Designing and Building a Cybersecurity Program
|
|
- Griffin Payne
- 5 years ago
- Views:
Transcription
1 Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016
2 Designing & Building a Cybersecurity Program Agenda Part 1: The Threat Situation Part 2: The Risk Equation Part 3: Protecting the Assets Part 4: The Program Deliverables 2
3 Part 1: The Threat Situation 3
4 Data is the New Oil 4
5 The Problem: Data is Ever ywhere Growing attack surface Consumerization of IT Public, private, hybrid cloud Mobile applications Privileged accounts Internet of Things. 5
6 The Challenges: Business, Technology, Compliance, Skills The Key Business Challenges The Key Technology Challenges Legal, Regulatory, Compliance Challenges The Key Workforce Challenges 7 6
7 The Possible Consequences Cyber Attacks Could Put Humans and Infrastructure at Risk 7
8 We have executive attention.. Now What? 8
9 The UMASS Cybersecurity Program Approach 1 The Asset Inventory Network Diagrams / Data Flow Diagrams Asset Inventory, Configuration, Vulnerabilities Endpoints Devices Data Center Systems (Servers, Databases) Network Devices Key Business Applications Confidential Data Inventory List of Users with Administrative Accounts X The Security Technologies 2 Network Technologies Firewalls, IPS, URL Filtering, Wireless, NAC Vulnerability Management Directory Service Endpoint / Server / Database Technologies Hardware / Software / Configuration Management Security Incident & Event Management (SIEM) Anti-Virus, Data Loss Protection, etc. Application Security Web App Scanning, Web App Firewall 3 Industry Standard Controls 4 Current & Target Security Profile Current Profile Target Score Roadmap Target Profile Target Score Score Score Critical Security Controls Critical Security Controls 9
10 Part 2: The Risk Equation 10
11 Calculating Risk Managed Assets Unmanaged Assets Risk = Threats X Vulnerabilities X Asset Value + Threats X Vulnerabilities X Asset Value Strong Controls Weak Controls How do we calculate risk? Risk is based on the likelihood and impact of a cyber-security incident or data breach Threats involve the potential attack against IT resources and information assets Vulnerabilities are weaknesses of IT resources and information that could be exploited by a threat Asset Value is based on criticality of IT resources and information assets Controls are safeguards that protect IT resources and information assets against threats and/or vulnerabilities Managed assets = strong controls; unmanaged assets = weak controls 11
12 Unmanaged vs. Managed Assets Our Unmanaged Assets ARE NOT protected Our Managed Assets ARE protected Our unmanaged assets There are undetected problems not seen, not reported Our unmanaged assets become easy targets Which lead to a breach from missing or ineffective controls Our managed assets We need to understand why security breaches occur And the steps to take to prevent them And build a portfolio of managed assets 12
13 The Asset Families The Networks Family The Systems Family Switches, routers, firewalls, etc. The Applications Family Endpoints, mobile, workstations, servers, etc. The Critical Assets Privileged User Access Critical Information Assets Applications, databases, etc. 13
14 The NIST Cybersecurity Framework Functions IDENTIFY Framework Core Categories Subcategories Informative References Control-1 Control-2 Control-3 Framework Tiers Tier 1: Partial Ad hoc risk management Limited cybersecurity risk awareness Low external participation Weak Controls Current Profile Framework Profile Current state of alignment between core elements and organizational requirements, risk tolerance, & resources Where am I today relative to the Framework? PROTECT Control-4 Control-5 Control-6 Control-7 Tier 2: Risk Informed Some risk management practices Increased awareness, no program Informal external participation Roadmap Control-8 Control-9 DETECT RESPOND Control-10 Control-11 Control-12 Control-13 Control-14 Control-15 Tier 3: Repeatable Formalized risk management Organization-wide program Receives external partner info Strong Controls Target Profile Desired state of alignment between core elements and organizational requirements, risk tolerance, & resources RECOVER Control-16 Control-17 Control-18 Control-19 Tier 4: Adaptive Adaptive risk management practice Cultural, risk-informed program Actively shares information Where do I aspire to be relative to the Framework? Control-20 14
15 The Critical Security Controls The 20 Critical Security Controls CSC 1.0 CSC 2.0 CSC 3.0 CSC 4.0 CSC 5.0 Inventory of Authorized & Unauthorized Devices Inventory of Authorized & Unauthorized Software Secure Configurations for Mobile Devices, Laptops, Workstations, and Servers Continuous Vulnerability Assessment & Remediation Controlled Use of Administration Privileges (6 Controls) (4 Controls) (7 Controls) (8 Controls) (9 Controls) CSC 6.0 CSC 7.0 CSC 8.0 CSC 9.0 CSC 10.0 Maintenance, Monitoring & Analysis of Audit Logs & Web Browser Protection Malware Defenses Limitation and Control of Network Ports, Protocols, Services Data Recovery Capability (6 Controls) (8 Controls) (6 Controls) (6 Controls) (4 Controls) CSC 11.0 CSC 12.0 CSC 13.0 CSC 14.0 CSC 15.0 Secure Configurations for Network Devices (Firewalls, Routers, Switches) Boundary Defense Data Protection Controlled Access Based on the Need to Know Wireless Access Control (7 Controls) (10 Controls) (9 Controls) (7 Controls) (9 Controls) CSC 16.0 CSC 17.0 CSC 18.0 CSC 19.0 CSC 20.0 Account Monitoring & Control Security Skills Assessment & Training to Fill Gaps Application Software Security Incident Response and Management Penetration Tests and Red Team Exercises (14 Controls) (5 Controls) (9 Controls) (7 Controls) (8 Controls) 15
16 How the Controls Work (Part 1) They map to the Assets Security Technology Algorithms Managed Assets CSC 1: Inventory of Authorized and Unauthorized Devices CSC 2: Inventory of Authorized and Unauthorized Software Algorithms Security Technology Managed Assets CSC 3: Secure Configuration of Endpoints, Servers, Workstations CSC 4: Continuous Vulnerability Assessment and Remediation 16
17 How the Controls Work (Part 2) They map to the Framework Cybersecurity Framework (CSF) Core CIS Critical Security Controls (V 6.0) Asset Family IDENTIFY PROTECT DETECT RESPOND RECOVER CSC-01: Inventory of Authorized and Unauthorized Devices Systems AM CSC-02: Inventory of Authorized and Unauthorized Software Systems AM CSC-03: Secure Configuration of Endpoints, Servers, etc. Systems IP CSC-04: Continuous Vulnerability Assessment and Remediation Systems RA CM MI CSC-05: Controlled Use of Administrative Privileges Systems AC CSC-06: Maintenance, Monitoring and analysis of Audit Logs Systems AE AN CSC-07: and Web Browser Protections Systems PT CSC-08: Malware Defenses Systems PT CM CSC-09: Limitation and Control of Ports, Protocols, Services Systems IP CSC-10: Data Recovery Capability Systems RP CSC-11: Secure Configuration of Network Devices Networks IP CSC-12: Boundary Defense Networks DP CSC-13: Data Protection Applications DS CSC-14: Controlled Access Based on Need to Know Networks AC CSC-15: Wireless Access Control Networks AC CSC-16: Account Monitoring and Control Applications AC CM CSC-17: Security Skills Assessment and Appropriate Training Applications AT CSC-18: Application Software Security Applications IP CSC-19: Incident Response and Management Applications AE RP CSC-20: Penetration Tests and Red Team Exercises Applications IM IM 17
18 Part 3: Protecting the Assets 18
19 Today s Cybersecurity Programs Are Closed or Proprietary The Cisco Cybersecurity Framework The Oracle Cybersecurity Framework EY s Cyber Program Management (CPM) Framework Deloitte Cyber Risk Management Strategy Cyber Risk as a Strategic Issue Develop Policies and Frameworks Secure Vigilant Resilient Spread Awareness and Education Invest in Effective Implementation 19
20 The UMASS Cybersecurity Program Is Open and Freely Available The Controls Factory 3 4 Input Unmanaged Assets 2 Output Managed Assets P1: System Family P2: Network Family P3: Applications Family P4: Crown Jewels 5 P1: System Family P2: Network Family P3: Applications Family P4: Crown Jewels Threat Office: Threats, Vulnerabilities, IOCs, Attack Chain, Threat & Attack Risk Vectors 2. Design Center: Internal Controls, Controls Framework, Controls Standards 3. Technology Center: Design Guides, Build Guides, Run Guides 4. Monitoring Center: Asset / Configuration Monitoring, Netflow / Packet Monitoring, Syslog / Event Monitoring 5. Testing Center : Controls / Risk Assessment, Technology / Services Assessment, Operations Assessment 6. Risk Office: Cybersecurity Program, Policy & Training, Program Deliverables / Roadmap / Communications 20
21 The Functional Requirements Inside the Controls Factory 1. Threats Exposure Input Unmanaged Assets 2. Controls Safeguards 1 st Line of Defense 3. Technology Algorithms 2 nd Line of Defense Output Managed Assets P1: System Family P2: Network Family P3: Applications Family P4: Crown Jewels 4. Monitoring Visibility 5. Testing Assurance 3 rd Line of Defense 4 th Line of Defense P1: System Family P2: Network Family P3: Applications Family P4: Crown Jewels 6. Risk Management 1 Threat Office: Threats, Vulnerabilities, IOCs, Attack Chain, Threat & Attack Risk Vectors 2. Design Center: Internal Controls, Controls Framework, Controls Standards 3. Technology Center: Design Guides, Build Guides, Run Guides 4. Monitoring Center: Asset / Configuration Monitoring, Netflow / Packet Monitoring, Syslog / Event Monitoring 5. Testing Center : Controls / Risk Assessment, Technology / Services Assessment, Operations Assessment 6. Risk Office: Cybersecurity Program, Policy & Training, Program Deliverables / Roadmap / Communications 21
22 The Technical Requirements Inside the Controls Factory The Design, Build, Run, Test Area Intel Qualys Palo Alto Dell Kace Bit9 Microsoft HP Input Output Unmanaged Assets Unmanaged Endpoints Unmanaged Servers Unmanaged Networks Managed Assets P1: System Family P2: Network Family P3: Applications Family P4: Crown Jewels CheckPoint Oracle Tenable Cisco EiQ Veracode IBM P1: System Family P2: Network Family P3: Applications Family P4: Crown Jewels Design Center Technology Center Monitoring Center Testing Center 1 Threat Office: Threats, Vulnerabilities, IOCs, Attack Chain, Threat & Attack Risk Vectors 2. Design Center: Internal Controls, Controls Framework, Controls Standards 3. Technology Center: Design Guides, Build Guides, Run Guides 4. Monitoring Center: Asset / Configuration Monitoring, Netflow / Packet Monitoring, Syslog / Event Monitoring 5. Testing Center : Controls / Risk Assessment, Technology / Services Assessment, Operations Assessment 6. Risk Office: Cybersecurity Program, Policy & Training, Program Deliverables / Roadmap / Communications 22
23 The UMASS Controls Factory Model The Current Profile (Before the Factory) The Target Profile (After the Factory) The Threat Area The Design, Build, Run, Test Area The Risk Area Threats, Vulnerabilities, IOCs Internal Controls Process Design Guides Asset, Software, Configuration Monitoring Controls & Risk Assessment The Risk Management Practice Input Unmanaged Assets Actionable Threat Intelligence Controls Framework Build Guides Threat, Vulnerability, IOC Monitoring Technology & Services Assessment Policy, Training & Awareness Output Managed Assets The Cyber Attack Chain Controls Standards Run Guides Netflow, Packet, Security Event Monitoring Operations Assessment Deliverables, Communication, Roadmap Threat Office Design Center Technology Center Monitoring Center Testing Center Risk Office 23
24 The Threat Office Threats, Vulnerabilities, IOCs Actionable Threat Intelligence BitSight Threat Categories The Cyber Attack Chain Mapping Threats to the Asset Families Networks Systems Applications Critical Assets 24
25 The Design Center Internal Controls Process The Controls Framework The Controls Standards Mapping Controls to the Asset Families Networks Systems Applications Critical Assets 25
26 The Technology Center Design Guides Build Guides Cybersecurity Technology Design Guide Cybersecurity Technology Build Guide Run Guides Mapping Technology Solutions to the Asset Families Cybersecurity Technology Run Guide Networks Systems Applications Critical Assets 26
27 The Monitoring Center Asset, Software, Configuration Monitoring Threats, Vulnerabilities, IOC Monitoring T Netflow, Packet, Security Event Monitoring E Mapping Cybersecurity Operations to the Asset Families Networks Systems Applications Critical Assets 27
28 The Testing Center Controls / Risk Assessments Technology Assessments Operations Assessments Mapping Cybersecurity Testing to the Asset Groups Networks Systems Black Box Testing Applications Gray Box Testing Penetration Testing Methodology White Box Testing Critical Assets 28
29 The Risk Office Cyber Risk Practice The Security Policies Program Deliverables, Communications & Roadmap Mapping Cyber Risk Practices to Asset Families Networks Systems Applications Critical Assets 29
30 Part 4: The Program Deliverables 30
31 The Controls Factory Threat Office Design Center Technology Center Monitoring Center Testing Center Risk Office P4 Crown Jewels Program Input P3 Applications Family Program Output Unmanaged Assets P2 Networks Family Program Managed Assets P1 Systems Family Program Attack Vectors Controls Design Technology Build Operations Run QA Test Risk Management (1 st Line Defense) (2 nd Line Defense) (3 rd Line Defense) (4 th Line Defense) 31
32 P1: The Systems Security Program 1. The Assets 2. The Controls 3. The Technical Solutions 4. The Monitoring 5. The Testing 6. The Risk Office 32
33 P2: The Network Security Program 1. The Assets 2. The Controls 3. The Technical Solutions 4. The Monitoring 5. The Testing 6. The Risk Office 33
34 P3: The Applications Security Program 1. The Assets 2. The Controls 3. The Technical Solutions 4. The Monitoring 5. The Testing 6. The Risk Office 34
35 P4: The Crown Jewels Program 1. The Assets 2. The Controls 3. The Technical Solutions 4. The Monitoring 5. The Testing 6. The Risk Office 35
36 The Program Mapping Unmanaged Asset Groups Before the Attack During the Attack After the Attack Cyber Attack Chain NIST Controls Framework Identify Protect Detect Respond Recover Controls Standards Management Controls (ISO 27001:2013) Operations Controls (ISO 27001:2013) Technical Controls (Council on Cyber-security CSC) Technologies & Services Continuous Monitoring Asset, Software, Configuration Monitoring Threat & Vulnerability Monitoring Netflow, Packet, Event Monitoring Assessments & Testing Controls / Risk Assessment Technology / Services Assessment Operations Assessment Managed Asset Groups Managed Systems Family Managed Networks Family Managed Applications Family Managed Crown Jewels 36
37 The Maturity Scorecard The Current Profile P1: Systems Security Program P2: Network Security Program P3: Application Security Program 100% Controls Maturity 75% Target Score = 75%? 50% 25% 0% Critical Security Controls Note: Target Score (by control) and implementation timeline (by control) to be determined 37
38 The Program Roadmap Priority Summary of Findings / Recommendations Critical Security Control Mapping Implementation Start 1 Review / update as needed network architecture based on Palo Alto recommendation CSC-12: Boundary Defense Q1, Fully utilize Endpoint Management, SIEM, Vulnerability Scanner to establish device inventory, software inventory, standard device configurations. Implement 2F authentication, jump box, and a Log Management program (SIEM) for privileged accounts Consider purchasing a SIEM or subscribing to Managed Security Monitoring Services for device monitoring. CSC-01: Inventory of Authorized and Unauthorized Devices CSC-02: Inventory of Authorized and Unauthorized Software CSC-03: Secure Configuration of Endpoints, Servers, etc. CSC-05: Controlled Use of Administrative Privileges CSC-06: Maintenance, Monitoring and analysis of Audit Logs CSC-11: Secure Configuration of Network Devices Q2, Use DLP Solution to locate, classify, manage, remove PII and critical business data CSC-13: Data Protection Q2, Implement a Threat and Vulnerability Management program, a Log Management program (SIEM) Block known C2 domains via DNS restrictions (NextGen FW) Implement malicious URL filtering (NextGen FW) Limit use of ports, protocols and services to only those that are necessary (Port Scanning) CSC-04: Continuous Vulnerability Assessment & Remediation CSC-08: Malware Defenses CSC-09: Limitation and Control of Ports, Protocols, Services Q4, Implement formal Security Awareness and Security Skills Assessment Program CSC-17: Security Skills Assessment and Appropriate Training Q4, Establish, document, implement, maintain Incident Response & Forensics Program CSC-19: Incident Response and Management Q4,
39 UMASS Cybersecurity Services No. Cybersecurity Service Service Description 1 Threat and Vulnerability Management Practice Provide our customers with the latest threat and vulnerability intelligence information through collaboration and sharing with our service partners. 2 Cybersecurity Program Design and Build Service Help our customers design, implement and maintain their cybersecurity program based on the NIST Cybersecurity Framework and 20 Critical Security Controls. 3 Cybersecurity Operations and Incident Response Service Provide 24x7 continuous security monitoring, alerting and escalation; ensuring incidents are detected, investigated, communicated, remediated and reported. 4 Cybersecurity Risk Management Practice TBD To Be Defined. Possibly based on the DHS Cyber Resilience Review 5 Cybersecurity Education, Training, Awareness Includes CAE-2Y, CAE-4Y, CAE-R, Industry Certification training (work with ISACA and ISC2), Designing and Building a Cybersecurity Program based on the NIST Framework, Cybersecurity Awareness and Skills Training. 6 Sponsored Projects, Testing, Student Internships Sponsored projects from ACSC members and other industry partners defined and delivered through a Statement of Work (SOW). Using University security lab services, delivered and managed by students internships under supervision of the University President s Office and campus IT departments. 39
K12 Cybersecurity Roadmap
K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the
More informationISE North America Leadership Summit and Awards
ISE North America Leadership Summit and Awards November 6-7, 2013 Presentation Title: Presenter: Presenter Title: Company Name: Embracing Cyber Security for Top-to-Bottom Results Larry Wilson Chief Information
More informationAutomating the Top 20 CIS Critical Security Controls
20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises
More informationCyberSecurity: Top 20 Controls
CyberSecurity: Top 20 Controls ISACA Kampala Chapter CPD Event - 30 March 2017 By Bernard Wanyama - CISA, CGEIT, CRISC, CISM Assume breach.. The CIS Top 20 Critical Security Controls CIS, SANS, NSA and
More informationMay 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations
May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationCyber Protections: First Step, Risk Assessment
Cyber Protections: First Step, Risk Assessment Presentation to: Presented to: Mark LaVigne, Deputy Director NYSAC November 21, 2017 500 Avery Lane Rome, NY 13441 315.338.5818 www.nystec.com In this presentation
More informationPutting the 20 Critical Controls into Action: Real World Use Cases. Lawrence Wilson, UMass, CSO Wolfgang Kandek, Qualys, CTO
Putting the 20 Critical Controls into Action: Real World Use Cases Lawrence Wilson, UMass, CSO Wolfgang Kandek, Qualys, CTO Critical Controls Summit, DC August 12, 2013 Agenda Security Program at UMass
More informationCISO as Change Agent: Getting to Yes
SESSION ID: CXO-W02F CISO as Change Agent: Getting to Yes Frank Kim Chief Information Security Officer SANS Institute @fykim Outline Catch the Culture Shape the Strategy Build the Business Case 2 #1 Catch
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationSneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security
Sneak Peak at CIS Critical Security Controls V 7 Release Date: March 2018 2017 Presented by Kelli Tarala Principal Consultant Enclave Security 2 Standards and Frameworks 3 Information Assurance Frameworks
More informationCYBERSECURITY MATURITY ASSESSMENT
CYBERSECURITY MATURITY ASSESSMENT ANTICIPATE. IMPROVE. PREPARE. The CrowdStrike Cybersecurity Maturity Assessment (CSMA) is unique in the security assessment arena. Rather than focusing solely on compliance
More informationSANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045
Critical Security Control Solution Brief Version 6 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable,
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationNISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions
NISTCSF.COM NIST Cybersecurity Framework (NCSF) Workforce Development Solutions AGENDA The Cybersecurity Threat Landscape The Cybersecurity Challenge NIST Cybersecurity Framework NICE Cybersecurity Workforce
More informationNISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions
NISTCSF.COM NIST Cybersecurity Framework (NCSF) Workforce Development Solutions AGENDA The Cybersecurity Threat Landscape The Cybersecurity Challenge NIST Cybersecurity Framework NICE Cybersecurity Workforce
More informationSurprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS
Surprisingly Successful: What Really Works in Cyber Defense John Pescatore, SANS 1 Largest Breach Ever 2 The Business Impact Equation All CEOs know stuff happens in business and in security The goal is
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationEvaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure
Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT
More informationDFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com
DFARS Compliance SLAIT Consulting SECURITY SERVICES Mike D Arezzo Director of Security Services Introduction 18+ year career in Information Technology and Security General Electric (GE) as Software Governance
More informationTIPS FOR AUDITING CYBERSECURITY
TIPS FOR AUDITING CYBERSECURITY Dr. Vilius Benetis, ISACA Lithuania Chapter, NRD CS 18 October 2016 TODAY S SPEAKER Dr. Vilius Benetis Cybersecurity Practice Leader Norway Registers Development (NRD Cybersecurity)
More informationWHO AM I? Been working in IT Security since 1992
(C) MARCHANY 2011 1 WHO AM I? Been working in IT Security since 1992 CISO at VA Tech 35+K node network. dual stack IPV4, IPV6 network since 2006 Multi-national Main campus (Blacksburg, VA), Remote campuses
More informationCybersecurity Today Avoid Becoming a News Headline
Cybersecurity Today 2017 Avoid Becoming a News Headline Topics Making News Notable Incidents Current State of Affairs Common Points of Failure Three Quick Wins How to Prepare for and Respond to Cybersecurity
More informationBoston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018
Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security BRANDEIS UNIVERSITY PROFESSOR ERICH SCHUMANN MAY 2018 1 Chinese military strategist Sun Tzu: Benchmark If you know your
More informationCybersecurity Threat Modeling ISACA Atlanta Chapter Geek Week Conference
www.pwc.com 2016 ISACA Atlanta Chapter Geek Week Conference Highlights from surveys 38% Amount of security incidents In 2015, 38% more security incidents were detected than in 2014. $4.9M Cost of security
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationAligning with the Critical Security Controls to Achieve Quick Security Wins
Aligning with the Critical Security Controls to Achieve Quick Security Wins Background The Council on CyberSecurity s Critical Security Controls for Effective Cyber Defense provide guidance on easy wins
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationChallenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9
HAWK Overview Agenda Contents Slide Challenges 3 HAWK Introduction 4 Key Benefits 6 About Gavin Technologies 7 Our Security Practice 8 Security Services Approach 9 Why Gavin Technologies 10 Key Clients
More informationInternet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin
Internet of Things Internet of Everything Presented By: Louis McNeil Tom Costin Agenda Session Topics What is the IoT (Internet of Things) Key characteristics & components of the IoT Top 10 IoT Risks OWASP
More informationTop 20 Critical Security Controls (CSC) for Effective Cyber Defense. Christian Espinosa Alpine Security
Top 20 Critical Security Controls (CSC) for Effective Cyber Defense Christian Espinosa Alpine Security christian.espinosa@alpinesecurity.com Background Christian Espinosa christian.espinosa@alpinesecurity.com
More informationBuilding a Resilient Security Posture for Effective Breach Prevention
SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationLes joies et les peines de la transformation numérique
Les joies et les peines de la transformation numérique Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA Professor, Solvay Brussels School of Economics and Management Academic Director, IT Management Education
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More informationCyber Security Technologies
1 / Cyber Security Technologies International Seminar on Cyber Security: An Action to Establish the National Cyber Security Center Lisbon, 12 th September 2013 23 / Key highlights - Thales Group Thales
More informationBuilding Secure Systems
Building Secure Systems Antony Selim, CISSP, P.E. Cyber Security and Enterprise Security Architecture 13 November 2015 Copyright 2015 Raytheon Company. All rights reserved. Customer Success Is Our Mission
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationMike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS
Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS Can You Answer These Questions? 1 What s my company s exposure to the latest industrial cyber threat? Are my plants
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationFFIEC Cyber Security Assessment Tool. Overview and Key Considerations
FFIEC Cyber Security Assessment Tool Overview and Key Considerations Overview of FFIEC Cybersecurity Assessment Tool Agenda Overview of assessment tool Review inherent risk profile categories Review domain
More informationNCSF-CFM Practitioner Syllabus
NCSF-CFM Practitioner Syllabus Based on NIST-CSF 1.1 itsm910 NCSF Practitioner Syllabus Version 1.1 January 2018 Page 1 Page 2 Publisher itsm Solution Publishing, LLC 742 Mink Ave. #135 Murrells Inlet,
More informationCybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security
Cybersecurity What Companies are Doing & How to Evaluate Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security Learning Objectives At the end of this presentation, you will be able to: Explain the
More informationAssurance through the ISO27002 Standard and the US NIST Cybersecurity Framework. Keith Price Principal Consultant
Assurance through the ISO27002 Standard and the US NIST Cybersecurity Framework Keith Price Principal Consultant 1 About About me - Specialise in cybersecurity strategy, architecture, and assessment -
More informationCYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO
CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO INFORMATION SECURITY PAINS CISO RESPONSIBILITY WITHOUT AUTHORITY INVENTORY TO MANAGE ALERTS WITHOUT MEANING ASSETS SPREAD ACROSS
More informationNebraska CERT Conference
Nebraska CERT Conference Security Methodology / Incident Response Patrick Hanrion Security Center of Excellence Sr. Security Consultant Agenda Security Methodology Security Enabled Business Framework methodology
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationHow to Develop Key Performance Indicators for Security
SESSION ID: How to Develop Key Performance Indicators for Security James Tarala Principal and Senior Instructor Enclave Security / The SANS Institute @isaudit Laying a Foundation For metrics to be effective,
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationA Controls Factory Approach To Operationalizing a Cyber Security Program Based on the NIST Cybersecurity Framework
A Controls Factory Approach To Operationalizing a Cyber Security Program Based on the NIST Cybersecurity Framework Prepared by: Larry Wilson lwilson@umassp.edu Chief Information Security Officer University
More informationalign security instill confidence
align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationMapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective
Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better
More informationCritical Hygiene for Preventing Major Breaches
SESSION ID: CXO-F02 Critical Hygiene for Preventing Major Breaches Jonathan Trull Microsoft Enterprise Cybersecurity Group @jonathantrull Tony Sager Center for Internet Security @CISecurity Mark Simos
More informationHow Breaches Really Happen
How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability
More informationA Measurement Companion to the CIS Critical Security Controls (Version 6) October
A Measurement Companion to the CIS Critical Security Controls (Version 6) October 2015 1 A Measurement Companion to the CIS Critical Security Controls (Version 6) Introduction... 3 Description... 4 CIS
More informationGujarat Forensic Sciences University
Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationChanging the Game: An HPR Approach to Cyber CRM007
Speakers: Changing the Game: An HPR Approach to Cyber CRM007 Michal Gnatek, Senior Vice President, Marsh & McLennan Karen Miller, Sr. Treasury & Risk Manager, FireEye, Inc. Learning Objectives At the end
More informationNIST Special Publication
DATASHEET NIST Special Publication 800-53 Security and Privacy Controls for Federal Information Systems and Organizations Mapping for Carbon Black BACKGROUND The National Institute of Standards and Technology
More informationNEN The Education Network
NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected
More informationWhat It Takes to be a CISO in 2017
What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge
More informationStop Threats Before They Stop You
Stop Threats Before They Stop You Gain visibility and control as you speed time to containment of infected endpoints Andrew Peters, Sr. Manager, Security Technology Group Agenda Situation System Parts
More information2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager
2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager NIST Cybersecurity Framework (CSF) Executive Order 13636 Improving Critical Infrastructure Cybersecurity tasked the National
More informationCyber Resilience - Protecting your Business 1
Cyber Resilience - Protecting your Business 1 2 Cyber Resilience - Protecting your Business Cyber Resilience - Protecting your Business 1 2 Cyber Resilience - Protecting your Business Cyber Resilience
More informationSOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)
SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) Adaptive Cybersecurity at the Speed of Your Business Attackers Evolve. Risk is in Constant Fluctuation. Security is a Never-ending Cycle.
More informationISACA Arizona May 2016 Chapter Meeting
ISACA Arizona May 2016 Chapter Meeting Suzanne Farr / Carlos A. Villalba Agenda Introduction Preliminary questions CCM Preliminaries Definition Benefits Challenges Beyond Templates Questions 1 Background
More informationCyber Hygiene: A Baseline Set of Practices
[DISTRIBUTION STATEMENT A] Approved for public Cyber Hygiene: A Baseline Set of Practices Matt Trevors Charles M. Wallen Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Copyright
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationCompTIA CSA+ Cybersecurity Analyst
CompTIA CSA+ Cybersecurity Analyst Duration: 5 Days Course Code: Target Audience: The CompTIA Cybersecurity Analyst (CSA+) examination is designed for IT security analysts, vulnerability analysts, or threat
More informationNCSF-CFM Practitioner Syllabus
NCSF-CFM Practitioner Syllabus Based on NIST-CSF 1.1 itsm910 NCSF Practitioner Syllabus Version 1.1 January 2018 P a g e 1 P a g e 2 Publisher itsm Solution Publishing, LLC 742 Mink Ave. #135 Murrells
More informationGDPR Update and ENISA guidelines
GDPR Update and ENISA guidelines 2016 [Type text] There are two topics that should be uppermost in every CISO's mind, how to address the growing demand for Unified Communications (UC) and how to ensure
More informationA Controls Factory Approach To Building a Cyber Security Program Based on the NIST Cybersecurity Framework (NCSF)
A Controls Factory Approach To Building a Cyber Security Program Based on the NIST Cybersecurity Framework (NCSF) Prepared by: Larry Wilson lwilson@umassp.edu Chief Information Security Officer University
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationUsing Metrics to Gain Management Support for Cyber Security Initiatives
Using Metrics to Gain Management Support for Cyber Security Initiatives Craig Schumacher Chief Information Security Officer Idaho Transportation Dept. January 2016 Why Metrics Based on NIST Framework?
More informationInfoSec Risks from the Front Lines
InfoSec Risks from the Front Lines Adam Brand, Protiviti Orange County IIA Seminar Who I Am Adam Brand IT Security Services Some Incident Response Experience Lead Breach Detection Audits @adamrbrand Who
More informationAn Aflac Case Study: Moving a Security Program from Defense to Offense
SESSION ID: TTA-F02 An Aflac Case Study: Moving a Security Program from Defense to Offense Tim Callahan SVP & Global Chief Security Officer Aflac Threat Landscape Security risks are growing at a faster
More informationInstitute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI
Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI #IIACHI WWW.FACEBOOK.COM/IIACHICAGO HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977 1 CAE Communications and Common Audit Committee
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationTackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud
Tackling Cybersecurity with Data Analytics Identifying and combatting cyber fraud San Antonio IIA iheartaudit Conference February 24, 2017 What We ll Cover + Current threat landscape + Common security
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationLESSONS LEARNED IN SMART GRID CYBER SECURITY
LESSONS LEARNED IN SMART GRID CYBER SECURITY Lynda McGhie CISSP, CISM, CGEIT Quanta Technology Executive Advisor Smart Grid Cyber Security and Critical Infrastructure Protection lmcghie@quanta-technology.com
More informationSirius Security Overview
Sirius Security Overview Rob Hoisington IT Security Consultant www.siriuscom.com 8/18/2017 1 Rob Hoisington IT Security Consultant - CISSP, GLEG, GCIH Robert.Hoisington@siriuscom.com - 757.675.0101 Rob
More informationCCNA Cybersecurity Operations. Program Overview
Table of Contents 1. Introduction 2. Target Audience 3. Prerequisites 4. Target Certification 5. Curriculum Description 6. Curriculum Objectives 7. Virtual Machine Requirements 8. Course Outline 9. System
More informationImplementing NIST Cybersecurity Framework Standards with BeyondTrust Solutions
TECH BRIEF Implementing NIST Cybersecurity Framework Standards with BeyondTrust Solutions Privileged Access Management & Vulnerability Management 0 Contents Cybersecurity Framework Overview... 2 The Role
More informationFrom Managed Security Services to the next evolution of CyberSoc Services
From Managed Security Services to the next evolution of CyberSoc Services Gianluca Busco Arré Country Manager pandasecurity.com MSSP / MDR Where the Industry is going leaders and laggers MSSP industry
More informationTechnology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 04/12/2017
Technology Roadmap for Managed IT and Security Michael Kirby II, Scott Yoshimura 04/12/2017 Agenda Managed IT Roadmap Operational Risk and Compliance Cybersecurity Managed Security Services 2 Managed IT
More informationEMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security
EMERGING THREATS & STRATEGIES FOR DEFENSE Paul Fletcher Cyber Security Evangelist @_PaulFletcher Threats by Customer Environment Cloud Environment On Premise Environment 1.96% 0.13% 0.02% application-attack
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationCoreMax Consulting s Cyber Security Roadmap
CoreMax Consulting s Cyber Security Roadmap What is a Cyber Security Roadmap? The CoreMax consulting cyber security unit has created a simple process to access the unique needs of each client and allows
More informationTHE ACCENTURE CYBER DEFENSE SOLUTION
THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly
More informationMake IR Effective with Risk Evaluation and Reporting
SESSION ID: AIR-R02 Make IR Effective with Risk Evaluation and Reporting Mischel Kwon President/CEO MKA Cyber @mkacyber Justin Monti Sr. VP Security Engineering MKA Cyber You ve Got an Incident Now What?
More informationForeScout Extended Module for Splunk
Enterprise Strategy Group Getting to the bigger truth. ESG Lab Review ForeScout Extended Module for Splunk Date: May 2017 Author: Tony Palmer, Senior Lab Analyst Abstract This report provides a first look
More informationCybersecurity Overview
Cybersecurity Overview DLA Energy Worldwide Energy Conference April 12, 2017 1 Enterprise Risk Management Risk Based: o Use of a risk-based approach for cyber threats with a focus on critical systems where
More informationHow do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?
Cybersecurity Due Diligence Checklist Control # Control Name Risks Questions for IT 1 Make an Benign Case: Employees Inventory of using unapproved Authorized devices without Devices appropriate security
More information