Transcription
Discussion Paneldataprise.com #WinningWithIT
Agenda KeynotefromCharlesAmes AssessWorkshop ProtectWorkshop DetectWorkshop RespondWorkshop
Dataprise CSIL MethodologyASSESSIdentifying critical business assets and associated risksPROTECTProtecting critical assets with protective network security solutionsDETECTDetecting network security events through continuous monitoringof the networkRESPONDResponding quickly to minimize the impact of network securityevents
Meet Keynote SpeakerCharles AmesChief Information Security Officer, State of Maryland
Somedays it just feels so
How much is enough?Chuck AmesDirector of Maryland CybersecurityDepartment of Information TechnologyMARYLAND DEPARTMENT OF INFORMATION TECHNOLOGY
Attributes of ‘enough’Rules of ThumbIdentified Business RiskDescriptive!“10% of the IT Budget”!Mix of risks!Engaged!Pass Compliance Audits!Mitigation plans!Modern!What legislation requires!Biggest surfaces secured!Responsive!Security is my #1 priority!Most important datasecure!Professional
Security: where risk meets budget and timing, and youare right about all three? Naw, but its just 5 easy steps!!DR/Restoration: know the businessand how to survive!Mitigate risk and Incident Response:what to fix, who to call!Who are the users?!97% of breaches used legitimate thirdparty access (Vz 2016)!What devices are they using?!85% of exploits mitigated by removingadmin rights (Msft 2016)!What ports and protocols did youleave open?!90% of attacks start w/ email (Feye 2016)
Cybersecurity challengesThe Home Depot53 million email addressesand 56 million credit cardsAttackers used stolen vendorcredential to access critical systems21m governmentemployeesidentities stolenOPM did not maintaina comprehensiveinventory of servers,databases and networkdevicesAttackers exploitCyber attack could cost as76 Million Householdsvulnerableendpoints,much as 100 millionaffectedmoveacrossbigDisabled the antivirus in the targeteasilyHackerstook overa remote servermachines without detectionthe bank failed to properly updateflat networks“44 percent of known breachescame from vulnerabilities that80m customer records11m customers’ medicalare2to4 years old”stolenand financial data stolenHP Cyber Risk Report 2015“Suspicious” administrator activitywent unnoticed for monthsPremera’s network securityprocedures were inadequate
A sophisticated attack looks like this:
The ask:
Establishing a Cyber Secure Maryland, CurrentOperations
dataprise.com #WinningWithIT
Agenda Introduction Key Thoughts Goals & Outcomes Solutions Questions & Answers
Meet the PresenterSean FerraraVirtual Chief Information Security OfficerDataprise
Key Thought“We believed we were doingthings ahead of the industry.We thought we were wellpositioned.”- Frank Blake, Chairman of Home Depot
Key ThoughtHome Depot Breach Over 50,000,000 credit cardnumbers stolen Over 40,000,000 inremediation cost Litigation costs still pending
What’s the Take AwaySecurity is not JUST an ITproblem.
Ask OurselvesAre we Defendable? Make yourself and your organization defendable tomalicious individuals and groups, defendable in court,defendable to regulatory action, and defendable to yourbrand, both personal and organizationalAre we Resilient? A resilient organization meets its commitments andobjectives with consistency and predictability in the faceof changing risk environments and potential disruptions.
QuestionIs Your Organization Defendable?Is Your Organization Resilient? What do we need to know, andwhat do we need to do, to beable to answer: Yes
Know Your ustodiansofacommoditythatcanbemoneBzed IdenBtyinformaBon(EmployeeandConsumer) tainmentaccounts,etc.)
Threats Change Over Time“TheThreatBalloon”Cyber- c8ve”targets.
Threats Change Over ior.
Threats Change Over hedefense.
GoalsIf you don’t know where you are, howwill you know where you are going orwhen you will get there? Baseline State where you are Target State where you are going Roadmap how/when you will get there
GoalsTo develop the organizationalunderstanding to managecybersecurity risk to systems,assets, data, and capabilities.
GoalsIn order to effectively managerisk, you must first know: What you have (HW/SW) How critical/valuable it is to yourorganization (and to others) The threat landscape How should you protect it
GoalsYour organization should be able toplace a value on each informationasset it owns. How much did it cost to create or acquire? How much would it cost to recreate or recover? How much does it cost to maintain? How much is it worth to the organization? How much is it worth to the competition?
Assessment Solutions Security Gap Assessment Information Security Policy Analysis & Creation Internal Vulnerability Assessment External Vulnerability Assessment Hardware/Software Inventory Assessment Preliminary Security Risk Assessment PCI Baseline Analysis Data Classification Schema Personally Identifiable Information (PII) Scan
otectitappropriately.
Questions?
dataprise.com #WinningWithIT
Agenda Introduction Key Thoughts Goals & Outcomes Solutions Questions & Answers
Meet the PresenterTim Foley, CISSPSr. Manager of Information Security & Strategic Consulting at Dataprise
Key Thought“There are risks and coststo a program of action—but they are far less thanthe long-range cost ofcomfortable inaction.”-John F. Kennedy
Goals To develop and implementthe appropriate safeguards toensure delivery of services,through the protection ofassets. Layered defenses aka“Defense in Depth”
Security 1.0 vs Security 2.0Security 1.0Security 2.0 Anti-Virus Proactive Security Monitoring Patching Security Log Aggregation,Correlation, and Review Firewall Threat Management andMitigation Security Awareness Training Next-Gen AV
CIA TriadThe CIA Triad: Confidentiality Integrity Availability
CIO versus CISOSame Goal Different PrioritiesCIOCISOITIL - Snapshot of InfrastructureCSIL – Cyber Security Intelligence LifecycleLine of Business ApplicationsRisk ManagementOperations ManagementThreat ManagementTechnology TrendsCompliance & Audit ChecksBudget GenerationsSecurity Impact AnalysisBusiness Continuity Planning / DRMitigation and Root CauseManagement & MonitoringIncident Response & ManagementUser ProvisioningSecurity Awareness & Training Programs
Layers of Defense in Depth
Layered Solutions Anti-Virus Security Awareness Training Firewall/FaaS Windows Patching Phishing Campaigns Next Gen Anti-Virus/Malware detection Application/OS patching Offsite Backups Application Whitelisting SIEM (Security Information and Event Management) SOC (Security Operations Center)
Questions?
dataprise.com #WinningWithIT
Agenda Introduction Importance of Data Acquisition Consequence of Not Collecting Data Solutions Questions and Answers
Meet the workshop enVaultDatapriseWorkshop Location: Motherboard
Importance of Data Acquisition“There are so many victimsbecause so few know the riskor the early warning signs.You simply can’t stop whatyou can’t see.”-Joe Payne
Consequences of Not Collecting Data In 2015, it took the average organization 146days to detect a data breach. And this is just the time to discovery of acompromise, not the resolution. Is thisacceptable to your organization? Cost to business is not only the cyberattackitself, but also the cumulative “dwell period.” The majority of breached organizations werenotified of incidents by an “outside entity,” usuallylaw enforcement.*According to the M-Trends 2016 report published by FireEye
Why Do I Collect This Data? What’s driving the need? The business need forenhanced transparency to drivebetter business decisions. Regulatory/compliancerequirements Peace of mind Increased speed of response
Where Does This Data Come From? Databases Firewalls Intrusion Detection (Network/Host) Wireless Access Points Servers, Workstations Routers, Switches BYOD
Where Does This Data Go?
Alarms & Analysis SystemCompromise Exploitation &Installation Reconnaissance &Probing EnvironmentalAwareness
OTX Threat Intelligence
Solutions USM (Unified Security Management) SIEM (Security Information and Event Management) Behavioral Analytics IDS (Intrusion Detection System) HIDS (Host Intrusion Detection System) SOC (Security Operations Center) Periodic Security Log Review
Questions?
dataprise.com #WinningWithIT
Meet the PresenterTim Foley, CISSPSr. Manager of Information Security & Strategic ConsultingDataprise
Agenda Introduction Video Key Thoughts Goals & Outcomes Solutions Questions and Answers
Key Thought“You’re going to behacked. Have a plan.”-Joseph Demarest, Jr. (Asst.Director, FBI Cyber Division)
Key ThoughtThey are Too Big to Fail, are youtoo small to recover? Target, Home Depot, Anthem What about me?
Business Impact Monetary breacho Legal/ Complianceo PII Reputationo Credibility
GoalsThe3Rs: RESPOND REMEDIATE RECOVER
The 3 R’sRESPOND:Having a plan to respondeffectively to incidents as theyarise, and the resources/expertiseto do so with confidence.
The 3 R’sREMEDIATE:The act or process of correcting anundesirable situation or repairingone that is deficient.
The 3 R’sRECOVER:The process of returning to anormal state of businessoperations.
OutcomesActivities are performed toprevent expansion of an event(respond), mitigate its effects(remediate), and return tonormal operations (recover).
Solutions Incident Response Program Business Continuity Planning (BCP) Business Impact Analysis (BIA) Disaster Recovery Planning (DRP) Forensics Investigation/Remediation Vulnerability Remediation Activities Managed Remote Backups (MRB)
Questions?
CIO versus CISO Same Goal Different Priorities ' CIO ' CISO ITIL - Snapshot of Infrastructure CSIL - Cyber Security Intelligence Lifecycle Line of Business Applications Risk Management