Reducing Liability and Threats through Effective Cybersecurity Risk Measurement. Does Your Security Posture Stand Up to Tomorrow s New Threat?

Similar documents
eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Cybersecurity The Evolving Landscape

The Convergence of Security and Compliance

Information Security Risk Strategies. By

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

The Convergence of Security and Compliance. How Next Generation Endpoint Security Manages 5 Core Compliance Controls

White Paper. Closing PCI DSS Security Gaps with Proactive Endpoint Monitoring and Protection

Designing and Building a Cybersecurity Program

PROFESSIONAL SERVICES (Solution Brief)

Mapping Cyber-Protections to Regulatory Requirements for Fintech

Cybersecurity in Higher Ed

Aligning Your Organization s Business Units to Achieve a Cohesive Cybersecurity Strategy

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

Carbon Black PCI Compliance Mapping Checklist

locuz.com SOC Services

External Supplier Control Obligations. Cyber Security

BHConsulting. Your trusted cybersecurity partner

Compliance 101: Basics for Security Professionals

Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson

Cybersecurity Auditing in an Unsecure World

DeMystifying Data Breaches and Information Security Compliance

IBM services and technology solutions for supporting GDPR program

Altius IT Policy Collection Compliance and Standards Matrix

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

CCISO Blueprint v1. EC-Council

Nebraska CERT Conference

K12 Cybersecurity Roadmap

The Impact of Cybersecurity, Data Privacy and Social Media

Cyber Security Incident Response Fighting Fire with Fire

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Model Approach to Efficient and Cost-Effective Third-Party Assurance

GLBA, information security and incident response a compliance perspective

Securing Digital Transformation

Dell EMC Isolated Recovery

Why you should adopt the NIST Cybersecurity Framework

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

How will cyber risk management affect tomorrow's business?

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 04/12/2017

ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015

Altius IT Policy Collection Compliance and Standards Matrix

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

Emerging Issues: Cybersecurity. Directors College 2015

Data Security Standards

NIST Special Publication

Les joies et les peines de la transformation numérique

SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Cybersecurity and Hospitals: A Board Perspective

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 05/24/2017

01.0 Policy Responsibilities and Oversight

What is Penetration Testing?

Security Breaches: How to Prepare and Respond

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Altitude Software. Data Protection Heading 2018

Building a Resilient Security Posture for Effective Breach Prevention

Cybersecurity in Government

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

SECURITY & PRIVACY DOCUMENTATION

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Cybersecurity Session IIA Conference 2018

Business continuity management and cyber resiliency

Traditional Security Solutions Have Reached Their Limit

Cybersecurity It Matters to SMB

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

deep (i) the most advanced solution for managed security services

Operations & Technology Seminar. Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Automating the Top 20 CIS Critical Security Controls

Maximizing IT Security with Configuration Management WHITE PAPER

CYBER SOLUTIONS & THREAT INTELLIGENCE

All 3 Billion Yahoo Accounts Were Affected by 2013 Attack NY Times 10/3/17

HITRUST CSF: One Framework

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

MITIGATE CYBER ATTACK RISK

BHConsulting. Your trusted cybersecurity partner

Cybersecurity Threat Modeling ISACA Atlanta Chapter Geek Week Conference

Vendor Risk Management. How to Confront Third-Party Cyber Risk in Your Supply Chain

Cybersecurity and Nonprofit

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Cyber Security Program

Business Continuity Management

2017 Annual Meeting of Members and Board of Directors Meeting

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

Security Diagnostics for IAM

Are we breached? Deloitte's Cyber Threat Hunting

FOR FINANCIAL SERVICES ORGANIZATIONS

Cylance Axiom Alliances Program

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

the SWIFT Customer Security

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Transcription:

Reducing Liability and Threats through Effective Cybersecurity Risk Measurement Does Your Security Posture Stand Up to Tomorrow s New Threat? Christopher Strand Security Compliance and Risk Officer 1

The state of The industry (The Threatscape) Statistics and Observations Apply Security Control measurement to obtain cyber clarity. Frameworks and Scorecards that can help reduce threats while bosting data and security accountability 2 I 2016 Carbon Black. All Rights Reserved. I CONFIDENTIAL

ABOUT ME Christopher Strand Security, Risk & Compliance Officer, Carbon Black >20 years of IT & Compliance experience Certified and trained IT Auditor and Security assessor Oversees development of security solutions that help deploy positive security to improve compliance and risk posture Held leadership positions at many leading Security and compliance companies 3

4 WE HAVE TO DEFEND AGAINST ALL OF THIS

THE CASE FOR SPEED 214 77 DAYS DAYS MEAN TIME TO IDENTIFY BREACH BY ROOT CAUSE MEAN TIME TO CONTAIN BREACH BY ROOT CAUSE FOR A BREACH THAT IS NOT CONTAINED WITHIN 30 DAYS THE AVERAGE ESTIMATED COST INCREASES BY $1 MILLION 5 Ponemon Institute 2017 Cost of Data Breach Study sponsored by IBM

NY DFS 17 First-in-the-nation cybersecurity regulation PCI DSS 18 Introduces 1-YR incremental changes to keep up with threats EXTERNAL THREAT LANDSCAPE 9.0 Billion Global records lost since 13 HIPAA 16 Stronger enforcement and oversight by OCR Phase 2 Audits GDPR 18 Global implications Strict penalties MAS TRM 16 New guidelines for outsourcing risk management Guidance on cloud services HKMA 16 Introduces Cybersecurity Fortification Initiative" (CFI) 183 Million Known global records lost 11 12 5.9 Billion Global records lost since 13 ASD 16 Move from Mandatory Top 4 to Essential 8 6 The Year of...

THREATS TO YOUR ENVIRONMENT The growth of cybercrime has brought forth innovations that allow malware to rapidly change its appearance ALL INDUSTRIES ARE UNDER ATTACK ATTACKERS ARE RELENTLESS & OUTPACING TRADITIONAL PREVENTION 1,368 CYBER ATTACK BREACHES TREND 1,028 KNOWN MALWARE OBFUSCATED MALWARE SCRIPTING ATTACKS 166 171 254 370 MEMORY ATTACKS POWERSHELL RANSOMWARE REMOTE LOGIN MACROS UNKNOWN MALWARE HEALTHCARE MFG EDUCATION RETAIL INFO PROC FINANCE 7 7 Source: 2016 Verizon Data Breach Investigations Report

CYBER SECURITY NOISE & DISTRACTIONS External landscape BREACH CREEP NEW PRIVACY LAWS B RECORDS LOST STRICTER PRIVACY LAWS COMPLIANCE CREEP Internal mandates & policies INDUSTRY GOVERNMENT 3 RD PARTY CORPORATE BLACK HATS OUTPACING WHITE HATS Threats to your environment OBFUSCATED MALWARE SCRIPTING ATTACKS RANSOMWARE CONSEQUENCES OF NOT KEEPING UP 8 8

Human Error THREAT 3 rd Party Policy & Awareness GOVERNANCE & COMPLIANCE Security Technology Corruption RISKS Loss Business Process FUNCTION Network CONNECTED SYSTEMS Physical Incident Management Theft IP Critical Asset Service Disruption Privacy Insider Threat Data Platform CONNECTED SYSTEMS DOS Modification Resilience & Disaster Recovery Monitoring & Assessment Supply Chain External Threat 9

10

11

The state of The industry (The Threatscape) Statistics and Observations Apply Security Control measurement to obtain cyber clarity. Frameworks and Scorecards that can help reduce threats while bosting data and security accountability 12 I 2016 Carbon Black. All Rights Reserved. I CONFIDENTIAL

13

14

15

16

17

The state of The industry (The Threatscape) Statistics and Observations Apply Security Control measurement to obtain cyber clarity. Frameworks and Scorecards that can help reduce threats while bosting data and security accountability 18 I 2016 Carbon Black. All Rights Reserved. I CONFIDENTIAL

DATA SECURITY RISK MEASURE RECIPE FRAMEWORK Prioritize BAU process & governance INDUSTRY GOVERNMENT 3 RD PARTY CORPORATE GET TO BASELINE POLICY Focus on data residency & high-risk assets PE0PLE ENDPOINTS SERVERS APPS & FILES IDENTIFY CURRENT RISK TO POLICY PRIORITIZATION VULNERABILITIES MEASURE Proactively assign risk & access MATURE YOUR DEFENSES 19

APPLY A FRAMEWORK National Institute of Standards and Technology EU General Data Protection Regulation Federal Financial Institutions Examination Council COBIT 5 An ISACA Framework Payment Card Industry Data Security Standard Sarbanes-Oxley Gramm Leach Bliley Act 20

CREATE A POLICY NIST 800 Series CIS CSC Top 20 FFIEC Cybersecurity Assessment Tool (CAT) SOC TYPE I & II Payment Card Industry Data Security Standard 3.2 Sarbanes-Oxley Gramm Leach Bliley Act 21

PRIORITIZE BASED ON BAU PROCESS & CRITICAL DATA Merge Traditional IT and Cyber Risk Audit Process Measure effectiveness and risk to critical security controls against: Corporate policy People, process and technology Actionable intelligence Enforce policy throughout the kill chain Continuously mitigate threats Monitor assets based on policy Combine pos/neg security to detect threats Assign trust rating & policy Emphasize the data 22 Classify assets by BAUs

RANSOMWARE: A LUCRATIVE BUSINESS 12-MONTH VOLUME SOURCE: OSTERMAN, PANDA & McAFEE YEARLY GROWTH SOURCE: FBI & CSO Online SCALABLE SOURCE: CERT 41% of companies hit 1 to 5x 05: New strains every 12 min 16: Every four sec Bad guys: 23 Traditional defense strategies can t keep up 15: $325M 16: $1B by 2020 range up to $200B Bad guys: Business growth that works 16: 4K daily attacks 300% from 15 Bad guys: Achieve mass-scale with victim volume

24 Anatomy of a Ransomware Attack

RANSOMWARE: CKC & BASELINE SECURITY CONTROLS PHASE 1 Preparation PHASE 2 Active Breach PHASE 3 Response/Fallout Recon Weapon Exploit Deliver Install Command & Control Action(s) on Target Identify Assets Detect Protect Respond Recover WHAT S THE RISK? Where is data residency? Who/what has access? What are they doing with it? Where is it vulnerable? What are we doing to fix it? How well is it protected? What s the newest threat? What is happening? Where did it start? How long? How quickly was it resolved? How do I enforce it? 25

Identify Assets CONTROLS: UNDERSTANDING AND CATAGORIZING COMMON SECURITY ERRORS: Not considering Technology, Processes, and People within your BAU Not checking Default access to sensitive data and Building Business Justification Not mapping users to BAUs 1 PRIORITIZE HIGH-RISK AND VULNERABLE DATA AND ASSETS 2 BROWSER ATTACHMENTS IDENTIFY BAU PROCESSES DATA ACCESS NETWORK ACCESS DOWNLOADS SHAREWARE UPLOADS APPLICATIONS OPENSOURCE SOCIAL 3 ASSIGN TRUST TO BAU PROCESSES BY BUSINESS JUSTIFICATION IT-Driven Trust Trusted Updater (e.g., SCCM, Chrome) Trusted Directory (e.g., \\gold_dir) Trusted Publisher (e.g., Mozilla) Trusted User (e.g., help_desk) CLOUD-Driven Trust Threat intelligence Risk ratings Automatically approves reputable software Permissions Role-based User approval IT approval Do not let run 26 PRIORITIZE ASSETS AND PROCESSES BY RISK

Detect COMMON SECURITY ERRORS: CONTROLS: MONITOR AND COLLECT INTELLIGENCE Collect without context or classification Not focusing on high-risk assets Not following the critical data Not taking your BAUs and building your monitoring strategy on the front end Event COLLECTION File modifications Cross-process events Event BEHAVIORS Registry modifications WATCH AND RECORD EVERYTHING BUT FOLLOW THE CRITICAL DATA File executions ENFORCE Policy Copy of every executed binary Network connections Event ANALYTICS 27

ATTACK PREVENTED Protect COMMON SECURITY ERRORS: 1 CONTROLS: PROTECTION AND ACCESS CONTROLS Relying only on negative security Point in Time defense strategies Inability to get to root cause of an event C A P T U R E E V E N T S 2 T A G E V E N T S 3 DATA EVENT RISK PROFILE A N A L Y Z E & P R E V E N T 28

Respond CONTROLS: THREAT MITIGATION AND REMEDIATION COMMON SECURITY ERRORS: Sifting through large amounts of data to gather in-scope information Not assigning alerts to change-detection events Analyzing all change 1 2 3 Filter out irrelevant changes on the front end Focus on authorized critical changes Scope out large amounts of data on in-scope Monitor log files for better audit and chain of custody USER BEHAVIOR, IOC S, UNWANTED CHANGES CONTROL AND PROVE ENFORCEMENT CONTROL Change Access Privilege 29 Create a scorecard with a prioritized approach to close gaps in your data security policy

Recover CONTROLS: ASSESS RISK AND CLOSE GAPS PHASE 1 Preparation PHASE 2 Active Breach PHASE 3 Response/Fallout Recon Weapon Exploit Deliver Install Command & Control Action(s) on Target Conform assets Protect data integrity Proactively monitor critical systems Threat mitigation Enforce security and compliance policy 30 CLOSE THE GAPS

The state of The industry (The Threatscape) Statistics and Observations Apply Security Control measurement to obtain cyber clarity. Frameworks and Scorecards that can help reduce threats while bosting data and security accountability 31 I 2016 Carbon Black. All Rights Reserved. I CONFIDENTIAL

CYBER SECURITY SCORECARD Merge Paradigm shift to close the SECURITY gap Measure across the CYBER KILL CHAIN Enforce policy throughout the kill chain Continuously mitigate threats Monitor assets based on policy Combine pos/neg security to detect threats Assign trust rating & policy Emphasize the data Classify assets by BAUs 32

TECHNICAL CONTROL SOLUTION FRAMEWORK Security Assurance Maturity Curve Security Compliance Maturity - File and network Integrity monitoring and control - Anti-malware - Positive and negative security - Forensics and IR technologies - Penetration testing - Vulnerability analysis - Attack simulation - Enforce framework or regulatory policy - Remediate deltas - Classification - Targeting gaps - Introduction with framework Time 33

DOCUMENTING YOU CYBER RISK TOLERANCE Cyber Risk Impact Tolerance Action Articulate Organization Data Security Risks Loss of customer data Business reputation Very low Prioritize and fix Loss of IP Competitive edge None Fix immediately Loss of business continuity Profitability targets Very low Prioritize and fix Web defacement / denial of service Customer experience Acceptable w/ sr. mgmt. approval Review and prioritize Loss of data integrity Internal apps and data None Fix immediately 34

35 RISK MATURITY MATRIX

IT OPERATIONS AND SECURITY MATURITY SCORECARD EXAMPLE - ISO ISO Control 0 1 2 3 4 5 Risk Management Policy Organization Asset Management Communications / Operations Access Control Legend: 0 - Non Existent 1 - Initial 2 - Repeatable 3 - Defined 4 - Managed 5 - Optimized Threat Protection and Development Incident Management Business Continuity 36

MINIMIZE GDPR RISK: FOCUS ON QUICK WINS GDPR CONCENTRATION AREAS PURPOSE UNDERSTAND YOUR DATA MONITOR AND CONTROL DATA ACCESS Data Process Clarity Continuous Assessment and audit of data and systems Detection, reporting, and investigation of a personal or corporate data incident Enact Privacy Impact Assessments guided against policy 37 ASSESS DATA SECURITY CONTROLS IMPLEMENT DATA PROTECTION IMPACT ASSESSMENTS

The state of The industry (The Threatscape) Statistics and Observations Apply Security Control measurement to obtain cyber clarity. Frameworks and Scorecards that can help reduce threats while bosting data and security accountability 38 I 2016 Carbon Black. All Rights Reserved. I CONFIDENTIAL

39 www.carbonblack.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback