paul de souza
DESCRIPTION
TRANSCRIPT
![Page 1: Paul De Souza](https://reader033.vdocuments.mx/reader033/viewer/2022051313/5480de1eb4af9f324f8b479a/html5/thumbnails/1.jpg)
Unclassified
August 2010
![Page 2: Paul De Souza](https://reader033.vdocuments.mx/reader033/viewer/2022051313/5480de1eb4af9f324f8b479a/html5/thumbnails/2.jpg)
Without a cyber strategy, survival in cyberspace is left to chance!
![Page 3: Paul De Souza](https://reader033.vdocuments.mx/reader033/viewer/2022051313/5480de1eb4af9f324f8b479a/html5/thumbnails/3.jpg)
1 - SET OF IDEAS
2 - INTRUMENTS OF POWER
3 - SYNCHRONIZED EFFORTS (COORDINATED)
4 - OBJECTIVES AND DIRECTION
DOD Dictionary of Military and Associated Termshttp://www.dtic.mil/doctrine/new_pubs/jp1_02.pdf
![Page 4: Paul De Souza](https://reader033.vdocuments.mx/reader033/viewer/2022051313/5480de1eb4af9f324f8b479a/html5/thumbnails/4.jpg)
5 pillars of cyber security strategy
Defense Deputy Secretary William Lynn III
![Page 5: Paul De Souza](https://reader033.vdocuments.mx/reader033/viewer/2022051313/5480de1eb4af9f324f8b479a/html5/thumbnails/5.jpg)
Rec
ogni
zeTh
reat
Ext
end
Inte
rnal
D
efen
se
Ext
end
Pro
tect
ion
To C
ritic
al
Infra
stru
ctur
e
Inte
rnat
iona
l C
olla
bora
tion
Mai
ntai
n Te
chni
cal
Dom
inan
ce
http://www.govinfosecurity.com/articles.php?art_id=2872
![Page 6: Paul De Souza](https://reader033.vdocuments.mx/reader033/viewer/2022051313/5480de1eb4af9f324f8b479a/html5/thumbnails/6.jpg)
Recognize cyberspace as a new war fighting domain
You are doing business in a COMBAT ZONE!
US Air Force Mission
USAF Cyberspace Operator Badge
![Page 7: Paul De Souza](https://reader033.vdocuments.mx/reader033/viewer/2022051313/5480de1eb4af9f324f8b479a/html5/thumbnails/7.jpg)
MORE THAN good hygiene and perimeter defenses as intrusion
detectionMORE THAN Firewalls, MORE THAN IPS appliances, MORE THAN Web Proxy servers, MORE THAN VPN tunnels, MORE THAN SIEM, etc…
![Page 8: Paul De Souza](https://reader033.vdocuments.mx/reader033/viewer/2022051313/5480de1eb4af9f324f8b479a/html5/thumbnails/8.jpg)
“The military networks do not exists in a vacuum; we depend heavily on commercial networks for logistics, transportation, for power”Defense Deputy Secretary William Lynn III
Help Protect your business partners
Understand their strategies
![Page 9: Paul De Souza](https://reader033.vdocuments.mx/reader033/viewer/2022051313/5480de1eb4af9f324f8b479a/html5/thumbnails/9.jpg)
![Page 10: Paul De Souza](https://reader033.vdocuments.mx/reader033/viewer/2022051313/5480de1eb4af9f324f8b479a/html5/thumbnails/10.jpg)
![Page 11: Paul De Souza](https://reader033.vdocuments.mx/reader033/viewer/2022051313/5480de1eb4af9f324f8b479a/html5/thumbnails/11.jpg)
1 Understand what cyber strategy is NOT
2 Understand and Accept the UNIQUE threats that apply to you –Know your Enemy! (CyberINT, Attack Analysis and Strategy Analysis
3 Know yourself and how vulnerable you are. Understand your capabilities
4 Create a SET of Ideas (the WHAT of things and not necessary the HOW of things)
5 Develop your INTRUMENTS of POWER to counter the threat and minimize the risk (the HOW of things)
6 Synchronize , Collaborate , Integrate and Coordinate
7 List Objectives and expand on direction
8 Write down your strategy
9 Repeat the cycle
![Page 12: Paul De Souza](https://reader033.vdocuments.mx/reader033/viewer/2022051313/5480de1eb4af9f324f8b479a/html5/thumbnails/12.jpg)
A Goal
Tactics
A Security Policy
Doctrine
Compliance
![Page 13: Paul De Souza](https://reader033.vdocuments.mx/reader033/viewer/2022051313/5480de1eb4af9f324f8b479a/html5/thumbnails/13.jpg)
"It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles“ Sun Tzu
![Page 14: Paul De Souza](https://reader033.vdocuments.mx/reader033/viewer/2022051313/5480de1eb4af9f324f8b479a/html5/thumbnails/14.jpg)
Define what’s critical
Understand what’s wanted by your adversary
Understand your vulnerabilities by running vulnerability assessments
engage trusted but external partners to test your systems
Understand your “Instruments of Power” – Set of skills, technology, knowledge
![Page 15: Paul De Souza](https://reader033.vdocuments.mx/reader033/viewer/2022051313/5480de1eb4af9f324f8b479a/html5/thumbnails/15.jpg)
![Page 16: Paul De Souza](https://reader033.vdocuments.mx/reader033/viewer/2022051313/5480de1eb4af9f324f8b479a/html5/thumbnails/16.jpg)
Adobe Acrobat Document
The Cyber Security Operations Centre (CSOC)
http://www.dsd.gov.au/infosec/top35mitigationdetails.htm
![Page 17: Paul De Souza](https://reader033.vdocuments.mx/reader033/viewer/2022051313/5480de1eb4af9f324f8b479a/html5/thumbnails/17.jpg)
Strategy goals must be well defined
Define success and appropriate metrics
Create a strategy forecast and future direction
![Page 18: Paul De Souza](https://reader033.vdocuments.mx/reader033/viewer/2022051313/5480de1eb4af9f324f8b479a/html5/thumbnails/18.jpg)
Your cyber strategy must keep security events in sync with timeYour cyber strategy must cover collaboration,
integration and coordination efforts with other cyber entities of interest
![Page 19: Paul De Souza](https://reader033.vdocuments.mx/reader033/viewer/2022051313/5480de1eb4af9f324f8b479a/html5/thumbnails/19.jpg)
Your cyber strategy is a sensitive living document that is dynamic and ever changing