Cutting through the fog of cybersecurity

Size: px
Start display at page:

Download "Cutting through the fog of cybersecurity"

Transcription

1 SD ISC2 SD IEEE Cutting through the fog of cybersecurity Preparing security operators for what REALLY matters in Cyber! Mike Davis, ElecEngr / MSEE, CISSP / CISO, MA Mgmt, SysEngr Cyber Security / Risk Management Consultant (enthusiast!) Mike.davis.sd@gmail.com easy button Doug Magedman MS Cybersecurity and IA, MS OA/HSI, BS-BME, SPAWAR HQ Technical Authority dougmagedman@hotmail.com Cyber Workforce Bottom Line: Small businesses are the backbone of USA they need security operators, not ninjas! Those with a Security+ / SSCP knowledge ands skills that minimize 95% of all incidents.

2 Cutting through the CyberSecurity Fog! B.L.U.F. Bottom Line Up Front The threats are very real, and the news shows a small percentage It does not just happen to the other guy YOU WILL be / ARE affected. You can not buy cyber security, you must manage cyber many parts. The standard IA/Security suite is pretty good IF maintained well in operation Focus on business risk reduction and minimizing legal liabilities Adequate cyber protections are but one part so is insurance P6 principles still applies as does strategic partnerships Few can afford to go it alone use a managed security service (MSS) Don t fix cracks in the cyber walls, while the barn door is open! Keeping your cyber suite well maintained cuts incidents by 95%

3 Cyber Workforce Chasm 1 - Companies say they can not find qualified cyber workers (e.g., a non specific request) 2 - Educational entities / institutions providing decent levels of degreed / certified people. So why is there a communication chasm between supply and demand? Any cyber educational effort must address three aspects of providing cyber skills: 1 Cyber qualified workers come in MANY types and levels - not one cyber guy (32 levels by NIST s NICE Cyber Ed framework (#) / and the volume need is at mid / entry level ) 2 - Fix the notion that people with degrees / certifications do not have useable skills 3 Cyber workforce conversant in risk management (impacts that their actions cause) Cyber education providers must educate the hiring managers to close the gap! # = NIST / NICE National Cybersecurity Workforce Framework

4 First, so what does matter in Cyber? CYBER is fundamentally all about TRUST and DATA ( Identity, authentication, secure comms - -- provenance, quality, pedigree, assured) It s NOT about expensive new cyber capabilities / toys but more about the interoperability glue (distributed trust, resiliency, automation, profiles) 90+% of security incidents are from lack of doing the basics! USE effective Security Continuous Monitoring (SCM / SIEM) a MUST DO! With enforced: cyber hygiene, enterprise access control, & reduced complexity (APLs) Shift from only protecting the network, to the DATA security itself information centric view Embrace your Risk Management Plan (RMP) LIVE IT! Have an enforceable security policy what is allowed / not train to it KNOW your baseline - Protect the business from the unknown risks as well Employ a due diligence level of security then manage & transfer residual risks! You can NOT buy cyber, so do the cyber BASICS well!!! An achievable 90-95% reduction in security incidents stabilize the environment!

5 What MUST we do in Cyber? The BASICS at least manage the top NSA 10 / SANS 20 mitigations! (How about just DOING the Cyber Hygiene Campaign (*) top 5 actions!) (e.g., 1 &2 - Inventory SW & HW, 3 - Secure CM, 4 SCM/SIEM & 5 - enforce least privileges The toolkits available are: Count, Configure, Control, Patch and Repeat ) * * Close the cyber barn door first, versus fixing cracks in the wall! Follow the Hierarchy of Cyber needs mitigate, manage your way up RE: Enforce hygiene, effective access control, use APLs, proactive security policy etc. (*) ) * cyber cracks at most 5% Lack of cyber hygiene causes well over 90+% of all security incidents! 5

6 Cyber Security is Complex from a Technical Perspective What factors must be addressed in A Cyber Operator Course? What does it take to minimize the 95% of most security incidents! DAC HIPPA VPN SSL SOX IPSEC SaaS FIPS Token Biometrics XML Gateways PKI Thin Clients H/W Crypto Kerberos Digital Certificate Trusted OS Wireless Cyber Security (From an IBM security brief) Compliance Secure Blades Cloud Guards Hardening Secure Collaboration RSBAC

7 IA/Security Axioms to consider / accommodate / educate Security and complexity are often inversely proportional. Security and usability are often inversely proportional. Good security now is better than perfect security never. A false sense of security is worse than a true sense of insecurity. Your security is only as strong as your weakest link. It is best to concentrate on known, probable threats, first Work through all these in your Risk Management Plan! Security is an investment (insurance), not an expense with an RoI Security is directly related to the education and ethics of your users. Security is a people problem users stimulate problems, at all levels. Security through obscurity is weak & We can NOT always add security later Who says what we MUST DO? From a business DUE CARE / due diligence level Collectively: NIST NSA SANS etc - the following slides provide details 7

8 NIST s absolutely necessary Security activities NIST - National Institute of Standards and Technology Protect information/systems/networks from damage by viruses, spyware, and other malicious code. (IA suite, A/V, etc) Provide security for your Internet connection / ISP Install and activate software firewalls on all your business systems Patch your operating systems and applications Make backup copies of important business data/information Control physical access to your computers and network components Secure your wireless access point and networks Train your employees in basic security principles Require individual user accounts for each employee on business computers and for business applications Limit employee access to data and information, and limit authority to install software While these are the KEY cyber activates, there are more to accommodate in a due diligence cyber state. Integrated into the Key Hierarchy of needs activities 8

9 NIST s Highly Recommended Practices Policy / practice for attachments and requests for sensitive information Policy / practice for web links in , instant messages, social media, or other means Policy / practice for popup windows and other hacker tricks Doing online business and secure banking Recommended personnel practices in hiring employees Security considerations for web surfing, prohibited sites Policy / practice for downloading software from the Internet How to get help with information security when you need it How to dispose of old computers, media and fax machines How to protect against Social Engineering, data loss prevention WHAT, more to do? YES, but most are related to standard IA/CND mitigations... Integrated into the Key Hierarchy of needs activities 9

10 NSA IAD top ten controls 1 - Application whitelisting - only run approved apps (that SysAdmin reviews) 2 - Control Administrative privileges - minimize escalation, enforce least privilege 3 Limit workstation-to-workstation communications thwart the pass-the-hash 4 Use Anti-virus File Reputation Services leverage cloud-based threat databases 5 Enable Anti-Exploitation Features - for example, MS Windows EMET 6 Implement Host Intrusion Prevention System Rules focus on threat behaviors 7 Set a Secure Baseline Configuration layered security, standard images, etc 8 Use Web Domain Name Service (DNS) Reputation Screen URLs, intrusion alerts 9 Use/Leverage Software improvements software / OS upgrade and patch policy 10 Segregate Networks and functions based on role, functionality monitor sections, then isolate when attacked Integrated into the Key Hierarchy of needs activities 10

11 SANS top 20 controls (ver 3) 1: Inventory of Authorized and Unauthorized Devices 2: Inventory of Authorized and Unauthorized Software 3: Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers 4: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches 5: Boundary Defense 6: Maintenance, Monitoring, and Analysis of Security Audit Logs 7: Application Software Security 8: Controlled Use of Administrative Privileges 9: Controlled Access Based on the Need to Know 10: Continuous Vulnerability Assessment and Remediation 11: Account Monitoring and Control 12: Malware Defenses 13: Limitation and Control of Network Ports, Protocols, and Services 14: Wireless Device Control 15: Data Loss Prevention 16: Secure Network Engineering 17: Penetration Tests and Red Team Exercises 18: Incident Response Capability Integrated into the Key Hierarchy of needs activities 19: Data Recovery Capability 20: Security Skills Assessment and Appropriate Training to Fill Gaps 11

12 Top 35 Mitigations At least 85% of the targeted cyber intrusions the Australian Signals Directorate responds to could be prevented by following the Top 4 mitigation strategies : use application whitelisting to help prevent malicious software and other unapproved programs from running patch applications such as PDF readers, Microsoft Office, Java, Flash Player and web browsers patch operating system vulnerabilities minimize the number of users with administrative privileges. Examples of Targeted Cyber Intrusions mitigation strategies : Disable local administrator accounts; Multi factor authentication; Network segmentation and segregation; Application based workstation firewall; Host based Intrusion Detection/Prevention System; Centralized and time synchronized logging; Whitelisted content filtering; Web domain whitelisting for all domains; Workstation application security configuration hardening; User education; Computer configuration management ; Server application security configuration hardening; Antivirus software with up to date signatures; Enforce a strong passphrase policy; ETC; Etc; etc.. Integrated into the Key Hierarchy of needs activities 12

13 Top 25 SW development errors [1] Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [2] Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') [3] Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') [4] Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') [5] Missing Authentication for Critical Function [6] Missing Authorization [7] Use of Hard-coded Credentials [8] Missing Encryption of Sensitive Data [9] Unrestricted Upload of File with Dangerous Type [10] Reliance on Untrusted Inputs in a Security Decision [11]Execution with Unnecessary Privileges [12]Cross-Site Request Forgery (CSRF) [13] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [14] Download of Code Without Integrity Check [15] Incorrect Authorization [16] Inclusion of Functionality from Untrusted Control Sphere [17]Incorrect Permission Assignment for Critical Resource [18] Use of Potentially Dangerous Function [19] Use of a Broken or Risky Cryptographic Algorithm [20]Incorrect Calculation of Buffer Size [21] Improper Restriction of Excessive Authentication Attempts [22] URL Redirection to Untrusted Site ('Open Redirect') [23] Uncontrolled Format String [24] Integer Overflow or Wraparound [25] Use of a One-Way Hash without a Salt Must BUILD IA IN This starts with SW.. AND Applies to Apps / Services Integrated into the Key Hierarchy of needs activities 13

14 Cyber PROCESS Where s your data? Who has it? Is it safe? Recent Symantec Threat Report states that 82% of data that was either lost or stolen could have been avoided if the business followed a simple cyber security plan. The Verizon data breach report stated that 87% of all security incidents could have been easily prevented by implementing known patches/controls published over 6 months earlier Where the security basics are fairly well known, but not implemented well, OR verified 1 Use Strong Passwords and Change Them Regularly Be very aware that - POOR PASSWORDS GIVE A FALSE SENSE OF SECURITY!!! 5 Remove Unused Software and User Accounts; Delete / securely wipe everything on replaced equipment (yes, faxes / copiers too!) 6 Establish Physical Access Controls for KEY Computer Equipment / rooms 7 Create Backups for Important Files, Folders, and Software also store off-site Enforce the Principle of Least Privilege - strict access controls, need to know Develop and use a data centric security approach DLP is good, but more is needed Ensure all staff receive basic online security training and instruction in your policies Take security breaches seriously isolate any compromised systems from the network and involve an IT security professional if necessary to ensure the malware is fully removed Integrated into the Key Hierarchy of needs activities # = Top 12 SMB security recommendations from US Chamber of Commerce Cyber guide 14

15 Cyber POLICY What s your legal, statutory liability? Can you be sued? 2 Be vigilant opening Attachments and Internet Downloads (scan / DMZ?) 10 Access to Sensitive and Confidential Data.. and limit authority to install software 11 Establish and Follow a Security Financial Risk Management Plan (RMP); Maintain Adequate Insurance Coverage 12 Get Technical Expertise and Outside Help When You Need It Make Security Policies a clear, well communicated and enforced priority Ensure all compliance aspects are supported by policy, tools, users and management, as it s more that just an audit process (PCI, SOX, HIPAA, etc) Decide whether computers, laptops and software are to be supplied by your company, or by your staff and reflect these decisions in your policies, purchasing and processes Document a simple acceptable-use policy for any computer that is used for company business or media that is used to store or transport company data Create an acceptable password-strength policy and ensure that all computers and other IT equipment are password protected Require that all security incidents are promptly reported and managed to a business stakeholder and formal CERT entity There is a legal perspective of minimal level of security wrt due diligence Integrated into the Key Hierarchy of needs activities 15

16 Cyber Hygiene the many faces of neglect Our IA/CND/Security cyber suite is quite good IF maintained! Equipment settings (FW, A/V, IDS, etc) Monitor / enforce Social media Content & settings Restrict sharing / privileges Incident reporting No incident too small Notify USCERT / FBI Controlled Access Enforce least privilege Separate / rotate duties Security Education ALL levels reinforce Incentivize good vs bad Will lack of cyber hygiene continue to put you at MUCH greater risk? Maintain Cyber Suite Patches, upgrades, etc (compliance == security Standard operating procedures (SOPs) USE / enforce them Know your security baseline AND employ SCM / SIEM Privacy and PII Enforce policy (note - EU is stricter) Forbes top threats for 2013: MOST threats / vulnerabilities have CM / hygiene AND / or access control issues Social Engineering; APTs; Internal Threats; BYOD / mobile malware; HTML5; Botnets; CLOUD infrastructure, & Precision Targeted Malware Integrated into the Key Hierarchy of needs activities

17 Security Main Factors Wow Given ALL these guides - What MUST WE DO? Implement the NIST absolutely necessary elements first and foremost to protect your data (Encryption and back ups) Effective passwords still the bane of basic security and policy is still poor! (tokens / two-factor IA&A should be used for critical data / processes) Securing the client, fortifying the browser buying trusted business apps, services the browser / client is THE largest malware entry point! Minimal security suite: antivirus, firewall, IDS, VPN, connection security Monitoring tools need to manage CM/hygiene, track users / data, provide alerts (SCM/SIEM) supports preplanned SoPs / COOPs, etc Enforce a living security policy quantify actual risks, strict need to know, DATA protection - encryption and access control - minimize IP loss, data loss prevention A robust and adaptive security strategy = risk management plan (RMP) to keep pace with the fast-evolving nature of IT security, including cloud services / SLAs, etc Our Cyber Security operator course collates all these guides and maps Integrated into the Key Hierarchy of needs activities 17

18 Enterprise Risk Management (RM) Focus! + Cyber enabling the RMP make it work effectively + Company Vision (business success factors) Security Policy (mobile, social media, etc) C&A / V&V (effective / automated) Known Baseline (security architecture) CMMI / Sustainment (SoPs / processes) Privacy by Design (manage PII, HIPAA, compliance) ) RM Plan Insider Threat Company Intel (open source, FB, etc) SCM / SIEM (monitor / track / mitigate) MSS / CISO (3 rd party IV&V support) Data Centric Security (DLP, reputation based methods) Cyber insurance (broker & legal council) Education / Training (targeted, JIT, needs / KSA based) Common Business RMP model (re: RMF / COBIT & Risk IT) +++ THIS is the top-level organizational risk focus / support that is KEY +++

19 sensors SO just what are were trying to orchestrate? An integrated Cyber Defense in Depth / Breadth (DiD) EcoSphere using dynamic lag and lead feedback, establish proactive, dynamic CND / IA Defense) Cyber I&W Virtual Storefront NMS / Security Management tools insider threats Defensive assessments Incident results SA ****** (Sensors, CNA/E inputs OpSec, Intel, etc ) Users & CoC threats IA & CND IDS / IPS DLP / etc V&V / C&A I&W / SCM CERT / FBI Red Teams predictive feedback (leading indicators) Change soft settings (takes secs to mins) Upgrades (developed & installed) With big data / predictive analytics / SIEM (near real-time!) (takes days to months ) forensic feedback (lagging indicators) 19 All Security & Privacy capabilities (including IoT) must be well integrated into the cyber system

20 Security Monitor Building a Trusted Cyber Infrastructure an adequately assured, affordable, net-centric environment (built from disparate heterogeneous capabilities that we must integrate into a homogenous cyber ecosphere!) EAL 6 Focus on a few core capabilities & devices = PC, routers, IA suite, Servers, & SANS all with access control Standard IA/CND suite FW, A/V, IDS/IPS, CDS,, etc Treat as a SoS : with high EAL WAN Router IA Suite All connections / communication paths need Assured Identity, Authentication & Authorization Core Router EAL 4-5 Assured IOS Various EAL EAL 4 HW / FW Secure OS kernel Secure Virtual Machine Strict access / ZBAC Servers Distribution Router ALL OSes (MS, Mac, Unix) SANS EAL 5 6 Data centric security Defensive I&W Strict access / ZBAC Network Devices PC End user devices Make IA / CND / security a commodity: Use IA building blocks = APLs/PPLs -> NIAP Interoperability and Compose-ability are built in upfront and help dramatically reduce complexity and ambiguity Thus.establishing known risks & pedigrees: Reduces attack surface, risks / impacts & TOC RFID, MEMS, WSN, sensors, ICS / SCADA, etc EAL 3-4 Secure OS TSM HBSS ZBAC Eval Assur Level (EAL):

21 Vision Course Purpose and Intent Provide the framework / resource for Applied Cybersecurity at the technical level Mission Provide introductory education to promote Cyber Awareness Create a San Diego area consortium for Applied Cybersecurity Education Objectives Seek Industry and Government endorsement (IEEE, ISSA/ISC2, NICE, etc..) Develop a Standard Cyber needs training template / syllabus for ALL to use Community Outreach Develop Targeted Curriculum for Initial Cybersecurity Introduction for SO/HO Develop Targeted Curriculum for Applied Cyber security (Security + level education) Develop Target Curriculum for Advanced Cybersecurity Topics ACMEcyber Applied Cybersecurity Methodologies and Education (ACME) Cyber Solutions 21

22 Why Technical Level Application? IT Professionals lack applied cyber skills Certs and degrees but no practical experience Small/medium sized businesses have needs but no idea of scope or how to get the level of Cyber SME they need Raise awareness for getting basics covered = 95% of problems Availability and cost of training Boot Camp education and certification = book read vs KSAs SANS conference training is out-of-town and costly (sample) SANS Boot Camp for Cyber Essentials - Austin, Tx ($4,895) Where are the local Cybersecurity education resources? UCSD, National University, SDSU Not applied cyber curriculums

23 What are trying to accomplish? Develop urgency for generating professional demand Seed the entry level needs, & know when to call a consultant Establish and create a basic weeklong curriculum Addresses all the basics of Cybersecurity Provides at least the percent defense level Closing the Cyber Barn Door Foster interest in development of Cyber Professionals in SD Teach how to think critically about Cybersecurity Create chefs rather than cooks following recipes

24 Our Cyber Ed Approach Modular Don t have to spend inordinate amount of time searching Just in time training Leverages existing information on Internet Focuses on key considerations (chef) Directs operators to the source of the recipes (cook) Alleviates outdating of material and develops self-sufficiency Cuts Through the Cybersecurity Fog alleviating confusion Fosters understanding rather than procedure Promotes self-efficacy and self -reliance

25 Cyber Education triangle clarifying the fog of cyber security through targeted training Curriculum & Resources Linked / leveraged (on-line, companies, colleges, etc) MS / BS Cyber CISSP / GISP / CISO / etc forensics / ethical hacker / etc Firewall / cloud security/ Crypto & Key mgmt / * Education levels Advanced Targeted Expands the pool for advanced education Small business security course & practicum Security+ and Skills development Awareness Education STEM (grades 7-12) (KEY break point is providing cyber operators!) Foundational ( * = IDS/IPS, anti-virus, wireless, application development, cloud, web/mobile code, mobile, etc )

26 NICE CyberSecurity Workforce Framework 2.0 (lists 30+ types of SMEs!) NSA CAE Accreditation Focus areas NIST SPs & must do requirements SANS top 20 Top 35 Mitigations OWASP top 10 Top 25 SW errors Notional Cyber education roadmap (Authoritative sources, categorized, mapped to CSF) Customer Awareness AND Demand CERT areas / KSAs Grouped & aligned Support key IA needs Align Needs / Areas Clarify / map certs to specific demand areas Target environment Curriculum MAP Objectives Quantified KSAs Cyber Needs Paper Center & align KSAs with security needs to also educate leaders Targeted / focused Trained / proven KSA Cyber Operator NIST / Whitehouse Cybersecurity framework (CSF) foundation Inputs / factors Key artifacts outcome

27 Cyber capabilities KSA decomposition (Objective = Support Business Risk Management prioritized vulnerability reductions) Overall Cyber Security Factors people Main functional Areas / buckets processes products policy (1) Provision Analyze O&M / support Collect Investigate Protect & defend + From NICE framework = (1) functions (2) cyber skills (KSAs) (2) requirements analysis Assessment C&A Security testing Pen testing Security design KEY capabilities / products / processes / methods = KSAs Compliance IA/CND & crypto/key mgmt IA&A Mobile / wireless Tools Policy Network (client / server / router) SW/apps services Web / active code Data O&M/support Sys Admin & CM/hygiene Threats C&A (V&V) RISK Assessment ALL geared to specific positions / types (manager, project lead, Cyber SME / ISSE) And with some aspect of technical level (apprentice, journeyman, master)

28 Hierarchy of Cyber Needs (i.e.. Maslow Triangle and operational / management view) Where if you don t take care of the level before the one you are operating in, focusing on, then your efforts are for the most part mute, as you are in a higher risk status until the earlier level is satisfied! Master Optimized Value 5 Cyber actualization - compliance / assessment / analytics + V&V / TE&C / C&A formal proof -> residual risks -> cyber value proposition + KEY compliance activities PII, PCI, HIPAA, etc + Forensics / ethical hacker + Big data / predictive analytics (integrate SCM / SIEM, IA/CND reports, etc l) + Pen / security testing (of all cyber capabilities, backup, PW, etc) NSA IAD top 10 factors Top 20 security controls Top 35 mitigations Journeyman Operations Apprentice BASICs 4 Applied cyber security (IA / CND / security capabilities best practices) Given the below best practices, cyber protections approach, then distill the key attributes for each IA/CND capability, while following and tailoring for the company s environment the install instructions of the products specific equipment settings for secure sustainment / operations = Firewall, A/V suite, IDS/IPS, Crypto, Key mgmt., Mobile, wireless, Network, apps, data security, etc 3 Cyber Maintenance - security Hygiene / CM / SoPs + Manage Policy - social media - content & settings restrict sharing / privileges = proactive monitoring + Maintain Cyber Security Suite patches, upgrades, etc.. control system settings & dashboard! + Standard operating procedures (SOPs).. USE / enforce them + Security training / education awareness ALL levels reinforce / Incentivize pos & neg 2 Cyber foundation + Access control (PW, CAC, enforce least privilege, separate / rotate duties, etc) + Layered Defense - IA/CND strategy WHAT capabilities are needed + Security Policy (privacy, social media, PII, etc) - enforcement aspects too + Monitoring / Know your baseline SCM / SIEM.. + Tools selection and integration + Business Risk Management / Assessment (RMF / COBIT) / requirements analysis with an AoA 1 Resiliency - Survival / recovery + Secure backup (Types / methods, various sites / levels) + Incident responses (company processes, comms with LE / FBI, etc) + Recovery Plan - COOP / BCP (phases of recovery, hot / mirror site, etc) KSA / practicum based on small business security

29 Execution View of Topics Resiliency Secure Back-up / Processes and Configuration Disaster Recovery Planning Incident Response Contingency Planning Ethics, Laws and Operating Limitations Policy, Guidance and Training Policy Guidance and SOPs Training Cybersecurity Strategy Layered Defense (Defense-in-Depth/ Breadth) Privacy by Design / Data-Centric Security Concept Cybersecurity Toolkit Windows based toolsets Linux Kali Backtrack Installation Command Line Operations Network Mapping Tools and Demos Documenting and Storage Tools Anti-Malware/Antivirus Vulnerability Scanning Nessus Scanner Retina Scanner Identification and Access Management Passwords / implement least privilege Access Control System Implementation Encryption - data at rest, in processing and transit VPN overview / Set-up O/S Hardening Microsoft Windows 7 & 8 Linux Updating and Patching Automatic Updating Test Environment Network Hardening Firewalls Routers IDS/IPS SCM / SIEMs Cloud Security Auditing Risk Management

30 Module Components Description of module topic and intended educational objective Threat / Implication of not taking appropriate action within module Key Considerations that are the essential concepts to understand Implementation aspects that must be accommodated for success Best Practices sanctioned by National or Industry guidance Demonstration material or websites that can be used in training National/Industry websites to be used as official reference sources References that can be used for furthering education Modules are tailored into slides for that course and sector focus Using SCORM methods and a LMS to tie all materials together

31 Not everyone needs, nor can afford, a cyber ninja! The Cyber Integrated ED Package Bottom up / needs approach to effective cyber SKILLS training (practicum)!

32 Security+ Cert prerequisite Cyber Essentials Course for SMB Developing security operators to fill the critical skills void. (Key skills to mitigate top 10/20/35 mitigations, with a Security + / SSCP Cert knowledge level) 1600 Resiliency Foundations Operations & Maintenance Applied Return to office 1200 Lunch Lunch Lunch Lunch Cyber Overview Foundations Foundations Applied Actualization & Review & skills test Mon Tue Wed Thu Fri SMB needs cyber operators! High volume & greatest need (Operations & Maintenance) Also have a MSS, then manage the 95% vulnerabilities on site & know when to ask for help!

33 Cyber Security Opportunities (Cyber can both protect your business AND enhance the bottom line!) IT / Cyber Global Strengths user pull World-wide B2B Trust / cloud / sharing TRUST Distributed / MLS IoT / M2M Automation / Sensors Consumerization of IT Phones / wireless / apps GAPS / Needs / Weaknesses (from the Federal cyber priority council S&T gaps) Resiliency SW / apps / APIs / services Agile operations BE the vanguard / integration Privacy / Data IP / PII / compliance Effective missions Business success factors CM / Hygiene patching / settings SIEM / SCM QA hygiene / sensors ESA / simple tools! Vulnerabilities / Threats (Verizon BDR, Forbes, etc threat reports - what ails us most) Access control Authentication is key Mobile Security Poor apps / IOS weak billions users = volume Top security mitigations Whitelist, patch, limit access, etc Future Opportunities Mitigate Obsolescence Minimize patching, legacy vulnerabilities Education / OA / modularity / APIs & SCRM Risk Mgmt Adhoc / not global Effective Business Risk Management (BRM) = cybersecurity framework (CMMI / FAR) Focus on reducing business risk Managed security services (MSS) & cyber insurance Data Security Predictive analytics Privacy by design

Cyber Education triangle clarifying the fog of cyber security through targeted training

Cyber Education triangle clarifying the fog of cyber security through targeted training Cyber Education triangle clarifying the fog of cyber security through targeted training Curriculum & Resources Linked / leveraged (on-line, companies, colleges, etc) MS / BS Cyber CISSP / GISP / CISO /

More information

Cutting through the fog of cybersecurity

Cutting through the fog of cybersecurity SD ISC2 SD IEEE Cutting through the fog of cybersecurity Preparing security operators for what REALLY matters in Cyber! Mike Davis, ElecEngr / MSEE, CISSP / CISO, MA Mgmt, SysEngr Cyber Security / Risk

More information

What REALLY matters in Cloud Security? RE: Internet of things sensors, data, security and beyond!

What REALLY matters in Cloud Security? RE: Internet of things sensors, data, security and beyond! What REALLY matters in Cloud Security? RE: Internet of things sensors, data, security and beyond! HOW to best integrate security into the office AND the cloud? And what is a thing is that MORE we have

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

Critical Controls for Cyber Security. www.infogistic.com

Critical Controls for Cyber Security. www.infogistic.com Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability

More information

Tactical View for Cyber Security Framework

Tactical View for Cyber Security Framework Tactical View for Cyber Security Framework Collaboration with SPAWAR SoS Engineer (Ret.) / Cyber Security Consultant and Cyber Clarity Mike.Davis.SD@gmail.com And rick@cyberclarity.com What s Wrong With

More information

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

CompTIA Security+ (Exam SY0-410)

CompTIA Security+ (Exam SY0-410) CompTIA Security+ (Exam SY0-410) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current

More information

Cloud Security:Threats & Mitgations

Cloud Security:Threats & Mitgations Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Unified Threat Management, Managed Security, and the Cloud Services Model

Unified Threat Management, Managed Security, and the Cloud Services Model Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

Achieving PCI-Compliance through Cyberoam

Achieving PCI-Compliance through Cyberoam White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit

More information

Data Security and Healthcare

Data Security and Healthcare Data Security and Healthcare Complex data flows Millions of electronic medical records across many systems New and emerging business relationships Changing and maturing compliance frameworks Diverse population

More information

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those

More information

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001 001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110

More information

Industrial Security for Process Automation

Industrial Security for Process Automation Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical

More information

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES HIPAA COMPLIANCE Achieving HIPAA Compliance with Security Professional Services The Health Insurance

More information

Passing PCI Compliance How to Address the Application Security Mandates

Passing PCI Compliance How to Address the Application Security Mandates Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These

More information

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015 Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity

More information

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices The Payment Card Industry (PCI) Data Security Standard (DSS) provides an actionable framework for developing a robust payment card data security process. The Payment Application Data Security Standard

More information

Network and Security Controls

Network and Security Controls Network and Security Controls State Of Arizona Office Of The Auditor General Phil Hanus IT Controls Webinar Series Part I Overview of IT Controls and Best Practices Part II Identifying Users and Limiting

More information

Seven Strategies to Defend ICSs

Seven Strategies to Defend ICSs INTRODUCTION Cyber intrusions into US Critical Infrastructure systems are happening with increased frequency. For many industrial control systems (ICSs), it s not a matter of if an intrusion will take

More information

Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off

Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off Times have Changed & A/V Executives Agree An A/V product as your sole endpoint protection solution isn t enough.

More information

by New Media Solutions 37 Walnut Street Wellesley, MA 02481 p 781-235-0128 f 781-235-9408 www.avitage.com Avitage IT Infrastructure Security Document

by New Media Solutions 37 Walnut Street Wellesley, MA 02481 p 781-235-0128 f 781-235-9408 www.avitage.com Avitage IT Infrastructure Security Document Avitage IT Infrastructure Security Document The purpose of this document is to detail the IT infrastructure security policies that are in place for the software and services that are hosted by Avitage.

More information

Development. Resilient Software. Secure and. Mark S. Merkow Lakshmikanth Raghavan. CRC Press. Taylor& Francis Croup. Taylor St Francis Group,

Development. Resilient Software. Secure and. Mark S. Merkow Lakshmikanth Raghavan. CRC Press. Taylor& Francis Croup. Taylor St Francis Group, Secure and Resilient Software Development Mark S. Merkow Lakshmikanth Raghavan CRC Press Taylor& Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor St Francis Group, an Informs

More information

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security

More information

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Topics: Explain why it is important for firms of all sizes to address cybersecurity risk. Demonstrate awareness

More information

Looking at the SANS 20 Critical Security Controls

Looking at the SANS 20 Critical Security Controls Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of

More information

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014 Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security

More information

Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF

Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF Businesses around the world have adopted the information security standard ISO 27002 as part of their overall risk

More information

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical

More information

Cyber Exploits: Improving Defenses Against Penetration Attempts

Cyber Exploits: Improving Defenses Against Penetration Attempts Cyber Exploits: Improving Defenses Against Penetration Attempts Mark Burnette, CPA, CISA, CISSP, CISM, CGEIT, CRISC, QSA LBMC Security & Risk Services Today s Agenda Planning a Cyber Defense Strategy How

More information

Access FedVTE online at: fedvte.usalearning.gov

Access FedVTE online at: fedvte.usalearning.gov FALL 2015 Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk her e or email the Help Desk at support@usalearning.net. To speak with a Help Desk

More information

Software Development: The Next Security Frontier

Software Development: The Next Security Frontier James E. Molini, CISSP, CSSLP Microsoft Member, (ISC)² Advisory Board of the Americas jmolini@microsoft.com http://www.codeguard.org/blog Software Development: The Next Security Frontier De-perimiterization

More information

Security Management. Keeping the IT Security Administrator Busy

Security Management. Keeping the IT Security Administrator Busy Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching

More information

Digi Device Cloud: Security You Can Trust

Digi Device Cloud: Security You Can Trust Digi Device Cloud: Security You Can Trust Abstract Historically, security has oftentimes been an afterthought or a bolt-on to any engineering product. In today s markets, however, security is taking a

More information

IBM Security Strategy

IBM Security Strategy IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration

More information

THE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols

THE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE

More information

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing

More information

Cyber Security for NERC CIP Version 5 Compliance

Cyber Security for NERC CIP Version 5 Compliance GE Measurement & Control Cyber Security for NERC CIP Version 5 Compliance imagination at work Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security Management Controls...

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control Requirements Cyber Security For Suppliers Categorised as High Cyber Risk Cyber Security Requirement Description Why this is important 1. Asset Protection and System Configuration

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013 An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information

More information

Big Data, Big Risk, Big Rewards. Hussein Syed

Big Data, Big Risk, Big Rewards. Hussein Syed Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data

More information

What REALLY matters in Cyber? RE: Internet of things, privacy security and beyond

What REALLY matters in Cyber? RE: Internet of things, privacy security and beyond ISC2 with IEEE Cyber What REALLY matters in Cyber? RE: Internet of things, privacy security and beyond Not sure HOW it can affect you (as it HAS already)? AND what is a thing is that MORE we have to do???

More information

74% 96 Action Items. Compliance

74% 96 Action Items. Compliance Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated

More information

The Role of Security Monitoring & SIEM in Risk Management

The Role of Security Monitoring & SIEM in Risk Management The Role of Security Monitoring & SIEM in Risk Management Jeff Kopec, MS, CISSP Cyber Security Architect Oakwood Healthcare Jeff Bell, CISSP, GSLC, CPHIMS, ACHE Director, IT Security & Risk Services CareTech

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808 cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808

More information

Wasting Money on the Tools? Automating the Most Critical Security Controls. Mason Brown Director, The SANS Institute

Wasting Money on the Tools? Automating the Most Critical Security Controls. Mason Brown Director, The SANS Institute Wasting Money on the Tools? Automating the Most Critical Security Controls Bonus: Gaining Support From Top Managers for Security Investments Mason Brown Director, The SANS Institute The Most Trusted Name

More information

Cybersecurity Health Check At A Glance

Cybersecurity Health Check At A Glance This cybersecurity health check provides a quick view of compliance gaps and is not intended to replace a professional HIPAA Security Risk Analysis. Failing to have more than five security measures not

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

Where every interaction matters.

Where every interaction matters. Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper

More information

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014 SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014 Table of Contents Introduction AMI Communication Architecture Security Threats Security

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

A Practical Approach to Network Vulnerability Assessment AN AUDITOR S PERSPECTIVE BRYAN MILLER, IT DIRECTOR JOHN KEILLOR, CPA, AUDIT PARTNER

A Practical Approach to Network Vulnerability Assessment AN AUDITOR S PERSPECTIVE BRYAN MILLER, IT DIRECTOR JOHN KEILLOR, CPA, AUDIT PARTNER A Practical Approach to Network Vulnerability Assessment AN AUDITOR S PERSPECTIVE BRYAN MILLER, IT DIRECTOR JOHN KEILLOR, CPA, AUDIT PARTNER 1 Agenda Audits Articles/Examples Classify Your Data IT Control

More information

Top 20 Critical Security Controls

Top 20 Critical Security Controls Top 20 Critical Security Controls July 2015 Contents Compliance Guide 01 02 03 04 Introduction 1 How Rapid7 Can Help 2 Rapid7 Solutions for the Critical Controls 3 About Rapid7 11 01 INTRODUCTION The Need

More information

Jort Kollerie SonicWALL

Jort Kollerie SonicWALL Jort Kollerie Cloud 85% of businesses said their organizations will use cloud tools moderately to extensively in the next 3 years. 68% of spend in private cloud solutions. - Bain and Dell 3 Confidential

More information

05.0 Application Development

05.0 Application Development Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development

More information

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A

More information

elearning for Secure Application Development

elearning for Secure Application Development elearning for Secure Application Development Curriculum Application Security Awareness Series 1-2 Secure Software Development Series 2-8 Secure Architectures and Threat Modeling Series 9 Application Security

More information

5 Steps to Advanced Threat Protection

5 Steps to Advanced Threat Protection 5 Steps to Advanced Threat Protection Agenda Endpoint Protection Gap Profile of Advanced Threats Consensus Audit Guidelines 5 Steps to Advanced Threat Protection Resources 20 Years of Chasing Malicious

More information

INFORMATION SECURITY TRAINING CATALOG (2015)

INFORMATION SECURITY TRAINING CATALOG (2015) INFORMATICS AND INFORMATION SECURITY RESEARCH CENTER CYBER SECURITY INSTITUTE INFORMATION SECURITY TRAINING CATALOG (2015) Revision 3.0 2015 TÜBİTAK BİLGEM SGE Siber Güvenlik Enstitüsü P.K. 74, Gebze,

More information

WHITE PAPER FORTIWEB WEB APPLICATION FIREWALL. Ensuring Compliance for PCI DSS 6.5 and 6.6

WHITE PAPER FORTIWEB WEB APPLICATION FIREWALL. Ensuring Compliance for PCI DSS 6.5 and 6.6 WHITE PAPER FORTIWEB WEB APPLICATION FIREWALL Ensuring Compliance for PCI DSS 6.5 and 6.6 CONTENTS 04 04 06 08 11 12 13 Overview Payment Card Industry Data Security Standard PCI Compliance for Web Applications

More information

REVOLUTIONIZING ADVANCED THREAT PROTECTION

REVOLUTIONIZING ADVANCED THREAT PROTECTION REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

Mobile Application Security Sharing Session May 2013

Mobile Application Security Sharing Session May 2013 Mobile Application Security Sharing Session Agenda Introduction of speakers Mobile Application Security Trends and Challenges 5 Key Focus Areas for an mobile application assessment 2 Introduction of speakers

More information

Through the Security Looking Glass. Presented by Steve Meek, CISSP

Through the Security Looking Glass. Presented by Steve Meek, CISSP Through the Security Looking Glass Presented by Steve Meek, CISSP Agenda Presentation Goal Quick Survey of audience Security Basics Overview Risk Management Overview Organizational Security Tools Secure

More information

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, 2009. Concepts.

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, 2009. Concepts. Protect - Detect - Respond A Security-First Strategy HCCA Compliance Institute April 27, 2009 1 Today s Topics Concepts Case Study Sound Security Strategy 2 1 Security = Culture!! Security is a BUSINESS

More information

The Cyber OODA Loop: How Your Attacker Should Help You Design Your Defense. Tony Sager The Center for Internet Security

The Cyber OODA Loop: How Your Attacker Should Help You Design Your Defense. Tony Sager The Center for Internet Security The Cyber OODA Loop: How Your Attacker Should Help You Design Your Defense Tony Sager The Center for Internet Security Classic Risk Equation Risk = { Vulnerability, Threat, Consequence } countermeasures

More information

GE Measurement & Control. Cyber Security for NEI 08-09

GE Measurement & Control. Cyber Security for NEI 08-09 GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4

More information

Virtualization Impact on Compliance and Audit

Virtualization Impact on Compliance and Audit 2009 Reflex Systems, LLC Virtualization Impact on Compliance and Audit Michael Wronski, CISSP VP Product Management Reflex Systems Agenda Introduction Virtualization? Cloud? Risks and Challenges? Compliance

More information

Security + Certification (ITSY 1076) Syllabus

Security + Certification (ITSY 1076) Syllabus Security + Certification (ITSY 1076) Syllabus Course: ITSY 1076 Security+ 40 hours Course Description: This course is targeted toward an Information Technology (IT) professional who has networking and

More information

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses

More information

locuz.com Professional Services Security Audit Services

locuz.com Professional Services Security Audit Services locuz.com Professional Services Security Audit Services Today s Security Landscape Today, over 80% of attacks against a company s network come at the Application Layer not the Network or System layer.

More information

THE AUSTRALIAN SIGNALS DIRECTORATE (ASD) STRATEGIES TO MITIGATE TARGETED CYBER INTRUSIONS

THE AUSTRALIAN SIGNALS DIRECTORATE (ASD) STRATEGIES TO MITIGATE TARGETED CYBER INTRUSIONS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD) STRATEGIES TO MITIGATE TARGETED CYBER INTRUSIONS BeyondTrust Solution Overview October 2014 Table of Contents Introduction... 3 BeyondTrust Solutions... 6 The BeyondInsight

More information

Cybersecurity: What CFO s Need to Know

Cybersecurity: What CFO s Need to Know Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

1.3 Prohibit Direct Public Access - Prohibit direct public access between the Internet and any system component in the cardholder data environment.

1.3 Prohibit Direct Public Access - Prohibit direct public access between the Internet and any system component in the cardholder data environment. REQUIREMENT 1 Install and Maintain a Firewall Configuration to Protect Cardholder Data Firewalls are devices that control computer traffic allowed between an entity s networks (internal) and untrusted

More information

Eleventh Hour Security+

Eleventh Hour Security+ Eleventh Hour Security+ Exam SYO-201 Study Guide I do Dubrawsky Technical Editor Michael Cross AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO SYNGRESS.

More information

NSA/DHS CAE in IA/CD 2014 Mandatory Knowledge Unit Checklist 4 Year + Programs

NSA/DHS CAE in IA/CD 2014 Mandatory Knowledge Unit Checklist 4 Year + Programs Mandatory Knowledge Units 1.0 Core2Y 1.1 Basic Data Analysis The intent of this Knowledge Unit is to provide students with basic abilities to manipulate data into meaningful information. 1.1.1 Topics Summary

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Chapter 4 Application, Data and Host Security

Chapter 4 Application, Data and Host Security Chapter 4 Application, Data and Host Security 4.1 Application Security Chapter 4 Application Security Concepts Concepts include fuzzing, secure coding, cross-site scripting prevention, crosssite request

More information

ABB s approach concerning IS Security for Automation Systems

ABB s approach concerning IS Security for Automation Systems ABB s approach concerning IS Security for Automation Systems Copyright 2006 ABB. All rights reserved. Stefan Kubik stefan.kubik@de.abb.com The problem Most manufacturing facilities are more connected (and

More information

Did you know your security solution can help with PCI compliance too?

Did you know your security solution can help with PCI compliance too? Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment

More information

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control

More information

Ovation Security Center Data Sheet

Ovation Security Center Data Sheet Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations

More information

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0 EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single

More information

FormFire Application and IT Security. White Paper

FormFire Application and IT Security. White Paper FormFire Application and IT Security White Paper Contents Overview... 3 FormFire Corporate Security Policy... 3 Organizational Security... 3 Infrastructure and Security Team... 4 Application Development

More information

Enterprise Cybersecurity: Building an Effective Defense

Enterprise Cybersecurity: Building an Effective Defense : Building an Effective Defense Chris Williams Scott Donaldson Abdul Aslam 1 About the Presenters Co Authors of Enterprise Cybersecurity: How to Implement a Successful Cyberdefense Program Against Advanced

More information

Promoting Application Security within Federal Government. AppSec DC November 13, 2009. The OWASP Foundation http://www.owasp.org

Promoting Application Security within Federal Government. AppSec DC November 13, 2009. The OWASP Foundation http://www.owasp.org Promoting Application Security within Federal Government AppSec DC November 13, 2009 Dr. Sarbari Gupta, CISSP, CISA Founder/President Electrosoft sarbari@electrosoft-inc.com 703-437-9451 ext 12 The Foundation

More information

Security Controls for the Autodesk 360 Managed Services

Security Controls for the Autodesk 360 Managed Services Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices

More information

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com

More information