WHO AM I? Been working in IT Security since 1992

Size: px
Start display at page:

Download "WHO AM I? Been working in IT Security since 1992"

Transcription

1 (C) MARCHANY

2 WHO AM I? Been working in IT Security since 1992 CISO at VA Tech 35+K node network. dual stack IPV4, IPV6 network since 2006 Multi-national Main campus (Blacksburg, VA), Remote campuses (Arlington, Norfolk, VA), Swiss, Indian, Egyptian campuses My IT Security Philosophy All Security is Local Empower the local IT staff The Business Process trumps the Security Process Learn the business process before imposing security requirements Restrictive security practices cause worse problems overall (C) MARCHANY

3 VA TECH IT SECURITY STRATEGY Based on ISO 27002, NIST Standards Protect sensitive data regardless of location Business process defines and trumps the security process if there is a conflict IT and Business processes must adapt to new situation All security is local Empower the local departmental sysadmins with information Don t care what comes in the net. Worry about what leaves the net. (C) MARCHANY

4 IMPLEMENTING THE 20 CRITICAL CONTROLS STRATEGY Quick wins Focus on the most common and damaging threats Consistent implementation Metrics to justify acquisitions Interfere with Attackers getting in Attackers staying in Attackers causing damage Focus on what leaves the net rather than what comes in (C) MARCHANY

5 (C) MARCHANY

6 WHY 20 CRITICAL CONTROLS? Subset of the Priority 1 items in NIST Mapping of > >20 Critical Controls Technical controls only, not operational controls Have to start somewhere Based on NSA Attack Mitigation Scores Stop Attacks early Stop Many Attacks Mitigate Impact of Attacks Focus is ASSURANCE not compliance! (C) MARCHANY

7 THE 20 CRITICAL CONTROLS: Inventory of authorized and unauthorized devices Reduce the ability of attackers to find and exploit unauthorized and unprotected systems: Use active monitoring and configuration management to maintain an up-to-date inventory 2. Inventory of authorized and unauthorized software Identify vulnerable or malicious software to mitigate or root out attacks: Devise a list of authorized software for each type of system, and deploy tools to track software installed (including type, version, and patches) 3. Secure configurations for hardware and software on laptops, workstations, and servers Prevent attackers from exploiting services and settings that allow easy access through networks and browsers: Build a secure image that is used for all new systems deployed to the enterprise (C) MARCHANY

8 THE 20 CRITICAL CONTROLS: Continuous Vulnerability Assessment and Remediation Proactively identify and repair software vulnerabilities reported by security researchers or vendors: Regularly run automated vulnerability scanning tools against all systems and quickly remediate any vulnerabilities 5. Malware Defenses Block malicious code from tampering with system settings or contents, capturing sensitive data, or spreading (C) MARCHANY

9 THE 20 CRITICAL CONTROLS: Application Software Security Neutralize vulnerabilities in web-based and other application software: 7. Wireless Device Control Protect the security perimeter against unauthorized wireless access: Allow wireless devices to connect to the network only if it matches an authorized configuration and security profile and has a documented owner and defined business need. 8. Data Recovery Capability (validated manually) 9. Security Skills Assessment and Appropriate Training To Fill Gaps (validated manually) 10. Secure configurations for network devices such as firewalls, routers, and switches Preclude electronic holes from forming at connection points with the Internet, other organizations, and internal network segments: Compare firewall, router, and switch configurations against standards for each type of network device. (C) MARCHANY

10 THE 20 CRITICAL CONTROLS: Limitation and Control of Network Ports, Protocols, and Services Allow remote access only to legitimate users and services: Apply host-based firewalls and port-filtering and scanning tools to block traffic that is not explicitly allowed 12. Controlled Use of Administrative Privileges Protect and validate administrative accounts on desktops, laptops, and servers to prevent two common types of attack: 13. Boundary Defense Control the flow of traffic through network borders, and police content by looking for attacks and evidence of compromised machines: (C) MARCHANY

11 THE 20 CRITICAL CONTROLS: Maintenance, Monitoring and Analysis of Audit Logs Use detailed logs to identify and uncover the details of an attack, including the location, malicious software deployed, and activity on victim machines:. Store logs on dedicated servers, and run biweekly reports to identify and document anomalies. 15. Controlled Access Based On Need to Know Prevent attackers from gaining access to highly sensitive data: Carefully identify and separate critical data from information that is readily available to internal network users. Establish a multilevel data classification scheme based on the impact of any data exposure, and ensure that only authenticated users have access to nonpublic data and files. (C) MARCHANY

12 THE 20 CRITICAL CONTROLS: Account Monitoring and Control Keep attackers from impersonating legitimate users: Review all system accounts and disable any that are not associated with a business process and owner. 17. Data Loss Prevention Stop unauthorized transfer of sensitive data through network attacks and physical theft: Scrutinize the movement of data across network boundaries, both electronically and physically, to minimize the exposure to attackers. 18. Incident Response Capability (validated manually) 19. Secure Network Engineering (validated manually) Keep poor network design from enabling attackers: Use a robust, secure network engineering process to prevent security controls from being circumvented. Allow rapid deployment of new access controls to quickly deflect attacks. 20. Penetration Tests and Red Team Exercises (validated manually) (C) MARCHANY

13 IMPLEMENTATION TIPS Secure upper management backing Do a 20 Critical Controls Gap Analysis Find out who at your school has the information needed by a particular control Get access to the info Pick 2-4 controls at a time, Rinse, lather and repeat This is a 3-5 year project. (C) MARCHANY

14 YOU HAVE THE ANSWERS ALREADY 1. Inventory of authorized and unauthorized device Obtain from your network management group 2. Inventory of authorized and unauthorized software Obtain from software purchasing group 3. Secure configurations for hardware and software on laptops, workstations, and servers Policy 4. Continuous Vulnerability Assessment and Remediation IT Security Office runs weekly scans against critical servers 5. Malware Defense IT Security Office (C) MARCHANY

15 YOU HAVE THE ANSWERS ALREADY 6. Application Software Security Security Questionnaires 7. Wireless Device Control Network management group 8. Data Recovery Capability (validated manually) Network Backup service, departmental backup process 9. Security Skills Assessment & Appropriate Training To Fill Gaps (validate manually) Secure the Human 10. Secure configurations for network devices such as firewalls, routers, and switches Network Management Group (C) MARCHANY

16 YOU HAVE THE ANSWERS ALREADY 11. Limitation and Control of Network Ports, Protocols, and Services Policy, Standards, Individual Departmental guidelines 12. Controlled Use of Administrative Privileges Policy, Standards, Individual Departmental guidelines 13. Boundary Defense Policy, Standards, define the boundary! 14. Maintenance, Monitoring and Analysis of Audit Logs Standard Sysadmin practice, SIEM, Syslog server 15. Controlled Access Based On Need to Know Business process rules, Identity Mgt process (C) MARCHANY

17 YOU HAVE THE ANSWERS ALREADY 16. Account Monitoring and Control HR Policies/process, Identity Mgt process 17. Data Loss Prevention Sensitive Data protection policy/standards, network forensics 18. Incident Response Capability (validated manually) IT Security Office, Upper Mgt approval 19. Secure Network Engineering (validated manually) Network mgt group configuration rules 20. Penetration Tests and Red Team Exercises (validated manually) (C) MARCHANY

18 CONTROL ENTITY RELATIONSHIP DIAGRAM (ERD) #1

19 CONTROL ENTITY RELATIONSHIP DIAGRAM (ERD) #14

20 (C) MARCHANY

21 (C) MARCHANY

22 (C) MARCHANY

23 THE CHALLENGES Getting upper management (Board, President, CIO, VP) support Getting the data Internal IT groups may not have the info in a format you want Internal IT groups may not want to give you the data Departmental groups may not want to give you the info Performing the Gap analysis Building the 20 Critical Implementation plan Just doing it! (C) MARCHANY

24 JUST DO IT You probably rolled your eyes when you read the controls We can t do that! It s too complicated Just do it We have not made significant strides in overall organizational IT security in the past 20 years Same vectors in the 1990s are causing problems in the 2010s It s time to change the paradigm Just do it a few steps at a time (C) MARCHANY

25 QUESTIONS? Contact Information Randy Marchany University IT Security Officer VA Tech IT Security Office & Lab 1300 Torgersen Hall Blacksburg, VA (office) (lab) Blog: randymarchany.blogspot.com (C) MARCHANY

K12 Cybersecurity Roadmap

K12 Cybersecurity Roadmap K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the

More information

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security Sneak Peak at CIS Critical Security Controls V 7 Release Date: March 2018 2017 Presented by Kelli Tarala Principal Consultant Enclave Security 2 Standards and Frameworks 3 Information Assurance Frameworks

More information

Designing and Building a Cybersecurity Program

Designing and Building a Cybersecurity Program Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity

More information

ECKLER FS TECHNOLOGY APPLICATIONS SECURITY CONTROLS. General Security Controls for Products & Services (Updated )

ECKLER FS TECHNOLOGY APPLICATIONS SECURITY CONTROLS. General Security Controls for Products & Services (Updated ) ECKLER FS TECHNOLOGY APPLICATIONS SECURITY CONTROLS General Security Controls for Products & Services (Updated 2010-10 - 06) TABLE OF CONTENTS 1. EXECUTIVE SUMMARY... 1 2. FS TECHNOLOGY APPLICATIONS...

More information

CyberSecurity: Top 20 Controls

CyberSecurity: Top 20 Controls CyberSecurity: Top 20 Controls ISACA Kampala Chapter CPD Event - 30 March 2017 By Bernard Wanyama - CISA, CGEIT, CRISC, CISM Assume breach.. The CIS Top 20 Critical Security Controls CIS, SANS, NSA and

More information

Top 20 Critical Security Controls (CSC) for Effective Cyber Defense. Christian Espinosa Alpine Security

Top 20 Critical Security Controls (CSC) for Effective Cyber Defense. Christian Espinosa Alpine Security Top 20 Critical Security Controls (CSC) for Effective Cyber Defense Christian Espinosa Alpine Security christian.espinosa@alpinesecurity.com Background Christian Espinosa christian.espinosa@alpinesecurity.com

More information

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose

More information

TIPS FOR AUDITING CYBERSECURITY

TIPS FOR AUDITING CYBERSECURITY TIPS FOR AUDITING CYBERSECURITY Dr. Vilius Benetis, ISACA Lithuania Chapter, NRD CS 18 October 2016 TODAY S SPEAKER Dr. Vilius Benetis Cybersecurity Practice Leader Norway Registers Development (NRD Cybersecurity)

More information

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045 Critical Security Control Solution Brief Version 6 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable,

More information

Aligning with the Critical Security Controls to Achieve Quick Security Wins

Aligning with the Critical Security Controls to Achieve Quick Security Wins Aligning with the Critical Security Controls to Achieve Quick Security Wins Background The Council on CyberSecurity s Critical Security Controls for Effective Cyber Defense provide guidance on easy wins

More information

How Breaches Really Happen

How Breaches Really Happen How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

NEN The Education Network

NEN The Education Network NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected

More information

Lessons Learned From Real World CISOs

Lessons Learned From Real World CISOs SESSION ID: CXO-R04 Lessons Learned From Real World CISOs PANELISTS: Tom Baltis VP/CISO Blue Cross Blue Shield Michigan Randy Marchany CISO Virginia Tech Pavel Slavin Tech Director, Medical Device Security

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

A Measurement Companion to the CIS Critical Security Controls (Version 6) October A Measurement Companion to the CIS Critical Security Controls (Version 6) October 2015 1 A Measurement Companion to the CIS Critical Security Controls (Version 6) Introduction... 3 Description... 4 CIS

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

ISO27001 Preparing your business with Snare

ISO27001 Preparing your business with Snare WHITEPAPER Complying with ISO27001 Preparing your business with Snare T he technical controls imposed by ISO (International Organisation for Standardization) Standard 27001 cover a wide range of security

More information

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002 ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION

More information

Cyber Protections: First Step, Risk Assessment

Cyber Protections: First Step, Risk Assessment Cyber Protections: First Step, Risk Assessment Presentation to: Presented to: Mark LaVigne, Deputy Director NYSAC November 21, 2017 500 Avery Lane Rome, NY 13441 315.338.5818 www.nystec.com In this presentation

More information

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network? Cybersecurity Due Diligence Checklist Control # Control Name Risks Questions for IT 1 Make an Benign Case: Employees Inventory of using unapproved Authorized devices without Devices appropriate security

More information

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

The SANS Institute Top 20 Critical Security Controls. Compliance Guide The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise

More information

Automating the Top 20 CIS Critical Security Controls

Automating the Top 20 CIS Critical Security Controls 20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises

More information

Cybersecurity Today Avoid Becoming a News Headline

Cybersecurity Today Avoid Becoming a News Headline Cybersecurity Today 2017 Avoid Becoming a News Headline Topics Making News Notable Incidents Current State of Affairs Common Points of Failure Three Quick Wins How to Prepare for and Respond to Cybersecurity

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS Surprisingly Successful: What Really Works in Cyber Defense John Pescatore, SANS 1 Largest Breach Ever 2 The Business Impact Equation All CEOs know stuff happens in business and in security The goal is

More information

ISE North America Leadership Summit and Awards

ISE North America Leadership Summit and Awards ISE North America Leadership Summit and Awards November 6-7, 2013 Presentation Title: Presenter: Presenter Title: Company Name: Embracing Cyber Security for Top-to-Bottom Results Larry Wilson Chief Information

More information

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC Virtualization Security & Audit John Tannahill, CA, CISM, CGEIT, CRISC jtannahi@rogers.com Session Overview Virtualization Concepts Virtualization Technologies Key Risk & Control Areas Audit Programs /

More information

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security EMERGING THREATS & STRATEGIES FOR DEFENSE Paul Fletcher Cyber Security Evangelist @_PaulFletcher Threats by Customer Environment Cloud Environment On Premise Environment 1.96% 0.13% 0.02% application-attack

More information

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.

More information

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client

More information

AUTHORITY FOR ELECTRICITY REGULATION

AUTHORITY FOR ELECTRICITY REGULATION SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...

More information

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Enhancing the Cybersecurity of Federal Information and Assets through CSIP TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3

More information

CSC - DRAFT - VER6c FOR PUBLIC COMMENT ONLY

CSC - DRAFT - VER6c FOR PUBLIC COMMENT ONLY The Center for Internet Security Critical Security Controls Version 6.1 Family Control Control Description SecureTheVillage Critical Security Control #1: Inventory of Authorized and Unauthorized Devices

More information

Internet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin

Internet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin Internet of Things Internet of Everything Presented By: Louis McNeil Tom Costin Agenda Session Topics What is the IoT (Internet of Things) Key characteristics & components of the IoT Top 10 IoT Risks OWASP

More information

Information Security Office. Server Vulnerability Management Standards

Information Security Office. Server Vulnerability Management Standards Information Security Office Server Vulnerability Management Standards Revision History Revision Date Revised By Summary of Revisions Section(s) / Page(s) Revised 6/1/2013 S. Gucwa Initial Release All 4/15/2015

More information

Total Security Management PCI DSS Compliance Guide

Total Security Management PCI DSS Compliance Guide Total Security Management PCI DSS Guide The Payment Card Industry Data Security Standard (PCI DSS) is a set of regulations to help protect the security of credit card holders. These regulations apply to

More information

Building Secure Systems

Building Secure Systems Building Secure Systems Antony Selim, CISSP, P.E. Cyber Security and Enterprise Security Architecture 13 November 2015 Copyright 2015 Raytheon Company. All rights reserved. Customer Success Is Our Mission

More information

SecureTrack. Supporting SANS 20 Critical Security Controls. March

SecureTrack. Supporting SANS 20 Critical Security Controls. March SecureTrack Supporting SANS 20 Critical Security Controls March 2012 www.tufin.com Table of Contents Introduction... 3 Critical Control 4: Secure Configurations for Network Devices such as Firewalls, Routers,

More information

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief Publication Date: March 10, 2017 Requirements for Financial Services Companies (23NYCRR 500) Solution Brief EventTracker 8815 Centre Park Drive, Columbia MD 21045 About EventTracker EventTracker s advanced

More information

CyberArk Privileged Threat Analytics

CyberArk Privileged Threat Analytics CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical

More information

CCISO Blueprint v1. EC-Council

CCISO Blueprint v1. EC-Council CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements

More information

How to Develop Key Performance Indicators for Security

How to Develop Key Performance Indicators for Security SESSION ID: How to Develop Key Performance Indicators for Security James Tarala Principal and Senior Instructor Enclave Security / The SANS Institute @isaudit Laying a Foundation For metrics to be effective,

More information

ACM Retreat - Today s Topics:

ACM Retreat - Today s Topics: ACM Retreat - Today s Topics: Phase II Cyber Risk Management Services - What s next? Policy Development External Vulnerability Assessment Phishing Assessment Security Awareness Notification Third Party

More information

External Supplier Control Obligations. Cyber Security

External Supplier Control Obligations. Cyber Security External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place

More information

Personal Physical Security

Personal Physical Security Security Essentials For Personal Personal Physical Security Lights at night and/or motion sensitive flood lights Cut your bushes so people can t hide behind them Lock your doors and windows (do a nightly

More information

Education Network Security

Education Network Security Education Network Security RECOMMENDATIONS CHECKLIST Learn INSTITUTE Education Network Security Recommendations Checklist This checklist is designed to assist in a quick review of your K-12 district or

More information

Cyber security tips and self-assessment for business

Cyber security tips and self-assessment for business Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this

More information

Client Computing Security Standard (CCSS)

Client Computing Security Standard (CCSS) Client Computing Security Standard (CCSS) 1. Background The purpose of the Client Computing Security Standard (CCSS) is to (a) help protect each user s device from harm, (b) to protect other users devices

More information

Standard: Event Monitoring

Standard: Event Monitoring October 24, 2016 Page 1 Contents Revision History... 4 Executive Summary... 4 Introduction and Purpose... 5 Scope... 5 Standard... 5 Audit Log Standard: Nature of Information and Retention Period... 5

More information

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not

More information

The Common Controls Framework BY ADOBE

The Common Controls Framework BY ADOBE The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.

More information

ICS Cybersecurity. SANS Top 20 Critical Controls for ICS. David Van Crout

ICS Cybersecurity. SANS Top 20 Critical Controls for ICS. David Van Crout ICS Cybersecurity SANS Top 20 Critical Controls for ICS David Van Crout «Competitività e Sostenibilità. Progetti e tecnologie al servizio delle reti di pubblica utilità» Bologna, 6-7 novembre 2013 Industrial

More information

Cyber Security Program

Cyber Security Program Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by

More information

Gujarat Forensic Sciences University

Gujarat Forensic Sciences University Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat

More information

CERT Development EFFECTIVE RESPONSE

CERT Development EFFECTIVE RESPONSE CERT Development EFFECTIVE RESPONSE CERT Development: EFFECTIVE RESPONSE 2 Effective Response Effective Response Well funded, organized attackers threaten your network IT attacks can result in: Loss of

More information

Department of Management Services REQUEST FOR INFORMATION

Department of Management Services REQUEST FOR INFORMATION RESPONSE TO Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 250 South President

More information

10 FOCUS AREAS FOR BREACH PREVENTION

10 FOCUS AREAS FOR BREACH PREVENTION 10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual

More information

Table of Contents. Policy Patch Management Version Control

Table of Contents. Policy Patch Management Version Control Table of Contents Patch Management Version Control Policy... 2 The Patch Management Version Control Process... 2 Policy... 2 Vendor Updates... 3 Concepts... 3 Responsibility... 3 Organizational Roles...

More information

Protecting productivity with Industrial Security Services

Protecting productivity with Industrial Security Services Protecting productivity with Industrial Security Services Identify vulnerabilities and threats at an early stage. Take proactive measures. Achieve optimal long-term plant protection. usa.siemens.com/industrialsecurityservices

More information

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe. Crises Control Cloud Security Principles Transputec provides ICT Services and Solutions to leading organisations around the globe. As a provider of these services for over 30 years, we have the credibility

More information

White Paper April McAfee Protection-in-Depth. The Risk Management Lifecycle Protecting Critical Business Assets.

White Paper April McAfee Protection-in-Depth. The Risk Management Lifecycle Protecting Critical Business Assets. White Paper April 2005 McAfee Protection-in-Depth The Risk Management Lifecycle Protecting Critical Business Assets Protecting Critical Business Assets 2 Table of Contents Overview 3 Diagram (10 Step Lifecycle)

More information

Information Technology Procedure IT 3.4 IT Configuration Management

Information Technology Procedure IT 3.4 IT Configuration Management Information Technology Procedure IT Configuration Management Contents Purpose and Scope... 1 Responsibilities... 1 Procedure... 1 Identify and Record Configuration... 2 Document Planned Changes... 3 Evaluating

More information

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045 Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence that

More information

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS 10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND

More information

Ransomware A case study of the impact, recovery and remediation events

Ransomware A case study of the impact, recovery and remediation events Ransomware A case study of the impact, recovery and remediation events Peter Thermos President & CTO Tel: (732) 688-0413 peter.thermos@palindrometech.com Palindrome Technologies 100 Village Court Suite

More information

7.16 INFORMATION TECHNOLOGY SECURITY

7.16 INFORMATION TECHNOLOGY SECURITY 7.16 INFORMATION TECHNOLOGY SECURITY The superintendent shall be responsible for ensuring the district has the necessary components in place to meet the district s needs and the state s requirements for

More information

BYOD. Transformation. Joe Leonard Director, Secure Networks. April 3, 2013

BYOD. Transformation. Joe Leonard Director, Secure Networks. April 3, 2013 BYOD Transformation April 3, 2013 Joe Leonard Director, Secure Networks Agenda Joe Leonard Introduction CIO Top 10 Tech Priorities What is BYOD? BYOD Trends BYOD Threats Security Best Practices HIPAA Security

More information

CIS Controls Measures and Metrics for Version 7

CIS Controls Measures and Metrics for Version 7 Level One Level Two Level Three Level Four Level Five Level Six 1.1 Utilize an Active Discovery Tool Utilize an active discovery tool to identify devices connected to the organization's network and update

More information

University of Alabama at Birmingham MINIMUM SECURITY FOR COMPUTING DEVICES RULE July 2017

University of Alabama at Birmingham MINIMUM SECURITY FOR COMPUTING DEVICES RULE July 2017 University of Alabama at Birmingham MINIMUM SECURITY FOR COMPUTING DEVICES RULE July 2017 Related Policies, Procedures, and Resources UAB Acceptable Use Policy, UAB Protection and Security Policy, UAB

More information

RSA NetWitness Suite Respond in Minutes, Not Months

RSA NetWitness Suite Respond in Minutes, Not Months RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations

More information

Vulnerability Management Policy

Vulnerability Management Policy Vulnerability Management Policy Document Type: Policy (PLCY) Endorsed By: Information Technology Policy Committee Date: 4/29/2011 Promulgated By: Chancellor Herzog Date: 6/16/2011 I. Introduction IT resources

More information

CNIT 50: Network Security Monitoring. 9 NSM Operations

CNIT 50: Network Security Monitoring. 9 NSM Operations CNIT 50: Network Security Monitoring 9 NSM Operations Topics The Enterprise Security Cycle Collection, Analysis, Escalation, and Resolution Remediation Introduction Methodology is more important than tools

More information

Standard for Security of Information Technology Resources

Standard for Security of Information Technology Resources MARSHALL UNIVERSITY INFORMATION TECHNOLOGY COUNCIL Standard ITP-44 Standard for Security of Information Technology Resources 1 General Information: Marshall University expects all individuals using information

More information

CIS Controls Measures and Metrics for Version 7

CIS Controls Measures and Metrics for Version 7 Level 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.3 Use DHCP Logging to Update Asset Inventory 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information

More information

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options Agenda Why we need a new approach to endpoint security Introducing Sophos Intercept X Demonstration / Feature Walk Through Deployment Options Q & A 2 Endpoint Security has reached a Tipping Point Attacks

More information

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches

More information

CYBERSECURITY RISK LOWERING CHECKLIST

CYBERSECURITY RISK LOWERING CHECKLIST CYBERSECURITY RISK LOWERING CHECKLIST The risks from cybersecurity attacks, whether external or internal, continue to grow. Leaders must make thoughtful and informed decisions as to the level of risk they

More information

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture About this Course This course will best position your organization to analyse threats and detect anomalies that could indicate cybercriminal behaviour. The payoff for this new proactive approach would

More information

Cyber Hygiene: A Baseline Set of Practices

Cyber Hygiene: A Baseline Set of Practices [DISTRIBUTION STATEMENT A] Approved for public Cyber Hygiene: A Baseline Set of Practices Matt Trevors Charles M. Wallen Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Copyright

More information

VIVOTEK. Security Hardening Guide

VIVOTEK. Security Hardening Guide VIVOTEK Security Hardening Guide Version 1.0 2018 VIVOTEK Inc., All rights reserved. 1 January 01, 2018 About this Document The intended use of this guide is to harden devices and also provide collateral

More information

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS Digital Forensics Readiness: PREPARE BEFORE AN INCIDENT HAPPENS 2 Digital Forensics Readiness The idea that all networks can be compromised

More information

PROTECTING INFORMATION ASSETS NETWORK SECURITY

PROTECTING INFORMATION ASSETS NETWORK SECURITY PROTECTING INFORMATION ASSETS NETWORK SECURITY PAUL SMITH 20 years of IT experience (desktop, servers, networks, firewalls.) 17 years of engineering in enterprise scaled networks 10+ years in Network Security

More information

Help Your Security Team Sleep at Night

Help Your Security Team Sleep at Night White Paper Help Your Security Team Sleep at Night Chief Information Security Officers (CSOs) and their information security teams are paid to be suspicious of everything and everyone who might just might

More information

Information Security Controls Policy

Information Security Controls Policy Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January

More information

Exposing The Misuse of The Foundation of Online Security

Exposing The Misuse of The Foundation of Online Security Exposing The Misuse of The Foundation of Online Security HLA ID: 90FZSBZFZSB 56BVCXVBVCK 23YSLUSYSLI 01GATCAGATC Cyber space is very similar to organic realm Keys & certificates are like HLA tags But,

More information

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO INFORMATION SECURITY PAINS CISO RESPONSIBILITY WITHOUT AUTHORITY INVENTORY TO MANAGE ALERTS WITHOUT MEANING ASSETS SPREAD ACROSS

More information

CISO as Change Agent: Getting to Yes

CISO as Change Agent: Getting to Yes SESSION ID: CXO-W02F CISO as Change Agent: Getting to Yes Frank Kim Chief Information Security Officer SANS Institute @fykim Outline Catch the Culture Shape the Strategy Build the Business Case 2 #1 Catch

More information

The Future Is SECURITY THAT MAKES A DIFFERENCE. Implementing the 20 Critical Controls

The Future Is SECURITY THAT MAKES A DIFFERENCE. Implementing the 20 Critical Controls The Future Is SECURITY THAT MAKES A DIFFERENCE Implementing the 20 Critical Controls Introduction Security is an evolution! Understanding the benefit and know how to implement the 20 critical controls

More information

CND Exam Blueprint v2.0

CND Exam Blueprint v2.0 EC-Council C ND Certified Network Defende r CND Exam Blueprint v2.0 CND Exam Blueprint v2.0 1 Domains Objectives Weightage Number of Questions 1. Computer Network and Defense Fundamentals Understanding

More information

2015 HFMA What Healthcare Can Learn from the Banking Industry

2015 HFMA What Healthcare Can Learn from the Banking Industry 2015 HFMA What Healthcare Can Learn from the Banking Industry Agenda Introduction- Background and Experience Healthcare vs. Banking The Results OCR Audit Results Healthcare vs. Banking The Theories Practical

More information

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security Cybersecurity What Companies are Doing & How to Evaluate Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security Learning Objectives At the end of this presentation, you will be able to: Explain the

More information

Juniper Vendor Security Requirements

Juniper Vendor Security Requirements Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks

More information

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018 Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security BRANDEIS UNIVERSITY PROFESSOR ERICH SCHUMANN MAY 2018 1 Chinese military strategist Sun Tzu: Benchmark If you know your

More information

Reinvent Your 2013 Security Management Strategy

Reinvent Your 2013 Security Management Strategy Reinvent Your 2013 Security Management Strategy Laurent Boutet 18 septembre 2013 Phone:+33 6 25 34 12 01 Email:laurent.boutet@skyboxsecurity.com www.skyboxsecurity.com What are Your Key Objectives for

More information

Back to Basics: Basic CIS Controls

Back to Basics: Basic CIS Controls Back to Basics: Basic CIS Controls Chad Waddell Enterprise Consultant Center for Internet Security 2 https://www.cisecurity.org/ Non-profit organization founded in 2000 Employs closed crowdsourcing model

More information