Visibility Analysis and Management
|
|
- Esmond Douglas
- 5 years ago
- Views:
Transcription
1 Risk Management Insight Visibility Analysis and Management Jack Jones, CISM, CISSP, CISA RMI Founder
2 Ignorance is not bliss 2
3 What we ll cover... What do we mean by visibility? Whose visibility are we concerned with? Evaluating visibility Gaining visibility Maintaining visibility Q&A 3
4 What do we mean by visibility? 4
5 When is something visible? 5
6 When is something visible? If you have and can maintain enough information about a component of your environment that you accurately understand its risk significance, then it is visible to you. 5
7 Visibility criteria 6
8 Visibility criteria For an asset to be visible, you have to know: That it exists 6
9 Visibility criteria For an asset to be visible, you have to know: That it exists Its value/liability characteristics 6
10 Visibility criteria For an asset to be visible, you have to know: That it exists Its value/liability characteristics The threat landscape it faces 6
11 Visibility criteria For an asset to be visible, you have to know: That it exists Its value/liability characteristics The threat landscape it faces Its control condition 6
12 Whose visibility matters? 7
13 Whose visibility matters? 8
14 Whose visibility matters? It s all about decision-making. 8
15 Whose visibility matters? It s all about decision-making. The decision-maker either has to have visibility, or the person providing them the information they base their decision on has to have visibility. 8
16 Key decisions 9
17 Key decisions Prioritization 9
18 Key decisions Prioritization Solution comparison and selection 9
19 Key decisions Prioritization Solution comparison and selection Strategy development 9
20 Evaluating visibility 10
21 Evaluating visibility 11
22 Evaluating visibility Two components: Carving up the landscape into asset groups Evaluating the asset groups 11
23 Carving up the landscape 12
24 Carving up the landscape Identify the asset components that make up your landscape, for example: Internet PoP s 3rd party connections Internet applications Windows servers Development and test environments Legacy applications Managed databases Unmanaged databases Etc... 12
25 Carving up the landscape 13
26 Carving up the landscape NOTE: You may need to start by gaining visibility into the business itself Lines of business Business processes Departments Locations Business relationships Personnel 13
27 Prioritizing visibility 14
28 Prioritizing visibility Don t eat the elephant all at once. Prioritize, based on perceived: Value/liability Threat levels Control conditions Frequency of change 14
29 Evaluating visibility 15
30 Evaluating visibility For each asset group, ask the question: What percentage of [asset group] do you have visibility into? 15
31 Evaluating visibility For each asset group, ask the question: What percentage of [asset group] do you have visibility into? Make certain all aspects of visibility are considered 15
32 Evaluating visibility For each asset group, ask the question: What percentage of [asset group] do you have visibility into? Make certain all aspects of visibility are considered Estimate minimum, maximum, and most likely visibility Preferably get calibrated estimates 15
33 Evaluating visibility 16
34 Evaluating visibility For example: What percentage of unmanaged databases do we have visibility into? - Minimum: 10% (one out of ten) - Maximum: 25% (one out of four) - Most likely: 20% (one out of five) 16
35 Evaluating visibility For example: What percentage of unmanaged databases do we have visibility into? - Minimum: 10% (one out of ten) - Maximum: 25% (one out of four) - Most likely: 20% (one out of five) Why bother with a range? 16
36 Visibility Certainty Two Dimensions 17
37 How do we gain visibility? 18
38 Gaining visibility 19
39 Gaining visibility Example - Unmanaged Databases: Starting visibility: 10% to 25% 19
40 Gaining visibility Example - Unmanaged Databases: Starting visibility: 10% to 25% What are the options for improving visibility? 19
41 Gaining visibility Example - Unmanaged Databases: Starting visibility: 10% to 25% What are the options for improving visibility? Are there current tools/processes/people in the organization that we can leverage? 19
42 Gaining visibility Example - Unmanaged Databases: Starting visibility: 10% to 25% What are the options for improving visibility? Are there current tools/processes/people in the organization that we can leverage? Set specific objectives 19
43 Gaining visibility Example - Unmanaged Databases: Starting visibility: 10% to 25% What are the options for improving visibility? Are there current tools/processes/people in the organization that we can leverage? Set specific objectives - e.g 90% minimum by March 1,
44 Gaining visibility 20
45 Gaining visibility The good news... Simply asking the questions about visibility often highlights which data you need, and from where, in order to improve visibility 20
46 Gaining visibility The good news... Simply asking the questions about visibility often highlights which data you need, and from where, in order to improve visibility You can start simple and make significant gains without a lot of cost/effort. 20
47 Gaining visibility The good news... Simply asking the questions about visibility often highlights which data you need, and from where, in order to improve visibility You can start simple and make significant gains without a lot of cost/effort. These are actually useful metrics 20
48 Gaining visibility 21
49 Gaining visibility The bad news... Some data are harder to come by than others 21
50 22
51 23
52 24
53 How do we maintain visibility? 25
54 Maintaining visibility 26
55 Maintaining visibility Can be a very different problem than gaining initial visibility 26
56 Maintaining visibility Can be a very different problem than gaining initial visibility Two approaches: Active maintenance Periodic updates 26
57 Maintaining visibility Can be a very different problem than gaining initial visibility Two approaches: Active maintenance Periodic updates How often do you need to update our visibility? Realtime? Quarterly? Annually? 26
58 Timeliness consideration 27
59 Timeliness consideration Timeliness is mostly about frequency... of change, and of threat events 27
60 Control effectiveness Time 28
61 Implementation Control effectiveness Time 28
62 Implementation Control effectiveness Change occurs Time 28
63 Implementation Control effectiveness Change occurs Remediation Time 28
64 Implementation Control effectiveness Change occurs Remediation Threat event Threat event Time 28
65 Implementation Control effectiveness Change occurs Remediation Threat event Threat event Time 28
66 Maintaining visibility 29
67 Maintaining visibility Leverage existing technologies & processes 29
68 Maintaining visibility Leverage existing technologies & processes Establish policies regarding asset registration 29
69 Maintaining visibility Leverage existing technologies & processes Establish policies regarding asset registration Integrate with: Project management Change management BCP/DR 29
70 Maintaining visibility Leverage existing technologies & processes Establish policies regarding asset registration Integrate with: Project management Change management BCP/DR Establish policies regarding asset registration 29
71 Summary 30
72 Summary Visibility is required in order to: Make well-informed risk decisions Rationally claim that you are actually managing risk 30
73 Summary Visibility is required in order to: Make well-informed risk decisions Rationally claim that you are actually managing risk You have to carve up the landscape into asset groups in order to make your estimates. 30
74 Summary Visibility is required in order to: Make well-informed risk decisions Rationally claim that you are actually managing risk You have to carve up the landscape into asset groups in order to make your estimates. In order for an asset group to be visible you have to know its risk significance 30
75 Summary Visibility is required in order to: Make well-informed risk decisions Rationally claim that you are actually managing risk You have to carve up the landscape into asset groups in order to make your estimates. In order for an asset group to be visible you have to know its risk significance Don t try to eat the entire elephant at once. Prioritize your visibility efforts based on risk potential 30
76 Summary 31
77 Summary Leverage existing technology/processes/people as much as possible 31
78 Summary Leverage existing technology/processes/people as much as possible Once you ve established decent visibility, establish a strategy for maintaining it 31
79 Summary Leverage existing technology/processes/people as much as possible Once you ve established decent visibility, establish a strategy for maintaining it Visibility is just another way of thinking about, evaluating, and managing our problem space 31
80 Questions? If you d like help establishing visibility within your organization, or for more information about RMI s services: info@riskmanagementinsight.com
ForeScout Extended Module for Splunk
Enterprise Strategy Group Getting to the bigger truth. ESG Lab Review ForeScout Extended Module for Splunk Date: May 2017 Author: Tony Palmer, Senior Lab Analyst Abstract This report provides a first look
More information8 Must Have. Features for Risk-Based Vulnerability Management and More
8 Must Have Features for Risk-Based Vulnerability Management and More Introduction Historically, vulnerability management (VM) has been defined as the practice of identifying security vulnerabilities in
More informationReduce Your Network's Attack Surface
WHITE PAPER Reduce Your Network's Attack Surface Ixia's ThreatARMOR Frees Up Security Resources and Personnel The Threat Landscape When you re dealing with network security, one of the primary measurements
More informationUnderstanding Security Metrics to Drive Business and Security Results
Understanding Security Metrics to Drive Business and Security Results Jennifer Bayuk Professor, Systems Security Engineering Stevens Institute of Technology for NJ CISO Executive Summit May 4, 2009 1 Professor
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationAutomated, Real-Time Risk Analysis & Remediation
Automated, Real-Time Risk Analysis & Remediation TABLE OF CONTENTS 03 EXECUTIVE SUMMARY 04 VULNERABILITY SCANNERS ARE NOT ENOUGH 06 REAL-TIME CHANGE CONFIGURATION NOTIFICATIONS ARE KEY 07 FIREMON RISK
More information6 Tips to Help You Improve Configuration Management. by Stuart Rance
6 Tips to Help You Improve Configuration Management by Stuart Rance Introduction Configuration management provides information about what assets you own, how they are configured, and how they are connected
More informationDSS User Group. December Google+ Local, Pages, Profiles
DSS User Group December 2012 Google+ Local, Pages, Profiles DSS User Group December 2012 Agenda Google+ Google+ - What It Is, Why It Matters Google+ Profiles Google+ Pages Google+ Local How to view traffic
More informationIBM Proventia Management SiteProtector Sample Reports
IBM Proventia Management SiteProtector Page Contents IBM Proventia Management SiteProtector Reporting Functionality Sample Report Index 2-25 Reports 26 Available SiteProtector Reports IBM Proventia Management
More informationManaging Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow
Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant
More informationOptimisation drives digital transformation
January 2017 Executive summary Forward-thinking business leaders are challenging their organisations to achieve transformation by harnessing digital technologies with organisational, operational, and business
More informationLESSONS LEARNED IN SMART GRID CYBER SECURITY
LESSONS LEARNED IN SMART GRID CYBER SECURITY Lynda McGhie CISSP, CISM, CGEIT Quanta Technology Executive Advisor Smart Grid Cyber Security and Critical Infrastructure Protection lmcghie@quanta-technology.com
More informationEVOLVING FROM BREACH PREVENTION TO BREACH ACCEPTANCE TO SECURING THE BREACH
EVOLVING FROM BREACH PREVENTION TO BREACH ACCEPTANCE TO SECURING THE BREACH Jason Hart CISSP CISM VP Cloud Solutions Safenet Inc Session ID: Session Classification: SP0-W10 General Interest Today s issues
More informationIT Attestation in the Cloud Era
IT Attestation in the Cloud Era The need for increased assurance over outsourced operations/ controls April 2013 Symeon Kalamatianos M.Sc., CISA, CISM Senior Manager, IT Risk Consulting Contents Introduction
More informationMicro Focus Partner Program. For Resellers
Micro Focus Partner Program For Resellers Contents Micro Focus Today About Micro Focus Our solutions for digital transformation Products and Solutions Program Membership Tiers Become a Portfolio Expert
More informationMust Have Items for Your Cybersecurity or IT Budget in 2018
Must Have Items for Your Cybersecurity or IT Budget in 2018 CBAO Regional Meeting Dan Desko (Senior Manager, IT Risk Advisory) Matt Dunn (Senior Security Analyst, IT Risk Advisory) Who is Schneider Downs?
More informationVulnerability Management Trends In APAC
GET STARTED Introduction In the age of the customer, the threat landscape is constantly evolving. Attackers are out to steal your company s data, and the ever-expanding number of devices and technologies
More informationA GUIDE TO CYBERSECURITY METRICS YOUR VENDORS (AND YOU) SHOULD BE WATCHING
A GUIDE TO 12 CYBERSECURITY METRICS YOUR VENDORS (AND YOU) SHOULD BE WATCHING There is a major difference between perceived and actual security. Perceived security is what you believe to be in place at
More informationIT Vulnerabilities: What an IT Auditor Should be Thinking About
IT Vulnerabilities: What an IT Auditor Should be Thinking About Evolving in a Changing Landscape OCTOBER 23-25 HOTEL NIKKO - SF Agenda 1. About the Speaker 2. IT Vulnerability: The Term Defined 3. Identification
More informationSALARY $ $72.54 Hourly $3, $5, Biweekly $8, $12, Monthly $103, $150, Annually
SALARY $49.72 - $72.54 Hourly $3,977.88 - $5,803.27 Biweekly $8,618.75 - $12,573.75 Monthly $103,425.00 - $150,885.00 Annually ISSUE DATE: 03/21/18 THE POSITION DIRECTOR OF CYBER SECURITY OPEN TO THE PUBLIC
More informationBREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response
BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response INTRO PROTECT YOUR BUSINESS AND ITS DATA AGAINST ADVANCED ATTACKS Effective pre-compromise threat prevention is the cornerstone of cyber security,
More informationSOLUTION BRIEF Virtual CISO
SOLUTION BRIEF Virtual CISO programs that prepare you for tomorrow s threats today Organizations often find themselves in a vise between ever-evolving cyber threats and regulatory requirements that tighten
More informationRELEVANT IMPACT: Building a Successful Threat Management Program. NTX ISSA 3 rd Semi-Annual Cyber Security Conference
RELEVANT IMPACT: Building a Successful Threat Management Program NTX ISSA 3 rd Semi-Annual Cyber Security Conference 10-2-15 Threat Management Definition Current State of Threat Management in Most Organizations
More informationNext Generation Policy & Compliance
Next Generation Policy & Compliance Mason Karrer, CISSP, CISA GRC Strategist - Policy and Compliance, RSA Core Competencies C33 2013 Fall Conference Sail to Success CRISC CGEIT CISM CISA Introductions...
More informationThe Power of Unit Testing and it s impact on your business. Ashish Kumar Vice President, Engineering
The Power of Unit Testing and it s impact on your business Ashish Kumar Vice President, Engineering Agitar Software, 2006 1 The Power of Unit Testing Why Unit Test? The Practical Reality Where do we go
More informationThe Fight Against Phishing: Defining Metrics That Matter
The Fight Against Phishing: Defining Metrics That Matter Mark T. Chapman CFE CISSP President and Founder Quick Movie Reference After being subjected to terribly boring stories for days, Steve Martin s
More informationHow to Use PCI DSS for a Stronger IT Security Posture and Streamline your Compliance Efforts. April 24, 2018
How to Use PCI DSS for a Stronger IT Security Posture and Streamline your Compliance Efforts April 24, 2018 MEMBER OF ALLINIAL GLOBAL, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2018 Wolf & Company, P.C.
More informationAligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert
Aligning IT, Security and Risk Management Programs Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert Challenges to Risk Management & Governance Balancing extensive requirements
More information90% of data breaches are caused by software vulnerabilities.
90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with
More informationFederal Continuous Monitoring Working Group. March 21, DOJ Cybersecurity Conference 2/8/2011
Federal Continuous Monitoring Working Group March 21, 2011 DOJ Cybersecurity Conference 2/8/2011 4/12/2011 Why Continuous Monitoring? Case for Change Strategy Future State Current State Current State Case
More informationNetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.
NetWitness Overview 1 The Current Scenario APT Network Security Today Network-layer / perimeter-based Dependent on signatures, statistical methods, foreknowledge of adversary attacks High failure rate
More informationBusiness Context: Key for Successful Risk Management
Business Context: Key for Successful Risk Management Philip Aldrich, CISSP, CISM, CISA, CRISC, CIPP Program Director, Risk Management EMC Event Alert Finding Incident Law Vulnerability Regulation Audit
More informationCISO as Change Agent: Getting to Yes
SESSION ID: CXO-W02F CISO as Change Agent: Getting to Yes Frank Kim Chief Information Security Officer SANS Institute @fykim Outline Catch the Culture Shape the Strategy Build the Business Case 2 #1 Catch
More informationYour IT Audit and Information Security Partner. CISA Exam Preparation June 2015 Session 1 : 10 March 2015
www.itsec.org.za Your IT Audit and Information Security Partner CISA Exam Preparation June 2015 Session 1 : 10 March 2015 Agenda Introductions Facilitator Participants Expectations Why are we all here?
More informationWHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter
WHITEPAPER Enterprise Cyber Risk Management Protecting IT Assets that Matter Contents Protecting IT Assets That Matter... 3 Today s Cyber Security and Risk Management: Isolated, Fragmented and Broken...4
More informationIncident Response Agility: Leverage the Past and Present into the Future
SESSION ID: SPO1-W03 Incident Response Agility: Leverage the Past and Present into the Future Torry Campbell CTO, Endpoint and Management Technologies Intel Security The Reality we Face Reconnaissance
More informationDevice Discovery for Vulnerability Assessment: Automating the Handoff
Device Discovery for Vulnerability Assessment: Automating the Handoff O V E R V I E W While vulnerability assessment tools are widely believed to be very mature and approaching commodity status, they are
More informationSTAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response
STAY ONE STEP AHEAD OF THE CRIMINAL MIND F-Secure Rapid Detection & Response INTRO PROTECT YOUR BUSINESS AND ITS DATA AGAINST ADVANCED ATTACKS Effective pre-compromise threat prevention is the cornerstone
More informationSecuring Your Digital Transformation
Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,
More informationSecurity Automation Best Practices
WHITEPAPER Security Automation Best Practices A guide to making your security team successful with automation TABLE OF CONTENTS Introduction 3 What Is Security Automation? 3 Security Automation: A Tough
More informationTechnical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform
Technical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform Date: October, 2018 Author: Jack Poller, Sr. Analyst The Challenges Enterprise Strategy Group
More informationCyber Security: It s all about TRUST
www.pwc.com/vn Cyber Security: It s all about TRUST 29 th March 2017 Robert Tran Cybersecurity leader, Vietnam Content s Digital IQ Survey 1 Current state of Cybersecurity in Vietnam 2 2 Our global team
More informationManaging IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services
Managing IT Risk: What Now and What to Look For Presented By Tina Bode IT Assurance Services Agenda 1 2 WHAT TOP TEN IT SECURITY RISKS YOU CAN DO 3 QUESTIONS 2 IT S ALL CONNECTED Introduction All of our
More informationSECURITY AUTOMATION BEST PRACTICES. A Guide to Making Your Security Team Successful with Automation
SECURITY AUTOMATION BEST PRACTICES A Guide to Making Your Security Team Successful with Automation TABLE OF CONTENTS Introduction 3 What Is Security Automation? 3 Security Automation: A Tough Nut to Crack
More informationMastering The Endpoint
Organizations Find Value In Integrated Suites GET STARTED Overview In the face of constantly evolving threat vectors, IT security decision makers struggle to manage endpoint security effectively. More
More informationOPEN SOURCE SECURITY ANALYSIS The State of Open Source Security in Commercial Applications
OPEN SOURCE SECURITY ANALYSIS The State of Open Source Security in Commercial Applications By Mike Pittenger, Vice President, Security Strategy Black Duck s On-Demand business conducts audits of customers
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationMcAfee Security Connected Integrating epo and MVM
McAfee Security Connected Integrating epo and MVM Table of Contents Overview 3 User Accounts & Privileges 3 Prerequisites 3 Configuration Steps 3 Optional Configuration Steps for McAfee Risk Advisor 2.7.2
More informationA Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface
A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface ORGANIZATION SNAPSHOT The level of visibility Tenable.io provides is phenomenal, something we just
More informationUsing Threat Analytics to Protect Privileged Access and Prevent Breaches
Using Threat Analytics to Protect Privileged Access and Prevent Breaches Under Attack Protecting privileged access and preventing breaches remains an urgent concern for companies of all sizes. Attackers
More informationThe Trek to Accreditation of PATH Intl. Certifications
The Trek to Accreditation of PATH Intl. Certifications Kathy Alm and Sam Albrecht Strategic Plan Focus Area: Credentialing Goal 1: We are recognized for our excellence in credentialing. Objective 1: Become
More informationRefreshing Your Affiliate Website
Refreshing Your Affiliate Website Executive Director, Pennsylvania Affiliate Your website is the single most important marketing element for getting the word out about your affiliate. Many of our affiliate
More information<Partner Name> <Partner Product> RSA Ready Implementation Guide for. Rapid 7 Nexpose Enterprise 6.1
RSA Ready Implementation Guide for Rapid 7 Jeffrey Carlson, RSA Partner Engineering Last Modified: 04/11/2016 Solution Summary Rapid7 Nexpose Enterprise drives the collection
More informationSECURITY AUTOMATION BEST PRACTICES. A Guide on Making Your Security Team Successful with Automation SECURITY AUTOMATION BEST PRACTICES - 1
SECURITY AUTOMATION BEST PRACTICES A Guide on Making Your Security Team Successful with Automation SECURITY AUTOMATION BEST PRACTICES - 1 Introduction The best security postures are those that are built
More informationThe Open Group. Cybersecurity Risk Management
The Open Group Cybersecurity Risk Management About The Open Group Leading international standards organization, with over 400 members worldwide, and tens of thousands of participants, UNIX, TOGAF, EA Jim
More informationHow to Transition from Nessus to SecurityCenter Reports
HOW-TO GUIDE How to Transition from Nessus to SecurityCenter Reports Using SecurityCenter for continuous network monitoring and vulnerability assessment will give you a greatly expanded set of features
More informationComments Resolution 3/29/2011
General comment: Suggest adding more implementation-specific text. There are many different Federal organization types central, non- There's a lot of general text on why continuous monitoring is good,
More informationCYBERSECURITY RESILIENCE
CLOSING THE IN CYBERSECURITY RESILIENCE AT U.S. GOVERNMENT AGENCIES Two-thirds of federal IT executives in a new survey say their agency s ability to withstand a cyber event, and continue to function,
More informationeplus Managed Services eplus. Where Technology Means More.
eplus Managed Services We Believe Managed Services Broker IT Innovation Superior IT Solutions IT Service Excellence Clear Business Outcomes Exceed Customer Expectations Customers tell us they need managed
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationDetection and Response Services in the ICS Environment
Detection and Response Services in the ICS Environment These days, it s critical to have good and adapted IT security in the production environments. Not only to ensure the needed stability in production,
More informationGaps in Resources, Risk and Visibility Weaken Cybersecurity Posture
February 2019 Challenging State of Vulnerability Management Today: Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture In the last two years, businesses and governments have seen data breaches
More informationWhat makes a good KRI? Using FAIR to discover meaningful metrics
SESSION ID: GRC-R02 What makes a good KRI? Using FAIR to discover meaningful metrics Steve Reznik Director, Operational Risk Management ADP Metrics Love them! or hate them? Without data, you are just another
More informationAbstract. The Challenges. ESG Lab Review Lumeta Spectre: Cyber Situational Awareness
ESG Lab Review Lumeta Spectre: Cyber Situational Awareness Date: September 2017 Author: Tony Palmer, Senior IT Validation Analyst Enterprise Strategy Group Getting to the bigger truth. Abstract ESG Lab
More informationWhat It Takes to be a CISO in 2017
What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge
More informationIII. CONCEPTS OF MODELLING II.
III. CONCEPTS OF MODELLING II. 5. THE MODELLING PROCEDURE 6. TYPES OF THE MODELS 7. SELECTION OF MODEL TYPE 8. SELECTION OF MODEL COMPLEXITY AND STRUCTURE 1 5. MODELLING PROCEDURE Three significant steps
More informationCyber Risk A Corporate Directors' Briefing Webcast Q&A Summary
Cyber Risk A Corporate Directors' Briefing Webcast Q&A Summary Cyber experts from Marsh & McLennan Companies and WomenCorporateDirectors hosted an engaging webcast on August 16 th entitled Cyber Risk A
More informationForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.
Real-time Visibility Network Access Control Endpoint Compliance Mobile Security ForeScout CounterACT Continuous Monitoring and Mitigation Rapid Threat Response Benefits Rethink IT Security Security Do
More informationExperiences in Data Quality
Experiences in Data Quality ABSTRACT The MITRE Corporation is committed to helping the Federal government manage its data as an enterprise asset and make the best use of appropriate technologies and services
More informationHP Fortify Software Security Center
HP Fortify Software Security Center Proactively Eliminate Risk in Software Trust Your Software 92% of exploitable vulnerabilities are in software National Institute for Standards and Technology (NIST)
More informationISACA Webcram CISA & CISM. Sean Hanna
ISACA Webcram CISA & CISM Sean Hanna Sean Hanna GRC & Cyber Warfare Consultant EC-Council Global Security Trainer of the Year 2007, 2008, 2010 and again in 2011 EC Council Circle of Excellence Member 2012
More informationIncident Response Services
Services Enhanced with Supervised Machine Learning and Human Intelligence Empowering clients to stay one step ahead of the adversary. Secureworks helps clients enable intelligent actions to outsmart and
More informationSECURITY REDEFINED. Managing risk and securing the business in the age of the third platform. Copyright 2014 EMC Corporation. All rights reserved.
SECURITY REDEFINED Managing risk and securing the business in the age of the third platform 1 BILLIONS OF USERS MILLIONS OF APPS 2010 HUNDREDS OF MILLIONS OF USERS Mobile Cloud Big Data Social Mobile Devices
More informationStrategies for Deriving Maximum Benefit From Audit. Allan Boardman CyberAdvisor.London
Strategies for Deriving Maximum Benefit From Audit Allan Boardman CyberAdvisor.London Agenda Setting the scene Why Audit often struggle working with Security and Risk Spotlight on Audit Spotlight on Security
More informationA Framework for Managing Crime and Fraud
A Framework for Managing Crime and Fraud ASIS International Asia Pacific Security Forum & Exhibition Macau, December 4, 2013 Torsten Wolf, CPP Head of Group Security Operations Agenda Introduction Economic
More informationwhitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk
whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk Assure the board your company won t be the next data breach Introduction A solid vulnerability management program is critical
More informationA Risk Management Platform
A Risk Management Platform Michael Lai CISSP, CISA, MBA, MSc, BEng(hons) Territory Manager & Senior Security Sales Engineer Shift to Risk-Based Security OLD MODEL: Prevention-Based Security Prevention
More informationTech Advantage Benchmarking Your Cyber Security Program. March 5, 2014
Tech Advantage Benchmarking Your Cyber Security Program March 5, 2014 Elements of Cyber Security Confidentiality Integrity C Security Availability I A Perfect security is unattainable Overview What is
More informationSOCIAL NETWORKING IN TODAY S BUSINESS WORLD
SOCIAL NETWORKING IN TODAY S BUSINESS WORLD AGENDA Review the use of social networking applications within the business environment Review current trends in threats, attacks and incidents Understand how
More informationAdvanced IT Risk, Security management and Cybercrime Prevention
Advanced IT Risk, Security management and Cybercrime Prevention Course Goal and Objectives Information technology has created a new category of criminality, as cybercrime offers hackers and other tech-savvy
More informationOracle Eloqua and Salesforce Closed-Loop Reporting
http://docs.oracle.com Oracle Eloqua and Salesforce Closed-Loop Reporting Configuration Guide 2018 Oracle Corporation. All rights reserved 02-Mar-2018 Contents 1 Closed-loop reporting with Salesforce 3
More informationQ Information Security Market Landscape Study Learn how your peers plan for and purchase Information Security Technologies
Q1 2016 Information Security Market Landscape Study Learn how your peers plan for and purchase Information Security Technologies March 2016 About Ken Male Ken Male SVP and GM TechTarget Research Ken is
More informationBuilding Successful Threat Intelligence Programs
Threat Intelligence-Driven Security Building Successful Threat Intelligence Programs Allan Thomson, LookingGlass CTO June 2017 Intelligence-Driven Security Threat Intelligence evidence-based knowledge
More informationCybersecurity for the SMB. CrowdStrike s Murphy on Steps to Improve Defenses on a Smaller Scale
Cybersecurity for the SMB CrowdStrike s Murphy on Steps to Improve Defenses on a Smaller Scale The high-profile breaches of Fortune 100 companies are the ones that get the headlines, but small and midsized
More informationHITRUST CSF: One Framework
HITRUST CSF: One Framework Leveraging the HITRUST CSF to Support ISO, HIPAA, & NIST Implementation and Compliance, and SSAE 16 SOC Reporting Dr. Bryan Cline, CISSP-ISSEP, CISM, CISA, CCSFP, HCISPP Senior
More informationOperating the Cloud to Deliver Business Value. Dr Liam Keating IT Director, Intel APAC
Operating the Cloud to Deliver Business Value Dr Liam Keating IT Director, Intel APAC Benefits of Cloud Fact or Fiction? For a few years now, everything we ve heard about cloud has mostly been hype. It
More informationIntroducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.
Introducing MVISION Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls Jon Parkes McAfee 1 All information provided here is subject to non-disclosure
More informationThreat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ
Threat Containment and Operations Yong Kwang Kek, Director of Presales SE, APJ 2018-07-19 1 1 2017 Infoblox Inc. All Rights 2013 Infoblox Inc. All Reserved. Rights Reserved. Three Aspects of Security #1
More informationTRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany
TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE Ralf Kaltenbach, Regional Director RSA Germany 1 TRUSTED IT Continuous Availability of Applications, Systems and Data Data Protection with Integrated
More informationWeb Host. Choosing a. for Your WordPress Site. What is web hosting, and why do you need it?
You ve registered a domain name, and you know you want to use WordPress to create your online presence. The next question is, where are you going to build your website? This report will help you choose
More informationQ&A TAKING ENTERPRISE SECURITY TO THE NEXT LEVEL. An interview with John Summers, Enterprise VP and GM, Akamai
TAKING ENTERPRISE SECURITY TO THE NEXT LEVEL An interview with John Summers, Enterprise VP and GM, Akamai Q&A What are the top things that business leaders need to understand about today s cybersecurity
More informationMoving Beyond the Heat Map: Making Better Decisions with Cyber Risk Quantification
A CLOSER LOOK Moving Beyond the Heat Map: Making Better Decisions with Cyber Risk Quantification A major cybersecurity event can dissolve millions of dollars in assets and tarnish even the strongest company
More informationIT-Security Symposium in Stuttgart. Workshop McAfee Device-to-Cloud, Erweiterte Endpunktsicherheit für Microsoft Umgebungen
IT-Security Symposium 2018 24.10.2018 in Stuttgart Workshop McAfee Device-to-Cloud, Erweiterte Endpunktsicherheit für Microsoft Umgebungen Comparex IT-Security-Symposium Are you managing from an elevated
More informationExperiences in Data Quality
Experiences in Data Quality MIT IQIS 2010 Annette Pence July 14-16, 2010 Approved for Public Release: 10-0686 Distribution Unlimited As a public interest company, MITRE works in partnership with the government
More informationThe IS Audit Process Part-1 Four key objectives
The IS Audit Process Part-1 Four key objectives a. Defining auditing and auditors b. The audit planning process c. Risk analysis d. Internal controls Auditing & Auditors: an evaluation process of an org,
More informationWHITEPAPER THE EVOLUTION OF APPSEC: FROM WAFS TO AUTONOMOUS APPLICATION PROTECTION
WHITEPAPER THE EVOLUTION OF APPSEC: FROM WAFS TO AUTONOMOUS APPLICATION PROTECTION 2 Web application firewalls (WAFs) entered the security market at the turn of the century as web apps became increasingly
More informationSIEM: Five Requirements that Solve the Bigger Business Issues
SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered
More informationHybrid 2.0 In search of the holy grail
Hybrid 2.0 In search of the holy grail A Talk for OWASP BeNeLux by Roger Thornton Founder/CTO Fortify Software Inc 2008 All Right Reserved Fortify Software Inc. 2 Before we Begin: Expectations Objectives
More informationCYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO
CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO INFORMATION SECURITY PAINS CISO RESPONSIBILITY WITHOUT AUTHORITY INVENTORY TO MANAGE ALERTS WITHOUT MEANING ASSETS SPREAD ACROSS
More informationDisaster Recovery Is A Business Strategy
Disaster Recovery Is A Business Strategy A White Paper By Table of Contents Preface Disaster Recovery Is a Business Strategy Disaster Recovery Is a Business Strategy... 2 Disaster Recovery: The Facts...
More information