Data Analytics & Information Security

Transcription

1 Data Analytics & Information Security

2 About The Speaker Practice Director at ERM M.S. Information Networking and Security CERT Coordination Center - Carnegie Mellon University Carnegie Mellon CyLab

3 Agenda Why Is This Important? Data Analytics In Information Security In Action Questions & Answers

4 Trying Times The Internet We ve come a long way! Information security is mission critical. Key IS metrics have become measurable and drive organization bottom lines. Tight budgets, aggressive metrics CISOs accountable.

5 Cybercrime & CyberWarfare The cyber threat will surpass terrorism as the country s number one threat. - Robert Mueller (FBI Director) Congress in the process of preparing cybersecurity legislation. Getting Serious DoD: Cyber Command FBI: Cyber Division DHS: National Cyber Security Division

6 It s Complicated Individual Hackers. Commercial Hacking Groups The New Mafia. Hacktivists WikiLeaks, Anonymous. Cyber Patriots What did you just call my country? Nope, that s not a crime in Elbonia.

7 What s The Big Deal? Prime Targets The National Power Grid, Gas Pipeline Infrastructure, Water Treatment Facilities, Banking Sector. A cyber-pearl Harbor would cause physical destruction and the loss of life, an attack that would paralyze and shock the nation and create a profound new sense of vulnerability. - Leon Panetta (Defense Secretary)

8 Phew, I m Not Directly Affected You Could Well Be! Indirect Responsibility Your organization s computers used in an attack. Direct Target Cyber Extortion. Please also read ERM s 2010 newsletter titled Commercial Hacking The Mafia Returns.

9 Need Of The Hour A good defense is the best offense. Quick, Accurate, and Timely cybersecurity decisions. Graphical representations of What exactly are you talking about? Business Intelligence spanning across the enterprise.

10 Information Overload A sea of information, while all factually correct, means nothing. Decisions made around a fixed (and often small) budget, need to be right. It s not about the information it s about the meaning. If it s simple, it will enable decisions.

11 Enter Data Analytics Graphical encapsulation of the who, what, when, where, how, and why. We re talking dashboards, enterprise-wide snapshots, and decision-making tools. Your loyal friend in the Boardroom. Customization limited only by imagination.

12 Let s Imagine What are we spending and where? Where is my information? Real-time decision making. What would happen if we? Employee Security Awareness Training.

13 What Are We Spending and Where? Boardroom Question: So, how efficiently are we spending the information security budget? CISO: I ll let Dash here do the talking.

14 Where Is My Information? Critical Question. Relieves CISO stress. Dashboards are populated from data stores. Catch: Data stores will need to be created and maintained.

15 Real-Time Decision Making New vulnerabilities, new platforms, new technologies and interconnectivities. Real-time risk snapshot of your organization can tell you most significant exposures and impacts. Patch up in aisle 5 please! Trend reporting, infrastructure decisions, etc.

16 What Would Happen If We? Cybersecurity decision making involves several what ifs. Policy levers anyone?

17 Employee Security Awareness Training We just discussed policy levers. Specialized custom dashboards with policy levers that simulate organizational security posture. Interactive training sessions. I see I remember!

18 In Action #1 Simulation of organizational network. Tool performs attacks on the network simulation by probing various entry routes. Can help organization test-drive a network design before implementing. Canned simulations used to train technical staff.

19 In Action #2

20 Last Words The partnership is here to stay. Dashboards enable business intelligence save time and money. Customization and tailoring is the meat the rest is salad. Boardroom meetings can be fun.

21 Your go to advisors for all matters in information security. Upcoming Webinars December 13, 2012: January 23, 2013: Incident Command Systems (10 AM to 11 AM) Pruebas de Intrusión de Aplicación (11 AM to 12 PM)