So Where Do You Start?
|
|
- Alexia Watts
- 5 years ago
- Views:
Transcription
1 So Where Do You Start?
2 Chris Conley :: Moderator Steve Challans :: Presenter
3 Why the need for logging and auditing on systems Basic architecture and strategy of what should be done Compliance with Standards and Regulations Some pitfalls and failures Some examples of how do it and what do use Summary Questions
4 My name is Steve Challans. I am a security professional and have been working in IT for over 30 years and have been specialising in Information Security for the last 16 years working in senior security roles for a few security service providers. Currently I am working for Intersect Alliance International as the Chief Technology Officer. We are the creators of the Snare Server SIEM and Snare agents. Intersect Alliance was formed in 1999 by two senior security minded people that had previously worked in the Australian Defence organisations who saw a need for security event management as there was a lack of tools in the market. The company is now owned by Prophecy International head quartered in Adelaide with staff in ACT, QLD, USA and UK.
5 There are a number of things that need to be considered Cyber security risks web sites, ecommerce, billing, financial information Forensics - was I hacked, what, how, who, when Due to a lack of logging and a variety of factors, the exact timeframes on such attacks can be a bit fuzzy Verizon Data Breach report 2013 If not the most, this must be one of the most important challenges to the security industry. Prevention is crucial, and we can t lose sight of that goal. But we must accept the fact that no barrier is impenetrable, and detection/response represents an extremely critical line of defense. Let s stop treating it like a backup plan if things go wrong, and start making it a core part of the plan. Verizon Data Breach report 2013
6 It s a sad reality that most organizations that suffer a data breach don t detect it themselves, but only become aware of it when they receive notification from a law enforcement agency, the card brands, or another third party.. Verizon PCI Compliance report 2015 In the last months we have seen major data breaches Linikedin, Nintendo, E-Harmony, Target, JP Morgan, Home Depot, Kmart, Sony, Apple massive data losses
7
8 Forensics - was I hacked, what, how, who, when What level of logging do I have for my host based security solutions? What data am I logging on my network devices? Do I track all application requests? Would I know if I am vulnerable to SQL injection attacks or command injection and are they occurring? Regulations/Standards PCI DSS, ISO27001, SOX, HIPPA, FISMA, ISM/PSPF, ISMF, SANS, NIST etc DSD top35 12, 13 - Centrally store logs and keep them for at least 18 months It s a key component of the Information Security triad Confidentiality, Integrity, Availability (CIA)
9 Privacy loss of private/personal data, medical information. New data breach laws in many states and countries requires that adequate security controls are in place and that monitoring and review are in in place Logging is a key security control in all standards You don t know your ok if you cant prove it You cant fix a weakness it if you don t know what s happening Detective control you cant do anything about what you don t know Its key component of incident response and management processes
10
11 So why the need for a Security Information and Event Management (SIEM) Basic syslog collects information but lacks tools around it reporting and analysis Need to collect multiple sources Syslog Agents OS auditing, file auditing Correlation of events and information Have user SID information but who is that user? Pull this information together so its human understandable Correlate events from different sources as part of an incident Provide trending statistics this happens at this time every day
12 Have a need for forensics of activity that has occurred Assist with data breach investigations A diagnostic tool to help debug application, system and network issues Tracking of privileged users what they do its hard to audit trust Help monitor activity on a system to provide assurance on the integrity of the information it stores Other cultural, ethics and behaviour needs to be addressed Third party use when, what did they access Regulatory compliance..
13 Perform risk assessment Determine critical needs and compliance needs for coverage Focus efforts on high risk areas first then work down to lower risk areas Eg Ecommerce systems, financial databases, Internet facing firewall and networking, systems with third party connections and critical data flows Systems that will cause a lot of pain if the information integrity, confidentiality or availability is compromised Keep in manageable components and expand as you understand the data and what it means in your business Define what events constitute a threat Detail what should be done and in what timeframe
14 Implement separation of duties The doers should not be looking at their own logs as they can cover up their own tracks Often part of the Security or Compliance teams role Implement a corporate Information Security policy to cover all the business requirements Should detail the actions required and be supported by relevant standards procedures for staff to follow. Ensure that all relevant staff know the policy and procedures should be covered in security awareness training Get help if you cant do it on your own.
15 Need to get logging and auditing information from all sources that are relevant to the operation As close to the source as possible if not directly from the source Implement a centralised logging system to collect and store the information Combining multiple sources in to the central repository Need to understand all components and their interactions Good access controls to limit access Restrict user access to logs to a need to know basis
16 Accurate time from all devices to allow tracking of events as a sequential line of activity ie use NTP its critical Servers, databases, applications, firewalls, routers, switches, IPS etc All components are valuable and needed Real time collection to centralised server However cater for network and system downtime things happen Store and forward - caching Collect events and audit information that is of relevance Filter out the noise if its not useful don t keep it
17 Regular review of reports Reports need to be meaningful, accurate and timely Schedule daily, weekly, monthly etc Get to know you data and what it means what's normal and what's not for quick detection of abnormal behaviours Disaster Recovery or high availability Service recovery Replication to alternate sites or high availability logging systems Collect from one SIEM and forward to another Backup your data
18 Need for compliance with standards regulations PCI DSS, ISO27001/2, SOX, FISMA, CoBIT etc PCI DSS Section 10 logging has many logging requirements ISO27001/2 A10.10 audit logging, monitoring, protection, administrator Cobit 5 Support the Governance and business objectives Be inline with the plan, build, run and monitor management domains Have People, Skills and Competencies to support the business needs.
19 Each have their needs and requirements Records retention policy Evidence based Must keep records for regulation or legal purposes Data retention periods eg 1 years worth of logs and 3 months immediately available for PCI DSS Backup the logs tape, disk, dvd archive keep secure encryption tamper prevention/detection controls Promptly backup the audit logs to a centralised logging system away from the source this helps to prevent tampering or deletion of the logs.
20 Each have their needs and requirements Restrict access to need to know Logs kept secure and not tampered with Protect the logs of unauthorised access and modification Use file integrity/change detection on the logs to ensure that if they are tampered with it will be alerted or recorded Accurate time on all systems - NTP REVIEW THE KEY LOGS REPORTS AT LEAST DAILY!!!
21 Types of data that needs to be recorded Individual accesses to data All actions taken with root, administrator or privileged in some way Who accessed the audit trails Invalid logical access attempts to data or systems Details on the use or identification and authentication mechanisms Details on initialisation of the audit logs who and when Creation and details of system level objects Details on the userid, type of event, date and time Was it a success or failure The source and origination of the event machine, IP address, program etc Details of the affected component or data
22 Implementations not used waisted money and effort Set and forget quickly becomes out of date No regular review of reports, activity or evidence kept that it was reviewed incidents occur and no one knows Not maintained with new systems or devices, new systems added and not included gaps in environment Software versions left and not maintained new vulnerabilities creep in, reduce the integrity of the systems when not maintained, loss of faith from systems
23 Incorrect audit settings we don t audit that system or data - missing key information Going overboard and auditing to much lots of noise in the logs, storage problems, performance problems on source or collection systems or network Be very wary of the ALL EVENTS options They may kill performance on your systems and generally gather lots of noise Use it for testing or debugging only Collect what is needed so make review easier
24 Desktops Firewall Ports Snare or 3 rd Party Servers Routers, Switches & Network Access Points Database Servers Servers Web Servers
25 Implement a solution to cover your architecture Servers OS Events inbuilt auditing system Privileged user access who changes settings, was it part of a change control Be selective in what you collect and don t go overboard Particular log files events that are important, errors, warnings Databases/Applications Key bits of information viewed or changed rows, columns, whole tables Privileged User access admins/dba/super users doing the right thing Application log files Network devices Firewall, routers, switches, wireless devices Access lists and logging Who is changing the configuration was it authorised
26 Several methods Syslog redirected to central server UDP select port and destination Mostly networking devices but can be Mainframe and Unix Use TCP if you can more reliable in delivery Agents - Windows OS agent to read and work with the audit subsystem Agent in control of auditing OS in control but requires more manual effort to manage configure in both places Scrape key log files for key information - web server logs, OS logs, Application logs TCP more reliable delivery Encryption use TLS for confidentiality of data being transmitted.
27 Agents - Unix OS agent to read and work with the audit subsystem Agent in control of auditing Scrape log files for key information - web server logs, syslogs, messages files, cron logs etc TCP more reliable delivery Encryption use TLS for confidentiality of data being transmitted. Browsers Plugins track browser activity if proxy logs are insufficient
28 FTP/SCP files to logging server Copy the files directly to the logging server Process the files on a schedule and upload in to a database Not well suited to real time alerting Poll devices from central system to obtain the events Usually specific to a network flow or security zones Does not scale as well with high frequency Can lead to higher system loads High management overhead More complicated security controls with remote access Admin password management can add overhead and security exposures with credentials being spread around Can create a SOD conflict security now has admin passwords!
29 Data is securely stored Scheduled reporting and alerting of activities Implement specific reports to alert of inappropriate activity Mine the data for specific information SIEM System is used as part of incident management processes Ensure that regular review of the reports occurs at least daily for key components
30 Data volumes are increasing rapidly Fortunately disk sizes are as well Where customers would have a few hundred GB of disk of storage for their logs 5-10 years ago now they have many terabytes or more of logs to deal with. Why is this? Some basic math Windows events can average 2,000 bytes other appliances are generally less that 600 bytes 1,000 systems generating 10 EPS (moderate to low) = 20,000,000 Mbytes/sec (160 megabit for a network) 20 Megbytes/sec = 72 GB/hour = 1,728 GB/day = 52 TB /Month = 630 TB per year That s a lot a new raw log data
31 We have some customers that have domain controllers that generate 2-3GB of event logs per hour per machine on their own. Windows 2008/Vista onwards implemented custom event logs, over 70 of them so lots more than just the old security, application and system logs that contain administrative logs The SIEM systems are dealing with big data issues So with all this data storage compression is a key factor Most SIEM systems implement some form of compression to reduce the data volume in the data store. So knowing your EPS rates and the number of each device type is a key factor in knowing how to size your SIEM system.
32 Can the SIEM keep up with your planned EPS rates and the number of devices sending logs and your normal business growth Can your hardware keep up with the growth you are having Disk is the slowest part fastest IO that you can afford Memory helps with data in memory queries Along with Multiple CPU s to balance the load Commodity hardware with 64GB ram, Multiple Xeon cores, many TB s of disk $5-10k range so easily in reach of most companies
33 There is collection speeds plus allowing capacity for reporting on the logs you have. Different methods of reporting and indexing of data, allowing complex queries to find data Large environments using Hadoop clusters to manage the big data loads Improved real time AI in alerting on malicious activities and anomaly detection Fast access to data like google searching So SIEM systems are continually evolving and adapting as the industry matures
34 Perform risk assessment know what s important to log and from all key devices or locations Implement a centralised logging system gather and protect the data Point all of your key systems to the central system Implement processes to review the data regularly at least daily for key areas Continually build on it as you gain understanding of the data Implement in manageable chunks you don t have to do all at once Get help if you cant do it on your own
35 ISACA Logging-and-Tertiary-Monitoring-of-Continuous-Assurance-Systems.aspx Introduction-to-Auditing-HP-NonStop-Servers-Review-of-User-Access.aspx OS-and-Database-Controls.aspx Ppr-8Dec2010.pdf Center/Research/Documents/DataAnalytics_WP_21July2011_Research.pdf
36 Industry hp
37 Appreciate your time today, thanks for coming
Best practices with Snare Enterprise Agents
Best practices with Snare Enterprise Agents Snare Solutions About this document The Payment Card Industry Data Security Standard (PCI/DSS) documentation provides guidance on a set of baseline security
More informationAgent vs Agentless Log Collection
Agent vs Agentless Log Collection Intersect Alliance International Pty Ltd. All rights reserved worldwide. Intersect Alliance Pty Ltd shall not be liable for errors contained herein or for direct, or indirect
More informationFairWarning Mapping to PCI DSS 3.0, Requirement 10
FairWarning Mapping to PCI DSS 3.0, Requirement 10 Requirement 10: Track and monitor all access to network resources and cardholder data Logging mechanisms and the ability to track user activities are
More informationISO27001 Preparing your business with Snare
WHITEPAPER Complying with ISO27001 Preparing your business with Snare T he technical controls imposed by ISO (International Organisation for Standardization) Standard 27001 cover a wide range of security
More informationIT Services IT LOGGING POLICY
IT LOGGING POLICY UoW IT Logging Policy -Restricted- 1 Contents 1. Overview... 3 2. Purpose... 3 3. Scope... 3 4. General Requirements... 3 5. Activities to be logged... 4 6. Formatting, Transmission and
More informationCRYPTTECH. Cost-effective log management for security and forensic analysis, ensuring compliance with mandates and storage regulations
Cost-effective log management for security and forensic analysis, ensuring compliance with mandates and storage regulations Integration with Numerous Type of Devices Flexible Architectural Configuration
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationSecurity Operations & Analytics Services
Security Operations & Analytics Services www.ecominfotech.biz info@ecominfotech.biz Page 1 Key Challenges Average time to detect an attack (Dwell time) hovers around 175 to 210 days as reported by some
More informationAutomating the Top 20 CIS Critical Security Controls
20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises
More informationIT infrastructure layers requiring Privileged Identity Management
White Paper IT infrastructure layers requiring Privileged Identity Management Abstract Much of today s IT infrastructure is structured as different layers of devices (virtual and physical) and applications.
More informationPROTECTING INFORMATION ASSETS NETWORK SECURITY
PROTECTING INFORMATION ASSETS NETWORK SECURITY PAUL SMITH 20 years of IT experience (desktop, servers, networks, firewalls.) 17 years of engineering in enterprise scaled networks 10+ years in Network Security
More information2017 Annual Meeting of Members and Board of Directors Meeting
2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,
More informationNew York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief
Publication Date: March 10, 2017 Requirements for Financial Services Companies (23NYCRR 500) Solution Brief EventTracker 8815 Centre Park Drive, Columbia MD 21045 About EventTracker EventTracker s advanced
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationCyber security tips and self-assessment for business
Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this
More informationBusiness Context: Key for Successful Risk Management
Business Context: Key for Successful Risk Management Philip Aldrich, CISSP, CISM, CISA, CRISC, CIPP Program Director, Risk Management EMC Event Alert Finding Incident Law Vulnerability Regulation Audit
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationCybersecurity Auditing in an Unsecure World
About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationPCI Time-Based Requirements as a Starting Point for Business-As-Usual Process Monitoring
PCI Time-Based Requirements as a Starting Point for Business-As-Usual Process Monitoring By Chip Ross February 1, 2018 In the Verizon Payment Security Report published August 31, 2017, there was an alarming
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationSecurity Audit What Why
What A systematic, measurable technical assessment of how the organization's security policy is employed at a specific site Physical configuration, environment, software, information handling processes,
More informationTop Reasons To Audit An IAM Program. Bryan Cook Focal Point Data Risk
Top Reasons To Audit An IAM Program Bryan Cook Focal Point Data Risk Focal Point Data Risk A New Type of Risk Management Firm THE FACTS Born from the merger of three leading security & risk management
More informationSANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045
Critical Security Control Solution Brief Version 6 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable,
More informationSIEMLESS THREAT MANAGEMENT
SOLUTION BRIEF: SIEMLESS THREAT MANAGEMENT SECURITY AND COMPLIANCE COVERAGE FOR APPLICATIONS IN ANY ENVIRONMENT Evolving threats, expanding compliance risks, and resource constraints require a new approach.
More informationSecureVue. SecureVue
SecureVue SecureVue Detects Cyber-Attacks Before They Impact Your Business Provides Situational Awareness to Proactively Address Enterprise Threats Ensures Quick and Easy Compliance Reporting and Documentation
More informationSNARE Enterprise Agents Features
SNARE Enterprise Agents Features A Prophecy International Company Agents Centralized log management and analysis is essential to assuring the integrity of critical logs and achieving compliance with a
More informationCybersecurity Today Avoid Becoming a News Headline
Cybersecurity Today 2017 Avoid Becoming a News Headline Topics Making News Notable Incidents Current State of Affairs Common Points of Failure Three Quick Wins How to Prepare for and Respond to Cybersecurity
More informationLOGmanager and PCI Data Security Standard v3.2 compliance
LOGmanager and PCI Data Security Standard v3.2 compliance Whitepaper how deploying LOGmanager helps to maintain PCI DSS regulation requirements Many organizations struggle to understand what and where
More informationNOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect
NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect Cybersecurity is harder than it should be 2 SIEM can be harder than it should
More informationVANGUARD POLICY MANAGERTM
VANGUARD TM VANGUARD dramatically reduces security risks and improves regulatory compliance, minimizing the need for expensive remediation, while increasing staff productivity. Policy Manager provides
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationTotal Security Management PCI DSS Compliance Guide
Total Security Management PCI DSS Guide The Payment Card Industry Data Security Standard (PCI DSS) is a set of regulations to help protect the security of credit card holders. These regulations apply to
More informationSnare v6 - Feature Summary
Snare v6 - Feature Summary Introduction User Interface A comprehensive range of reports Powerful Query and Output options Elegant data presentation Robust collection, and intelligent caching Enabling content
More informationRev.1 Solution Brief
FISMA-NIST SP 800-171 Rev.1 Solution Brief New York FISMA Cybersecurity NIST SP 800-171 EventTracker 8815 Centre Park Drive, Columbia MD 21045 About EventTracker EventTracker delivers business critical
More informationGDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ
GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool Contact Ashley House, Ashley Road London N17 9LZ 0333 234 4288 info@networkiq.co.uk The General Data Privacy Regulation
More informationRADIAN6 SECURITY, PRIVACY, AND ARCHITECTURE
ADIAN6 SECUITY, PIVACY, AND ACHITECTUE Last Updated: May 6, 2016 Salesforce s Corporate Trust Commitment Salesforce is committed to achieving and maintaining the trust of our customers. Integral to this
More informationVMware, SQL Server and Encrypting Private Data Townsend Security
VMware, SQL Server and Encrypting Private Data Townsend Security 724 Columbia Street NW, Suite 400 Olympia, WA 98501 360.359.4400 Today s Agenda! What s new from Microsoft?! Compliance, standards, and
More informationVANGUARD Policy Manager TM
Compliance Endures that RACF commands comply with company policy Remediation Provides proactive enforcement, corrects commands in accordance with corporate policies Auditing Provides and audit trail within
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationSecurity Awareness Training Courses
Security Awareness Training Courses Trusted Advisor for All Your Information Security Needs ZERODAYLAB Security Awareness Training Courses 75% of large organisations were subject to a staff-related security
More informationPOLICY MANAGER VANGUARD POLICY MANAGER (AUDIT/COMPLIANCE)
POLICY MANAGER VANGUARD POLICY MANAGER (AUDIT/COMPLIANCE) VANGUARD POLICY MANAGER dramatically reduces security risks and improves regulatory compliance, minimizing the need for expensive remediation,
More informationthe SWIFT Customer Security
TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationBoston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018
Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security BRANDEIS UNIVERSITY PROFESSOR ERICH SCHUMANN MAY 2018 1 Chinese military strategist Sun Tzu: Benchmark If you know your
More informationSecurity and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /
Security and Compliance Powered by the Cloud Ben Friedman / Strategic Accounts Director / bf@alertlogic.com Founded: 2002 Headquarters: Ownership: Houston, TX Privately Held Customers: 1,200 + Employees:
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationUCOP ITS Systemwide CISO Office Systemwide IT Policy. UC Event Logging Standard. Revision History. Date: By: Contact Information: Description:
UCOP ITS Systemwide CISO Office Systemwide IT Policy UC Event Logging Standard Revision History Date: By: Contact Information: Description: 05/02/18 Robert Smith robert.smith@ucop.edu Approved by the CISOs
More informationOracle Security Products and Their Relationship to EBS. Presented By: Christopher Carriero
Oracle Security Products and Their Relationship to EBS Presented By: Christopher Carriero 1 Agenda Confidential Data in Corporate Systems Sensitive Data in the Oracle EBS What Are the Oracle Security Products
More informationSecurity Policies and Procedures Principles and Practices
Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability
More informationCyber Security. The Question of the Day. Sylint Group, Inc. How did we come up with the company name Sylint and what does it mean?
Cyber Security One of the Most Critical Risk Mitigation Efforts to Bridge the Gap Between Compliance and Ethics Charly Shugg, Brigadier General, USAF, Retired Partner Chief Operating Officer Sylint Group,
More informationNetwrix Auditor for SQL Server
Netwrix Auditor for SQL Server Quick-Start Guide Version: 9.5 10/25/2017 Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment from
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationBalancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld
Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice
More informationWHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale
WHITE PAPER Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale One key number that is generally
More informationTRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS
SOLUTION BRIEF TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED CONTROLS..: Tripwire security controls capture activity data from monitored assets no matter if you rely on physical, virtual,
More informationA New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO
A New Cyber Defense Management Regulation Ophir Zilbiger, CRISC, CISSP SECOZ CEO Personal Background IT and Internet professional (since 1992) PwC (1999-2003) Global SME for Network Director Information
More informationISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045
Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence that
More informationSneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security
Sneak Peak at CIS Critical Security Controls V 7 Release Date: March 2018 2017 Presented by Kelli Tarala Principal Consultant Enclave Security 2 Standards and Frameworks 3 Information Assurance Frameworks
More informationADDING BUSINESS VALUE THROUGH EFFECTIVE IT SECURITY MANAGEMENT
ADDING BUSINESS VALUE THROUGH EFFECTIVE IT SECURITY MANAGEMENT 1 BY HUSSEIN K. ISINGOMA CISA,FCCA,CIA, CPA, MSC,BBS AG. ASSISTANT COMMISSIONER/INTERNAL AUDIT MINISTRY OF FINANCE, PLANNING AND ECONOMIC
More informationToday s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches
Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches Chris Bucolo, PCIP, MBA Today s Speaker Chris Bucolo Sr. Manager, Sikich
More informationWHO AM I? Been working in IT Security since 1992
(C) MARCHANY 2011 1 WHO AM I? Been working in IT Security since 1992 CISO at VA Tech 35+K node network. dual stack IPV4, IPV6 network since 2006 Multi-national Main campus (Blacksburg, VA), Remote campuses
More informationTable of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING
Table of Contents Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING Chapter 1: Significance of Internal Auditing in Enterprises Today: An Update 3 1.1 Internal Auditing History and Background
More informationCompliance Audit Readiness. Bob Kral Tenable Network Security
Compliance Audit Readiness Bob Kral Tenable Network Security Agenda State of the Market Drifting Out of Compliance Continuous Compliance Top 5 Hardest To Sustain PCI DSS Requirements Procedural support
More informationNEN The Education Network
NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected
More informationSurprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS
Surprisingly Successful: What Really Works in Cyber Defense John Pescatore, SANS 1 Largest Breach Ever 2 The Business Impact Equation All CEOs know stuff happens in business and in security The goal is
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationINFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare
INFORMATION SECURITY A briefing on the information security controls at Computershare One line heading > One line subheading INTRODUCTION Information is critical to all of our clients and is therefore
More informationSimplifying Security for IBM i and IBM Security QRadar
White Paper Simplifying Security for IBM i and IBM Security QRadar www.townsendsecurity.com 724 Columbia Street NW, Suite 400 Olympia, WA 98501 360.359.4400 800.357.1019 fax 360.357.9047 www.townsendsecurity.com
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationVMware, SQL Server and Encrypting Private Data Townsend Security
VMware, SQL Server and Encrypting Private Data Townsend Security 724 Columbia Street NW, Suite 400 Olympia, WA 98501 360.359.4400 Today s Agenda! Compliance, standards, and best practices! Encryption and
More informationPutting It All Together:
Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationSQL Security Whitepaper SECURITY AND COMPLIANCE SOLUTIONS FOR PCI DSS PAYMENT CARD INDUSTRY DATA SECURITY STANDARD
SQL Security Whitepaper SECURITY AND COMPLIANCE SOLUTIONS FOR PCI DSS PAYMENT CARD INDUSTRY DATA SECURITY STANDARD The Payment Card Industry Data Security Standard (PCI DSS), currently at version 3.2,
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationTop 10 use cases of HP ArcSight Logger
Top 10 use cases of HP ArcSight Logger Sridhar Karnam @Sri747 Karnam@hp.com #HPSecure Big data is driving innovation The Big Data will continue to expand Collect Big Data for analytics Store Big Data for
More informationIBM services and technology solutions for supporting GDPR program
IBM services and technology solutions for supporting GDPR program 1 IBM technology solutions as key enablers - Privacy GDPR Program Work-stream IBM software 2.1 Privacy Risk Assessment and Risk Treatment
More informationTips for Passing an Audit or Assessment
Tips for Passing an Audit or Assessment Rob Wayt CISSP-ISSEP, HCISPP, CISM, CISA, CRISC, CEH, QSA, ISO 27001 Lead Auditor Senior Security Engineer Structured Communication Systems Who likes audits? Compliance
More informationMEETING ISO STANDARDS
WHITE PAPER MEETING ISO 27002 STANDARDS September 2018 SECURITY GUIDELINE COMPLIANCE Organizations have seen a rapid increase in malicious insider threats, sensitive data exfiltration, and other advanced
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationHow Breaches Really Happen
How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationIndustrial Defender ASM. for Automation Systems Management
Industrial Defender ASM for Automation Systems Management INDUSTRIAL DEFENDER ASM FOR AUTOMATION SYSTEMS MANAGEMENT Industrial Defender ASM is a management platform designed to address the overlapping
More informationSymantec Security Monitoring Services
24x7 real-time security monitoring and protection Protect corporate assets from malicious global threat activity before it impacts your network. Partnering with Symantec skilled and experienced analysts
More informationSecurity Diagnostics for IAM
Security Diagnostics for IAM Strategies and Approaches Rebecca Harvey Brian Dudek 10/29/2018 Core Competencies Our areas of expertise Cloud Data Mobility Security Enable business innovation and transition
More informationThe Convergence of Security and Compliance. How Next Generation Endpoint Security Manages 5 Core Compliance Controls
The Convergence of Security and Compliance How Next Generation Endpoint Security Manages 5 Core Compliance Controls Table of Contents Introduction.... 3 Positive versus Negative Application Security....
More informationSecure Application Development. OWASP September 28, The OWASP Foundation
Secure Application Development September 28, 2011 Rohini Sulatycki Senior Security Consultant Trustwave rsulatycki@trustwave.com Copyright The Foundation Permission is granted to copy, distribute and/or
More informationCyber Security in M&A. Joshua Stone, CIA, CFE, CISA
Cyber Security in M&A Joshua Stone, CIA, CFE, CISA Agenda About Whitley Penn, LLP The Threat Landscape Changed Cybersecurity Due Diligence Privacy Practices Cybersecurity Practices Costs of a Data Breach
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationIBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT
IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT NOTICE Clients are responsible for ensuring their own compliance with various laws and regulations, including the
More informationUnlocking the Power of the Cloud
TRANSFORM YOUR BUSINESS With Smarter IT Unlocking the Power of the Cloud Hybrid Networking Managed Security Cloud Communications Software-defined solutions that adapt to the shape of your business The
More informationPayment Card Industry Internal Security Assessor: Quick Reference V1.0
PCI SSC by formed by: 1. AMEX 2. Discover 3. JCB 4. MasterCard 5. Visa Inc. PCI SSC consists of: 1. PCI DSS Standards 2. PA DSS Standards 3. P2PE - Standards 4. PTS (P01,HSM and PIN) Standards 5. PCI Card
More informationManaging SaaS risks for cloud customers
Managing SaaS risks for cloud customers Information Security Summit 2016 September 13, 2016 Ronald Tse Founder & CEO, Ribose For every IaaS/PaaS, there are 100s of SaaS PROBLEM SaaS spending is almost
More informationClick to edit Master title style. DIY vs. Managed SIEM
DIY vs. Managed SIEM Meet Paul Paul Caiazzo Principal, Chief Security Architect CISSP, CISA, CEH M.S. Information Security and Assurance 15+ years of experience in Information Security Connect with me:
More informationData Protection. Plugging the gap. Gary Comiskey 26 February 2010
Data Protection. Plugging the gap Gary Comiskey 26 February 2010 Data Protection Trends in Financial Services Financial services firms are deploying data protection solutions across their enterprise at
More information