Threat-Based Metrics for Continuous Enterprise Network Security
|
|
- Moses Lindsey
- 5 years ago
- Views:
Transcription
1 Threat-Based Metrics for Continuous Enterprise Network Security Management and James Riordan Lexington, MA To be Presented at IFIP Working Group 10.4 Workshop on Security Assessment: Metrics and Methods 24 January 2014 *This work is sponsored by the Department of Homeland Security under Contract FA C Opinions, interpretations, conclusions, and recommendations are those of the author and are not necessarily endorsed by the United States Government.
2 Outline Introduction to Continuous Diagnostics and Mitigation Metric Overview Limitations of prior metrics Metric LR-1: Attacker scanning for unauthorized devices Metric LR-3: Attackers exploiting known vulnerabilities Summary and future plans
3 15 Security Capabilities that Must be Managed (U.S. Department of Homeland Security) Events Security Lifecycle Accounts for People and Services Assets
4 A Continuous Diagnostics and Mitigation (CDM) Process Controls Risk for Each Capability 3. Prioritize Risks and Decide on Actions 2. Compare Actual to Desired States and Compute Risk =? 4. Act - Mitigate Risk - Refine Specifications - Correct Observations 1. Observe the Actual State Initialize Desired State Specifications
5 A Continuous Diagnostics and Mitigation (CDM) Process Controls Risk for Each Capability 3. Prioritize Risks and Decide on Actions 2. Compare Actual to Desired States and Compute Risk =? 4. Act - Mitigate Risk - Refine Specifications - Correct Observations 1. Observe the Actual State Initialize Desired State Specifications
6 One Example is Managing the Use of Unauthorized Devices on a Network Prioritize Risks Compute Risk ACT =? Observe
7 Attackers can Either Observe and Compromise Insecure Devices or Spread from Already Infected Devices Prioritize Risks Compute Risk ACT =? Observe
8 Outline Introduction to Continuous Diagnostics and Mitigation Metric Overview Limitations of prior metrics Metric LR-1: Attacker scanning for unauthorized devices Metric LR-3: Attackers exploiting known vulnerabilities Summary and future plans
9 We Have Created Metrics for Nine of Fifteen Capabilities LR-7 LR-6 LR-8 LR-1 People and dservices Assets 5. Trust in People LR-2 LR-5 1. Hardware 6. Credentials 2. Software 7. Accounts and LR-4 3. Vulnerabilities Privileges LR-9 LR-3 4. Configuration 8. Behavior and 9. Boundaries Training
10 Each Metric Focuses on the Most Important Attack(s) for one Capability Client Side
11 A Three-Stage Security Metric Maturity Model Develop understanding system, attacks, and requirements Develop Timeliness, Accuracy, and Coverage Operational Risk Checklist Metric Capability Deficit Metric Operational Risk Metric
12 Level 2 Capability Deficit Metrics Determine If Risk Can Be Computed Accurately Specification Coverage? Define what is required / permitted Perform measurements across all entities There are few standard aspects to the Capability Deficit metric Timeliness Test Error Observe frequently enough to reliably detect t a short duration security event Insecure states are correctly classified (no misclassification)
13 Level 3 Operational Risk Metrics Estimate the Risk Based on the Observed State Risk = Probability of Successful u Attack x Impact Compute Probability of Attack Success Compute Attack Impact Based on Affected Devices P = P Comp (1 e w/ λ )
14 Metric Computation is Embedded in and Enables Continuous Diagnostics and Mitigation Initialize Desired State Specifications Observe the Actual State Compare Actual to Desired States and Compute Risk Prioritize Risks and Decide on Actions Act 4 Level 2 - Capability Metrics Level 3 - Operational or Risk Metrics (Specification, Timeliness, (Risk) Accuracy, Coverage) How much value, on average, is How likely am I to miss a risk condition? captured by this adversary?
15 Outline Introduction to Continuous Diagnostics and Mitigation Metric Overview Limitations of prior metrics Metric LR-1: Attacker scanning for unauthorized devices Metric LR-3: Attackers exploiting known vulnerabilities Summary and future plans
16 Existing Risk Metrics Can Not be Used in a Real-Time Diagnostic and Mitigation Loop Count- and percentage-based assessments do not model attackers correctly Percentage of devices behind firewall / with anti-virus software Mean / median lag of patch installation Other approaches are subjective and can t be automated Annual Loss Expectancy = (Annual Rate) (Loss) Business Adjusted Risk = (Impact) (Risk of Exploit) Mission Oriented Risk and Design Analysis (MORDA)
17 A Count of Serious Vulnerabilities Can be Misleading One machine with Twenty machines each twenty serious with one serious vulnerabilities vulnerability
18 Median Patch Lag is Difficult to Interpret (days) tch Lag ( evice Pat De 1 1
19 Outline Introduction to Continuous Diagnostics and Mitigation Metric Overview Limitations of prior metrics Metric LR-1: Attacker scanning for unauthorized devices Metric LR-3: Attackers exploiting known vulnerabilities Summary and future plans
20 One Attack Model in LR-1 is Attackers Looking for and Compromising Insecure Unauthorized Devices DMZ Assume unauthorized devices are unmanaged, hence vulnerable Services Wireless Access Point Unconfigured Switch Test VM Test Server Attackers observe the network to look for these devices Attacker may be internal or external Desktop Computer Off-net Laptop
21 Defenders Continuously Search for and Process Discovered Unauthorized Devices Authorized Device List Subnet IP Addr MAC ALAN aa:12:bb:34:cc:56 BLAN cc:12:bb:34:cc:54 DMZ d:ab:99:ff:83:83 In Authorized List OK Discovered Device Observe Network Compare Not In Authorized List Authorize Process Remove
22 We can Compute the Probability of Detecting a Finite Duration Event by Scanning s Space IP Addres Attacker Defender Time (Days) The probability of detection of an event of duration w with a scan interval δ is given by w P Observe( w, δ ) = min 1, δ
23 LR-1 Capability Deficit Metric Components Specification Deficit Coverage Deficit Timeliness Deficit Probability of missing an event of a specified duration W Test Error TestD = P miss (i) given the insecure condition was observed but not recognized Overall Capability Deficit Metric
24 The LR-1 Operational Metric Is the Asset Value of the Expected Compromised Unauthorized Devices Sum over all unauthorized devices of the probability bilit of each being compromised OM = AV P( Comp Observed) Unauth P Observed Unauthorized Devices ( ) w P w Δ = Observed, min 1, Δ Compute probability of attacker observing the unauthorized device from the window of presence and attacker scan rate w = Window of time unauthorized device is present Δ = Attacker device sampling interval P(Comp Observed) = Probability device is compromised given the it is observed by an attacker AV = Asset Value for an unauthorized device
25 Outline Introduction to Continuous Diagnostics and Mitigation Metric Overview Limitations of prior metrics Metric LR-1: Attacker scanning for unauthorized devices Metric LR-3: Attackers exploiting known vulnerabilities Summary and future plans
26 Server and Client-Side Attack Models for Exploitation of Known Vulnerabilities Server-side Malicious Content Client-side Compromised web site Wireless Access Point DMZ Services Wireless Access Point DMZ Services Desktop Computer Compromised Server Malicious Content Desktop Computer
27 Client-Side Vulnerabilities Are Discovered From 20 to 60 Times Per Year for Many Client Applications Acroread Firefox Flash Java Thunderbird Vulnerability scanners and patch tools are updated following publication and patch release dates
28 We Compute the Probability of Compromising a Device for Each Vulnerability using Its CVSS Score Assume that the probability of compromising a device by exploiting vulnerability v depends on its Common Vulnerability Scoring System (CVSS) score as P Compromise cvss ( v ) ( v) = 10 2 How do you compute the probability of compromise with multiple vulnerabilities? Vulnerability V 1 CVSS(V 1 ) P Comp (V 1 ) Vulnerability V 2 CVSS(V 2 ) P Comp (V 2 ) Combined Vulnerability V 3 CVSS(V 3 ) P Comp (V 3 ) P Compromise Device A Computation per device
29 The Approach Used to Combine Vulnerabilities Depends on the Attacker Model P Compromise Attacker Model Noisy Rich Attacker Attacker tries all available vulnerabilities until the device is successfully compromised Stealthy Rich Attacker Attacker tries only the single vulnerability with the highest probability of success Random Attacker Attacker tries to exploit one vulnerability selected at random
30 The LR-3 Operational Metric is the Expected Captured Asset Value across Devices Noisy rich attacker on all devices P ( v, i) P ( v) P ( v) Comp = Compromised Observed Observed Probability of single vulnerability detection and compromise P Compromise Observed P Observed cvss( v) ( v) = 10 i ( v, i) = min 1, 2 w ( v) Δ Probability of a successful single vulnerability compromise Probability of an attacker discovering a vulnerability w i (v) = Window of time vulnerability v is present on device i Δ= Attacker device sampling interval for vulnerability AV(i) = Asset value for device i
31 Different Simulated Defense Strategies Lead to Large Operational Risk Metric Differences Operational Metric = 4.9 Operational Metric = 98.6 ties Unique Vulnerabili 5/100 Hosts Compromised Patch Every 5 Days 99/100 Hosts Compromised Patch Every 30 Days Attacker Sampling Interval Jan-Dec 2012 Jan-Dec 2012 Simulation has 100 Hosts each with an asset value of 1 running only Firefox Users browse to a malicious web site once every 30 days Attackers require one week after publication to field exploits on web sites Noisy rich attackers have exploits for all vulnerabilities
32 Outline Introduction to Continuous Diagnostics and Mitigation Metric Overview Limitations of prior metrics Metric LR-1: Attacker scanning for unauthorized devices Metric LR-3: Attackers exploiting known vulnerabilities Summary and future plans
33 Summary The U.S. Department of Homeland Security (DHS) is implementing a Continuous Diagnostics and Mitigation (CDM) strategy for protecting government networks We will be creating metrics for 15 capabilities Each metric: Includes up to date attacker models Estimates risk from attackers Includes a capability deficit component to determine if risk computations are accurate We are completing descriptions for the first nine metrics These will be used by the DHS to support continuous monitoring and risk mediation
34 Roadmap for the Future Continuous Diagnostics and Mitigation (Accurate Continuous Observations, Assess First-Step Risk, Real-Time Operational Mitigations) Network Simulations (Long-Term Modeling of Attacker and ddefense Strategies t Attack Graph Analysis and Policies) (Assess Multi-Step Risk, Prioritize and Evaluate Mitigations, Assess Different Attackers) Security Maturity Level
GARNET. Graphical Attack graph and Reachability Network Evaluation Tool* Leevar Williams, Richard Lippmann, Kyle Ingols. MIT Lincoln Laboratory
GARNET Graphical Attack graph and Reachability Network Evaluation Tool* Leevar Williams, Richard Lippmann, Kyle Ingols 15 September 2008 9/15/2008-1 R. Lippmann, K. Ingols *This work is sponsored by the
More informationVisualizing Attack Graphs, Reachability, and Trust Relationships with NAVIGATOR*
Visualizing Attack Graphs, Reachability, and Trust Relationships with NAVIGATOR* Matthew Chu, Kyle Ingols, Richard Lippmann, Seth Webster, Stephen Boyer 14 September 2010 9/14/2010-1 *This work is sponsored
More informationNational State Auditors Association Vulnerability Management: An Audit Primer September 20, 2018
Office of the Legislative Auditor State of Minnesota National State Auditors Association Vulnerability Management: An Audit Primer September 20, 2018 Christopher Buse Deputy Legislative Auditor Boot Camp
More informationK12 Cybersecurity Roadmap
K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationPCI Compliance Assessment Module with Inspector
Quick Start Guide PCI Compliance Assessment Module with Inspector Instructions to Perform a PCI Compliance Assessment Performing a PCI Compliance Assessment (with Inspector) 2 PCI Compliance Assessment
More informationSurprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS
Surprisingly Successful: What Really Works in Cyber Defense John Pescatore, SANS 1 Largest Breach Ever 2 The Business Impact Equation All CEOs know stuff happens in business and in security The goal is
More informationAutomating the Top 20 CIS Critical Security Controls
20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises
More informationCyber Protections: First Step, Risk Assessment
Cyber Protections: First Step, Risk Assessment Presentation to: Presented to: Mark LaVigne, Deputy Director NYSAC November 21, 2017 500 Avery Lane Rome, NY 13441 315.338.5818 www.nystec.com In this presentation
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationCourse Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture
About this Course This course will best position your organization to analyse threats and detect anomalies that could indicate cybercriminal behaviour. The payoff for this new proactive approach would
More informationCYSE 411/AIT 681 Secure Software Engineering Topic #3. Risk Management
CYSE 411/AIT 681 Secure Software Engineering Topic #3. Risk Management Instructor: Dr. Kun Sun Outline 1. Risk management 2. Standards on Evaluating Secure System 3. Security Analysis using Security Metrics
More informationMeeting PCI DSS 3.2 Compliance with RiskSense Solutions
Meeting PCI DSS 3.2 Compliance with Solutions Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 2018, Inc. What s Changing with PCI DSS? Summary of PCI Business
More informationConnectWise Automate. What is ConnectWise Automate?
What is ConnectWise Automate? ConnectWise Automate is a remote monitoring and management tool (RMM) that allows us to actively track the health and performance of your IT network. We compile that data
More informationNEN The Education Network
NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected
More informationTop 20 Critical Security Controls (CSC) for Effective Cyber Defense. Christian Espinosa Alpine Security
Top 20 Critical Security Controls (CSC) for Effective Cyber Defense Christian Espinosa Alpine Security christian.espinosa@alpinesecurity.com Background Christian Espinosa christian.espinosa@alpinesecurity.com
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationProtect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com
Protect Your Endpoint, Keep Your Business Safe. White Paper Exosphere, Inc. getexosphere.com White Paper Today s Threat Landscape Cyber attacks today are increasingly sophisticated and widespread, rendering
More informationA Measurement Companion to the CIS Critical Security Controls (Version 6) October
A Measurement Companion to the CIS Critical Security Controls (Version 6) October 2015 1 A Measurement Companion to the CIS Critical Security Controls (Version 6) Introduction... 3 Description... 4 CIS
More informationDatacenter Security: Protection Beyond OS LifeCycle
Section Datacenter Security: Protection Beyond OS LifeCycle 1 Not so fun Facts from the Symantec ISTR 2017 Report Zero-Day Vulnerability, annual total Legitimate tools, annual total 6,000 5 5,000 4,000
More informationGUIDE. MetaDefender Kiosk Deployment Guide
GUIDE MetaDefender Kiosk Deployment Guide 1 SECTION 1.0 Recommended Deployment of MetaDefender Kiosk(s) OPSWAT s MetaDefender Kiosk product is deployed by organizations to scan portable media and detect
More informationSkybox Security Vulnerability Management Survey 2012
Skybox Security Vulnerability Management Survey 2012 Notice: This document contains a summary of the responses to a June 2012 survey of 100 medium to large enterprise organizations about their Vulnerability
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationChapter 5: Vulnerability Analysis
Chapter 5: Vulnerability Analysis Technology Brief Vulnerability analysis is a part of the scanning phase. In the Hacking cycle, vulnerability analysis is a major and important part. In this chapter, we
More informationEvaluating the Security of Your IT Network. Vulnerability Scanning & Network Map
Click to edit Master title style Evaluating the Security of Your IT Network Vulnerability Scanning & Network Map Kyle Stafford / M-CEITA 5/12/2017 1 1 Disclaimer This presentation was current at the time
More informationPresenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.
Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic
More informationSANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045
Critical Security Control Solution Brief Version 6 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable,
More informationForeScout Extended Module for Qualys VM
ForeScout Extended Module for Qualys VM Version 1.2.1 Table of Contents About the Qualys VM Integration... 3 Additional Qualys VM Documentation... 3 About This Module... 3 Components... 4 Considerations...
More informationNebraska CERT Conference
Nebraska CERT Conference Security Methodology / Incident Response Patrick Hanrion Security Center of Excellence Sr. Security Consultant Agenda Security Methodology Security Enabled Business Framework methodology
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationJuniper Vendor Security Requirements
Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationSecuring Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection
Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection Azure Active Directory 3 rd Party IaaS IaaS Rights Management Services
More informationTRIPWIRE VULNERABILITY RISK METRICS CONNECTING SECURITY TO THE BUSINESS
CONFIDENCE: SECURED WHITE PAPER IRFAHN KHIMJI, CISSP TRIPWIRE VULNERABILITY RISK METRICS CONNECTING SECURITY TO THE BUSINESS ADVANCED THREAT PROTECTION, SECURITY AND COMPLIANCE EXECUTIVE SUMMARY A vulnerability
More informationImproving SCADA System Security
Improving SCADA System Security NPCC 2004 General Meeting Robert W. Hoffman Manager, Cyber Security Research Department Infrastructure Assurance and Defense Systems National Security Division, INEEL September
More informationThe Future Is SECURITY THAT MAKES A DIFFERENCE. Implementing the 20 Critical Controls
The Future Is SECURITY THAT MAKES A DIFFERENCE Implementing the 20 Critical Controls Introduction Security is an evolution! Understanding the benefit and know how to implement the 20 critical controls
More informationBack to Basics: Basic CIS Controls
Back to Basics: Basic CIS Controls Chad Waddell Enterprise Consultant Center for Internet Security 2 https://www.cisecurity.org/ Non-profit organization founded in 2000 Employs closed crowdsourcing model
More informationCyber Security Update Recent Events in the Wild and How Can We Prepare?
Cyber Security Update Recent Events in the Wild and How Can We Prepare? Bob Cowles August, 2011 DOE Labs Hacked! ORNL off the Internet for nearly 2 weeks extensive remediation efforts put into place JLab
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationEFFECTIVE VULNERABILITY MANAGEMENT USING QUALYSGUARD 1
EFFECTIVE VULNERABILITY MANAGEMENT USING QUALYSGUARD 1 EFFECTIVE VULNERABILITY MANAGEMENT USING QUALYSGUARD ICTN 6823 BOYD AARON SIGMON EAST CAROLINA UNIVERSITY EFFECTIVE VULNERABILITY MANAGEMENT USING
More informationROBUST, quantitative measurement of cyber technology
Quantitative Evaluation of Moving Target Technology Paula J. Donovan, Jeffrey W. McLamb, Hamed Okhravi, James Riordan, Charles V. Wright ** Cyber Security and Information Sciences Division MIT Lincoln
More informationSecurity Solutions. Overview. Business Needs
Security Solutions Overview Information security is not a one time event. The dynamic nature of computer networks mandates that examining and ensuring information security be a constant and vigilant effort.
More informationEnsuring System Protection throughout the Operational Lifecycle
Ensuring System Protection throughout the Operational Lifecycle The global cyber landscape is currently occupied with a diversity of security threats, from novice attackers running pre-packaged distributed-denial-of-service
More informationWhite Paper April McAfee Protection-in-Depth. The Risk Management Lifecycle Protecting Critical Business Assets.
White Paper April 2005 McAfee Protection-in-Depth The Risk Management Lifecycle Protecting Critical Business Assets Protecting Critical Business Assets 2 Table of Contents Overview 3 Diagram (10 Step Lifecycle)
More informationA Model of Network Porosity
Technical Report 1217 A Model of Network Porosity J.F. Riordan R.P. Lippmann S.J. Neumayer N. Wagner Lincoln Laboratory MASSACHUSETTS INSTITUTE OF TECHNOLOGY LEXINGTON, MASSACHUSETTS 9 November 2016 This
More informationWhat are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards
PCI DSS What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards Definition: A multifaceted security standard that includes requirements for security management, policies, procedures,
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationCompTIA Security+(2008 Edition) Exam
http://www.51- pass.com Exam : SY0-201 Title : CompTIA Security+(2008 Edition) Exam Version : Demo 1 / 7 1.An administrator is explaining the conditions under which penetration testing is preferred over
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationDiscover threats quickly, remediate immediately, and mitigate the impact of malware and breaches
Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches Introduction No matter how hard you work to educate your employees about the constant and evolving threats
More informationNETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationCyber Security For Business
Cyber Security For Business In today s hostile digital environment, the importance of securing your data and technology cannot be overstated. From customer assurance, liability mitigation, and even your
More informationComptia.Certkey.SY0-401.v by.SANFORD.362q. Exam Code: SY Exam Name: CompTIA Security+ Certification Exam
Comptia.Certkey.SY0-401.v2014-09-23.by.SANFORD.362q Number: SY0-401 Passing Score: 800 Time Limit: 120 min File Version: 18.5 Exam Code: SY0-401 Exam Name: CompTIA Security+ Certification Exam Exam A QUESTION
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationClient Computing Security Standard (CCSS)
Client Computing Security Standard (CCSS) 1. Background The purpose of the Client Computing Security Standard (CCSS) is to (a) help protect each user s device from harm, (b) to protect other users devices
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationACM Retreat - Today s Topics:
ACM Retreat - Today s Topics: Phase II Cyber Risk Management Services - What s next? Policy Development External Vulnerability Assessment Phishing Assessment Security Awareness Notification Third Party
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More information2017 Annual Meeting of Members and Board of Directors Meeting
2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,
More informationIBM Proventia Management SiteProtector Sample Reports
IBM Proventia Management SiteProtector Page Contents IBM Proventia Management SiteProtector Reporting Functionality Sample Report Index 2-25 Reports 26 Available SiteProtector Reports IBM Proventia Management
More informationMay 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations
May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (9 th Week) 9. Firewalls and Intrusion Prevention Systems 9.Outline The Need for Firewalls Firewall Characterictics and Access Policy Type of Firewalls
More informationCYBERSECURITY RISK LOWERING CHECKLIST
CYBERSECURITY RISK LOWERING CHECKLIST The risks from cybersecurity attacks, whether external or internal, continue to grow. Leaders must make thoughtful and informed decisions as to the level of risk they
More informationWHO AM I? Been working in IT Security since 1992
(C) MARCHANY 2011 1 WHO AM I? Been working in IT Security since 1992 CISO at VA Tech 35+K node network. dual stack IPV4, IPV6 network since 2006 Multi-national Main campus (Blacksburg, VA), Remote campuses
More informationSymantec Client Security. Integrated protection for network and remote clients.
Symantec Client Security Integrated protection for network and remote clients. Complex Internet threats require comprehensive security. Today's complex threats require comprehensive security solutions
More informationCyber Hygiene: A Baseline Set of Practices
[DISTRIBUTION STATEMENT A] Approved for public Cyber Hygiene: A Baseline Set of Practices Matt Trevors Charles M. Wallen Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Copyright
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationAligning with the Critical Security Controls to Achieve Quick Security Wins
Aligning with the Critical Security Controls to Achieve Quick Security Wins Background The Council on CyberSecurity s Critical Security Controls for Effective Cyber Defense provide guidance on easy wins
More informationCyberArk Privileged Threat Analytics
CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical
More informationComputer Security: Cyber Essentials KAMI VANIEA 1
Computer Security: Cyber Essentials DR. KAMI VANIEA KAMI VANIEA 1 First, the news http://www.sbrcentre.co.uk/images/site_images/20522_small BusinessTheCyberRiskReportVoRFINALFeb2016.pdf http://www.informationisbeautiful.net/visualizations/worldsbiggest-data-breaches-hacks/
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationHIPAA Compliance Assessment Module
Quick Start Guide HIPAA Compliance Assessment Module Instructions to Perform a HIPAA Compliance Assessment Performing a HIPAA Compliance Assessment 2 HIPAA Compliance Assessment Overview 2 What You Will
More informationCybersecurity Threat Modeling ISACA Atlanta Chapter Geek Week Conference
www.pwc.com 2016 ISACA Atlanta Chapter Geek Week Conference Highlights from surveys 38% Amount of security incidents In 2015, 38% more security incidents were detected than in 2014. $4.9M Cost of security
More informationCIS Controls Measures and Metrics for Version 7
Level One Level Two Level Three Level Four Level Five Level Six 1.1 Utilize an Active Discovery Tool Utilize an active discovery tool to identify devices connected to the organization's network and update
More informationVulnerability Management Policy
Vulnerability Management Policy Document Type: Policy (PLCY) Endorsed By: Information Technology Policy Committee Date: 4/29/2011 Promulgated By: Chancellor Herzog Date: 6/16/2011 I. Introduction IT resources
More informationHow do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?
Cybersecurity Due Diligence Checklist Control # Control Name Risks Questions for IT 1 Make an Benign Case: Employees Inventory of using unapproved Authorized devices without Devices appropriate security
More informationRequirements for IT Infrastructure
Requirements for IT Infrastructure This information contained in this document is taken from the NCSC Website directly via: https://www.cyberessentials.ncsc.gov.uk/requirements-for-it-infrastructure.html
More informationCIT 480: Securing Computer Systems. Putting It All Together
CIT 480: Securing Computer Systems Putting It All Together Assurance 1. Asset identification 1. Systems and information assets. 2. Infrastructure model and control 1. Network diagrams and inventory database.
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationCIS Controls Measures and Metrics for Version 7
Level 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.3 Use DHCP Logging to Update Asset Inventory 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information
More informationSeqrite Endpoint Security
Enterprise Security Solutions by Quick Heal Integrated enterprise security and unified endpoint management console Enterprise Suite Edition Product Highlights Innovative endpoint security that prevents
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationNEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?
NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:
More informationCyber Essentials. Requirements for IT Infrastructure. QG Adaption Publication 25 th July 17
Cyber Essentials Requirements for IT Infrastructure NCSC Publication 6 th February 17 QG Adaption Publication 25 th July 17 Document No. BIS 14/696/1.2 Requirements for IT Infrastructure Specifying the
More informationThe Evolving Threat of Internet Worms
The Evolving Threat of Internet Worms Jose Nazario, Arbor Networks Why Worm Based Intrusions Relative ease Write once, run everywhere promise can come true Penetration Right past firewalls
More informationIngram Micro Cyber Security Portfolio
Ingram Micro Cyber Security Portfolio Ingram Micro Inc. 1 Ingram Micro Cyber Security Portfolio Services Trainings Vendors Technical Assessment General Training Consultancy Service Certification Training
More informationManaged Security Services - Endpoint Managed Security on Cloud
Services Description Managed Security Services - Endpoint Managed Security on Cloud The services described herein are governed by the terms and conditions of the agreement specified in the Order Document
More informationPractical OpenSCAP Security Standard Compliance and Reporting. Robin Price II Senior Solutions Architect Martin Preisler Senior Software Engineer
Practical OpenSCAP Security Standard Compliance and Reporting Robin Price II Senior Solutions Architect Martin Preisler Senior Software Engineer INTRODUCTION AGENDA Review some slides Follow along demostration
More informationCONTENTS OF THIS REPORT
CONTENTS OF THIS REPORT Site Overview Executive Summary Network Health Overview Network Assessment Manage Devices by Operating System Remote Control Usage Select report by clicking on the title, the report
More informationZero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection
Zero Trust on the Endpoint Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection March 2015 Executive Summary The Forrester Zero Trust Model (Zero Trust) of information
More informationTenable SCAP Standards Declarations. June 4, 2015 (Revision 11)
Tenable SCAP Standards Declarations June 4, 2015 (Revision 11) Table of Contents Center for Internet Security (CIS)... 3 Common Criteria (NIAP)... 3 Common Vulnerability Enumeration (CVE)... 3 Common Configuration
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More information