Proactive Security Monitoring From Security watch to the independent SOC organization. November 22 nd 2012, Marek Deml
|
|
- Conrad Baldwin
- 6 years ago
- Views:
Transcription
1 Proactive Security Monitoring From Security watch to the independent SOC organization November 22 nd 2012, Marek Deml
2 Core steps Security watch SOC Deloitte Česká republika
3 Security watch Situation to manage Heterogeneous environment worldwide in three core data centers and 190 countries servers, desktops, 400+ applications Threat management Vulnerability management Deloitte Česká republika
4 Security Watch Process: Objectives and Approach Objectives In time Coordinated With priority Proactively Approach 24x5 monitoring Global presence and involvement of local experts Consistent criticality prioritization Timely patch and virus alerting Main features Alerts published on Security Watch alert portal Automatic notification for new and updated alerts to contacts in IT service organization and different BUs served by IT organization Deloitte Česká republika
5 Security Alert Management and Escalation Touch Points Security advisory 1 Modify Alert Categories Establish Common Patch Mng. Policy and SLA Security advisory 2 Security advisory xx 1. Initial assessment and evaluation of advisories 2. Alert approval 3. Alert distribution 4. Alert implementation and monitoring Inputs from Users/BUs ALL BUs Company Major Software and Platform List Alert Distribution List Repository Establish Process to Maintain DLs Establish Major SW List and Process to Maintain it Deloitte Česká republika
6 Security Watch Process 1. Initial assessment and evaluation of advisories Security advisory 1 Security advisory 2 Security advisory xx Inputs from Users/ BUs Duty CISO org person to check security advisories against the systems used Alert received No advisory Alert reviewed by CISO org person on duty to initially determine priority of alert Major Software and Platform List Send message next shift and cc all CISO org non-activity Does CISO org person has technical knowledge to assess? No SME Review required SME List Yes Complete alert and forward to duty CISO org person for review Alert priority proposal by CISO org person Deloitte Česká republika
7 Security Watch Process 2. Alert approval Alert priority proposal by CISO organization CISO org member creates alert, assign alert number, store for publishing Maintenance Emergency/Critical/ Maintenance/Notification priority Upgraded / downgraded alert resubmission Approved as Maintenance/Notification Proposal Emergency/Critical Alert send for approval to CISO and 1 other CISO org person Alert send for approval to CISO and Board Member followed by phonecall, contact must be made within 4 hours Prepared as Emergency Approved Not Approved Alert upgrade/downgrade or revocation Alert revoked Approved Approved as Critical Not Approved Revoked alerts repository Approved as Emergency Emergency/Critical/ Maintenance/Notification Alert ready to be released Downgraded and approved as critical Deloitte Česká republika
8 Security Watch Process Priority flow in time VULNERABILITY NOTIFICATION (INTERNAL) MAINTENANCE SECURITY PATCH ALERT RELEASED CRITICAL SECURITY PATCH ALERT RELEASED EMERGENCY SECURITY PATCH ALERT RELEASED critical vulnerability announced patch announced virus/worm availability announced virus/worm spreading worldwide and Company is already impacted, or very likely to be time Deloitte Česká republika
9 Security Watch Process Alert categories in detail Level Priority Criteria Action Deadline to Implement Decision- / Approval Authority A EMERGENCY - Malware exploiting the vulnerability is spreading inside Company network or is very likely to be - Released on ad-hoc basis B CRITICAL Public exploit or Malware exists - Rated critical by vendor - Software widely used in Company environment - Released on ad-hoc basis C MAINTENANCE - Rated at least moderately critical by vendor - Software widely used in Company environment - Released on monthly basis Top priority intervention supersedes all other ISor business priorities Action must be performed within the shortest possible time (out-ofband of regular maintenance window) Needs to be planned and performed within reasonable, agreed time in regular maintenance window 1-3 days CISO and Board member 1 Approval dateline: within 4hr 4-30 days CISO & CISO org member 2 Approval dateline: within 24hr 1-3 months CISO & CISO org member 3 Approval dateline: Before 20 th of the month D NOTIFICATION None. Use as needed. None. Only qualified early warnings N/A CISO organization Deloitte Česká republika
10 Security Watch Process Alert Approval: Review and Approval Flow EMERGENCY - RED 1. Draft alerts ed to approval authority for approval 2. Follow up with phone call to approval authority 3. Alerts released by CISO once approval received CRITICAL - YELLOW 1. Draft alerts ed to approval authority 2. Alerts released by CISO within 24 hours once approval received MAINTENANCE GREEN, NOTIFICATION - WHITE 1. Draft alerts prepared and stored on shared drive/portal, to be released on 25 th day of the month or as needed 2. Shared drive/portal is accessible by approval; authority for review 3. Alerts released by CISO organization on target date by CISO organization if no comments received Deloitte Česká republika
11 Security Watch Process 3. Alert distribution Emergency/Critical/ Maintenance/Notification Alert ready to be released Emergency/Critical/ Maintenance/Notification priority Maintenance/Notification Batch of alerts published on Alert portal on 25 th of month or as needed and notification sent to Alert Distribution List Emergency/Critical Alert published on Alert portal immediately and notification sent to Alert Distribution List Alert Distribution List Repository Alert Distribution List Repository Deloitte Česká republika
12 Security Watch Process 3. Alert distribution BU Security Contacts List Repository Maintenance Process BU Master contact Country IT Regular update BU Master contact Regular Update Repository Maintenance BU Master contact CISO org Alert Distribution list repository BU Master contact Regular update cycle: Quarterly BU Master contact Deloitte Česká republika
13 Security Watch Process 4. Alert Implementation and Monitoring Alert must be implemented within its implementation deadline as stated in it, change management principles must apply Regular monitoring of alert implementation must be set up in all entities including escalations for not implemented alerts in time Alert compliance reporting should be set up on regular basis to make sure appropriate steps done in follow up activities Deloitte Česká republika
14 Security Operating Centre (SOC) SOC business case introduction SOC Objective Project: Implementing SOC in the follow the sun model (24x7) Deloitte Česká republika
15 Security Operating Centre (SOC) SOC business case introduction, status before Downtimes due to internal security issues Reactive security access to incidents Missing central management No CIRT in place Business expectation: Impact of future attacks to be negated Technology packages were purchased in order to protect their business. Services to be managed to a level that the company will not be impacted by an attack which they have paid for a service to mitigate Deloitte Česká republika
16 Security Operating Centre (SOC) SOC Objective Effective Information Security Incident Response Management To monitor system logs to see unauthorised activity on client networks and systems from both internal systems and external systems. To be alerted and act upon network or system Information Security Incidents. To actively manage the malware (virus, bot, etc.) threat. To fix a critical audit issue and create a more secure environment for ourselves and our customers. To protect the business Deloitte Česká republika
17 SOC Responsibilities for the project Global information security CISO organisation Design and development Owner Build Local Information security managers EMEA, AP, AM Review Build Support CISO org and SAO Secure Access Operation EMEA, AP, AM Run 2 nd level support, Review SOC procedures, Support SOC organization Manage non-standard changes SOC organisation EMEA, AP, AM Run 1 st level support Implement SOC process and procedures, Run SOC operations Manage pre-approved change Deloitte Česká republika
18 SOC Implementation Stages worldwide Stage 1 Basic operations EMEA Focused on handling security incidents related to Malware (virus, worms, bots etc.) Development of Basic Operation process and procedure in EMEA, to be duplicated to AP and AM Stage 2 Basic operations with Follow the Sun in EMEA, AP, AM Focused on handling security incidents related to Malware (virus, worms, bots etc.) Duplicate SOC Basic Operation from EMEA to AP and AM SOC Basic Operation run in EMEA to AP and AM in Follow The Sun Stage 3 Enhanced operations with Follow the Sun in EMEA, AP, AM Enhance handling of security incidents to include misconfigurations, misuse and suspicious activities Deloitte Česká republika
19 SOC - Implementation Stage 1 Basic operations EMEA EMEA Region NIPS Focused on handling security incidents related to Malware (virus, worms, bots etc.) Development of Basic Operation process and procedure in EMEA, to be duplicated to AP and AM NIPS Events Monitored Security Incidents: Malware EMEA DC SOC Basic Operation Mode 8hr x 5 days No coverage for weekends or public holiday Deloitte Česká republika
20 SOC - Implementation Stage 2 Basic operations with Follow the Sun in EMEA, AP, AM Focused on handling security incidents related to Malware (virus, worms, bots etc.) Duplicate SOC Basic Operation from EMEA to AP and AM SOC Basic Operation run in EMEA to AP and AM in Follow The Sun SOC Basic Operation in Follow The Sun Model EMEA Region NIPS AM Region NIPS AP Region NIPS NIPS Events NIPS Events NIPS Events Handover Handover EMEA Monitored Security Incidents: Malware AM Monitored Security Incidents: Malware Handover AP Monitored Security Incidents: Malware - SOC Basic Operation Mode - 8hr x 5 days - No coverage for weekends or public holiday - EMEA SOC Monitor AM and AP during EMEA shift - Monitored Security Incidents: Malware - SOC Basic Operation Mode - 8hr x 5 days - No coverage for weekends or public holiday - AM SOC Monitor EMEA and AP during AM shift - Monitored Security Incidents: Malware - SOC Basic Operation Mode - 8hr x 5 days - No coverage for weekends or public holiday - AP SOC Monitor EMEA and AM during AP Shift - Monitored Security Incidents: Malware Deloitte Česká republika
21 SOC - Implementation Stage 3 Enhanced operations with Follow the Sun in EMEA, AP, AM Enhance handling of security incidents to include misconfigurations, misuse and suspicious activities. SOC Enhanced Operation in Follow The Sun Model EMEA Region NIPS AM Region NIPS AP Region NIPS NIPS Events NIPS Events NIPS Events Handover Handover EMEA SOC Monitored Security Incidents: Malware, Misconfiguration, Suspicious Activities - SOC Enhanced Operation Mode - 8hr x 5 days - No coverage for weekends or public holiday - EMEA SOC Monitor AM and AP during EMEA shift - Monitored Security Incidents: Malware, Misconfigurations, Suspicious Activities AM SOC Monitored Security Incidents: Malware, Misconfiguration, Suspicious Activities - SOC Enhanced Operation Mode - 8hr x 5 days - No coverage for weekends or public holiday - AM SOC Monitor EMEA and AP during AM shift - Monitored Security Incidents: Malware, Misconfigurations, Suspicious Activities Handover AP SOC Monitored Security Incidents: Malware, Misconfiguration, Suspicious Activities - SOC Enhanced Operation Mode - 8hr x 5 days - No coverage for weekends or public holiday - AP SOC Monitor EMEA and AM during AP Shift - Monitored Security Incidents: Malware, Misconfigurations, Suspicious Activities Deloitte Česká republika
22 SOC Technologies used Each new technology was added into SOC as separated project task IBM NIPS and Site Protector console and database (Core) Darknet (Botnet C&C communication) Antivirus NAC Specific System logs Security NIPS Darknet Antivirus Logs NAC Specific System Logs Security SOC Monitoring Core Component Additional Component Deloitte Česká republika
23 SOC Processes developed and implemented Phase I. SOC High Level Security Event Handling Process SOC Security Incident Handling Procedure For Malware (Focusing on Malware related security incidents) SOC Security Incident Exemption Process SOC NIPS Policy management for phase I Phase II. SOC Follow the Sun and Handover Process SOC Security Event signatures Review and Evaluation Process SOC Global NIPS Policy management for phase II Phase III SOC Global NIPS Policy management for phase III SOC Security Incident Handling Procedure for Misconfiguration SOC Security Incident Handling Procedure for Suspicious Activities SOC Security Incident Handling Procedure for Uncategorized Security Incidents Deloitte Česká republika
24 SOC Global NIPS policy Why Key features of Global NIPS Policy Management of Global NIPS Policy NIPS Security Event Signature Assessment Methodology Typical conditions for enabling security event signature in Monitor and Block mode Typical conditions for enabling security event signature in Monitor mode only Typical conditions for not enabling the Security event signature NIPS Security Event Signature Evaluation and Approval Process Normal situation Emergency situation NIPS Filter Approval Process NIPS Policy Implementation Compliance Check Process Deloitte Česká republika
25 SOC Global NIPS policy Design 1 SOC Implement CISO Organization Global NIPS Policy SOC Implement SOC Implement + EA Local Filter/Exemption Global NIPS Policy Global NIPS Policy Global NIPS Policy + AM Local Filter/Exemption + AP Local Filter/Exemption EMEA SOC AM SOC AP SOC 5 NIPS Policy Implementation Compliance Check Process Deloitte Česká republika
26 SOC Global NIPS policy - Important parameters assessed Security Event name and Severity - vendor ISS XPU and Type - vendor Default ISS NIPS Action (in Block Mode) - vendor NIPS To Enable CISO organization and SOC NIPS to Block - CISO organization and SOC NIPS to Quarantine (Set type = Quarantine Worm only) - CISO organization and SOC Client severity - CISO organization Known Threat/Remark - CISO organization and SOC Category - CISO organization MS Alert - vendor Security watch Alert - CISO organization Added/Modifed in Version - CISO organization Next Review Date - CISO organization Deloitte Česká republika
27 Questions? Marek Deml
28 Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms Deloitte Czech Republic
Global Response Centre (GRC) & CIRT Lite. Regional Cyber security Forum 2009, Hyderabad, India 23 rd to 25 th September 2009
Global Response Centre (GRC) & CIRT Lite Regional Cyber security Forum 2009, Hyderabad, India 23 rd to 25 th September 2009 IMPACT Service offerings Global Response Centre CIRT Lite Need for GRC Access
More informationThe Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory
The Future of IT Internal Controls Automation: A Game Changer January 2018 Risk Advisory Contents Introduction 01 Future Operating Models for Managing Internal Controls 02 Summary 07 Introduction Internal
More informationManaged Security Services - Endpoint Managed Security on Cloud
Services Description Managed Security Services - Endpoint Managed Security on Cloud The services described herein are governed by the terms and conditions of the agreement specified in the Order Document
More informationCSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague
Brmlab, hackerspace Prague Lightning talks, November 2016 in general in general WTF is an? in general WTF is an? Computer Security in general WTF is an? Computer Security Incident Response in general WTF
More informationSchedule document N4MDM. PUBLIC Node4 limited 31/11/2018. Node4 Limited Millennium Way Pride Park Derby DE24 8HZ
Schedule document N4MDM PUBLIC Node4 limited 31/11/2018 Schedule document N4MDM This Schedule contains additional terms, Service Description & Service Level Agreement applicable to the N4 End Point Management
More informationCyber Security is it a boardroom issue?
Brisbane, 23 September 2014 Alistair Blake Director Cyber Security & Risk Services Today s session will cover Cyber Security and the Boardroom Executive sponsorship Organisational culture Operational readiness
More informationSCHEDULE DOCUMENT N4MDM PUBLIC NODE4 LIMITED 13/07/2017. Node4 Limited Millennium Way Pride Park Derby DE24 8HZ
SCHEDULE DOCUMENT N4MDM PUBLIC NODE4 LIMITED 13/07/2017 SCHEDULE This Schedule contains additional terms, Service Description & Service Level Agreement applicable to the N4 End Point Management Service
More informationCyber security tips and self-assessment for business
Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this
More informationClearswift Managed Security Service for
Clearswift Managed Security Service for Email Service Description Revision 1.0 Copyright Published by Clearswift Ltd. 1995 2019 Clearswift Ltd. All rights reserved. The materials contained herein are the
More informationStandard CIP 007 4a Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-4a 3. Purpose: Standard CIP-007-4 requires Responsible Entities to define methods, processes, and procedures for
More informationManaged Protection Service for Desktop Firewalls Standard
Service Description IBM Ireland Limited Registered in Dublin: No. 16226 Registered Office: Oldbrook House 24-32 Pembroke Road Ballsbridge, Dublin 4. Managed Protection Service for Desktop Firewalls Standard
More informationAchieving effective risk management and continuous compliance with Deloitte and SAP
Achieving effective risk management and continuous compliance with Deloitte and SAP 2 Deloitte and SAP: collaborating to make GRC work for you Meeting Governance, Risk and Compliance (GRC) requirements
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationSecurity and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /
Security and Compliance Powered by the Cloud Ben Friedman / Strategic Accounts Director / bf@alertlogic.com Founded: 2002 Headquarters: Ownership: Houston, TX Privately Held Customers: 1,200 + Employees:
More informationCompTIA E2C Security+ (2008 Edition) Exam Exam.
CompTIA JK0-015 CompTIA E2C Security+ (2008 Edition) Exam Exam TYPE: DEMO http://www.examskey.com/jk0-015.html Examskey CompTIA JK0-015 exam demo product is here for you to test the quality of the product.
More informationCyber Espionage A proactive approach to cyber security
Cyber Espionage A proactive approach to cyber security #DeloitteRA To mitigate the risks of advanced cyber threats, organisations should enhance their capabilities to proactively gather intelligence and
More informationStandard CIP 007 3a Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3a 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for
More informationCounterACT Check Point Threat Prevention Module
CounterACT Check Point Threat Prevention Module Version 1.0.0 Table of Contents About the Check Point Threat Prevention Integration... 4 Use Cases... 4 Additional Check Point Threat Prevention Documentation...
More informationSIEMLESS THREAT DETECTION FOR AWS
SOLUTION OVERVIEW: ALERT LOGIC FOR AMAZON WEB SERVICES (AWS) SIEMLESS THREAT DETECTION FOR AWS Few things are as important to your business as maintaining the security of your sensitive data. Protecting
More informationSOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2
Requirement Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence
More informationService Description Managed Protection Services for Networks - Standard
Service Description Managed Protection Services for Networks - Standard 1. Scope of Services IBM Managed Protection Services for Networks Standard (called MPS for Networks Standard ) is designed to provide
More informationIBM Managed Security Services for X-Force Hosted Threat Analysis Service
IBM Managed Security Services for X-Force Hosted Threat Analysis Service Z125-8483-00 05-2010 Page 1 of 5 Table of Contents 1. Scope of Services... 3 1.1 Licensing... 3 1.1.1 Individual... 3 1.1.2 Distribution...
More informationIBM Security Intelligence on Cloud
Service Description IBM Security Intelligence on Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means and includes the company, its authorized users or recipients
More informationSAFECOM SECUREWEB - CUSTOM PRODUCT SPECIFICATION 1. INTRODUCTION 2. SERVICE DEFINITION. 2.1 Service Overview. 2.2 Standard Service Features APPENDIX 2
APPENDIX 2 SAFECOM SECUREWEB - CUSTOM PRODUCT SPECIFICATION 1. INTRODUCTION This document contains product information for the Safecom SecureWeb Custom service. If you require more detailed technical information,
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationRSA IT Security Risk Management
RSA IT Security Risk Adding Insight to Security March 18, 2014 Wael Jaroudi GRC Sales Specialist 1 Where is Security Today? Companies have built layer upon layer of security, but is it helping? Complexity
More informationICT OPERATING SYSTEM SECURITY CONTROLS POLICY
ICT OPERATING SYSTEM SECURITY CONTROLS POLICY TABLE OF CONTENTS 1. INTRODUCTION... 3 2. LEGISLATIVE FRAMEWORK... 3 3. OBJECTIVE OF THE POLICY... 4 4. AIM OF THE POLICY... 4 5. SCOPE... 4 6. BREACH OF POLICY...
More informationMeeting PCI DSS 3.2 Compliance with RiskSense Solutions
Meeting PCI DSS 3.2 Compliance with Solutions Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 2018, Inc. What s Changing with PCI DSS? Summary of PCI Business
More informationISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045
Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence that
More informationService Level Agreement Research Computing Environment and Managed Server Hosting
RCE SLA 2013 Service Level Agreement Research Computing Environment and Managed Server Hosting Institute for Quantitative Social Science (IQSS) and Harvard- MIT Data Center (HMDC) August 1, 2013 1. Overview
More informationEMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security
EMERGING THREATS & STRATEGIES FOR DEFENSE Paul Fletcher Cyber Security Evangelist @_PaulFletcher Threats by Customer Environment Cloud Environment On Premise Environment 1.96% 0.13% 0.02% application-attack
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationACM Retreat - Today s Topics:
ACM Retreat - Today s Topics: Phase II Cyber Risk Management Services - What s next? Policy Development External Vulnerability Assessment Phishing Assessment Security Awareness Notification Third Party
More informationDefining Computer Security Incident Response Teams
Defining Computer Security Incident Response Teams Robin Ruefle January 2007 ABSTRACT: A computer security incident response team (CSIRT) is a concrete organizational entity (i.e., one or more staff) that
More informationMcAfee Public Cloud Server Security Suite
McAfee Public Cloud Server Security Suite Comprehensive security for AWS and Azure cloud workloads As enterprises shift their data center strategy to include and often lead with public cloud server instances,
More informationNew York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief
Publication Date: March 10, 2017 Requirements for Financial Services Companies (23NYCRR 500) Solution Brief EventTracker 8815 Centre Park Drive, Columbia MD 21045 About EventTracker EventTracker s advanced
More informationIBM Europe, Middle East, and Africa Services Announcement ZS , dated October 6, 2009
Services Announcement ZS09-0202, dated October 6, 2009 Security software for IBM Proventia Endpoint Secure Control, IBM ISS Data Security Services endpoint system protection - Digital Guardian software
More informationData Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016
Data Protection Practical Strategies for Getting it Right Jamie Ross Data Security Day June 8, 2016 Agenda 1) Data protection key drivers and the need for an integrated approach 2) Common challenges data
More informationRFC2350 TLP1: WHITE. Έκδοση National CSIRT-CY RFC2350
Έκδοση 1.2-2018.02.14 TLP1: WHITE 1 TLP Sources may use TLP: WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release.
More informationPTS Customer Protection Agreement
PTS Customer Protection Agreement Revised: July 26, 2017 Thank you for choosing as your IT provider. Customer s Network environments with the most success have an in-house Network Administrator or someone
More informationIBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.
IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats. Enhancing cost to serve and pricing maturity Keeping up with quickly evolving ` Internet threats
More informationK12 Cybersecurity Roadmap
K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the
More informationCIRT: Requirements and implementation
CIRT: Requirements and implementation By : Muataz Elsadig Sudan CERT Joint ITU-ATU Workshop on Cyber-security Strategy in African Countries Khartoum, Republic of Sudan, 24 26 July 2016 There is no globally
More informationNebraska CERT Conference
Nebraska CERT Conference Security Methodology / Incident Response Patrick Hanrion Security Center of Excellence Sr. Security Consultant Agenda Security Methodology Security Enabled Business Framework methodology
More informationIBM Infrastructure Security Services - Firewall Management - Select
IBM Infrastructure Security Services - Firewall Management - Select BELUX-8471-01 10-2010 Page 1 of 26 Table of Contents 1. Scope of Services...4 2. Definitions...4 3. Services...4 3.1 Security Operations
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationIBM Infrastructure Security Services firewall management - managed VPN concentrator
IBM Infrastructure Security Services firewall management - managed VPN concentrator INTC-8605-01 01-2011 Page 1 of 26 Table of Contents 1. Scope of Services...4 2. Definitions...4 3. Services...4 3.1 Security
More informationSolution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites
Solution Pack Managed Services Virtual Private Cloud Security Features Selections and Prerequisites Subject Governing Agreement DXC Services Requirements Agreement between DXC and Customer including DXC
More informationProtection of clients information in the age of IT ECBA Spring Conference Prague 2017 Jan Balatka, Analytic & Forensic Technology
Protection of clients information in the age of IT ECBA Spring Conference Prague 2017 Jan Balatka, Analytic & Forensic Technology Agenda 1 Information lifecycle 2 How to protect information 3 Is it enough?
More informationFOLLOW-UP REVIEW OF RISK MANAGEMENT ETC RISK MANAGEMENT FRAMEWORK
2017 FOLLOW-UP REVIEW OF RISK MANAGEMENT ETC RISK MANAGEMENT FRAMEWORK MA. LUISA JASA-LOQUE IMAAN HIGHER COLLEGE OF TECHNOLOGY Educational Technology Center DISTRIBUTION LIST ETC QA CORDINATOR Report Distribution
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationBERGRIVIER MUNICIPALITY
BERGRIVIER MUNICIPALITY PATCH MANAGEMENT POLICY APRIL 2012 C:\Users\HJanuarie\Desktop\New folder (6)\INFORMATION TECHNOLOGY\Patch Management Policy.docx/cmd 1 CONTENTS Version Control.. Document History.
More informationIncident Response. Is Your CSIRT Program Ready for the 21 st Century?
Incident Response Is Your CSIRT Program Ready for the 21 st Century? Speaker Bio Traditional Response Concepts Technical Incidents Requiring Technical Responses Virus/ Malware Network Intrusion Disaster
More informationISO27001 Preparing your business with Snare
WHITEPAPER Complying with ISO27001 Preparing your business with Snare T he technical controls imposed by ISO (International Organisation for Standardization) Standard 27001 cover a wide range of security
More informationForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.
Real-time Visibility Network Access Control Endpoint Compliance Mobile Security ForeScout CounterACT Continuous Monitoring and Mitigation Rapid Threat Response Benefits Rethink IT Security Security Do
More informationRFC 2350 YOROI-CSDC. Expectations for Computer Security Incident Response. Date 2018/03/26. Version 1.0
RFC 2350 YOROI-CSDC Expectations for Computer Security Incident Response Title RFC 2350 YOROI-CSDC Document Type Specification Date 2018/03/26 Version 1.0 Yoroi S.r.l. Parte del gruppo MAM www.yoroi.company
More informationVulnerability Management. June Risk Advisory
June 2018 Risk Advisory Contents A Better Way To Manage Vulnerabilities 4 Business Challenge 6 Vulnerability Management as a Service 7 Robust Service Architecture 8 Our Differentiators 9 Vulnerability
More informationSymantec Security Monitoring Services
24x7 real-time security monitoring and protection Protect corporate assets from malicious global threat activity before it impacts your network. Partnering with Symantec skilled and experienced analysts
More informationPrivacy and Data Protection Draft Personal Data Protection Bill 2018: A Summary. For Private Circulation Only August 2018.
Privacy and Data Protection Draft Personal Data Protection Bill 2018: A Summary For Private Circulation Only August 2018 Introduction Protection of of data principal* is at the core of the draft Personal
More informationIBM Security SiteProtector System User Guide for Security Analysts
IBM Security IBM Security SiteProtector System User Guide for Security Analysts Version 2.9 Note Before using this information and the product it supports, read the information in Notices on page 83. This
More informationJuniper Vendor Security Requirements
Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks
More informationAssessing Global Security Threat Levels Bryan Lu, Project Manager / Researcher
I AM NOT A NUMERO! Assessing Global Security Threat Levels Bryan Lu, Project Manager / Researcher 21-23 September 2009 Geneva, Switzerland Numero English: numero or number or No No. or # Spanish: número
More informationGigamon Service Offering Overview
Version 4 Purpose This document is a summary document of changes in August 2017 to Gigamon core support offerings and limited warranty support. More detailed information will be available in the Gigamon
More informationIBM Infrastructure Security Services - Managed Protection Services for Servers - Select
IBM Infrastructure Security Services - Managed Protection Services for Servers - Select INTC-8474-00 Nordic 2011-02 (INTC-8474-00 05-2010) Page 1 of 23 Table of Contents 1. Scope of Services...4 2. Definitions...4
More informationIBM Infrastructure Security Services - Managed Protection Services for Networks - Standard
IBM Infrastructure Security Services - Managed Protection Services for Networks - Standard Z125-8464-01 10-2010 Page 1 of 28 Table of Contents 1. Scope of Services... 4 2. Definitions... 4 3. Services...
More informationPage 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES
002 5 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: i. Control Centers and backup Control Centers; ii. Transmission
More informationStandard CIP Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-1 3. Purpose: Standard CIP-007 requires Responsible Entities to define methods, processes, and procedures for securing
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationIBM Managed Security Services for Network Firewalls - Standard
IBM Managed Security Services for Network Firewalls - Standard DK-7799-07-ENG 2010-03 (INTC-7799-07 10-2009) Page 1 of 27 Table of Contents 1. Scope of Services...4 2. Definitions...4 3. MSS for Network
More informationVersion v November 2015
Service Description HPE Project and Portfolio Management on Software-as-a- Service Version v2.0 26 November 2015 This Service Description describes the components and services included in HPE Project and
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationIBM Infrastructure Security Services firewall management - managed VPN concentrator
IBM Infrastructure Security Services firewall management - managed VPN concentrator INTC-8605-01 Nordic 2011-02 (INTC-8605-01 01-2011) Page 1 of 23 Table of Contents 1. Scope of Services...3 2. Definitions...3
More informationStandard CIP Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-4 3. Purpose: Standard CIP-007-4 requires Responsible Entities to define methods, processes, and procedures for securing
More informationBuilding and Testing an Effective Incident Response Plan
14th Annual Building and Testing an Effective Incident Response Plan John Gelinne Deloitte & Touche LLP jgelinne@deloitte.com www.linkedin.com/in/jgelinne No battle plan ever survives contact with the
More informationTrend Micro and IBM Security QRadar SIEM
Trend Micro and IBM Security QRadar SIEM Ellen Knickle, PM QRadar Integrations Robert Tavares, VP IBM Strategic Partnership February 19, 2014 1 Agenda 1. Nature of the IBM Relationship with Trend Micro
More informationRFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template
RFP/RFI Questions for Managed Security Services Sample MSSP RFP Template Table of Contents Request for Proposal Template Overview 1 Introduction... 1 How to Use this Document... 1 Suggested RFP Outline
More informationIBM Application Security Services Secure Web Gateway Management - Premium
IBM Application Security Services Secure Web Gateway Management - Premium Z125-8482-01 01-2011 Page 1 of 22 Table of Contents 1. Scope of Services... 4 2. Definitions... 4 3. Services... 4 3.1 Security
More informationConRes IaaS Management Services for Microsoft Azure
ConRes IaaS Management Services for Microsoft Azure Table of Contents 1. 2. 3. 4. 5. 6. 7. Introduction... 3 Pre-requisites... 3 Onboarding Infrastructure to ConRes IaaS Management Services for Azure...
More informationaddendum Uptime Cisco customer interactive solutions
addendum Uptime Cisco customer interactive solutions What makes Uptime tick? Uptime is made up of a number of service elements, which all work together to minimise downtime and assure business continuity.
More informationBUILDING AND MAINTAINING SOC
BUILDING AND MAINTAINING SOC Digit Oktavianto KOMINFO 7 December 2016 digit dot oktavianto at gmail dot com 1 Digit Oktavianto Profile in 1 Page Currently working as a Security Architect Professional Certifications:
More informationCroatian National CERT ACDC project Darko Perhoc, Head of National CERT CISSP, CEH, CCNP Security R&S,CCDP
Croatian National CERT ACDC project Darko Perhoc, Head of National CERT CISSP, CEH, CCNP Security R&S,CCDP Croatian National CERT (HR-CERT) mission: Promoting and preserving information security of public
More informationCyber Security Solutions Mitigating risk and enhancing plant reliability
P OW E R G E N E R AT I O N Cyber Security Solutions Mitigating risk and enhancing plant reliability 2 CYBER SECURITY SOLUTIONS MITIGATING RISK AND ENHANCING PLANT RELIABILITY Providing a roadmap to achieve
More informationReducing the Cost of Incident Response
Reducing the Cost of Incident Response Introduction Cb Response is the most complete endpoint detection and response solution available to security teams who want a single platform for hunting threats,
More informationIBM Case Manager on Cloud
Service Description IBM Case Manager on Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means and includes the company, its authorized users or recipients of the
More informationSenior Manager Information Technology (India) Duration of job
Role Profile Job Title Senior Manager Information Technology (India) Directorate or Region South Asia Department/Country Business Support Services, India Location of post Gurgaon Pay Band 6 / Grade G Assistant
More informationServices Description IBM Infrastructure Security Services - Firewall Management - Standard
IBM United Kingdom Limited Registered in England: 741598 Registered Office: PO Box 41, North Harbour, Portsmouth, PO6 3AU (hereinafter IBM ) Services Description IBM Infrastructure Security Services -
More informationWeb Hosting: Mason Home Page Server (Jiju) Service Level Agreement 2012
Web Hosting: Mason Home Page Server (Jiju) Service Level Agreement 2012 Table of Contents 1 General Overview... 2 2 Service Description... 2 2.1 Service Scope... 2 2.1.1 Eligibility Requirements... 2 2.1.2
More informationSecurity analysis and assessment of threats in European signalling systems?
Security analysis and assessment of threats in European signalling systems? New Challenges in Railway Operations Dr. Thomas Störtkuhl, Dr. Kai Wollenweber TÜV SÜD Rail Copenhagen, 20 November 2014 Slide
More informationSecurity. ITM Platform
Security ITM Platform Contents Contents... 0 1. SaaS and On-Demand Environments... 1 1.1. ITM Platform configuration modes... 1 1.2. Server... 1 1.3. Application and Database... 2 1.4. Domain... 3 1.5.
More informationRequest for Proposal Technology Services, Maintenance and Support
Maintenance and Support April 26 th, 2018 Request for Proposal Technology Services, Maintenance and Support Celerity Schools Louisiana Inc. is seeking an IT consulting firm to manage Maintenance of our
More informationIntroducing Cyber Observer
"Organizations are failing at early breach detection, with more than 92% of breaches undetected by the breached organization. The situation can be improved with stronger threat intelligence, the addition
More informationIBM Infrastructure Security Services - Firewall Management - Standard
IBM Infrastructure Security Services - Firewall Management - Standard Z125-8470-00 05-2010 Page 1 of 24 Table of Contents 1. Scope of Services... 4 2. Definitions... 4 3. Services... 4 3.1 Security Operations
More informationCyber Hygiene: Uncool but necessary. Automate Endpoint Patching to Mitigate Security Risks
Cyber Hygiene: Uncool but necessary Automate Endpoint Patching to Mitigate Security Risks 1 Overview If you analyze any of the recent published attacks, two patterns emerge, 1. 80-90% of the attacks exploit
More informationESSENTIAL, QUALITY IT SUPPORT FOR SMALL AND MEDIUM BUSINESSES
ESSENTIAL, QUALITY IT SUPPORT FOR SMALL AND MEDIUM BUSINESSES YOUR OWN IT DEPARTMENT AT A FRACTION OF THE COST// Hand over the day-to-day management and responsibility of your IT so you can focus on what
More informationServices Description IBM Infrastructure Security Services - Firewall Management - Select
IBM United Kingdom Limited Registered in England: 741598 Registered Office: PO Box 41, North Harbour, Portsmouth, PO6 3AU (hereinafter IBM ) Services Description IBM Infrastructure Security Services -
More informationIBM Vulnerability Management Service
Service Description 1. Service Overview IBM Vulnerability Management Service IBM Vulnerability Management Service (called VMS or Service ) is designed to provide a comprehensive, Web-driven vulnerability
More informationData Retrieval Firm Boosts Productivity while Protecting Customer Data
Data Retrieval Firm Boosts Productivity while Protecting Customer Data With HEIT Consulting, DriveSavers deployed a Cisco Self-Defending Network to better protect network assets, employee endpoints, and
More informationJoint System Administrator Checklist Version December 2005
Joint System Administrator Checklist Version 1.1 22 December 2005 Daily Review Audit logs Check application log for warning and error messages for service startup errors, application or database errors
More informationMSA Enterprise 1. GENERAL TERMS AND CONDITIONS
1 1. GENERAL TERMS AND CONDITIONS Herein is given a list of technical support cases, in relation to which Kaspersky Lab will provide assistance to the owner of this Extended Technical Support Certificate
More information