Index > Cyber Risk and Resilience > 2021-08-23: Day 1 and the Security Environment Overview

2021-08-23: Day 1 and the Security Environment Overview

Agenda:

• intros
• syllabus
• sec env overview
• exec level concerns
• frameworks

Things to do:

• Keep an eye on MyCourses
• Join the slack (link on MyCourses)

Intros

Dr Rick Mislan:

• Named Ritchie!
• GCI Cyber Ranger Creative Director
• US Army Electronic Warfare Officer
• Has hung out with:
  • At RIT:
    • McAfee
    • Vince Cerf
  • In a trailer after a concert:
    • John Mellancamp

Join slack later to introduce yourselves (again)

Introductions round one:

• who you are
• where you’re from
• something unique

There will be roughly 5 homework assignments, 5% each; exams are 15% each, project is 35%

The textbook is coming in PDF format, Nice!

The Security Environment Overview

“For every wall, there is a ladder”

“Security is a Feeling”

SETA - Security Education, Training, and Awareness

Information is in one of three states:

• Data in Motion
• Data at Rest
• Data in Use

These are called the “Avenues of Access”

Identify, prevent, Detect, Response, Recover (this is not picerl)

The three pillars or risk:

• Information Technology
• Operational
• Fraud and Financial Crime

IT is where cyber attacks hit.

Risk appetite: What can we accept? What isn’t worth worrying about?

Identify, Prevent, Detect, Respond

• Identify potential threats
• Prevent those things from happening
• Detect those events
• Respond to them, recover

Stumbling Blocks:

• Organizational Silos
  • cyber doesn’t stay in its bucket
• Insufficient Business Involvement
  • Cyber risk is a business problem, not just a technical one.
• Over-reliance on training and communications
  • Controlling risk only by changing human behavior
• Talent shortfalls
  • self explanatory