Preventing the Next Insider Threat from Leveraging Cross Domain Data Movement

Similar documents
Thwarting the Insider Threat

Thwarting the Insider Threat: Developing a Robust Defense in Depth Data Loss Prevention Strategy

ProteggereiDatiAziendalion-premises e nel cloud

Risk Management. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

McAfee Total Protection for Data Loss Prevention

Don t Be the Next Data Loss Story

Technology Director Meeting

INFORMATION ASSURANCE DIRECTORATE

Data Insight Feature Briefing Box Cloud Storage Support

Safeguarding Controlled Unclassified Information and Cyber Incident Reporting. Kevin R. Gamache, Ph.D., ISP Facility Security Officer

CloudSOC and Security.cloud for Microsoft Office 365

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

Mission Defense via Information-Centric Security

Components and Considerations in Building an Insider Threat Program

UTAH VALLEY UNIVERSITY Policies and Procedures

NISPOM Change 2: Considerations for Building an Effective Insider Threat Program

Essentials to creating your own Security Posture using Splunk Enterprise

Encryption Vision & Strategy

Update on the Key Initiatives Recommended by NTT Data regarding the Agency Cyber Security Framework

New! Checklist for HIPAA & HITECH Compliance Pabrai

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

Building a resilient ICS

Symantec Security Monitoring Services

ForeScout ControlFabric TM Architecture

Apex Information Security Policy

Defense in Depth Security in the Enterprise

The Device Has Left the Building

INFORMATION ASSURANCE DIRECTORATE

Apocalypse Now? MSc. Ivica Ostojic CISSP, CISM. Thursday, November 5, Cisco Systems, Inc. All rights reserved. 1

INFORMATION ASSURANCE DIRECTORATE

IC B01: Internet Security Threat Report: How to Stay Protected

Symantec Protection Engine

The next generation of knowledge and expertise

Cyber Security Program

Symantec Network Access Control Starter Edition

GDPR: An Opportunity to Transform Your Security Operations

Data Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement

DOD Medical Device Cybersecurity Considerations

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

SearchInform DLP. Data Loss Prevention and Insider Threat Security

PKI is Alive and Well: The Symantec Managed PKI Service

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

RSA Data Loss Prevention: Policy to Remediation

Accelerate GDPR compliance with the Microsoft Cloud

National College for High Speed Rail DATA BREACH NOTIFICATION PROCEDURE

Piero DePaoli, Director, Product Marketing Scott Sawoya, Senior Manager, Product Management. SR B19: Symantec Endpoint Protection 12 Customer Panel

Post-Secondary Institution Data-Security Overview and Requirements

STUDENT GUIDE Risk Management Framework Step 1: Categorization of the Information System

Ransomware. How to protect yourself?

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Data Privacy in Your Own Backyard

Continuous protection to reduce risk and maintain production availability

Symantec Network Access Control Starter Edition

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1

Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.

Google Cloud & the General Data Protection Regulation (GDPR)

Symantec Encryption Management Server and Symantec Data Loss Prevention. Integration Guide

Software Management Nuts and Bolts

Symantec Network Access Control Starter Edition

SIEM: Five Requirements that Solve the Bigger Business Issues

Virginia Commonwealth University School of Medicine Information Security Standard

Identity Theft Prevention Policy

ELIZABETH CITY STATE UNIVERSITY Web Page Policy

Building and Testing an Effective Incident Response Plan

Level Access Information Security Policy

Carbon Black PCI Compliance Mapping Checklist

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

Enterprise Vault Overview Nedeljko Štefančić

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Fabrizio Patriarca. Come creare valore dalla GDPR

To the Designer Where We Need Your Help

Oracle Database Security Assessment Tool

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Securing global enterprise with innovation

Implementing Executive Order and Presidential Policy Directive 21

Technical Brief Veritas Technical Education Services

Best Practices in Securing a Multicloud World

Reviewed by ADM(RS) in accordance with the Access to Information Act. Information UNCLASSIFIED.

Securing the New Perimeter:

McAfee epolicy Orchestrator

The Cloud Identity Crisis

Introduction Challenges with using ML Guidelines for using ML Conclusions

DLP GUIDE

SYSTEMS ASSET MANAGEMENT POLICY

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

Contracting in the Dark World: Special Considerations for Classified Contracting

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

HIPAA RISK ADVISOR SAMPLE REPORT

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Open Data Policy City of Irving

How AlienVault ICS SIEM Supports Compliance with CFATS

University Information Systems. Administrative Computing Services. Contingency Plan. Overview

Symantec Endpoint Protection Integration Component User's Guide. Version 7.0

What It Takes to be a CISO in 2017

1110 Cool Things Your Firewall Should Do. Extend beyond blocking network threats to protect, manage and control application traffic

INFORMATION ASSURANCE DIRECTORATE

INFORMATION ASSURANCE DIRECTORATE

Secure Government Computing Initiatives & SecureZIP

Transcription:

Preventing the Next Insider Threat from Leveraging Cross Domain Data Movement Kevin McPeak, CISSP, ITILv3 Symantec Security Architect kevin_mcpeak@symantec.com @kevin_mcpeak

Key References: DoDi 8540.01 ICS 500-31 (Draft) Preventing the Next Insider Threat from Leveraging Cross Domain Data Movement

Key Reference DoDi 8540.01: A CDS must be approved within an IS boundary or authorized as a separate IS using the DoD RMF process.

Cross Domain Solution (CDS) Authorization Process: Preventing the Next Insider Threat from Leveraging Cross Domain Data Movement

CDS Authorization Process: Cross Domain Enterprise Services The CDS Authorization Process for Cross Domain Enterprise Services (CDES) is comprised of four phases: Phase 1: Validation, Prioritization, & Requirements Analysis Phase 2: Solution Development and Risk Assessment Phase 3: Security Engineering & Risk Assessment Phase 4: Annual Risk Review

Understanding Insider Threats If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle. Sun Tzu, The Art of War

Preventing the Next Insider Threat from Leveraging Cross Domain Data Movement

Classified USG Materials: Presidential Efforts to Thwart Insider Threats EO 13526 EO 13587 Conforming Change 2 of the NISPOM

EO 13526: "Classified National Security Information" 18 President Obama issued EO 13526 in 2009. It provided for the creation of the NDC, which systematicallydeclassifies information as soon as practicable.

EO 13587: Structural Reforms to Improve Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information. Executive Branch Insider Threat Programs require: designation of a senior official(s); capability to gather; integrate; and centrally analyze and respond to key threat related information; monitor employee use of classified networks; provide workforce with insider threat awareness training; protect civil liberties and privacy of all personnel.

NISPOM Conforming Change 2 (Pending) The minimum standards for Industry will include: establishing an insider threat program designating an insider threat senior official who is cleared in connection w/ the facility clearance self assessments of insider threat programs insider threat training for designated personnel & awareness for employees monitoring network activity

Cross Domain Solution (CDS) Data Movement Strategy to Prevent Data Loss via Insider Threats I: Identify the Appropriate Data Owners II: Locate All of the Places Where Classified Data Resides III: Tag your Classified Data IV: Monitor/Learn How Classified Data is Typically Used V: Determine Where Classified Data Goes VI: Wrap Additional Security Around Classified Data VII: Halt Data Leaks Before Spillage Occurs

CDS Data Movement Strategy to Prevent Data Loss via Insider Threats I. Identify the Appropriate Data Owners 1: Identify the Appropriate Operating Units, Specialized Teams, Task Forces, Specific Individuals 2: Work with these Data Owners to further identify additional priority data types. This is an iterative process for risk reduction II. Locate All of the Places Where Your Highly Sensitive & Classified Data Resides 1: Consider data at rest, data in use, data in motion, archived data, & encrypted data 2: Consider standard locations: network devices, storage, databases, file servers, web portals and other applications, laptops, e mail servers (MTA or Proxy), PST files 3: Consider other locations: mobile devices, printers, scanners, fax machines, copiers, file sharing apps like Dropbox or Evernote, USB drives, CD/DVDs, paper copies, IM, "free" webmail services, university webmail for students & alumni, FTP puts

CDS Data Movement Strategy to Prevent Data Loss via Insider Threats III. Tag your Sensitive & Classified Data IV. Monitor & Learn How Classified Data is Typically Used and Typically Generated by Your Workforce V. Determine Where Classified Data Goes & the Conditions When it May Cross Domains. Don t be Lookin' for Data in All the Wrong Places... Preventing the Next Insider Threat from Leveraging Cross Domain Data Movement

CDS Data Movement Strategy to Prevent Data Loss via Insider Threats XI. Wrap Additional Security Around Sensitive Data 1: The best Incident Response (IR) is for the incident to have been thwarted in the first place, long before it became an incident 2: Review your file permissions 3: Consider using additional encryption for sensitive data as part of your defense in depth posture

CDS Data Movement Strategy to Prevent Data Loss via Insider Threats VII. Halt Data Leaks Before Spillage Occurs Preventing the Next Insider Threat from Leveraging Cross Domain Data Movement

Defense In Depth: Encryption + Data Loss Prevention Network DLP / Email Gateway Encryption Can be set to automatically block or encrypt emails containing classified or sensitive data Notify employees in real time/context about encryption policies and tools Storage DLP / Shared Storage Encryption Discover where classified data files are stored and automatically apply encryption Ease the burden to staff with near transparence Endpoint DLP / Endpoint Encryption Target high risk users by discovering what laptops contain sensitive data Protect & enable the business by targeting encryption efforts to sensitive data moving to USB devices

http://www.symantec.com/data loss prevention Kevin McPeak kevin_mcpeak@symantec.com @kevin_mcpeak Thank you! Copyright 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback