Defense in Depth. Constructing Your Walls for Your Enterprise. Mike D Arezzo Director of Security April 21, 2016

Similar documents
DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

2017 Annual Meeting of Members and Board of Directors Meeting

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

Copyright 2011 Trend Micro Inc.

Defense in Depth Security in the Enterprise

Automating the Top 20 CIS Critical Security Controls

locuz.com SOC Services

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Cyber Security Technologies

Cyber Security Stress Test SUMMARY REPORT

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

Critical Infrastructure Protection for the Energy Industries. Building Identity Into the Network

Compliance: How to Manage (Lame) Audit Recommendations

The public sector s cybersecurity imperative

Sage Data Security Services Directory

Sirius Security Overview

June 2 nd, 2016 Security Awareness

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

How Breaches Really Happen

CISO View: Top 4 Major Imperatives for Enterprise Defense

Building a Complete Program around Data Loss Prevention

Security Awareness Training Courses

Healthcare HIPAA and Cybersecurity Update

Welcome to the SafeNet Day! Prague 1st of October Insert Your Name Insert Your Title Insert Date

Cyber Security Maturity Model

Cybersecurity Session IIA Conference 2018

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

INTERNAL AUDIT S ROLE IN CYBER SECURITY

Cybersecurity The Evolving Landscape

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Cyber Security. It s not just about technology. May 2017

EU General Data Protection Regulation (GDPR) Achieving compliance

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences

Cybersecurity program & best practices

Location-Specific Cyber Risk

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

How NOT To Get Hacked

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

Altitude Software. Data Protection Heading 2018

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

Enterprise & Cloud Security

CloudSOC and Security.cloud for Microsoft Office 365

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

to Enhance Your Cyber Security Needs

Cyber Threat Intelligence Debbie Janeczek May 24, 2017

The New Era of Cognitive Security

ANATOMY OF AN ATTACK!

Security by Default: Enabling Transformation Through Cyber Resilience

Identiteettien hallinta ja sovellusturvallisuus. Timo Lohenoja, CISPP Systems Engineer, F5 Networks

Control Quotient: Adaptive Strategies For Gracefully Losing Control

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Layer Security White Paper

Cloud Customer Architecture for Securing Workloads on Cloud Services

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Keys to a more secure data environment

CYBER SOLUTIONS & THREAT INTELLIGENCE

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

No Country for Old Security Compliance in the Cloud. Joel Sloss, CDSA Board of Directors May 2017

Designing and Building a Cybersecurity Program

What It Takes to be a CISO in 2017

Run the business. Not the risks.

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

SMARTCRYPT CONTENTS POLICY MANAGEMENT DISCOVERY CLASSIFICATION DATA PROTECTION REPORTING COMPANIES USE SMARTCRYPT TO. Where does Smartcrypt Work?

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

Building a Resilient Security Posture for Effective Breach Prevention

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

Security and Privacy Governance Program Guidelines

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

THALES DATA THREAT REPORT

Cyber Protections: First Step, Risk Assessment

AT&T Endpoint Security

Bomgar Discovery Report

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

Building and Instrumenting the Next- Generation Security Operations Center. Sponsored by

Securing Digital Transformation

MEETING ISO STANDARDS

align security instill confidence

CYBER SECURITY AIR TRANSPORT IT SUMMIT

CISO as Change Agent: Getting to Yes

Security Audit What Why

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

A Disciplined Approach to Cyber Security Transformation

Wireless e-business Security. Lothar Vigelandzoon

PROFESSIONAL SERVICES (Solution Brief)

Aligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert

External Supplier Control Obligations. Cyber Security

Governance Ideas Exchange

Building an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO

SYMANTEC DATA CENTER SECURITY

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

Digital Health Cyber Security Centre

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Transcription:

Defense in Depth Constructing Your Walls for Your Enterprise Mike D Arezzo Director of Security April 21, 2016

Defense in Depth Defense in Depth Coordinated use of multiple security countermeasures Protect the integrity of the information assets Based on the military principle that a complex and multi-layered defense is easier to defend a single barrier

Defense in Depth Defense in Depth Also known as Castle Approach Information assurance (IA) concept in which multiple layers of security controls (defense) are placed throughout an information technology (IT) system.

When is enough actually enough? Risk Based Approach How much is your data/reputation/revenue actually worth? How much is enough defense? When does it become just noise? Regulatory Compliance What is Required?

Defense in Depth Data People Revenue Reputation Data Data in Motion Internal External Data Loss Prevention Revenue People Data Reputation End point protection Data at Rest Databases Files and Directories Data in Use People interaction Processes Encryption

External Threats Are you protecting your perimeter? Can you verify you are protecting? Are you learning as you find threats? Are you learning from other s threats?

Insider Threat Snowden does not have to be government secrets Would you know if data was lost, copied, or destroyed? Sometimes insider threats do not start from the inside. Are you testing phishing campaigns? Are you watching your Highly Privileged Accounts?

Other Threat Vectors What are you doing about Cloud Services? Are you containing mobile data movement? Do you have a Software Governance and Third Party Risk plan?

Cloud Enterprise Security SAAS Apps Public Cloud THREAT INTELLIGENCE CLOUD Centralized Mgmt. Mobile / Remote Users Private Cloud Data Center Main Location DR Facility Remote Locations Enterprise Network

Delayed Threats If you found a threat today would you know it was a threat? Are you only looking at the new files? Are you tenacious and unrelenting?

Q & A

Security Webinars at SLAIT http://www.slaitconsulting.com/events An advanced persistent threat (APT) is a set of stealthy and continuous computer hacking processes, often orchestrated by human(s) targeting a specific entity, typically for business or political motives. According to the InfoSec Institute, 2016 will be a year where the most serious threats for government and private businesses will come from cyber espionage. Nation state actors (APTs) - are well funded, increasingly sophisticated and extremely sneaky. In this webinar, SLAIT's CISO, Arnold Bell, will address the current state of APT's and the techniques used by the more prolific actors and their shift in motivation. Attend to learn the best ways to defend your environment to prevent and/or minimize the damage that could be caused by APT actors.

SLAIT Security Solutions Governance Prevention Response Risk Assessment Policy and Procedure PCI Prep HIPAA Gap Analysis Audit Preparation Assistance Security Organization Review Security Checkup Managed Firewall and Endpoint Secure Infrastructure Design & Review viso Program Awareness Training Assessment Vulnerability Scanning Penetration Testing Phishing Exercises ThreatRecon Pre-breach Preparation ThreatManage Breach Response Cyber Forensics Technology Partners slaitconsulting.com

Thank you for coming Interested in seeing how SLAIT can help you? Please come talk to me at the end or take a business card

References https://en.wikipedia.org/wiki/defence-in-depth_(roman_military) Yeah, I know its Wikipedia! http://searchsecurity.techtarget.com/definition/defense-in-depth

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback