• Home

  • Documents

  • Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation
12
Jerry Cochran Jerry Cochran Principal Security Strategist Principal Security Strategist Trustworthy Computing Group Trustworthy Computing Group Microsoft Corporation Microsoft Corporation

Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation

Tags:

Embed Size (px)

Citation preview

Page 1: Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation

Jerry CochranJerry CochranPrincipal Security StrategistPrincipal Security StrategistTrustworthy Computing Group Trustworthy Computing Group Microsoft CorporationMicrosoft Corporation

Page 2: Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation

IT/Telecom

Energy

Transportation

Banking/Finance

Govt Service

s

Cybersecurity

Critical Infrastructures

Critical Information InfrastructureCross-cutting ICT interdependencies among all sectors

Non-essential IT systems

Ente

rpris

esCo

nsum

ers

Those practices and procedures that enable the secure use and operation of cyber tools and technologies

Page 3: Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation

War Terrorism

Convergence

Cyber Attacks

Globalization

Natural Disasters

Laws and Regulations

Emergency Response Plans

Directives/Policies

National Strategies

Page 4: Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation

1. Define Goals and Roles2. Identify and Prioritize Critical Functions3. Continuously Assess and Manage Risks4. Build Operational Response Frameworks5. Create Public-Private Partnerships6. Build Security/Resiliency into Operations

Government and infrastructure owners/operators:

Collaboratively pursue these core enablers of resiliency and infrastructure security

Page 5: Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation
Page 6: Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation

Assess Risks

Identify Controls and Mitigations

Implement Controls

Measure Effectiveness

Government“What’s the goal”

Determine Acceptable Risk Levels

Infrastructure“Prioritize Risks”

Public-Private Partnership“What’s critical”

Operators“Best control solutions”

Define Policy and Identify Roles

Incidences, emerging issues, & changing

conditions :

constantly update risk assessment

Page 7: Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation

Establish an Establish an Open DialogOpen Dialog

Understand the Understand the critical critical functions, functions, infrastructure infrastructure elements, and elements, and key resources key resources necessary for: necessary for:

delivering delivering essential essential services, services, maintaining the maintaining the orderly orderly operations of operations of the economy, the economy, and and helping to helping to ensure public ensure public safety.safety.

Critical Function

Critical Function

Key Resource

Key Resource

Infrastructure Element

Infrastructure Element

Critical Function

Key Resource

Infrastructure Element

Supply

Chain

Supply

Chain

Supply

Chain

Supply

Chain

Supply

Chain

Supply

Chain

Supply

Chain

Supply

Chain

Supply

Chain

Supply

Chain

Understand Interdependen

cies

Page 8: Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation

Protection is the Protection is the Continuous Application of Continuous Application of Risk ManagementRisk Management

• Define Functional Requirements• Evaluate Proposed Controls• Estimate Risk Reduction/Cost Benefit• Select Mitigation Strategy

• Define Functional Requirements• Evaluate Proposed Controls• Estimate Risk Reduction/Cost Benefit• Select Mitigation Strategy

• Evaluate Program Effectiveness

• Leverage Findings to Improve Risk Management

• Evaluate Program Effectiveness

• Leverage Findings to Improve Risk Management

• Identify Key Functions• Assess Risks • Evaluate Consequences

• Identify Key Functions• Assess Risks • Evaluate Consequences

Incidences, emerging issues, & changing

conditions :

constantly update risk assessment

Page 9: Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation

Goal: Improve Operational CoordinationGoal: Improve Operational CoordinationPublic- and private-sector organizations alike can benefit from developing joint plans for managing emergencies, including recovering critical functions in the event of significant incidentsUnified Concept of Operations for Public and Private Sector CERTsEmergency response plans can mitigate damage and promote resiliency.

Effective emergency response plans are generally short and highly actionable so they can be readily tested, evaluated, and implemented.

Testing and exercising emergency response plans promotes trust, understanding, and greater operational coordination among public- and private-sector organizations.

Exercises also provide an important opportunity to identify new risk factors that can be addressed in response plans or controlled through regular risk management functions.

Page 10: Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation

Collaboration is key to protecting critical Collaboration is key to protecting critical infrastructureinfrastructure

Page 11: Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation

Security is a Security is a continuous processcontinuous process

Infrastructure Infrastructure OperationsOperations

Management

Technical

Operational

SecuritySecurityControlsControls

Critical Critical FunctionsFunctions(Global, National, (Global, National, Local)Local)

Fosters increased security and resiliency for the critical functions that support safety, security, and commerce at all levels

Building security and resiliency into infrastructure operations

Page 12: Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation

Trustworthy Wireless

Trustworthy Wireless

Documents
TAaaS: Trustworthy Authentication as a Service - KAISTcaislab.kaist.ac.kr/publication/paper_files/2016/TAaaS.pdf · TAaaS: Trustworthy Authentication as a Service ... Trustworthy

TAaaS: Trustworthy Authentication as a Service - KAISTcaislab.kaist.ac.kr/publication/paper_files/2016/TAaaS.pdf · TAaaS: Trustworthy Authentication as a Service ... Trustworthy

Documents
Cochran Firm Law

Cochran Firm Law

Documents
CRE652 Processor Architecture Making it Trustworthy Trustworthy Computing and Branch Prediction

CRE652 Processor Architecture Making it Trustworthy Trustworthy Computing and Branch Prediction

Documents
Cochran Firm Newsletter

Cochran Firm Newsletter

Documents
The Strategist

The Strategist

Business
Caspar Bowden Senior Privacy Strategist Trustworthy Computing Group Microsoft EMEA Open problems in applying PETs to Data Protection Privacy and Security:

Caspar Bowden Senior Privacy Strategist Trustworthy Computing Group Microsoft EMEA Open problems in applying PETs to Data Protection Privacy and Security:

Documents
Operon strategist

Operon strategist

Healthcare
Strategist Portolio

Strategist Portolio

Documents
Trustworthy Browsing

Trustworthy Browsing

Documents
TrustWorthy Catalogs

TrustWorthy Catalogs

Documents
The webinar will begin soon - Cochrane Training · Webinar Housekeeping webinar O: 275-918-366 GoToWebinar (I) Cochran: (I) Cochran: (I) Cochran: (I) Cochran: (I) Cochran: (I) Cochran:

The webinar will begin soon - Cochrane Training · Webinar Housekeeping webinar O: 275-918-366 GoToWebinar (I) Cochran: (I) Cochran: (I) Cochran: (I) Cochran: (I) Cochran: (I) Cochran:

Documents
Andrea Cochran Landscapes

Andrea Cochran Landscapes

Documents
Trustworthy Systems

Trustworthy Systems

Documents
Cochran Chapel United Methodist Church - Clover Sitesstorage.cloversites.com... · 2017-09-30 · Cochran Chapel United Methodist Church Heritage Sunday October 22, 2017 Cochran Chapel

Cochran Chapel United Methodist Church - Clover Sitesstorage.cloversites.com... · 2017-09-30 · Cochran Chapel United Methodist Church Heritage Sunday October 22, 2017 Cochran Chapel

Documents
Foundations of Trustworthy Leadership - WholeHearted · FOUNDATIONS OF TRUSTWORTHY LEADERSHIP WholeHearted leadership programs are grounded in six foundations of trustworthy leadership:

Foundations of Trustworthy Leadership - WholeHearted · FOUNDATIONS OF TRUSTWORTHY LEADERSHIP WholeHearted leadership programs are grounded in six foundations of trustworthy leadership:

Documents
Connie Cochran

Connie Cochran

Documents
CONGRATULATIONS ON YOUR NEW COCHRAN EMC-20H w/Helium DIVE COMPUTER Cochran Undersea Technology a division of Cochran Consulting, Inc. Copyright 2000 -

CONGRATULATIONS ON YOUR NEW COCHRAN EMC-20H w/Helium DIVE COMPUTER Cochran Undersea Technology a division of Cochran Consulting, Inc. Copyright 2000 -

Documents
Cochran, Davis & Associates, P.C. Ace Your Deposition and California Fair Claims Practices Certification Joan E. Cochran, Esq. Jeff Bolson, Esq. Cochran,

Cochran, Davis & Associates, P.C. Ace Your Deposition and California Fair Claims Practices Certification Joan E. Cochran, Esq. Jeff Bolson, Esq. Cochran,

Documents
PDE Based Trustworthy Deep Learninghelper.ipam.ucla.edu/publications/dlm2020/dlm2020_15804.pdfHowever, Deep Learning is Not Trustworthy! Trustworthy deep learning: 1. Robustdeeplearning

PDE Based Trustworthy Deep Learninghelper.ipam.ucla.edu/publications/dlm2020/dlm2020_15804.pdfHowever, Deep Learning is Not Trustworthy! Trustworthy deep learning: 1. Robustdeeplearning

Documents
Doug Cavit Chief Security Strategist Trustworthy Computing

Doug Cavit Chief Security Strategist Trustworthy Computing

Documents
Trustworthy Software

Trustworthy Software

Technology
Thad Cochran answer in McDaniel v. Cochran

Thad Cochran answer in McDaniel v. Cochran

Documents
Caspar Bowden Senior Privacy Strategist Trustworthy Computing Group Microsoft EMEA

Caspar Bowden Senior Privacy Strategist Trustworthy Computing Group Microsoft EMEA

Documents
David Bills; General Manager and Chief Reliability Strategist · Web viewDavid Bills, General Manager and Chief Reliability Strategist Trustworthy Computing Microsoft Corp. David

David Bills; General Manager and Chief Reliability Strategist · Web viewDavid Bills, General Manager and Chief Reliability Strategist Trustworthy Computing Microsoft Corp. David

Documents
Trustworthy Computing

Trustworthy Computing

Documents
Cochran IEEE 2009

Cochran IEEE 2009

Documents
Trustworthy Yet?

Trustworthy Yet?

Documents
Cochran boiler

Cochran boiler

Education
Jomini : STRATEGIST

Jomini : STRATEGIST

Documents