistance of a technical

CANARIE “CA*net 4 Customer Empowered Networking”

Jerry Sheehan Green Canarie

Navigating China’s Cybersecurity Regulations · Requires monitoring New/adjusted in 2019/2020 2017 Cybersecurity Law CIIO Network Products & Encryption Personal Information (PI)

CROCIERA ALLE CANARIE

Canarie parte prima

Cybersecurity for Weapon Systems Roundtable Special Report · 2019-05-02 · March 21, 2019 True cybersecurity in weapon systems requires new ways of thinking, ranging from looking

Vacanza attiva e cicloturismo alle Canarie

Iavicoli canarie 2-3_marzo_2011_def2

What is CANARIE?

Canarie parte seconda

The Canarie is Dead

Voyage aux iles canarie

La fiscalità alle Isole Canarie

CANARIE Inc

Ile Grande Canarie 001 (Brochure)

Immobili canarie agenzia immobiliare abitare90

Bill St. Arnaud CANARIE Inc – canarie Bill.st.arnaud@canarie

June 1999 canarie canet3

Canarie CAF- Shibboleth Workshop Topics

Canarie parte terza

Herv é Guy herve.guy@canarie Tuesday 2005.8.23

Science Studio CANARIE Review

Canarie Federated Non Web Signon

La Flore Des Iles Canarie

What is CANARIE? CANARIE runs Canada’s only national high-bandwidth network for research & education Connects one million users at 1,100 institutions

Climate Check Canarie Workshop March4

Rencontre à Grande Canarie: l'eau et l'économie

Analysis of the Economic Benefits of CANARIE

Isole Canarie Contenuti

The invisible hole of information on SMB's cybersecurity · resulting in an increase of vulnerability to cybercrime (Bhattacharya, 2013). The challenge is that cybersecurity requires