Cyber Security: Designing and Maintaining Resilience
|
|
- Allen Gaines
- 8 years ago
- Views:
Transcription
1 Cyber Security: Designing and Maintaining Resilience White paper presented by: Georgia Tech Research Institute Cyber Technology and Information Security Laboratory Dr. George A. Wright Chief Engineer Terrye N. Schaetzel Senior Research Engineer 1
2 Cyber Security: Designing and Maintaining Resilience The Landscape Our world is increasingly connected through sophisticated networks, internet portals for commerce, mobile devices, tablets, and other innovative tools providing opportunities for economic growth, innovation, and convenience. As businesses, governments, and individuals become more reliant on these connections, valued assets are increasingly accessible, and cyber security threats multiply. Cyber security breaches have broad impact: Consumers are subject to personal identity theft, fraud, and inferior counterfeit or pirated goods. Businesses risk losing intellectual property, corporate secrets, value brought by new innovations, reputation, and revenue through espionage and breaches. For a nation s broader economy, business and individual losses impact GDP, reduce economic growth and innovation, and result in a smaller tax base. For governments, espionage and cyber attacks threaten national security and diplomatic relations. Critical infrastructure that provides water, power, food supply, and healthcare are becoming more attractive targets for attacks. Interpol recently estimated that corporate cyber espionage alone has cost businesses more than 1 trillion USD (1). Cyber criminals are more sophisticated, targeted and better funded than ever. And crime follows monetization opportunities. There is an emerging correlation between the size of an organization and the type of data targeted. Credit card payments and authentication credentials tend to be typical targets within smaller organizations. Data of strategic significance, such as trade secrets and other intellectual property, are growing targets within larger organizations (2). On the other hand, the cost or risk of engaging in cyber crime is often very low relative to the pay-off. Attribution and chain of custody issues make prosecution by law enforcement difficult. In some cases, even when criminals are prosecuted successfully, the penalties are not significant enough to be a deterrent. The Challenge No matter what strategy is adopted, breaches will occur. It is nearly impossible to take advantage of our connectedness without being at risk. Defensive technologies such as firewalls, passwords, encryption, physical barriers, and authentication mechanisms are important to maintain but alone have not been effective in eliminating breaches or predicting where the next attack will occur. Their value as 2
3 stand-alone security measures will be of limited use in fighting increasingly sophisticated, innovative, and well-funded cyber criminals. The emerging challenge is to find more predictive methods of identifying threats, mitigating their impact, and managing an agile cyber security operation that will both creatively and effectively maintain protection. In tackling that challenge, it is important to recognize that: o It is not economical to protect every piece of data and every asset to the same extent. o A balance between the right to privacy with the need to protect nations, enterprises and individuals from intrusions must be negotiated. o Attribution and severe penalties for cyber crime must be more uniformly realized within the multi-national communities. The challenge is great and requires fresh ways to blend people, processes, technology, and shared data to protect societies from emerging threats to security. Designing a Resilient Enterprise What is resilience? Merriam-Webster s dictionary defines resilience (3) as: the capability of a strained body to recover its size and shape after deformation caused especially by compressive stress an ability to recover from or adjust easily to misfortune or change For any individual or organization to thrive over a sustained period, some level of resilience is required. How does one build resilience in a rapidly changing environment where emerging threats are taking on increasing sophistication and severity? Premise one: Cyber security should be viewed and managed as a strategic activity that impacts the enterprise s most valued assets. In this discussion, an enterprise is defined as a unit of organization or activity. So a company, business, government entity, or not-for-profit organization may be an enterprise. Every enterprise has a mission and a need to maximize results towards that mission, whether it is social, economic, diplomatic, or otherwise. Strategic activities within the enterprise align with that mission, to facilitate its success. Cyber security is one of those strategic activities to be managed holistically as its effectiveness broadly impacts the enterprise s ability to carry out its mission. It impacts how we interact with customers, design new products, market services, manage operations, and set policies. It impacts the loyalty of those on which we rely. In a recent consumer privacy study conducted by PWC (4), 61% of those responding would stop using a company s products or services after a breach. The impact is real and immediate. 3
4 Findings from a recent survey conducted by IBM (5) indicated that organizations most able to handle or avoid security breaches had some unique characteristics: o Security leaders had a strategic voice in the enterprise; o Cyber security was not viewed as an IT issue but as an enterprise wide responsibility; o Security budgets were managed at a senior level; o Security was considered early in the design of new products and services; o Measurement and accountability were part of the security design; o A culture of proactively protecting the enterprise existed. As a strategic decision, cyber security becomes the charge of the enterprise as a whole and is considered through a risk versus investment lens rather than simply a as technology purchase. Organizations don t typically have the resources to protect every asset and some assets do not warrant as much protection as others. At the same time, organizations cannot afford to take an ad hoc approach to security. A holistic systems approach is useful for creating an analysis and decision-making framework for addressing this complex problem. Using this method, the enterprise identifies the most valued assets, prioritizes their importance, identifies where each faces vulnerability, and then designs a plan to achieve the greatest protection for the most valued assets given the available level of investment. This method forces trade-offs to be made based on the mission and strategy. Priorities established at the enterprise level allow for a more coordinated, resilient protection plan. Premise two: Designs and plans for cyber security should be data driven to move from reactive to predictive responses. Shared intelligence among countries and organizations is critical. Understanding the nature of any risk one faces is the first step towards mitigating that risk. Currently, there are a number of tools available for gathering data on attempted and successful intrusions, malware (types, formats, and frequencies), network activity and patterns, etc. The amount of data collected can quickly become voluminous. So it s true value in predicting future threats come from real-time data analysis and correlation of large data sets. The Titan malware analysis system developed by Georgia Tech Research Institute (GTRI) is an example of such a tool. Titan analyzes approximately 100,000 unique malware samples per day, ranging over the entire spectrum of threat severity levels. These samples are analyzed and the resulting data gathered are used to determine the nature and behavior of these threats on both sample-by-sample and aggregate levels. This volume of threat data is collected from numerous organizations worldwide in an anonymous manner. Anonymity provides protection for participating organizations and facilitates the development of shared threat intelligence. Titan is able to extract information about malware based on network information gathered from malware samples that have been run in the Titan automated virtual 4
5 environment. Such information provides insight into typical hosting patterns for various malware resources. According to data gathered from recent malware samples, significant hosting locations include the United States, Russia, and China, as well as many developed and developing Western countries (see Figure 1). Figure 1: Geolocation of destination IP addresses which malware samples accessed during recent runs in the Titan automated virtual environment. Most organizations collect data internally, representing one data source. Increasingly, organizations are combining their selected data with that of other trusted public and private sources, discovering that the predictive value of broader based data analytics increases exponentially. As the Titan example demonstrates, analysis of larger data sets reveals correlations and patterns of current threats that a single source simply cannot. Additionally, it allows emerging threat vectors and command and control mechanisms to be quickly identified so that each participating organizations may adjust security measures to mitigate these threats and protect precious assets. This collaborative approach to sharing data has barriers to overcome: 1. It is human nature to hide vulnerabilities rather than to reveal them. Demonstrating the specific value derived from sharing security data may garner participation. 2. Each nation has laws governing disclosure of data breaches and, as is expected, laws are not consistent between nations. For example, United States law requires organizations to disclose of certain data breaches but laws in many European countries do not require such disclosure (6). What may be acceptable and expected disclosure in one country may not be so in another, creating another barrier to sharing data between countries. 3. A level of distrust may exist amongst those considering collaboration, fearing that data may expose trade secrets and vulnerabilities may diminish their 5
6 reputation. Understanding the qualifications of collaborators will influence an entity s willingness to share data. 4. The balance of privacy and disclosure is difficult to navigate. For these reasons, the concept of gaining additional protection through sharing vulnerabilities may be counter-intuitive. But it offers significant promise for the future. These same concepts may be applied to an international level. Trans-Atlantic data sharing between governmental security and law enforcement agencies provides opportunities for more robust threat intelligence, greater protection, and more collaboration in mitigating attacks. The Titan example, where 100,000 malware samples amass daily, also demonstrates that data collection, storage, and analysis quickly become voluminous. Big data offers a wealth of opportunities as sophisticated analytics improve decision-making. At the same time, technological investment is required to store data, insure its quality and integrity, and turn it into usable information in real-time. Research that is currently being conducted on handling big data will play a pivotal role in cyber security. Whether using one or multiple sources of data, the most value is derived from realtime analysis. Furthermore, analyses that differentiate targeted attacks and from the botnets and other threats, are key in cyber operations. Much research is being conducted on effective visualization techniques, converting many disparate sources of data in one readily comprehendible presentation. This is a fundamental requirement for daily cyber operations staff to make use of valuable analysis only when data is converted into actionable information can it be used to improve protection. Maintaining Enterprise Resilience Once priorities are set and investment decisions are made, the cyber security operations structure must be able to effectively implement and administer protection plans. Agility and flexibility are hallmarks of an effective cyber security operation, meeting daily demands while addressing vulnerabilities and emerging threats. Premise three: The cyber security operations structure should be agile and flexible to adjust to the most recent data collected on emerging threats. An agile organization is able to provide the right people with the right information at the right time to manage daily activities and remain vigilant. The following factors contribute to agility by blending people, processes, technology, and data: o Easy access to real-time, actionable security data; 6
7 o Flexible technology design where networks may be segmented and easily reconfigured based on threats or intrusions; o Clearly defined roles and responsibilities of security administrators individuals understand job requirements, and workflows; o Methods for overcoming bureaucracy through appropriate decision making authority allowing individuals to implement some decisions locally while escalating others appropriately; o An up-to-date incident response plan; o Mechanism for implementing security changes based on new data; o Culture of innovation, cooperation, and responsibility. Policies, compliance standards, workflows, and established processes guide daily operations. But real-time, actionable data will drive security operations decisions in a resilient enterprise. Advanced data visualization techniques, previously mentioned, allow administrators to monitor daily activities while recognizing the nuances of abnormal behaviors. If an abnormality is detected, a flexible network design allows the administrator to quickly respond, limiting potential damage by segmenting and reconfiguring impacted network portions based on intrusion characteristics. Some organizations have built their own Information Security Operations Centers (ISOC) to serve as mission control for defending their networks. ISOCs typically employ a professional staff trained to use data collection tools to quickly diagnose and respond to abnormal activity. They provide a line of defense for the organization while also using tools to predict new threats. Georgia Tech Research Institute s ISOC also serves as an incubator for prototyping new technologies to address emerging cyber threats and share threat data. Speed of detection and response are critical when trying to limit the damage caused by a breach. When a problem is detected, defined operational workflows, clear roles and responsibilities, policies, decision-making authority, and adequate training guide an administrator s response. Research indicates that organizations with a well-defined incident response plans are better able to respond effectively to a breach. Plans outline procedures for minimizing damage or loss, collecting data on the incident, preserving evidence, mitigating the vulnerability on a temporary or permanent basis, and communicating the incident within the organization. Both NIST and ENISA provide guidance on creating effective incident response plans (7, 8). Updating security plans is a continuous process. Internal and external data sources provide a wealth of information for the enterprise to remain predictive and aware of new sophisticated technique employed by cyber criminals. An ever-changing security plan incorporates innovative techniques and tools to reduce exploitation opportunities. Security professionals must stay current, updating certifications and skills sets, to effectively maintain this pace of change. 7
8 Premise four: Create a culture of responsibility for security. Cyber security is the responsibility of the enterprise rather than a single team. As such, building a culture that supports security standards compliance, teaches its members how to recognize abnormal behavior (e.g., phishing attacks) is vital. Furthermore, organizations must reward participation in security programs (9). People are the eyes and ears of the daily operations, providing broad situational awareness and proactive protection at all levels of the enterprise. This responsibility extends to governments, law enforcement agencies, and societies as well. The missing links in the chain of responsibility often involve attribution of criminal activity to an individual or group and resulting prosecution/penalties for these crimes. The nature of the internet makes it difficult to identify who is behind an attack. If the attacker is identified, law enforcement often has limited resources to direct towards prosecution of these acts and laws often do not match penalties with the severity of crime. Until both are addressed, cyber criminals have few reasons to curtail activities. Recommendations Despite our efforts, cyber crime will continue. However, innovative approaches to this complex problem will enable us to predict emerging threats, better protect our economies and citizens, and minimize the damage from cyber attacks. These recommendations provide guidance for designing and maintaining enterprise resilience: Elevate cyber security to a strategic role as it impacts the enterprise s most valued assets. o Consider cyber security as a risk verses investment decision, not simply a technology purchase. Achieve a greater level of protection by sharing data with trusted partners in industry, in government, and across borders. Allow real-time data be the driver for building and adapting security strategies. o Design operational workflows and procedures to support these decisions. o Design flexible, resilient networks that quickly adapt to new threats. Create a culture of widespread responsibility for cyber security. Balance privacy and protection when drafting security policies. o Keep front of mind the privacy rights as well as expectations of protection of those being served by the enterprise. 8
9 Policy Implications and Incentives Creating policy to mitigate cyber threats while preserving privacy and limiting government intervention to a comfortable level is a tricky balancing act. But there are opportunities to influence future preparedness through forward thinking policy development. Investment in Innovation will be a critical step to maintaining security and competitiveness on a global scale while limiting damage from espionage and other cyber criminal activity. The following areas are important targets for investment as their correlation with threat prediction, rapid detection, and damage control makes these especially valuable opportunities. Real-time threat detection and data analysis tools many tools exist today but their level of sophistication and widespread adoption must continue to grow to provide more comprehensive protection. Big Data to effectively compile and correlate large volumes of data, new technologies and algorithms will be required. Visualization tools related to big data opportunities are visualization techniques: creative visual presentations of data that quickly differentiate warning signs from normal operating behaviors. Emerging technologies that contribute to resilience, more robust protection, and attribution of cyber crimes. Data Sharing: As real-time data analysis for decision-making is a pillar for future cyber security strategies, breaking down barriers for security data sharing amongst trusted partners is a necessary next step in predicting and mitigating emerging threats. Policies may provide incentives for participation, define disclosure boundaries and rules of engagement between enterprises and nations, and encourage and create networks of trusted partners. Governments may choose to merely facilitate such activities as policy and funding issues may limit taking on a more direct leadership role. Diplomatic policies that encourage trans-atlantic data sharing and cooperation will allow partnering nations to better leverage limited resources while achieving greater protection. The internet is designed to be borderless. Policies that allow for intelligence sharing across borders are critical. Law Enforcement: Laws governing cyber crime and resources to prosecute criminals are inadequate to address the attacker s sophistication and the damage caused. Many agencies, such as the FBI and Europol, appropriately focus priorities on child protection, terrorism, and counter-intelligence, with limited budgets to achieve their missions. However, the loss of industry s intellectual property and trade secrets will also have a lasting and severe economic impact on these nations. Future policies should focus on: 9
10 Revised laws to match damage from criminal activity with penalties imposed; Additional resources to fight cyber crime that impacts economic sustainability. Developing an Educated Cyber Workforce: The need for skilled professionals and technicians to address cyber security continues to grow. However, demand for these individuals exceeds the supply and the problem is projected to grow in the future. Policies may provide incentives for students to select cyber education paths and create broader awareness for the opportunities that exist in this growing industry. Retraining workers from declining industries may also represent an opportunity to meet future demands. Supporting Cyber Hygiene: Creating access to security tools and best practices will be important to fighting cyber crime for individuals, enterprises, nations, and the world. Connectedness requires that security solutions be broadly implemented to be effective. Policies may influence access to these tools, provide education on their use, create incentives for use and compliance with standards, and create a culture of responsibility for security. Privacy, Reporting, and Government s Role: Several broader policy issues that govern our collective approach to cyber security have large implications for the future: The right to privacy by the individual and the enterprise when should collective security interests and protection be more important than individual privacy rights? The roles government should play in cyber security Reporting requirements for security breaches Lack of consistency in laws and requirements between nations and severity of penalties. These are complex and sometimes controversial policy issues but incentives established by new policies may have far reaching influence on the level of protection and the approaches we can take to protecting individuals, enterprises and nations from cyber crime of the future. 10
11 References 1. Interpol. (2013). Cybercrime. Retrieved from Data Breach Investigations Report conducted by the Verizon RISK Team (2012). Retrieved from 3. Merriam-Webster Dictionary. (2013). Retrieved from 4. Changing the Game: Key findings from the PWC Global State of Information Security Survey 2013 (2013). Retrieved from 5. Finding a Strategic Voice: Insights from the 2012 IBM Chief Information Security Officer Assessment (2012). Retrieved from 6. Bilby, E. (2012, December 17). EU could make firms disclose network security breaches. Reuters. Retrieved from 7. U.S. Department of Commerce, National Institute of Standards and Technology (2012). Computer Security Incident Handling Guide Recommendations of the National Institute of Standards and Technology (Special Publication , Revision 2). Retrieved from 8. European Network and Information Security Agency. (2006, May). A Step-By- Step Approach On How To Set Up A CSIRT. Retrieved from 9. European Network and Information Security Agency. (2012, December). Consumerization of IT: Risk Mitigation Strategies Responding to the Emerging Threat Environment. Retrieved from 11
12 Appendix 1 Additional Resources 2012 Data Breach Investigations Report conducted by the Verizon RISK Team (2012). Retrieved from Cordes, J. (2011, June). An Overview of the Economics of Cybersecurity and Cybersecurity Policy. (Report GW-CSPRI ). The George Washington University Cyber Security Policy and Research Institute, Washington, D.C., USA. website De Crespigny, M. (2012, July 10). Building a Resilient Cyber Response. Infosecurity Magazine. Retrieved from European Network and Information Security Agency. (2012, August). Cyber Incident Reporting in the EU: An overview of security articles in EU legislation. Retrieved from European Network and Information Security Agency. (2012, September). ENISA Threat Landscape Responding to the Evolving Threat Environment. Retrieved from Georgia Tech Information Security Center and Georgia Tech Research Institute. (2012). Emerging Cyber Threats Report Atlanta, GA, USA. Website United Kingdom Minister for the Cabinet Office and Paymaster General. (2012, December). Written Ministerial Statement Progress on the UK Cyber Security Strategy: Protecting and Promoting the UK in a Digital World. Retrieved from World Economic Forum. (2012, March). Partnering for Cyber Resilience: Risk and Responsibility in a Hyperconnected World Principles and Guidelines. Retrieved from 12
13 Appendix 2 Georgia Tech Cyber Security Capabilities Georgia Tech Research Institute s (GTRI) Cyber Technology and Information Security Laboratory conducts applied research focused on cyber threats and countermeasures, secure multi-level information sharing, resilient command and control network architectures, reverse engineering, vulnerability identification, and high performance computing and analytics. CTISL engineers develop and apply cutting edge technologies in computing, network architectures, signal and protocol analysis, network forensics, malware analysis, and reverse engineering (hardware and software) to solve the tough problems. Georgia Tech Information Security Center (GTISC) invents and evaluates key innovative user-centric security technologies and policies. The center educates future researchers, policy makers, and information security leaders as well as working professionals in the most up-to-date methods for securing information systems. The center also provides a trusted set of resources and a safe haven where individuals and industrial, academic, and government organizations can access, understand, and evaluate issues related to new technologies and policies. Georgia Tech College of Computing offers two Master of Science degree programs in Information Security. Both allow students to select a technology or policy focus of study. Titan is a community-driven threat intelligence framework for malicious software analysis and threat intelligence sharing. Titan was developed by GTRI and allows users to perform varieties of analyses across millions of malware samples. Actionable intelligence disseminates quickly among community participants to ensure rapid reaction to emerging threats. Through Georgia Tech Professional Education, both GTRI and GTISC researchers conduct non-degree educational courses on a broad range of cyber security topics. These courses are aimed at helping working professionals in industry and government to maintain the most up-to-date skills and knowledge to tackle information security challenges. 13
14 Appendix 3 European Union Sources of Cyber Security Expertise and Research ENISA European Network and Information Security Agency European Cybercrime Centre at Europol EU-US Joint Working Group on Cyber Security and Cyber Crime UCD Centre for Cybersecurity and Cybercrime Investigation EU Joint Research Center Global Cyber Security Center World Economic Forum Eight Academic Centers of Excellence for Cyber Security Research in the UK include: Queen s University Belfast Institute of Electronics, Communications and Information Technology Royal Holloway, University of London University of Bristol Lancaster University Imperial College University of Oxford University College London University of Southampton Many other universities also have research organizations focused on cyber security topics. 14
CYBER SECURITY INFORMATION SHARING & COLLABORATION
Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers
More informationMicrosoft s cybersecurity commitment
Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationRisk and responsibility in a hyperconnected world: Implications for enterprises
JANUARY 2014 Risk and responsibility in a hyperconnected world: Implications for enterprises David Chinn, James Kaplan, and Allen Weinberg For the world s economy to get full value from technological innovation,
More informationSITUATIONAL AWARENESS MITIGATE CYBERTHREATS
Gaining the SITUATIONAL AWARENESS needed to MITIGATE CYBERTHREATS Industry Perspective EXECUTIVE SUMMARY To become more resilient against cyberthreats, agencies must improve visibility and understand events
More informationCyber Security: Confronting the Threat
09 Cyber Security: Confronting the Threat Cyber Security: Confronting the Threat 09 In Short Cyber Threat Awareness and Preparedness Active Testing Likelihood of Attack Privacy Breaches 9% 67% Only 9%
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationA Cyber Security Integrator s perspective and approach
A Cyber Security Integrator s perspective and approach Presentation to Saudi Arabian Monetary Agency March 2014 What is a Cyber Integrator? Security system requirements - Finance Building a specific response
More informationGETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"
GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA" A Roadmap for "Big Data" in Security Analytics ESSENTIALS This paper examines: Escalating complexity of the security management environment, from threats
More informationSecurity Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013
Security Architecture: From Start to Sustainment Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture Topics Introduction Reverse Engineering the Threat Operational
More informationAssessing the strength of your security operating model
www.pwc.com Assessing the strength of your security operating model May 2014 Assessing the strength of your security operating model Retail stores, software companies, the U.S. Federal Reserve it seems
More informationTHE WHITE HOUSE Office of the Press Secretary
FOR IMMEDIATE RELEASE February 13, 2015 THE WHITE HOUSE Office of the Press Secretary FACT SHEET: White House Summit on Cybersecurity and Consumer Protection As a nation, the United States has become highly
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationS 2 ERC Project: A Review of Return on Investment for Cybersecurity. Author: Joe Stuntz, MBA EP 14, McDonough School of Business.
S 2 ERC Project: A Review of Return on Investment for Cybersecurity Author: Joe Stuntz, MBA EP 14, McDonough School of Business Date: 06 May 2014 Abstract Many organizations are looking at investing in
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationCLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY
CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS Cybersecurity and information security have become key challenges for
More information2 Gabi Siboni, 1 Senior Research Fellow and Director,
Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,
More informationData Driven Assessment of Cyber Risk:
Data Driven Assessment of Cyber Risk: Challenges in Assessing and Mitigating Cyber Risk Mustaque Ahamad, Saby Mitra and Paul Royal Georgia Tech InformationSecurity Center Georgia Tech Research Institute
More informationHow To Create An Insight Analysis For Cyber Security
IBM i2 Enterprise Insight Analysis for Cyber Analysis Protect your organization with cyber intelligence Highlights Quickly identify threats, threat actors and hidden connections with multidimensional analytics
More informationwww.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
More informationState of Security Survey GLOBAL FINDINGS
2011 State of Security Survey GLOBAL FINDINGS CONTENTS Introduction... 4 Methodology... 6 Finding 1: Cybersecurity is important to business... 8 Finding 2: The drivers of security are changing... 10 Finding
More informationCyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties
Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties Pamela Passman President and CEO Center for Responsible Enterprise And Trade (CREATe.org)
More informationCyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte
Cyber security Time for a new paradigm Stéphane Hurtaud Partner Information & Technology Risk Deloitte 90 More than ever, cyberspace is a land of opportunity but also a dangerous world. As public and private
More informationResearch Topics in the National Cyber Security Research Agenda
Research Topics in the National Cyber Security Research Agenda Trust and Security for our Digital Life About this document: This document summarizes the research topics as identified in the National Cyber
More informationHow To Write A National Cybersecurity Act
ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 March 17, 2010 BACKGROUND & WHY THIS LEGISLATION IS IMPORTANT: Our nation is at risk. The networks that American families and businesses
More informationBSA GLOBAL CYBERSECURITY FRAMEWORK
2010 BSA GLOBAL CYBERSECURITY FRAMEWORK BSA GLOBAL CYBERSECURITY FRAMEWORK Over the last 20 years, consumers, businesses and governments 1 around the world have moved online to conduct business, and access
More informationCyber Information-Sharing Models: An Overview
PARTNERSHIP Cyber Information-Sharing Models: An Overview October 2012. The MITRE Corporation. All rights reserved. Approved for Public Release. Case Number 11-4486. Distribution Unlimited. Table of Contents
More informationCYBERSECURITY: ISSUES AND ISACA S RESPONSE
CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures Mobile devices Social media Cloud services
More informationBuilding Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch
Building Blocks of a Cyber Resilience Program Monika Josi monika.josi@safis.ch About me Chief Security Advisor for Microsoft Europe, Middle East and Africa providing support to Governments and CIIP until
More informationCybersecurity Delivering Confidence in the Cyber Domain
Cybersecurity Delivering Confidence in the Cyber Domain With decades of intelligence and cyber expertise, Raytheon offers unmatched, full-spectrum, end-to-end cyber solutions that help you secure your
More informationC DIG COMMITTED TO EXCELLENCE IN CYBER DEFENCE. ONE MISSION. ONE GROUP. CSCSS / DEFENCE INTELLIGENCE GROUP
C DIG CSCSS / DEFENCE INTELLIGENCE GROUP COMMITTED TO EXCELLENCE IN CYBER DEFENCE. ONE MISSION. ONE GROUP. CENTRE FOR STRATEGIC CSCSS CYBERSPACE + SECURITY SCIENCE C DIG CSCSS / DEFENCE INTELLIGENCE GROUP
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationLeveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs
IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government
More informationGAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement
GAO For Release on Delivery Expected at time 1:00 p.m. EDT Thursday, April 19, 2007 United States Government Accountability Office Testimony Before the Subcommittee on Emerging Threats, Cybersecurity,
More informationAddress C-level Cybersecurity issues to enable and secure Digital transformation
Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,
More informationCYBER SECURITY Audit, Test & Compliance
www.thalescyberassurance.com CYBER SECURITY Audit, Test & Compliance 02 The Threat 03 About Thales 03 Our Approach 04 Cyber Consulting 05 Vulnerability Assessment 06 Penetration Testing 07 Holistic Audit
More informationThe Path Ahead for Security Leaders
The Path Ahead for Security Leaders Executive Summary What You Will Learn If you asked security leaders five years ago what their primary focus was, you would likely get a resounding: securing our operations.
More informationCybersecurity on a Global Scale
Cybersecurity on a Global Scale Time-tested Leadership A global leader for more than a century with customers in 80 nations supported by offices in 19 countries worldwide, Raytheon recognizes that shared
More informationThreat Intelligence. Benefits for the enterprise
Benefits for the enterprise Contents Introduction Threat intelligence: a maturing defence differentiator Understanding the types of threat intelligence: from the generic to the specific Deriving value
More informationCyber Security - What Would a Breach Really Mean for your Business?
Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber
More informationStay ahead of insiderthreats with predictive,intelligent security
Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent
More informationTestimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies
Marsh & McLennan Companies, Inc. 1166 Avenue of the Americas New York, NY 10036 +1 212 345 5000 Fax +1 212 345 4808 Testimony of PETER J. BESHAR Executive Vice President and General Counsel Marsh & McLennan
More informationIncrease insight. Reduce risk. Feel confident.
Increase insight. Reduce risk. Feel confident. Define critical goals with enhanced visibility then enable security and compliance across your complex IT infrastructure. VIRTUALIZATION + CLOUD NETWORKING
More informationAddressing Cyber Risk Building robust cyber governance
Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber
More informationCYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES
POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response
More informationCYBER SECURITY GUIDANCE
CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationThe Comprehensive National Cybersecurity Initiative
The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we
More informationKEY TRENDS AND DRIVERS OF SECURITY
CYBERSECURITY: ISSUES AND ISACA S RESPONSE Speaker: Renato Burazer, CISA,CISM,CRISC,CGEIT,CISSP KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures
More informationMaster of Science in Cyber Security and Management
Master of Science in Cyber Security and Management Introduction Realizing the importance of protecting her critical national information infrastructure, Malaysia has introduced the National Cyber Security
More informationNATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA
NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA JOÃO MANUEL ASSIS BARBAS Coronel de Artilharia. Assessor de Estudos do IDN INTRODUCTION Globalization and information and communication technologies
More informationCyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?
Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies
More informationThe European Response to the rising Cyber Threat
SPEECH/12/315 Cecilia Malmström European Commissioner responsible for Home Affairs The European Response to the rising Cyber Threat Transatlantic Cyber Conference organised by the Center for Strategic
More informationA NEW APPROACH TO CYBER SECURITY
A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively
More informationCybersecurity: Mission integration to protect your assets
Cybersecurity: Mission integration to protect your assets C Y B E R S O L U T I O N S P O L I C Y O P E R AT I O N S P E O P L E T E C H N O L O G Y M A N A G E M E N T Ready for what s next Cyber solutions
More informationWRITTEN TESTIMONY OF
WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you
More informationCommonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives. Initiation date: January 2012
Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives Initiation date: January 2012 Completion date: June 2012 Nomination submitted by: Samuel A. Nixon
More informationBellevue University Cybersecurity Programs & Courses
Undergraduate Course List Core Courses: CYBR 250 Introduction to Cyber Threats, Technologies and Security CIS 311 Network Security CIS 312 Securing Access Control CIS 411 Assessments and Audits CYBR 320
More informationGLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000. CEO EDS Corporation
GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000 Issue Chair: Issue Sherpa: Dick Brown CEO EDS Corporation Bill Poulos EDS Corporation Tel: (202) 637-6708
More informationA BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper
A BUSINESS CASE FOR BEHAVIORAL ANALYTICS White Paper Introduction What is Behavioral 1 In a world in which web applications and websites are becoming ever more diverse and complicated, running them effectively
More informationWHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION
WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION Table of Contents Executive Summary...3 Vulnerability Scanners Alone Are Not Enough...3 Real-Time Change Configuration Notification is the
More informationCyberSecurity Solutions. Delivering
CyberSecurity Solutions Delivering Confidence Staying One Step Ahead Cyber attacks pose a real and growing threat to nations, corporations and individuals globally. As a trusted leader in cyber solutions
More informationChairman Johnson, Ranking Member Carper, and Members of the committee:
UNITED STATES OFFICE OF PERSONNEL MANAGEMENT STATEMENT OF THE HONORABLE KATHERINE ARCHULETA DIRECTOR U.S. OFFICE OF PERSONNEL MANAGEMENT before the COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
More informationCybersecurity Strategic Consulting
Home Overview Challenges Global Resource Growth Impacting Industries Why Capgemini Capgemini & Sogeti Cybersecurity Strategic Consulting Enabling business ambitions, resilience and cost efficiency with
More informationNASCIO 2014 State IT Recognition Awards
NASCIO 2014 State IT Recognition Awards Project: California Cybersecurity Task Force Category: Cybersecurity Initiatives Project Initiation Date: September, 2012 Project Completion Date: May 2013 Carlos
More informationCombatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation
Combatting the Biggest Cyber Threats to the Financial Services Industry A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry Combatting
More informationPerspectives on Cybersecurity in Healthcare June 2015
SPONSORED BY Perspectives on Cybersecurity in Healthcare June 2015 Workgroup for Electronic Data Interchange 1984 Isaac Newton Square, Suite 304, Reston, VA. 20190 T: 202-618-8792/F: 202-684-7794 Copyright
More informationApplying machine learning techniques to achieve resilient, accurate, high-speed malware detection
White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division
More informationSytorus Information Security Assessment Overview
Sytorus Information Assessment Overview Contents Contents 2 Section 1: Our Understanding of the challenge 3 1 The Challenge 4 Section 2: IT-CMF 5 2 The IT-CMF 6 Section 3: Information Management (ISM)
More informationTUSKEGEE CYBER SECURITY PATH FORWARD
TUSKEGEE CYBER SECURITY PATH FORWARD Preface Tuskegee University is very aware of the ever-escalating cybersecurity threat, which consumes continually more of our societies resources to counter these threats,
More informationServices. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure
Home Secure digital transformation SMACT Advise, Protect & Monitor Why Capgemini & Sogeti? In safe hands Capgemini & Sogeti Cybersecurity Services Guiding enterprises and government through digital transformation
More informationSolving for the Future: Addressing Major Societal Challenges Through Innovative Technology and Cloud Computing
Solving for the Future: Addressing Major Societal Challenges Through Innovative Technology and Cloud Computing As economic challenges persist in communities, nations, and regions around the world, the
More informationThe UK cyber security strategy: Landscape review. Cross-government
REPORT BY THE COMPTROLLER AND AUDITOR GENERAL HC 890 SESSION 2012-13 12 FEBRUARY 2013 Cross-government The UK cyber security strategy: Landscape review 4 Key facts The UK cyber security strategy: Landscape
More informationIBM Australia. Integrated Network Security with IBM Global Technology Services
IBM Australia Integrated Network Security with IBM Global Technology Services Highlights Security must be integrated into every facet of your network Layered defences provide robust security safeguards
More informationEstablishing a State Cyber Crimes Unit White Paper
Establishing a State Cyber Crimes Unit White Paper Utah Department of Public Safety Commissioner Keith Squires Deputy Commissioner Jeff Carr Major Brian Redd Utah Statewide Information & Analysis Center
More informationAddressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model
White Paper Addressing the Full Attack Continuum: Before, During, and After an Attack It s Time for a New Security Model Today s threat landscape is nothing like that of just 10 years ago. Simple attacks
More informationNew York State Department of Financial Services. Report on Cyber Security in the Insurance Sector
New York State Department of Financial Services Report on Cyber Security in the Insurance Sector February 2015 Report on Cyber Security in the Insurance Sector I. Introduction Cyber attacks against financial
More informationActions and Recommendations (A/R) Summary
Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal government s interaction with industry
More informationRising to the Challenge
CYBERSECURITY: Rising to the Challenge Dialogues with Subject Matter Experts Advanced persistent threats. Zero-day attacks. Insider threats. Cybersecurity experts say that if IT leaders are not concerned
More informationImpact of Cybersecurity Innovations in Key Sectors (Technical Insights)
Impact of Cybersecurity Innovations in Key Sectors (Technical Insights) Customized cybersecurity measures help overcome Industry specific challenges September 2014 Table of Contents Section Slide Number
More informationHEALTH CARE AND CYBER SECURITY:
HEALTH CARE AND CYBER SECURITY: Increasing Threats Require Increased Capabilities kpmg.com 1 HEALTH CARE AND CYBER SECURITY EXECUTIVE SUMMARY Four-fifths of executives at healthcare providers and payers
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationStatement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives
Statement for the Record Richard Bejtlich Chief Security Strategist FireEye, Inc. Before the U.S. House of Representatives Committee on Energy and Commerce Subcommittee on Oversight and Investigations
More informationTRANSATLANTIC CYBER SECURITY SUMMIT
TRANSATLANTIC CYBER SECURITY SUMMIT November 27-28, 2012 Dublin, Ireland TRANSATLANTIC CYBER SECURITY SUMMIT Tuesday, November 27th Wednesday, November 28th INTRODUCTION: Mr. Tom McDermott OPENING KEYNOTE:
More informationSolving the Security Puzzle
Solving the Security Puzzle How Government Agencies Can Mitigate Today s Threats Abstract The federal government is in the midst of a massive IT revolution. The rapid adoption of mobile, cloud and Big
More informationCompliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:
Security.01 Penetration Testing.02 Compliance Review.03 Application Security Audit.04 Social Engineering.05 Security Outsourcing.06 Security Consulting.07 Security Policy and Program.08 Training Services
More informationJOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.
JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President
More informationCyber Threat Intelligence Move to an intelligencedriven cybersecurity model
Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Stéphane Hurtaud Partner Governance Risk & Compliance Deloitte Laurent De La Vaissière Director Governance Risk & Compliance
More informationManaged Security Services. Leverage our experienced security operations team to improve your cyber security posture
Managed Security Services Leverage our experienced security operations team to improve your cyber security posture Our approach to Managed Security Services Enterprises spend millions on technology to
More informationBridging the gap between COTS tool alerting and raw data analysis
Article Bridging the gap between COTS tool alerting and raw data analysis An article on how the use of metadata in cybersecurity solutions raises the situational awareness of network activity, leading
More informationThe Importance of Cyber Threat Intelligence to a Strong Security Posture
The Importance of Cyber Threat Intelligence to a Strong Security Posture Sponsored by Webroot Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report
More informationCyberArk Privileged Threat Analytics. Solution Brief
CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect
More informationCyber Security and the Board of Directors
Helping clients build operational capability in cyber security. A DELTA RISK VIEWPOINT Cyber Security and the Board of Directors An essential responsibility in financial services About Delta Risk is a
More informationCYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS
CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations
More informationExecutive Summary. Introduction
Written Testimony of Ravi Pendse, Ph.D. Vice President and Chief Information Officer Brown University Cisco Fellow Professor of Practice, Computer Science and Engineering Before the U.S. Senate Committee
More informationCan We Become Resilient to Cyber Attacks?
Can We Become Resilient to Cyber Attacks? Nick Coleman, Global Head Cyber Security Intelligence Services December 2014 Can we become resilient National Security, Economic Espionage Nation-state actors,
More information