NIST Cybersecurity Framework Protect / Maintenance and Protective Technology

Similar documents
Cybersecurity and Hospitals: A Board Perspective

Defense in Depth Security in the Enterprise

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

The Common Controls Framework BY ADOBE

ANATOMY OF AN ATTACK!

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

CYBERSECURITY. Recent OCR Actions & Cyber Awareness Newsletters. Claire C. Rosston

Securing Industrial Control Systems

Medical Device Cybersecurity: FDA Perspective

Cybersecurity Today Avoid Becoming a News Headline

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Why you should adopt the NIST Cybersecurity Framework

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA

CHIEF INFORMATION OFFICER

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

PCI DSS Addressing Cyber-Security Threats. ETCAA June Gabriel Leperlier

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Cybersecurity for Health Care Providers

2015 HFMA What Healthcare Can Learn from the Banking Industry

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

FDA & Medical Device Cybersecurity

K12 Cybersecurity Roadmap

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

10 FOCUS AREAS FOR BREACH PREVENTION

Protecting your next investment: The importance of cybersecurity due diligence

MODERN MALWARE, MODERN DEFENSES AND PROTECTION

Cybersecurity Panel: Cutting through Cybersecurity Hype with Practical Tips to Protect your Bank

Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud

How to Improve Your. Cyber Health. Cybersecurity Ten Best Practices For a Healthy Network

Choosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

NIST Special Publication

CYBERSECURITY RISK LOWERING CHECKLIST

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Express Monitoring 2019

Keys to a more secure data environment

New Jersey Association of School Business Officials Information Security K-12. June 5, 2014

INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER

Cybersecurity The Evolving Landscape

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

Carbon Black PCI Compliance Mapping Checklist

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Emerging Issues: Cybersecurity. Directors College 2015

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Must Have Items for Your Cybersecurity or IT Budget in 2018

Cybersecurity Auditing in an Unsecure World

Strategy is Key: How to Successfully Defend and Protect. Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare

Juniper Vendor Security Requirements

Intrusion Attempt Who's Knocking Your Door

Designing and Building a Cybersecurity Program

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

Standard CIP Cyber Security Systems Security Management

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Vulnerability Management Policy

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Heavy Vehicle Cyber Security Bulletin

Cybersecurity for Service Providers

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA

Healthcare HIPAA and Cybersecurity Update

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

What It Takes to be a CISO in 2017

Restech. User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS

Tripwire State of Cyber Hygiene Report

Addressing the elephant in the operating room: a look at medical device security programs

Projectplace: A Secure Project Collaboration Solution

Cyber Attacks & Breaches It s not if, it s When

Defensible and Beyond

Managing EUC Threats. 3 Simple Ways To Improve Endpoint SECURITY

Business continuity management and cyber resiliency

Mapping BeyondTrust Solutions to

NYS DFS Cybersecurity Requirements. Stephen Head Senior Manager Risk Advisory Services

Best Practices in Securing a Multicloud World

HIPAA Assessment. Prepared For: ABC Medical Center Prepared By: Compliance Department

PCI Compliance Assessment Module with Inspector

TestBraindump. Latest test braindump, braindump actual test

The emerging battle between Cyber Defense and Cybercrime: How Technology is changing to keep Company and HR data safe

CISO as Change Agent: Getting to Yes

Automating the Top 20 CIS Critical Security Controls

Security by Default: Enabling Transformation Through Cyber Resilience

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

CIS Controls Measures and Metrics for Version 7

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Security Issues and Best Practices for Water Facilities

Shifting focus: Internet of Things (IoT) from the security manufacturer's perspective

Recommendations for Implementing an Information Security Framework for Life Science Organizations

Transcription:

NIST Cybersecurity Framework Protect / Maintenance and Protective Technology

Presenter Charles Ritchie CISSP, CISA, CISM, GSEC, GCED, GSNA, +6 Information Security Officer IT experience spanning two centuries

Agenda Continue with the Protect core function Maintenance - two subcategories Protective Technology - four subcategories Focus is on basic security hygiene, not bleeding edge security tools and techniques

There are many frameworks and theories that we can leverage The point is to have some kind of a framework, and to insure its completeness, depending on your industry and current IT situation Brandon R. Williams, ISSA Distinguished Fellow

Maintenance

Maintenance Maintenance and repair of industrial control and information system components is performed consistent with policies and procedures

Maintenance MA-1 MA-2 Maintenance and repair of organizational assets is performed and logged in a timely manner, with approved and controlled tools Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access

In the news Medical Devices Could be Used as Point of Entry into Healthcare Networks May 25, 2016 The US Department of Veterans Affairs (VA) deputy director of health information security told Nextgov that attackers are more likely to break into Internet-connected medical devices to gain access to a hospital network than to disrupt a patient's treatment. Medical records are a valuable commodity on the data black market. Medical devices are not as readily patched as computers and phones. Lynette Sherrill also said that her agency removes devices that are found to be infected with malware, even if it means cancelling appointments.

Maintenance Includes all types of maintenance to all components System software, business applications Network devices, scanners, copiers, printers Firmware, industrial control systems Also addresses who is performing the maintenance, maintenance tools, and remote access

Relevance Known vulnerabilities cause 44 percent of all data breaches 1 Old vulnerabilities are a favorite tool among malicious actors 2 2015 report: companies take 100 to 120 days to patch 3 Infrastructure components can have critical vulnerabilities too 1 The Game Plan for Closing the SecOps Gap, BMC, 2016 2 2016 Verizon Data Breach Investigations Report 3 How the Rise in Non-Targeted Attacks Has Widened the Remediation Gap, Kenna

Relevance Advisory (ICSA-16-154-01) GE MultiLink Series Hard-coded Credential Vulnerability Original release date: June 02, 2016 OVERVIEW GE has identified a hard-coded credential vulnerability in GE s MultiLink series managed switches. GE has produced new firmware versions to mitigate this vulnerability. This vulnerability could be exploited remotely. IMPACT Exploitation of this vulnerability may allow an attacker to gain unauthorized administrative access to device configurations resulting in exposure and control of all configuration options available through the web interface. BACKGROUND The affected products, Multilink series switches, are managed Ethernet switches designed specifically for use in industrial facilities, substations, and transportation environments. According to GE, the Multilink series switches are deployed across several sectors including Critical Manufacturing, Energy, and Water and Wastewater Systems. GE estimates that these products are used worldwide.

Recommendations Inventory all IP-addressible systems - not just servers Establish maintenance procedures for each type Audit the inventory and whether maintenance is taking place per the procedure Monitor industry sources (vendors, US-CERT) Scan frequently for vulnerabilities; remediate ASAP

Protective Technology

Protective Technology Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements

Protective Technology PT-1 PT-2 PT-3 PT-4 Audit/log records are determined, documented, implemented, and reviewed in accordance with policy Removable media is protected and its use restricted according to policy Access to systems and assets is controlled, incorporating the principle of least functionality Communications and control networks are protected

Protective Technology Audit / log records are critical to any security program Log relevant events from all systems Capture all relevant information about these events: what, when, who, etc. Use automation to collect, protect, and analyze logs, and produce logbased reports Retain log data in support of investigations

In the news Taobao s Security Breach from a Log Perspective February 10, 2016 Taobao.com, one of the world s top 10 most visited websites, just faced what seems like a brute force attack of staggering proportions on its user accounts. Taobao is a Chinese buying-and-selling site owned by China s online giant, Alibaba, and offers a consumer-to-consumer (C2C) retail platform, where users are not buying from the website but through sellers offering their goods on it. It seems the attackers didn t attempt to breach Taobao s own systems but used a very large database of usernames and passwords that stem from previous hacks of various other web sites. They then used these credentials for massive automated login attempts to Taobao.com. Because many people use the same name and password on different web sites, a number of these login attempts were successful. What makes this particular case special is the dimension: Reports say the hackers executed approximately 100 million login attempts, and almost 21 million of these turned out to be successful.

Protective Technology Protect removable media and restrict its use according to policy Lost external media has been the cause of multiple significant data breaches USB drives can be used to bypass enterprise controls, even infecting air gapped systems Technical controls can restrict the use of USB storage If allowed, require encryption and AV scans

Protective Technology Control access to systems and assets, incorporating the principle of least functionality Any access to any system creates some risk Privileged access (e.g., admin accounts) entail far more risk than typical user privileges Remote access and other factors add to this risk Remote access, unnecessary access, and access by too many individuals unnecessarily increases business risk

Protective Technology Access to systems or assets should: Have a business justification, and approval by the owner Provide individual accountability Require appropriate authentication: multi-factor, complex passwords Be reviewed at least annually, and revoked immediately when no longer needed

Protective Technology Protect communications and control networks Technologies include firewalls, proxy servers, VPN, intrusion detection, and more Perimeter defense challenged by BYOD Avoid single points of failure Restrict access to control networks, admin functions Include in maintenance plans as well as DR plans

Protective Technology Encryption notes When in doubt, encrypt communications No encryption or weak encryption can allow information to be intercepted, including credentials Eliminate insecure protocols: telnet, ftp, etc. Encryption technologies continue to evolve; be prepared to upgrade/enhance your controls

Summary

We need to make sure our proactive measures in anticipation of a breach get better and more mature. Randy V. Sabett, Cybersecurity Attorney

Summary The Protect function focuses on developing and implementing safeguards to ensure delivery of critical infrastructure services Ongoing, timely maintenance addresses a leading cause of data breaches and other incidents Protective technologies support the security and resilience of systems and assets, and contribute to the ability to identify and respond to incidents Use the Cybersecurity Framework to assess your current capabilities and create a plan to improve and maintain these capabilities

Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback