Best Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security

Transcription

1 Best Practices in Healthcare Risk Management Balancing Frameworks/Compliance and Practical Security

2 Our industry is full of jargon terms that make it difficult to understand what we are buying To accelerate the maturity of our practice, we need a common language 9/7/2017 2

3 NIST CSF Categories 9/7/2017 3

4 Our common language can be bounded by five asset classes and the NIST Cybersecurity Framework Asset Classes Operational Functions DEVICES Workstations, servers, VoIP phones, tablets, IoT, storage, network devices, infrastructure, etc. IDENTIFY Inventorying assets, measuring attack surface, baselining normal, risk profiling APPS The software, interactions, and application flows on the devices PROTECT Preventing or limiting impact, containing, hardening, managing access NETWORKS The connections and traffic flowing among devices and applications DETECT Discovering events, triggering on anomalies, hunting for intrusions DATA The information residing on, traveling through, or processed by the resources above RESPOND Acting on events, eradicating intrusion footholds, assessing damage, coordinating, reconstructing events forensically USERS The people using the resources listed above RECOVER Returning to normal operations, restoring services, documenting lessons learned 9/7/2017 4

5 Cyber Defense Matrix Devices Applications Identify Protect Detect Respond Recover Networks Users Degree of Dependency Technology Process People 9/7/2017 5

6 Left and Right of Boom Devices Identify Protect Detect Respond Recover Applications Pre-Compromise Networks Post-Compromise Users Degree of Dependency Technology People 9/7/2017 6

7 Enterprise Security Market Segments Devices Identify Protect Detect Respond Recover MDM IAM AV, HIPS Endpoint Visibility and Control / Endpoint Threat Detection & Response Applications Configuration and Systems Management App Sec (SAST, DAST, IAST, RASP), WAFs Honeypot Tools Networks Netflow Network Security (FW, IPS) IDS DDoS Mitigation Full PCAP Labeling Encryption, DLP Dark Web, Brian Krebs, FBI DRM Backup Users Phishing Awareness Insider Threat / Behavioral Analytics Phishing Simulations Degree of Dependency Technology People 9/7/2017 7

8 Can add dimensions based on asset context Threat Actors Vendors Customers Employees Enterprise Assets Devices - user workstations, servers, phones, tablets, IoT, peripherals, storage, network devices, web cameras, infrastructure devices, etc. Applications - The software, interactions, and application flows on the devices Network - The connections and traffic flowing among devices and applications - The information residing on, traveling through, or processed by the resources listed above Users The people using the resources listed above Operational Functions Identify inventorying assets, measuring attack surface, baselining normal, risk profiling Protect preventing or limiting impact, containing, hardening, managing access Detect discovering events, triggering on anomalies, hunting for intrusions Respond acting on events, eradicating intrusion footholds, assessing damage, coordinating response, reconstructing events forensically Recover returning to normal operations, restoring services, documenting lessons learned 9/7/2017 8

9 Market Dimensions Other Asset Contexts Threat Actor Assets Threat Deception Malware Sandboxes Vendor Risk Assessments Cloud Access Security Brokers Vendor Assets Customer Assets Threat Device Fingerprinting Endpoint Fraud Detection Web Fraud Detection Employee Assets Device Fingerprinting BYOD MDM BYOD MAM 9 9/7/2017 9

10 Security Technologies Mapped by Asset Class DEVICES Workstations, servers, VoIP phones, tablets, IoT, storage, network devices, infrastructure, etc. APPS The software, interactions, and application flows on the devices NETWORKS The connections and traffic flowing among devices and applications DATA The information residing on, traveling through, or processed by the resources above USERS The people using the resources listed above Disclaimer: Vendors shown are representative only. No usage or endorsement should be construed because they are shown here. 9/7/

11 Security Technologies Mapped by NIST Function IDENTIFY PROTECT Inventorying assets, measuring attack surface, baselining normal, risk profiling Preventing or limiting impact, containing, hardening, managing access Discovering events, DETECT triggering on anomalies, hunting for intrusions Acting on events, eradicating intrusion RESPOND footholds, assessing damage, coordinating, reconstructing events forensically Returning to normal RECOVER operations, restoring services, documenting lessons learned MSSPs / IR Disclaimer: Vendors shown are representative only. No usage or endorsement should be construed because they are shown here. 9/7/

12 Security Technologies by Asset Classes & NIST Function Identify Protect Detect Respond Recover Devices Applications Networks Users Disclaimer: Vendors shown are representative only. No usage or endorsement should be construed because they are shown here. Degree of Dependency Technology Process People 9/7/