Ari M. Schwartz | |
---|---|
Born | |
Alma mater | Brandeis University |
Occupation | Cybersecurity advisor |
Years active | 1996 - present |
Employer | Venable |
Known for | NIST Cybersecurity framework Vulnerabilities Equities Process |
Ari M. Schwartz is an American cybersecurity and technology policy expert. [1] [2] He is the former Special Assistant to the President and senior director for cybersecurity on the United States National Security Council Staff at the White House, having left the role in October 2015. [3] Previously, Schwartz worked in both the Executive Branch and civil society as on cybersecurity, privacy, civil liberties, and policy. He is an advocate for vulnerability disclosure programs. [4]
Schwartz came to the White House after serving as a Senior Advisor for technology policy to the United States Secretary of Commerce. [5] Previously, he was at the National Institute of Standards and Technology where he served as Internet Policy Advisor, working on the Internet Policy Task Force [6] at the Department of Commerce.
Before his government service, Schwartz was the vice president and chief operating officer of the Center for Democracy and Technology (CDT) in Washington, D.C., in the United States. [7] He was formerly a CDT senior policy analyst [8] and subsequently the center's Vice President and COO. [9]
While at CDT, Schwartz won the RSA conference award for Excellence in Public Policy, [10] and the Online Trust Alliance Award for Excellence in Public Policy. [11]
In October 2015, it was revealed that Schwartz had stepped down from his role as senior director for cybersecurity after a two-year tenure. He remarked that he had always planned to leave the role after this period. Schwartz was praised on his departure for helping to develop the government's cybersecurity framework, a voluntary guideline to help companies bolster their security programs, and as an honest broker with industry and civil society. [12] [13]
Schwartz currently works at the law firm Venable, where he is the Managing Director of Cybersecurity Services. [14]
Schwartz is from the Detroit, Michigan area, and holds a bachelor's degree in sociology from Brandeis University. [9]
Computer security, cyber security, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.
IT security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.
Lance J. Hoffman is Emeritus Professor of Computer Science at The George Washington University (GW) in Washington, DC. He initiated and taught the first course on computer security in a regular accredited degree program in the United States at the University of California, Berkeley in 1970 and established the computer security program there and at GW and led GW’s to national recognition as a Center of Academic Excellence in Information Assurance Education.
Jeff Moss, also known as Dark Tangent, is an American hacker, computer and internet security expert who founded the Black Hat and DEF CON computer security conferences.
Winn Schwartau is a computer security analyst who focuses on internet security, internet privacy, infowar, cyber-terrorism and related topics.
The National Institute for Standards and Technology's (NIST) Risk Management Framework (RMF) is a United States federal government guideline, standard and process for risk management to help secure information systems developed by National Institute of Standards and Technology. The Risk Management Framework (RMF), illustrated in the diagram to the right, provides a disciplined and structured process that integrates information security, privacy and risk management activities into the system development life cycle.
The National Strategy for Trusted Identities in Cyberspace (NSTIC) is a US government initiative announced in April 2011 to improve the privacy, security and convenience of sensitive online transactions through collaborative efforts with the private sector, advocacy groups, government agencies, and other organizations.
The Cyber Intelligence Sharing and Protection Act was a proposed law in the United States which would allow for the sharing of Internet traffic information between the U.S. government and technology and manufacturing companies. The stated aim of the bill is to help the U.S. government investigate cyber threats and ensure the security of networks against cyberattacks.
Carl E. Landwehr is an American computer scientist whose research focus is cybersecurity and trustworthy computing. His work has addressed the identification of software vulnerabilities toward high assurance software development, architectures for intrusion-tolerant and multilevel security systems, token-based authentication, and system evaluation and certification methods. In an invited essay for ACSAC 2013, he proposed the idea of developing building codes for building software that is used in critical infrastructures. He has organized an NSF funded workshop to develop a building code and research agenda for medical device software security. The final committee report is available through the Cyber Security and Policy Institute of the George Washington University, and the building code through the IEEE.
The National Cybersecurity Center of Excellence (NCCoE) is a US government organization that builds and publicly shares solutions to cybersecurity problems faced by U.S. businesses. The center, located in Rockville, Maryland, was established in 2012 through a partnership with the National Institute of Standards and Technology (NIST), the state of Maryland, and Montgomery County. The center is partnered with nearly 20 market-leading IT companies, which contribute hardware, software and expertise.
Phil Agcaoili is a technologist, entrepreneur, and cyber security, information security, and privacy expert.
The Open Trusted Technology Provider Standard (O-TTPS) is a standard of The Open Group that has also been approved for publication as an Information Technology standard by the International Organization of Standardization and the International Electrotechnical Commission through ISO/IEC JTC 1 and is now also known as ISO/IEC 20243:2015. The standard consists of a set of guidelines, requirements, and recommendations that align with best practices for global supply chain security and the integrity of commercial off-the-shelf (COTS) information and communication technology (ICT) products. It is currently in version 1.1. A Chinese translation has also been published.
Katie Moussouris is an American computer security researcher, entrepreneur, and pioneer in vulnerability disclosure, and is best known for her ongoing work advocating responsible security research. Previously a member of @stake, she created the bug bounty program at Microsoft and was directly involved in creating the U.S. Department of Defense's first bug bounty program for hackers. She previously served as Chief Policy Officer at HackerOne, a vulnerability disclosure company based in San Francisco, California, and currently is the founder and CEO of Luta Security.
Stephen Cobb is an expert on security, privacy, and the risks related to digital technology.
NIST Cybersecurity Framework is a set of guidelines for mitigating organizational cybersecurity risks, published by the US National Institute of Standards and Technology (NIST) based on existing standards, guidelines, and practices. The framework "provides a high level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes", in addition to guidance on the protection of privacy and civil liberties in a cybersecurity context. It has been translated to many languages, and is used by several governments and a wide range of businesses and organizations.
This is a list of cybersecurity information technology. Cybersecurity is security as it is applied to information technology. This includes all technology that stores, manipulates, or moves data, such as computers, data networks, and all devices connected to or included in networks, such as routers and switches. All information technology devices and facilities need to be secured against intrusion, unauthorized use, and vandalism. Additionally, the users of information technology should be protected from theft of assets, extortion, identity theft, loss of privacy and confidentiality of personal information, malicious mischief, damage to equipment, business process compromise, and the general activity of cybercriminals. The public should be protected against acts of cyberterrorism, such as the compromise or loss of the electric power grid.
The zero trust security model, also known as zero trust architecture (ZTA), and sometimes known as perimeterless security, describes an approach to the strategy, design and implementation of IT systems. The main concept behind the zero trust security model is "never trust, always verify," which means that users and devices should not be trusted by default, even if they are connected to a permissioned network such as a corporate LAN and even if they were previously verified. ZTA is implemented by establishing strong identity verification, validating device compliance prior to granting access, and ensuring least privilege access to only explicitly authorized resources. Most modern corporate networks consist of many interconnected zones, cloud services and infrastructure, connections to remote and mobile environments, and connections to non-conventional IT, such as IoT devices. The reasoning for zero trust is that the traditional approach — trusting users and devices within a notional "corporate perimeter", or users and devices connected via a VPN — is not relevant in the complex environment of a corporate network. The zero trust approach advocates mutual authentication, including checking the identity and integrity of users and devices without respect to location, and providing access to applications and services based on the confidence of user and device identity and device health in combination with user authentication. The zero trust architecture has been proposed for use in specific areas such as supply chains.
Andrea M. Matwyshyn is a United States law professor and engineering professor at The Pennsylvania State University. She is known as a scholar of technology policy, particularly as an expert at the intersection of law and computer security and for her work with government. She is credited with originating the legal and policy concept of the Internet of Bodies.
Phil Venables is a computer scientist who has been the chief information security officer (CISO) at Google Cloud since 2020. He specializes in information and cyber security, as well as enterprise risk and technology risk. Previous to Venable's position at Google, he held a number of roles at Goldman Sachs and served on the Board of Goldman Sachs Bank. Since 2021, he has also been a member of the President’s Council of Advisors on Science and Technology (PCAST).
The Forum of Incident Response and Security Teams (FIRST) is a global forum of incident response and security teams. They aim to improve cooperation between security teams on handling major cybersecurity incidents. FIRST is an association of incident response teams with global coverage.