Implementation Framework Cyber Threat Prioritization
|
|
- Cecilia Henry
- 6 years ago
- Views:
Transcription
1 Implementation Framework Cyber Threat Prioritization Troy Townsend Jay McAllister September 2013 CARNEGIE MELLON UNIVERSITY SOFTWARE ENGINEERING INSTITUTE Implementation Framework Cyber Threat Prioritization 4.1
2 Copyright 2013 Carnegie Mellon University This material is based upon work funded and supported by ODNI under Contract No. FA C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center sponsored by the United States Department of Defense. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of ODNI or the United States Department of Defense. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHEDON AN AS-IS BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. This material has been approved for public release and unlimited distribution except as restricted below. Internal use:* Permission to reproduce this material and to prepare derivative works from this material for internal use is granted, provided the copyright and No Warranty statements are included with all reproductions and derivative works. External use:* This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other external and/or commercial use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. * These restrictions do not apply to U.S. government entities. DM Implementation Framework Cyber Threat Prioritization CARNEGIE MELLON UNIVERSITY SOFTWARE ENGINEERING INSTITUTE
3 Implementation Framework Cyber Threat Prioritization Background The Software Engineering Institute (SEI) Emerging Technology Center at Carnegie Mellon University studied the state of cyber intelligence across government, industry, and academia to advance the analytical capabilities of organizations by using best practices to implement solutions for shared challenges. The study, known as the Cyber Intelligence Tradecraft Project (CITP), defined cyber intelligence as the acquisition and analysis of information to identify, track, and predict cyber capabilities, intentions, and activities to offer courses of action that enhance decision making. legitimate threats to the organization. Instead of prioritizing a cyber threat solely on the capability and intent of threats actors, the framework enables analysts to see the utility of also understanding the threat s relevance to their organization, strengthening their threat prioritization as they come to realize that a somewhat capable actor with a desire to deface websites should not be considered in the same category as a highly capable actor intent on extracting confidential, strategic documents for extortion or blackmail. A significant challenge that emerged from the CITP was the way in which analysts prioritize cyber threats. The SEI team observed a diverse array of approaches, from analysts relying on the media and third-party intelligence service providers to using data-centric models based on a narrow scope of factors. When threat prioritization models are too narrow, they prevent analysts from effectively monitoring the changes and evolution of the most relevant and severe cyber threats. This hinders cyber intelligence and security professionals from proactively implementing defenses to guard against the latest attack trends and techniques. Among the CITP s government participants, most intelligence analysts prioritized cyber threats by the likelihood of an actor executing an attack, which they quantified through the summation of an actor s sophistication (capability) measured against their desire to target the organization (intent). The SEI team noted that as these analysts transitioned to the private sector, so too did this approach. Conversely, private sector CITP participants without experienced government intelligence analysts tended to discount the utility of knowing the threat actor and prioritized cyber threats by the impact attack methods had on the organization or the risk attack methods posed because of the organization s known vulnerabilities. This Cyber Threat Prioritization Implementation Framework leverages the best practices of CITP participants and SEI expertise to offer a holistic approach to prioritizing cyber threats using a customized, tiered threat prioritization framework. The framework breaks down cyber threats into three core components: the likelihood of threat actors executing attacks, the impact threats have on an organization s business, and the risk threats pose because of an organization s known vulnerabilities. By assessing threats according to these components, analysts come to fully understand the causes and effects of relevant threats, which significantly improves the efficiency of their organization s cyber intelligence efforts because they have the necessary context to accurately align analytical and security resources to the current and future cyber attacks posing the most CARNEGIE MELLON UNIVERSITY SOFTWARE ENGINEERING INSTITUTE Implementation Framework Cyber Threat Prioritization 4.3
4 Implementation Here s how analysts can leverage the Cyber Threat Prioritization Implementation Framework to augment their organization s cyber intelligence efforts: 1. Adopt these definitions: Threat = Likelihood + Impact + Risk Likelihood = Capability + Intent Impact = Operations + Strategic Interests Risk = People + Cyber Footprint 2. Become familiar with the provided spider graphs to gauge the factors that comprise each of the three threat components. Spider graph key: Title of threat component and example from a CITP participant Element of the Threat Component Sub-element Threat Component (likelihood, impact, or risk) Sub-element Indicators of Success s of how assessing threats according to this element and its sub-elements and factors augments an analyst s cyber intelligence capabilities. Element of the Threat Component Sub-element Sub-element 3. Identify cyber threats using the three core components of a threat. s: Likelihood: Threat actors - State-sponsored, competitors, criminals, hactivists, recreational hackers Impact: Attack types - distributed denial-of-service (DDoS), stealing intellectual property (IP), damaging/ incapacitating network assets Risk: Known vulnerabilities - High-profile employees, unpatched devices, unsecured remote access 4. Assess the likelihood, impact, and risk of the cyber threats. Use the factors and sub-elements in each threat component s spider graph to rate the corresponding elements as a low, medium, or high priority attribute of the threat. The average of these ratings then determines the likelihood, impact, and risk of the threat, which combine to indicate whether it should be considered a low, medium, or high priority threat. : An organization wants to know how it should prioritize its analytical and network defense efforts for a possible recreational hacker DDoS attack on the organization s secure payment site. Analysis indicates the likelihood of the recreational hacker executing the attack is high due to his attack methods and resources. However, the impact of the DDoS attack is assessed as low because the secure payment site has minimal impact on the organization s operations and strategic interests due to it still being in internal beta testing. This also means the risk associated with the attack is low because of the secure payment site s limited interaction with people and cyber footprint. Therefore, this threat, which initially appeared to be a high priority, now can be classified as a medium to low threat requiring minimal analytical and network defense attention. Note: Always factor timing into the threat prioritization assessment. When a threat actor or organization does something can be just as important as why or how. A threat actor may have no desire to target an organization, but since it is a national holiday, the organization becomes a target of opportunity for the actor to test a new tool simply because none of its network security employees are at work. 5. Plot all threats for each component on graphs similar to the following: Capability Likelihood (by threat actor) Medium High Low Medium Strategic Interests Intent Risk (by known vulnerabilities) Medium High People Low Medium Cyber Footprint Impact (to organization) Medium High Low Operations Medium Use all three graphs to holistically evaluate the overall cyber threat environment to efficiently align analytical and security resources to the current and future cyber attacks that pose the most legitimate threats to the organization. : If cyber intelligence analysts rate all components of a threat actor executing a worm (likelihood) against an organization s network servers for industrial espionage purposes (impact) that has no worm mitigation in place (risk) as a high priority threat, then the organization should immediately position itself to focus on this threat over others where the likelihood is equally as high, but impact and risk are lower. 4.4 Implementation Framework Cyber Threat Prioritization CARNEGIE MELLON UNIVERSITY SOFTWARE ENGINEERING INSTITUTE
5 Overall Indicators of Success Threat prioritization influences which potential threats get addressed by security operations and how network security resources are allocated. Collection management is streamlined and organizations are able to better communicate their requirements to third party intelligence vendors. Cyber threats are widely communicated to the organization and employees are aware of the most relevant threats. Cyber threats are proactively monitored and prioritized, with updates available to inform security operations, intelligence analysts, and decision makers. Analytical production aligns with threat prioritization. For instance, the organization develops a tiered system to communicate threat information to stakeholders: - Tier 1: Potential threat averages a high rating. Analysis required within 90 minutes. - Tier 2: Potential threat averages a medium rating. Analysis required within 8 hours. - Tier 3: Potential threat averages a low rating. Analysis required between 3 and 5 days. - Tier 4: Potential threat does not compute a rating, but is an indirect threat for anyone using the Internet. No specific timeframe for analysis. Analysts use threat prioritization to do predictive analysis, like developing scenarios to test how defenses will react to the full spectrum of cyber threats. CARNEGIE MELLON UNIVERSITY SOFTWARE ENGINEERING INSTITUTE Implementation Framework Cyber Threat Prioritization 4.5
6 Likelihood Understanding the capabilities and intentions of cyber threat actors determines the likelihood of them targeting an organization. To determine this likelihood, a CITP participant from industry monitored open source publications from an organization known to sponsor cyber threat actors who frequently targeted the organization. Analyzing this accessible data provided insight into the motivations of the sponsored cyber threat actors, allowing the CITP participant to narrow down the types of data likely to be targeted, and work with network security experts to create diversions, honey pots, and employ other measures to proactively defend against the threat. Likelihood Capability An actor s sophistication, tools, and resources to execute a cyber attack determine their capability. Assessing capability as an independent variable of likelihood means organizations can avoid the pitfalls of devoting time and attention to paper tiger threats. Intent The actor s purpose and the expected outcome of the cyber attack determine the intent. Prioritizing actors by their intent allows analysts to focus on the most relevant threats. Attack Methods Humans are creatures of habit. Although threat actors take great care to avoid detection, at some level they too succumb to this adage. Tracking how threat actors operate exposes patterns that analysts can use to combat their effectiveness. Infrastructure Sophisticated threats often require an infrastructure to operate. This can be assessed by looking for hop points used during an attack, the command and control network, or the size and scope of a botnet. Technology Technology used or manipulated for an attack can indicate the capability of a threat actor. More sophisticated actors target SCADA or ICS devices, web-enabled products, or mobile devices in addition to traditional servers and clients. Coding Nuances and personal preferences in coding not only assist with attribution, but also can indicate actor sophistication. Maturity The maturity of the actor takes into account their planning process, pre-attack activities (research/ recon/social engineering), and post attack actions (such as tool updates or incorporating lessons learned). Targets Capability can be assessed by looking at what is targeted. Does the actor rely on mass phishing s, identify specific targets (network, website, employee, mobile platform) or exploit a specific vulnerability (Adobe, Windows, SQL, etc.)? Resources Understanding what is available to threat actors offers context to the sophistication of their attacks. Leverage government, industry, and intelligence service provider information sharing arrangements to learn about actors resources. Money Obtaining and maintaining capabilities incur costs. Wellresourced/sponsored threat actors are often more dangerous than less resourced actors, with other variables being equal. People From collaborators and co-workers to teachers and mentors, the number and type of people involved in a campaign can be indicative of its capability. Tools Tools often hint at the capability of an actor, but the lack of a custom tool does not always imply a novice attacker. Most sophisticated actors will use the right tool for the job; if open source tools will work, there is no need to customize one. Training The type and quality of training available to the threat actor can help determine their capability. Online videos, IRC channels, certification courses, military training, or formal academic education all yield different levels of sophistication. Motive Why do threat actors attack? Determining an actor s motive provides insight into the possible direction of their behavior, and determines their interest in targeting the organization. Intrinsic (personally rewarding) Fame, bragging rights, thirst for knowledge/access, justification of skills, satisfying boredom, patriotism, and hactivist allegiance; all reasons a hacker might be motivated to target an organization. Extrinsic (receive external reward or avoid punishment) Extrinsic motives revolve around two key concepts: reward or avoiding punishment. These motives include everything from state-sponsored denial and deception operations, misinformation campaigns, and psychological operations to financial incentives from competing businesses, organized crime, and blackmail. Targeted Data Understanding what a threat actor is after will factor into determining their intent to target the organization. Personally Identifiable Information (PII) Are the attackers stealing personal information from your customers? From your employees? Determining if this type of information is vulnerable can help assess the likelihood that the actor targets the organization. Research and Development Some actors exist to steal corporate R&D data. Organizations with heavy R&D missions are more likely to be targeted by actors specializing in corporate espionage or supporting nation-states. Business Process Certain categories of actors, especially insider threats, target the inner workings of the organization. From hiring and firing information to time cards and audit findings, organizations likely will be targeted if this information is accessible. Industrial Control Systems Certain actors specialize in compromising industrial control systems and the associated human-machine interface. Organizations operating these systems should prioritize these threat actors accordingly. Indicators of Success Analysts have a repository of current and historical threat actor tactics, techniques, and procedures (TTPs) to generate profiles that are fed into data collection platforms to separate known threats that automated defensive actions can mitigate from unknown threats requiring an analyst s attention. Analysts gain perspective on the tools threat actors use to assess how they access an organization or if they outsource tool development. A basic netflow analysis could show the majority of attacks come from well known, prepackaged scripts, which analysts can easily combat using remediation efforts posted on open source websites. Analysts realize that sophisticated actors use the lowest common denominator for attacks. If a threat actor can use an off-the-shelf tool to accomplish their goal, they ll wait to deploy customized tools on harder targets. Analysts understand that the targeting of Adobe or Windows software vulnerabilities usually equates to a threat of lower sophistication than one targeting Windows operating systems. Analysts understand threat actors intentions well enough to assign them to different categories, such as nation-state, criminal, hactivist, recreational, or competitor; enabling them to identify the most likely threats their organization faces through profiling. Analysts realize that if a threat actor is targeting their organization for fame, the likelihood increases for the actor to choose a DDoS attack to the organization s website as the attack method. From their organization being the first result in a Google search to knowing over what holidays certain actors like to conduct attacks, analysts recognize the importance of timing when it comes to assessing the overall likelihood of a threat. 4.6 Implementation Framework Cyber Threat Prioritization CARNEGIE MELLON UNIVERSITY SOFTWARE ENGINEERING INSTITUTE
7 Impact Analyzing the effects cyber attacks have on an organization s operations and strategic interests provides quantifiable, business-related information to justify its impact on the organization. A CITP participant quantified the impact of cyber threats to their leadership by assessing how much money the organization would pay to reroute its product distribution channels after a hacker compromised the network and disclosed specific travel routes to competitors intent on disrupting this distribution. Impact Operations Cyber attacks adversely affect an organization s day-to-day operations. Since the effects often are financially quantifiable, analysts can use dollar amounts to communicate the impact attacks have on how an organization functions. Strategic Interests Some impacts are harder to quantify, but they are no less important. Strategic interests capture the intangible aspects of the organization that can be affected by a cyber threat. Direct Costs Cyber attacks have a financial impact on organizations. Prioritizing threats according to their cost in terms of remediation and mitigation can resonate with technical and non-technical stakeholders. Business Operations In addition to the known costs of responding to an attack, organizations also should consider the cascading effects an attack can cause and their associated costs. Organizational Interests Plans, people, and products offer tremendous insight into why an organization is targeted and where a threat can do the most damage if certain information is compromised. External Interests Organizations do not operate in a bubble, and neither should threat prioritization. Consider the ramifications cyber attacks can have on organizational partnerships, reputation, culture, geopolitics, and market space. Incident Response Consider the costs to perform an investigation, remediation, and forensics; including required software/ licenses for incident response tools. Downtime Business costs of a network-reliant service being unavailable, including missed transactions or loss of potential revenue also play a role Mitigation and/or Prevention in costs of additional hardware/software required to mitigate a specific threat. Supply Chain Costs associated with the inability to meet demand, delay to operations, and having to supplement/replace suppliers can significantly impact an organization. Logistics An organization must function whether it is enduring an attack or not, so make sure to consider the cost of continuing operations during and after an attack, such as re-routing communications, securing intellectual property, adding equipment/personnel to avoid another similar attack, and upgrading systems/networks/processes. Future Earnings Loss of intellectual property may reveal R&D investments or R&D strategies, delay product releases, affect future acquisitions, and cause a loss of competitive advantage. Strategic Planning Consider the impact of losing strategic vision data, such as annual reports, 1/3/5 year strategic outlooks, operational policies, mergers, and acquisitions. Stakeholders Assess how threats impact shareholders, board of directors, and employees. Organizational Culture in the impact of legal/regulatory requirements from governments, law enforcement, regional entities (European Union), and external business arrangements. Also consider changes to the organization's culture, including work-from-home policies, complex password requirements, and restricted network access. Market/Industry How are competitors affected by the cyber threat? Is the industry equally affected by the threat? Consider national and foreign competition in threat prioritization. Geopolitical Does the threat affect political relationships, or the ability to operate in foreign countries? Will the impact of the threat affect the stock market? Is the local/regional economy impacted? All of these factors play a role that decision makers will want information on. Partnerships Consider the impact to third parties, including information-sharing partners (government/industry/ service provider) and other business relations (companies/governments/ regions). Assess the validity of shared data if strategic partners are affected. Brand Reputation Brand Reputation: Understand the impact to the brand and its implications on public opinion. Indicators of Success Internally, analysts establish frequent communication with the business units responsible for operations to discuss threats, alter threat prioritization, and predict new threats. These business units can include R&D, physical security, risk management, IT, human resources, insider threat, and business intelligence. Analysts identify and remediate the cascading effects a cyber attack could have by targeting one part of the organization s operational network and systems. Analysts recognize how a cyber attack could impact the organization s ability to operate and communicate to stakeholders and institute appropriate contingencies to eliminate this impact when an attack occurs in the future. Knowledge of the impact cyber attacks can have on an organization s operations enables analysts to determine the financial costs to recover and repair damage done by the threats that the analysts prioritization efforts deem most likely to harm the organization. Analysts ensure that threat prioritization isn t based off personal biases or those of decision makers, stakeholders, service providers, or the media. Analysts correlate logs of IPs accessing the parts of their organization s website containing data on strategic planning and intellectual property with known bad IPs to predict where threats will be concentrated now and in the future. Analysts understand the financial cost associated with a geopolitical event in a country threatening their organization s Internet presence in that market. Analysts recognize that if peers in their industry and the organization s economic interests are being attacked, the likelihood of being targeted increases and they take preventative measures to ensure that doesn t happen. CARNEGIE MELLON UNIVERSITY SOFTWARE ENGINEERING INSTITUTE Implementation Framework Cyber Threat Prioritization 4.7
8 Risk Assessing how people and the organization s cyber footprint make the organization vulnerable to cyber attacks determines what areas within it are the most at risk of being targeted. One CITP participant s CEO is active with companies and institutes that are separate from the organization. The CITP participant s cyber intelligence analysts maintain an awareness of these activities, so when hacktivists publicly threatened attacks against one of the institutes, the analysts knew this could have implications for their organization and altered network defenses to prepare for a potential attack. Risk People Cyber threats generally have one thing in common; at some point a human interacts with the threat. This interaction must be a part of threat prioritization to understand an attacker s most commonly targeted vulnerability: people. Cyber Footprint The greater an organization s online exposure, the more opportunity an attacker has to find vulnerabilities. Consider the organization s infrastructure, supply chain, online exposure, and components most susceptible to attacks. Relevance From leadership to rank-and-file employees, the Internet offers a communication platform that allows anyone to make their organization more visible to threat actors. Access Employees with administrator privileges or access to sensitive data are more attractive targets for threat actors. Determining who has what access can significantly aid in identifying the risk to employees. Infrastructure The unknown provenance of software and hardware complicates risk determination in the cyber environment. Overcoming this limitation requires researching where, when, and how an organization s infra-structure is most susceptible to cyber threats. Online Presence The content and services an organization provides on the Internet serve as attractive targets for threat actors. Analysts can assess severity of risk based on this insight into likely attack vectors. Online Presence Maintain awareness of information employees put online and their popularity on blogs/social media both can garner the attention of threat actors. Information posted online can unwittingly reveal vulnerabilities and flaws in security policy, or incite threat actors to target the organization. Extracurricular Activities Be mindful of the activities employees participate in outside of work. Employees status with external institutions, such as non-profits, may increase their risk of being targeted. Motive There always is a rhyme or reason for why people enable cyber attacks. Whether it s ignorance, financial trouble, disgruntlement, or boredom, by knowing these vulnerabilities analysts can diminish their effectiveness through prevention. Physical and Network-Based Access Individuals have varying access to both physical and network-based sections of an organization that threat actors can leverage to execute an attack. Assess which employees are at higher risk of being targeted based on their access. Position As with access points, consider how threat actors can exploit the different roles people play throughout the organization, from network administrator or HR representative to CEO, supply chain manager, or a recently fired employee. Abnormal Activity Develop baseline or expected network behavior for key users. Consider what deviations may indicate potential nefarious activity and consistently watch for them. Some examples can involve an employee working off-hours, ing attachments to personal accounts, or accessing information that is unrelated to their normal job. Hardware Develop a blueprint of where network appliances, workstations, and third party equipment connect to the organization s network and identify the most likely risks for cyber threat activities. Software Most organizations rely on software to accomplish day-to-day operations. A robust threat prioritization assesses the risks associated with relying on particular software, which network users require access to high-risk software, and the organization s ability to detect if a software vulnerability has been exploited. Supply Chain The most stringent network defenses can be subverted by counterfeit equipment or software. Understanding and assessing threats to the organization s supply chain provides additional data points to measure risk of compromise through the organization s network infrastructure. Website Analyze how threat actors might leverage an organization s website to plan and execute an attack. This includes compromising customer account log-ins, collecting employee contact information, defacing the site, or denying legitimate access to it. Additional Exposure An organization s public relations and marketing departments track how social media and other aspects of the Internet help bring attention to the organization. Threat prioritization efforts also should track how this attention affects its cyber threat environment. Additional Services FTP, Telnet, VPN access, webmail, remote desktop, and other web-based services used by an organization increase the risk of potential cyber attacks, and should be factored into threat prioritization. Indicators of Success Whether it is an employee alerting about a suspicious they received or a vendor providing a list of bad IPs, analysts have engaged enough with individuals associated with the organization that they actively contact the analysts about issues that could alter how threats are prioritized. Employee feedback influences threat prioritization because analysts offer feedback mechanisms via all of their cyber intelligence communication platforms; s, analytical products, briefings, or awareness campaigns. If the CEO or a junior analyst blogs about topics that likely will bring the attention of threat actors, analysts are aware of these activities and consider the position, influence, popularity, and online presence of these individuals in order to predict how they should change the organization s security posture. Analysts become aware of the fact that every vulnerability is not a threat worthy of further analysis and mitigation. Analysts understand the organization s operating environment well enough that with system updates and patches, they alleviate ~80% of threats; freeing them to focus on the ~20% that could significantly impact the organization. Analysts recognize their organization is only as secure as its supply chain. If it acquires software and analysts don t know who did the actual coding, the code s reliability, or to what extent it has been error tested, then they won t know how threat actors could use potential vulnerabilities within the code to conduct an attack. Analysts incorporate timing into their prioritization efforts to align increases in network defenses with the different times during the year (holidays, system upgrades) when the organization s network is most vulnerable. 4.8 Implementation Framework Cyber Threat Prioritization CARNEGIE MELLON UNIVERSITY SOFTWARE ENGINEERING INSTITUTE
Cyber Threat Prioritization
Cyber Threat Prioritization FSSCC Threat and Vulnerability Assessment Committee Jay McAllister Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information
More informationSEI Webinar Series. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA January 27, Carnegie Mellon University
Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated
More informationBe Like Water: Applying Analytical Adaptability to Cyber Intelligence
SESSION ID: HUM-W01 Be Like Water: Applying Analytical Adaptability to Cyber Intelligence Jay McAllister Senior Analyst Software Engineering Institute Carnegie Mellon University @sei_etc Scuttlebutt Communications
More informationDefining Computer Security Incident Response Teams
Defining Computer Security Incident Response Teams Robin Ruefle January 2007 ABSTRACT: A computer security incident response team (CSIRT) is a concrete organizational entity (i.e., one or more staff) that
More informationThe CERT Top 10 List for Winning the Battle Against Insider Threats
The CERT Top 10 List for Winning the Battle Against Insider Threats Dawn Cappelli CERT Insider Threat Center Software Engineering Institute Carnegie Mellon University Session ID: STAR-203 Session Classification:
More informationAdvancing Cyber Intelligence Practices Through the SEI s Consortium
Advancing Cyber Intelligence Practices Through the SEI s Consortium SEI Emerging Technology Center Jay McAllister Melissa Kasan Ludwick Copyright 2015 Carnegie Mellon University This material is based
More informationInsider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm
Insider Threat Program: Protecting the Crown Jewels Monday, March 2, 2:15 pm - 3:15 pm Take Away Identify your critical information Recognize potential insider threats What happens after your critical
More informationEvaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure
Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT
More informationRIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015
www.pwc.com RIMS Perk Session 2015 - Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 Los Angeles RIMS Agenda Introductions What is Cybersecurity? Crown jewels The bad
More informationThe Insider Threat Center: Thwarting the Evil Insider
The Insider Threat Center: Thwarting the Evil Insider The CERT Top 10 List for Winning the Battle Against Insider Threats Randy Trzeciak 14 June 2012 2007-2012 Carnegie Mellon University Notices 2011 Carnegie
More informationDepartment of Management Services REQUEST FOR INFORMATION
RESPONSE TO Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 250 South President
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationInformation Security Is a Business
Information Security Is a Business Continuity Issue: Are You Ready? Dr. Nader Mehravari Cyber Risk and Resilience Management Team CERT Division Software Engineering Institute Carnegie Mellon University
More informationRiskSense Attack Surface Validation for IoT Systems
RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc. Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationNEXT GENERATION SECURITY OPERATIONS CENTER
DTS SOLUTION NEXT GENERATION SECURITY OPERATIONS CENTER SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 - SUCCESS FACTORS SOC 2.0 - FUNCTIONAL COMPONENTS DTS SOLUTION SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 Protecting
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationComponents and Considerations in Building an Insider Threat Program
Components and Considerations in Building an Insider Threat Program Carly Huth Insider Threat Researcher, CEWM Carly L. Huth is an insider threat researcher in the Cyber Enterprise and Workforce Management
More informationGovernance Ideas Exchange
www.pwc.com.au Anatomy of a Hack Governance Ideas Exchange Robert Di Pietro October 2018 Cyber Security Anatomy of a Hack Cyber Security Introduction Who are the bad guys? Profiling the victim Insights
More informationEngineering Improvement in Software Assurance: A Landscape Framework
Engineering Improvement in Software Assurance: A Landscape Framework Lisa Brownsword (presenter) Carol C. Woody, PhD Christopher J. Alberts Andrew P. Moore Agenda Terminology and Problem Scope Modeling
More informationEFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave
EFFECTIVELY TARGETING ADVANCED THREATS Terry Sangha Sales Engineer at Trustwave THE CHALLENGE PROTECTING YOUR ENVIRONMENT IS NOT GETTING EASIER ENDPOINT POINT OF SALE MOBILE VULNERABILITY MANAGEMENT CYBER
More informationCyber Hygiene: A Baseline Set of Practices
[DISTRIBUTION STATEMENT A] Approved for public Cyber Hygiene: A Baseline Set of Practices Matt Trevors Charles M. Wallen Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Copyright
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationCYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationPONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY
PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY Benchmark research sponsored by Raytheon. Independently conducted by Ponemon Institute LLC. February 2018 2018 Study on
More informationTo Audit Your IAM Program
Top Five Reasons To Audit Your IAM Program Best-in-class organizations are auditing their IAM programs - are you? focal-point.com Introduction Stolen credentials are the bread and butter of today s hacker.
More informationCyber Intelligence Professional Certificate Program Booz Allen Hamilton 2-Day Seminar Agenda September 2016
Cyber Intelligence Professional Certificate Program Booz Allen Hamilton 2-Day Seminar Agenda 21-22 September 2016 DAY 1: Cyber Intelligence Strategic and Operational Overview 8:30 AM - Coffee Reception
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationToday s cyber threat landscape is evolving at a rate that is extremely aggressive,
Preparing for a Bad Day The importance of public-private partnerships in keeping our institutions safe and secure Thomas J. Harrington Today s cyber threat landscape is evolving at a rate that is extremely
More informationCyber Intelligence: Challenges and Best Practices
Cyber Intelligence: Challenges and Best Practices Emerging Technology Center Samantha L. Allen Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information
More informationCyber Threat Landscape April 2013
www.pwc.co.uk Cyber Threat Landscape April 2013 Cyber Threats: Influences of the global business ecosystem Economic Industry/ Competitors Technology-led innovation has enabled business models to evolve
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationSOC for cybersecurity
April 2018 SOC for cybersecurity a backgrounder Acknowledgments Special thanks to Francette Bueno, Senior Manager, Advisory Services, Ernst & Young LLP and Chris K. Halterman, Executive Director, Advisory
More informationWhite Paper. How to Write an MSSP RFP
White Paper How to Write an MSSP RFP https://www.solutionary.com (866) 333-2133 Contents 3 Introduction 3 Why a Managed Security Services Provider? 5 Major Items to Consider Before Writing an RFP 5 Current
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationResearching New Ways to Build a Cybersecurity Workforce
THE CISO ACADEMY Researching New Ways to Build a Cybersecurity Workforce Pamela D. Curtis, Summer Craze Fowler, David Tobar, and David Ulicne December 2016 Organizations across the world face the increasing
More informationEnsuring System Protection throughout the Operational Lifecycle
Ensuring System Protection throughout the Operational Lifecycle The global cyber landscape is currently occupied with a diversity of security threats, from novice attackers running pre-packaged distributed-denial-of-service
More informationUsing Threat Analytics to Protect Privileged Access and Prevent Breaches
Using Threat Analytics to Protect Privileged Access and Prevent Breaches Under Attack Protecting privileged access and preventing breaches remains an urgent concern for companies of all sizes. Attackers
More informationIncident Response Services to Help You Prepare for and Quickly Respond to Security Incidents
Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk
More informationCritical Information Infrastructure Protection Law
Critical Information Infrastructure Protection Law CCD COE Training 8 September 2009 Tallinn, Estonia Maeve Dion Center for Infrastructure Protection George Mason University School of Law Arlington, Virginia.
More informationCombating Cyber Risk in the Supply Chain
SESSION ID: CIN-W10 Combating Cyber Risk in the Supply Chain Ashok Sankar Senior Director Cyber Strategy Raytheon Websense @ashoksankar Introduction The velocity of data breaches is accelerating at an
More informationSoftware, Security, and Resiliency. Paul Nielsen SEI Director and CEO
Software, Security, and Resiliency Paul Nielsen SEI Director and CEO Dr. Paul D. Nielsen is the Director and CEO of Carnegie Mellon University's Software Engineering Institute. Under Dr. Nielsen s leadership,
More information90% of data breaches are caused by software vulnerabilities.
90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with
More informationA GUIDE TO CYBERSECURITY METRICS YOUR VENDORS (AND YOU) SHOULD BE WATCHING
A GUIDE TO 12 CYBERSECURITY METRICS YOUR VENDORS (AND YOU) SHOULD BE WATCHING There is a major difference between perceived and actual security. Perceived security is what you believe to be in place at
More informationSupercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness
Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness Introduction Drowning in data but starving for information. It s a sentiment that resonates with most security analysts. For
More informationRED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.
RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE. Is putting Contact us INTRODUCTION You know the headaches of managing an infrastructure that is stretched to its limit. Too little staff. Too many users. Not
More informationSecurity Solutions. Overview. Business Needs
Security Solutions Overview Information security is not a one time event. The dynamic nature of computer networks mandates that examining and ensuring information security be a constant and vigilant effort.
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationBoston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018
Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security BRANDEIS UNIVERSITY PROFESSOR ERICH SCHUMANN MAY 2018 1 Chinese military strategist Sun Tzu: Benchmark If you know your
More informationISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard
Certification Exam Outline Effective Date: April 2013 About CISSP-ISSMP The Information Systems Security Management Professional (ISSMP) is a CISSP who specializes in establishing, presenting, and governing
More informationMITIGATE CYBER ATTACK RISK
SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations
More informationCOUNTERING IMPROVISED EXPLOSIVE DEVICES
COUNTERING IMPROVISED EXPLOSIVE DEVICES FEBRUARY 26, 2013 COUNTERING IMPROVISED EXPLOSIVE DEVICES Strengthening U.S. Policy Improvised explosive devices (IEDs) remain one of the most accessible weapons
More informationProtecting your next investment: The importance of cybersecurity due diligence
Protecting your next investment: The importance of cybersecurity due diligence Oct. 11, 2018 Baker Tilly Virchow Krause, LLP. All rights reserved. Baker Tilly refers to Baker Tilly Virchow Krause, LLP,
More informationIntegrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise
February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO
More information2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report
Nationwide Cyber Security Review: Summary Report Nationwide Cyber Security Review: Summary Report ii Nationwide Cyber Security Review: Summary Report Acknowledgments The Multi-State Information Sharing
More informationCybersecurity in Higher Ed
Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,
More informationAre you safe? Your business growth strategies are at the heart of the cyber risks your organization faces
Are you safe? Your business growth strategies are at the heart of the cyber risks your organization faces 36 Deloitte A Middle East Point of View Summer 2015 Cyber Security Most reports on cyber security
More informationSecuring Your Digital Transformation
Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationDDoS MITIGATION BEST PRACTICES
DDoS MITIGATION BEST PRACTICES DDoS ATTACKS ARE INCREASING EXPONENTIALLY Organizations are becoming increasingly aware of the threat that Distributed Denial of Service (DDoS) attacks can pose. According
More informationMapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective
Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better
More informationCybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment
Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment SWG G 3 2016 v0.2 ISAO Standards Organization Standards Working Group 3: Information Sharing Kent Landfield, Chair
More informationNebraska CERT Conference
Nebraska CERT Conference Security Methodology / Incident Response Patrick Hanrion Security Center of Excellence Sr. Security Consultant Agenda Security Methodology Security Enabled Business Framework methodology
More informationHow to Write an MSSP RFP. White Paper
How to Write an MSSP RFP White Paper Tables of Contents Introduction 3 Benefits Major Items of On-Premise to Consider SIEM Before Solutions Security Writing an RFP and Privacy 45 Benefits Building an of
More informationHow to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
How to implement NIST Cybersecurity Framework using ISO 27001 WHITE PAPER Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
More informationIncident Response Services
Services Enhanced with Supervised Machine Learning and Human Intelligence Empowering clients to stay one step ahead of the adversary. Secureworks helps clients enable intelligent actions to outsmart and
More informationAdversary Playbooks. An Approach to Disrupting Malicious Actors and Activity
Adversary Playbooks An Approach to Disrupting Malicious Actors and Activity Overview Applying consistent principles to Adversary Playbooks in order to disrupt malicious actors more systematically. Behind
More informationIoT & SCADA Cyber Security Services
RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au
More informationCyber Partnership Blueprint: An Outline
Approved for Public Release; Distribution Unlimited. 13-3851 The MITRE Corporation Cyber Partnership Blueprint: An Outline October 26, 2013 Copyright 1997-2013, The MITRE Corporation. All rights reserved.
More informationARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin
ARC VIEW DECEMBER 7, 2017 Critical Industries Need Active Defense and Intelligence-driven Cybersecurity By Sid Snitkin Keywords Industrial Cybersecurity, Risk Management, Threat Intelligence, Anomaly &
More informationDriving Global Resilience
Driving Global Resilience Steve Mellish FBCI Chairman, The Business Continuity Institute Monday December 2nd, 2013 Business & IT Resilience Summit New Delhi, India Chairman of the Business Continuity Institute
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationTHE CYBERSECURITY LITERACY CONFIDENCE GAP
CONFIDENCE: SECURED WHITE PAPER THE CYBERSECURITY LITERACY CONFIDENCE GAP ADVANCED THREAT PROTECTION, SECURITY AND COMPLIANCE Despite the fact that most organizations are more aware of cybersecurity risks
More informationLocation-Specific Cyber Risk
Location-Specific Cyber Risk Lincoln Kaffenberger Cyber Threat Intelligence Officer IMF Information Security Group John Kupcinski Director, Cyber Security KPMG 1 Agenda Why assess the cyber risks by a
More informationControl Systems Cyber Security Awareness
Control Systems Cyber Security Awareness US-CERT Informational Focus Paper July 7, 2005 Produced by: I. Purpose Focus Paper Control Systems Cyber Security Awareness The Department of Homeland Security
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationStatement for the Record
Statement for the Record of Seán P. McGurk Director, Control Systems Security Program National Cyber Security Division National Protection and Programs Directorate Department of Homeland Security Before
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationM&A Cyber Security Due Diligence
M&A Cyber Security Due Diligence Prepared by: Robert Horton, Ollie Whitehouse & Sherief Hammad Contents Page 1 Introduction 3 2 Technical due diligence goals 3 3 Enabling the business through cyber security
More informationCYBERSECURITY MATURITY ASSESSMENT
CYBERSECURITY MATURITY ASSESSMENT ANTICIPATE. IMPROVE. PREPARE. The CrowdStrike Cybersecurity Maturity Assessment (CSMA) is unique in the security assessment arena. Rather than focusing solely on compliance
More informationOverview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 PPD-21: CI Security and Resilience On February 12, 2013, President Obama signed Presidential Policy Directive
More informationEMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS
Information Technology Shared Service Team North Dakota Cyber Security Across North Dakota Threats and Opportunities 15 September 2018 EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS AGENDA SIRN / FirstNet
More informationSOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE
HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE PREPARATION FOR GDPR IS ESSENTIAL The EU GDPR imposes interrelated obligations for organizations handling
More informationEnhancing Security With SQL Server How to balance the risks and rewards of using big data
Enhancing Security With SQL Server 2016 How to balance the risks and rewards of using big data Data s security demands and business opportunities With big data comes both great reward and risk. Every company
More informationDenial of Service Attacks
Denial of Service Attacks CERT Division http://www.sei.cmu.edu REV-03.18.2016.0 Copyright 2017 Carnegie Mellon University. All Rights Reserved. This material is based upon work funded and supported by
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationCYBER SOLUTIONS & THREAT INTELLIGENCE
CYBER SOLUTIONS & THREAT INTELLIGENCE STRENGTHEN YOUR DEFENSE DarkTower is a global advisory firm focused on security for some of the world s leading organizations. Our security services, along with real-world
More informationState of Israel Prime Minister's Office National Cyber Bureau. Unclassified
- 1 - Background for the Government Resolutions Regarding Advancing the National Preparedness for Cyber Security and Advancing National Regulation and Governmental Leadership in Cyber Security On February
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationInsider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey
Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey CyberMaryland Conference 2017 Bob Andersen, Sr. Manager Federal Sales Engineering robert.andersen@solarwinds.com
More informationThe Eight Rules of Security
The Eight Rules of Security The components of every security decision. Understanding and applying these rules builds a foundation for creating strong and formal practices through which we can make intelligent
More informationThe New Era of Cognitive Security
The New Era of Cognitive Security IBM WATSON SUMMIT KANOKSAK RATCHAPAT Senior Technical Sales 1 Today s security challenges ACTORS TARGETS VECTORS REALITY Organized Crime Healthcare Ransomware Cloud, mobile,
More informationMeeting PCI DSS 3.2 Compliance with RiskSense Solutions
Meeting PCI DSS 3.2 Compliance with Solutions Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 2018, Inc. What s Changing with PCI DSS? Summary of PCI Business
More informationBREAKING BARRIERS TO COLLABORATE WITH THE C-SUITE
BREAKING BARRIERS TO COLLABORATE WITH THE C-SUITE 31st Annual SoCal ISSA Security Symposium Wendy T. Wu Vice President Agenda + CISO: Then and Now + Who are the Stakeholders and What Do They Care About?
More informationService. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution
Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being
More informationThe public sector s cybersecurity imperative
The public sector s cybersecurity imperative May 2012 Tucker Bailey Aamer Baig The public sector s cybersecurity imperative Down the road, the cyberthreat will be the number one threat to the country.
More informationDHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017
DHS Cybersecurity Election Infrastructure as Critical Infrastructure June 2017 Department of Homeland Security Safeguard the American People, Our Homeland, and Our Values Homeland Security Missions 1.
More informationSTOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.
Intelligence-driven security STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions. BETTER INTELLIGENCE. BETTER DEFENSE. The
More information