Cyber Information Sharing

Similar documents
Cyber Bounty Hunter. Key capabilities of today s. Renault Ross CISSP,MCSE,VCP5,CHSS Distinguished Engineer Chief Security Business Strategist

Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments

NIST Cybersecurity Testbed for Transportation Systems. CheeYee Tang Electronics Engineer National Institute of Standards and Technology

Opportunities (a.k.a challenges) Interfaces Governance Security boundaries expanded Legacy systems New application Compliance

Acalvio Deception and the NIST Cybersecurity Framework 1.1

Cybersecurity Framework Manufacturing Profile

NIST (NCF) & GDPR to Microsoft Technologies MAP

Securing an IT. Governance, Risk. Management, and Audit

Mapping and Auditing Your DevOps Systems

The Road Ahead for Healthcare Sector: What to Expect in Cybersecurity Session CS6, February 19, 2017 Donna F. Dodson, Chief Cybersecurity Advisor,

Framework for Improving Critical Infrastructure Cybersecurity

Designing & Building a Cybersecurity Program. Based on the NIST Cybersecurity Framework (CSF)

How to Align with the NIST Cybersecurity Framework

Knowledge Set of Attack Surface and Cybersecurity Rating for Firms in a Supply Chain Dr. Shaun Wang, FCAS, CERA

NIST Cybersecurity Framework Based Written Information Security Program (WISP)

Using Metrics to Gain Management Support for Cyber Security Initiatives

Framework for Improving Critical Infrastructure Cybersecurity

K12 Cybersecurity Roadmap

Track 4A: NIST Workshop

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

ISO based Written Information Security Program (WISP) (a)(1)(i) & (a)(3)(i) & (ii) & (A) (A)(5)(ii) & (ii)(a)

Improving Critical Infrastructure Cybersecurity Executive Order Preliminary Cybersecurity Framework

NIST Framework for Improving Critical Infrastructure Cybersecurity Technical Control Automation

Oil & Natural Gas Third Party Collaboration IT Security NIST Profile API ITSS Third Party Collaboration IT Security Workgroup

using COBIT 5 best practices?

In support of this, the Coalition intends to host an event bringing together government and private sector leaders and experts to further discuss this

Designing and Building a Cybersecurity Program

The CIS Critical Security Controls are a relatively small number of prioritized, well-vetted, and supported security actions that organizations can

Cloud Threat Defense. Cloud Security Buyer s Guide Based on the. NIST Cybersecurity Framework

Security Leaders: Manage the Forest Not the Trees. Presented by: Adam Stone Secure Digital Solutions, LLC 15 March :50 pm

Framework for Improving Critical Infrastructure Cybersecurity

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Assurance over Cybersecurity using COBIT 5

Responsible Care Security Code

DevOps, Security, and Compliance WORKING IN UNISON

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

Framework for Improving Critical Infrastructure Cybersecurity

COMPLIANCE BRIEF: NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY S FRAMEWORK FOR IMPROVING CRITICAL INFRASTRUCTURE CYBERSECURITY

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Cybersecurity Roadmap: Global Healthcare Security Architecture

Best Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology

Discussion Draft of the Preliminary Cybersecurity Framework August 28, 2013

Les joies et les peines de la transformation numérique

NCSF Foundation Certification

2014 Communications Sector Year in Review Cybersecurity Risk Management Framework. Sector Year in Review

Altius IT Policy Collection Compliance and Standards Matrix

LESSONS LEARNED IN DEVELOPING CYBERSECURITY FRAMEWORK (CSF) PROFILES WITH INDUSTRY AND THE U.S. COAST GUARD (USCG)

Aligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

The NIST Cybersecurity Framework

Updates to the NIST Cybersecurity Framework

Altius IT Policy Collection Compliance and Standards Matrix

CloudSOC and Security.cloud for Microsoft Office 365

CISO as Change Agent: Getting to Yes

Dear Mr. Games: Please see our submission attached. With kind regards, Aaron

Reinvent Your 2013 Security Management Strategy

Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος

2017 Annual Meeting of Members and Board of Directors Meeting

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Information Warfare Industry Day

Smart Grid Cybersecurity Committee. July 28, 2017

Cyber Resilience. Think18. Felicity March IBM Corporation

Building and Instrumenting the Next- Generation Security Operations Center. Sponsored by

standards and frameworks and controls oh my! Mike Garcia Senior Advisor for Elections Best Practices

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Helping the C-Suite Define Cyber Risk Appetite. The executive Imperative

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

MITIGATE CYBER ATTACK RISK

Effectively Measuring Cybersecurity Improvement: A CSF Use Case

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

Building an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO

Navigate IT Security with a Framework as Your Guide

Using the NIST Cybersecurity Framework to Guide your Security Program August 31, 2017

Changing face of endpoint security

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

HITRUST CSF Roadmap for 2018 and Beyond HITRUST Alliance.

locuz.com SOC Services

Security Metrics Framework

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

SOLUTION BRIEF Virtual CISO

Cybersecurity Threat Modeling ISACA Atlanta Chapter Geek Week Conference

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security

Run the business. Not the risks.

CYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services

Nebraska CERT Conference

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Assessing Your Incident Response Capabilities Do You Have What it Takes?

CompTIA CSA+ Cybersecurity Analyst

SIEM: Five Requirements that Solve the Bigger Business Issues

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Investigative Response Case Metrics Initiative Preliminary findings from 700+ data compromise investigations

SYMANTEC DATA CENTER SECURITY

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

Sirius Security Overview

CYBERSECURITY MATURITY ASSESSMENT

Transcription:

Cyber Information Sharing Renault Ross CISSP, MCSE, CHSS, VCP5 Chief Cybersecurity Business Strategist Ian Schmertzler President

Know Your Team Under Pressure

Trust Your Eyes

Know the Supply Chain

Have Secondary Comms

Do it Right, Make it Here

ENDPOINT Security settings changes Network connections Successful / failed logins Sensitive docs accessed Process behaviors FIREWALL Inbound network traffic Outbound network traffic Protocol tunneling activity Administrative activity Inbound network traffic GATEWAY Email metadata Source email server identity Web connection history Inbound attachments Outbound attachments SERVER Administrative activity Network connections Successful / failed logins Sensitive docs accessed Compliance status

BETTER PROTECTION + REMEDIATION BETTER PROTECTION + REMEDIATION BETTER PROTECTION + REMEDIATION BETTER PROTECTION + REMEDIATION

BENCHMARKING ACROSS PEERS INDUSTRY TARGETED ATTACK CAMPAIGNS GLOBALLY INFORMED SOLUTION SETTINGS ENDLESS USE CASES

TODAY BUILD/ACQUIRE TOMORROW PARTNER COLLECT APP EXCHANGE SOCIAL PLATFORM UNIFIED INCIDENT MGMT. INCIDENT INVESTIGATION INTERACTIVE ANALYTICS RISK ANALYSIS

Information Sharing APP Exchange? Logged In Joe Admin InfoSec Admin, Company 1 APPS Top Rated FREE TRIAL Secure App News Recently Viewed Top Rated New Releases By Industry By Category Load Look Level2 Studio C&C Detector Nova Software Target Sweep GO Getit EX 17Sep2014 Load Look by Level2 Studio, advances to the next level of protection. 17Sep2014 10 new compliance apps added. 16Sep2014 Nova Software contributes robust C&C Detection tool. Developer Zone FREE TRIAL 16Sep2014 Supercoil Software enhances security prioritization and checklist features. Developer Tool Package News Archive >> Q&A Database Message Board Remotecontrol Elipse Strategy Termin8er Supercoil Software Secure Check Supercoil Software 1h Check out our latest development utilizing aggregated risk analysis tolerance feedback Super Coil Software 1D Dashboard elite is not all it s cracked up to be, we ve hit snags with the custom navigation integration module. Joe

Information Sharing Social Platform? Logged In Joe Admin InfoSec Admin, Company 1 Update My Status Trending Joe Admin We are seeing a lot of instances of foo.exe on our endpoints. Where is it coming from? All POST Contacts Groups Joe Admin Software Developer Verified 3 hours ago We are seeing a lot of instances of foo.exe on our endpoints. Where is it coming from? Upcoming Events Interests Source: 172.16.254.1 IP Address Lisa Andrews Manufacturing CISOs 2 hours ago Type: Verified Yes. I saw it a few weeks ago. seems to be related to the earlier attack. I ll ask Dave to send you a source IP we have associated with that executable. Origin: Unknown Dave Admin Manufacturing Admin 1 hours ago Forensic results: Verified Hi Joe, we have traced the origin of foo.exe to the following IP: 172.16.254.1 Connection from SAM_WIN8/SPY.EXE to 172.16.254.1 at 6:18:08 pm on 10/6/14 File TED_WIN7/BOT.EXE retrieved from 172.16.254.1 at 8:20:10 am on 10/24/14 Connection from SALLY_ANDROID_1 to 172.16.254.1 at 4:24:08 pm on 11/6/14 Recommended

STARTING POINT CSF NIST ADOPTION Copyright 2017 Symantec Corporation 14

CSF FUNCTIONS BUILD PROFILE Core Functions ID Identify What assets need protection? PR Protect What safeguards are available? DE Detect What techniques can identify incidents? RS Respond What techniques can contain impacts of incidents? RC Recover What techniques can restore capabilities? Copyright 2017 Symantec Corporation 9

UNDERSTAND YOUR MATURITY: SELF ASSESSMENT LED IDENTIFY ID.BE Organization ID.AM Asset Mgt. ID.RA Risk Assessment ID.RM Risk Strategy Mgt ID.GV Governance PROTECT PR.AT Awareness Training PR.AC Access Control PR.DS Data Security PR.IP Info Processes &, Procedures DETECT DE.AE Anomalies & Events DE.CM Continuous Monitoring DE.DP Detection Processes RESPOND RS.RP Response Planning RS.CO Response Communications RS.AN Response Analysis RS.MI Response Mitigation RS.IM Response Improvements RECOVER RC.RP Recovery Planning RC.IM Recovery Improvements RC.CO Recovery Communications Not At All Planned Partially Mostly In Place Optimized

The image part with relationship ID rid3 was not found in the file. This image cannot currently be displayed. WHERE AM I 6 Fxn. Cat. Sub. Current Profile Fxn. Cat. Sub. Target Profile ID.AM 1 Tier 1 ID.AM 1 Tier 4 ID.AM 2 Tier 1 ID.AM 2 Tier 4 ID ID.AM ID.AM 3 ID.AM 4 ID.AM 5 Tier 2 Unused Tier 4 Enables a prioritized action plan ID ID.AM ID.AM 3 ID.AM 4 ID.AM 5 Tier 2 Unused Tier 4 ID.AM 6 Tier 3 ID.AM 6 Tier 3

HOW CAN I ALIGN WITH BEST PRACTICES Core Function Category Subcategory Informative References Respond (RS) Response Planning (RS.RP): COBIT 5 BAI01.10 RS.RP 1: Response CCS CSC 18 plan is executed during ISA 62443 2 1:2009 4.3.4.5.1 or after an event ISO/IEC 27001:2013 A.16.1.5 NIST SP 800 53 Rev. 4 CP 2, CP 10, IR 4, IR 8 Copyright 2017 Symantec Corporation 10

INFORMATIVE REFERENCES Core Copyright 2017 Symantec Corporation 10

ENTERPRISE TOOLKIT: A Mature Compliance and Security Model Business Strategy and Governance driving Security Operations Governance (security, privacy, compliance) Information Risk Management & Reporting GRC Dashboards Security Policies and procedures Awareness and Training GRC Standards & UA Security Team Structure, Roles & Responsibilities GRC Policy Business Strategy and Governance Secure Info Access Information Protection Infrastructure Management Information Risk Management & Reporting GRC Dashboards Information Risk Management & Reporting GRC Dashboards Information Risk Management & Reporting GRC Dashboards Digital Trust High Assurance PKI Data Loss Controls Data Classification Strategic GRC Policy LOA3 Configuration & Patch Management Sys Integrity & Lockdown HIPS EPM Identity Management Authentication Encryption Electronic Discovery Tactical DLP Inventory & Asset Management Mobility & Wireless. CASB Mobile 2FA EPM ENC On Going Compliance and Security Operations Infrastructure Protection Information Risk Management & Reporting GRC Dashboards Logging & Monitoring Malicious Code Protection Security Intelligence ATP IR Retainer MSSP Secure Network Design Network Perimeter Security EDR PEN Test

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback