Top 20 Critical Security Controls
|
|
- Maurice Spencer
- 8 years ago
- Views:
Transcription
1 Top 20 Critical Security Controls July 2015 Contents Compliance Guide Introduction 1 How Rapid7 Can Help 2 Rapid7 Solutions for the Critical Controls 3 About Rapid7 11
2 01 INTRODUCTION The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise was compliant, meaning they passed their Payment Card Industry (PCI) audit, yet customer data was still compromised. Simply being compliant is not enough to mitigate probable attacks and protect critical information. In today s constantly evolving threat landscape, organizations need to focus on securing the business first and documenting the process to show compliance second, not the other way around. While there s no silver bullet, organizations can reduce chances of compromise by moving from a compliancedriven to a risk management approach to security. What are the Top 20 Critical Security Controls? In 2008, the SANS Institute, a research and education organization for security professionals, developed the Top 20 Critical Security Controls (CSCs) to address the need for a risk-based approach to security. Prior to this, security standards and requirements frameworks were predominantly compliance-based, with little relevance to the real-world threats they are intended to address. The Controls are prioritized to help organizations focus security efforts to have the greatest impact in improving their risk posture. In 2013, the stewardship of the Controls was transferred to the Council on CyberSecurity, an independent, global non-profit entity. 88% According to the US State Department, organizations can achieve more than 88% risk reduction through rigorous automation and measurement of the Controls. The Critical Controls Two Guiding Principles Prevention is ideal but detection is a must While controls that prevent attacks against networks and systems are essential, controls that detect and thwart attackers inside a network that has already been breached are also needed. Through fast detection of compromised machines, organizations can prevent follow-on attack activities that would have otherwise resulted in financial and reputational losses. Rapid7 UserInsight addresses this very need to detect security incidents and intruder behavior quickly and effectively, before attacjers can cause damage. Offense informs defense The Controls is a consensus list developed by experts with deep knowledge of actual attacks, current threats and effective defensive techniques. This ensures that only controls that can be shown to detect, prevent and mitigate known real-world attacks are included. Leveraging over 200,000 open source community members and industry-leading security researchers, Rapid7 s security data and analytics solutions are informed by deep understanding of the threat landscape and attacker methods. Rapid7.com Top 20 Critical Security Controls 1
3 02 HOW RAPID7 CAN HELP Rapid7 security solutions help organizations implement the Top 20 Critical Security Controls and thwart real-world attacks. The table below outlines how Rapid7 products and services align to each of the controls Critical Security Control Nexpose Metasploit AppSpider UserInsight Rapid7 Services Inventory of Authorized and Unauthorized Devices Inventory of Authorized and Unauthorized Software Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers Continuous Vulnerability Assessment and Remediation 5 Malware Defenses 6 Application Software Security 7 Wireless Access Control 8 Data Recovery Capability Security Skills Assessment and Appropriate Training to Fill Gaps Secure Configurations for Network Devices such as Firewalls, Routers, and Switches Limitation and Control of Network Ports, Protocols, and Services Controlled Use of Administrative Privileges 13 Boundary Defense Maintenance, Monitoring, and Analysis of Audit Logs Controlled Access Based on the Need to Know 16 Account Monitoring and Control 17 Data Protection 18 Incident Response and Management 19 Secure Network Engineering 20 Penetration Tests and Red Team Exercises Rapid7.com Top 20 Critical Security Controls 2
4 03 RAPID7 SOLUTIONS FOR THE CRITICAL CONTROLS As displayed in the chart on the previous page, Rapid7 has products and services to address the majority of the Controls. At the highest level, Rapid7 can perform an assessment of your organization s current state against the Critical Control, identify gaps in your security program, and provide guidance on implementing missing controls. The following pages provide more detail on how each control can be addressed by Rapid7 solutions. CSC 1: Inventory of Authorized and Unauthorized Devices Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access. CSC 1-1 CSC 1-2 CSC 1-4 Deploy an automated asset inventory discovery tool. Deploy dynamic host configuration protocol (DHCP) server logging. Maintain an asset inventory of all systems connected to the network. Nexpose automatically scans the entire network to discover every system with an IP address and assembles an asset inventory. Nexpose connects to DHCP servers to automatically discover new systems connecting to the network. UserInsight analyzes DHCP logs for all systems on the network and automatically maps hosts and users to IP addresses. Nexpose provides visibility into all assets (servers, workstations, mobile devices, etc.) Including IP address and name, and it also enables assets to be tagged with additional context, e.g. asset owner. CSC 2: Inventory of Authorized and Unauthorized Software Actively manage (inventory, track, and correct) all software on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution. CSC 2-2 CSC 2-3 CSC 2-4 Devise a list of authorized software and version. Perform regular scanning for unauthorized software. Deploy software inventory tools throughout the organization. Nexpose provides a complete list of software and version used within the enterprise, which can be used to determine which software is authorized. Nexpose provides fully customizable policy scanning to detect presence of unauthorized software. UserInsight inventories every process on the network and identifies anomalous software that is rare or unique and unsigned. Nexpose automatically scans the entire network to assemble an inventory of OS and installed software, including version and patch level. Rapid7.com Top 20 Critical Security Controls 3
5 CSC 2-5 Integrate software and hardware inventory systems. Nexpose provides a unified view of operating system, installed software, services, vulnerabilities, and policies for each asset. CSC 3: Secure Configurations for Hardware and Software Establish, implement, and actively manage (track, report on, correct) the security configuration of laptops, servers, and workstations using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings. CSC 3-1 CSC 3-2 CSC 3-3 CSC 3-10 Establish and ensure the use of standard secure configurations of your operating systems. Implement automated patching tools and processes. Limit administrative privileges to very few users. Deploy system configuration management tools. Nexpose automatically scans all systems on the network to check their compliance with secure configuration standards. Nexpose automates task of assessing applications and operating systems for vulnerabilities, which are prioritized for patching. UserInsight monitors users with administrative privileges and alerts on new domain admins and account privilege escalation. Nexpose scans every Windows server to verify use of configuration management tools such as Microsoft GPMS and SCCM. CSC 4: Continuous Vulnerability Assessment and Remediation Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers. In addition to the specific solutions listed below, Rapid7 can provide a fully-managed, cloud based vulnerability management service operated on a monthly or quarterly basis. CSC 4-1 CSC 4-2 CSC 4-3 CSC 4-4 CSC 4-6 CSC 4-7 CSC 4-10 Run automated vulnerability scanning tools. Correlate event logs with information from vulnerability scans. Perform vulnerability scanning in authenticated mode. Subscribe to vulnerability intelligence services. Carefully monitor logs associated with any scanning activity. Compare the results from backto-back vulnerability scans. Establish a process to riskrate vulnerabilities based on the exploitability and potential impact of the vulnerability. Nexpose automatically scans all systems on the network for vulnerabilities and misconfigurations, which are prioritized for remediation based on risk. Nexpose provides pre-built integration with SIEM solutions for correlating vulnerability scan results with events logs. UserInsight correlates vulnerability data with event logs to provide additional context to each vulnerability. Nexpose uses domain admin credentials to perform authenticated scans on systems and provides ability to manage credentials centrally. Nexpose is automatically updated with the latest vulnerabilities and exploits on a weekly basis and within 24 hours for critical updates. UserInsight detects all scanning activity, both legitimate and illegitimate, via honeypots deployed on the network. Nexpose provides vulnerability trend charts and reports to show progress, and ability to manage and report on vulnerability exceptions. Nexpose prioritizes vulnerabilities using risk scores that take into account exploit exposure and asset criticality. Metasploit automatically validates the exploitability of vulnerabilities to prove risk exposure for prioritization. Rapid7.com Top 20 Critical Security Controls 4
6 CSC 5: Malware Defenses Control the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defense, data gathering, and corrective action. CSC 5-1 CSC 5-2 CSC 5-3 CSC 5-5 Employ automated tools to continuously monitor workstations, servers, and mobile devices. Employ anti-malware software that offers a remote, cloudbased centralized infrastructure. Configure laptops, workstations, and servers so that they will not auto-run content from removable media. Scan and block all attachments. Nexpose checks that anti-malware software is installed, enabled and up-to-date on every Windows workstation. UserInsight detects malicious processes on endpoints and correlates data from anti-malware solutions with user activity. UserInsight checks all endpoint processes against a cloud-based central database of known malware, and identifies rare and unique processes. Nexpose provides fully customizable policy scanning to audit whether autoplay is allowed on devices. Nexpose scans every Windows workstation to verify clients are configured to block attachments with certain file types. CSC 5-6 Enable anti-exploitation features. Nexpose checks DEP, ASLR and SEHOP is enabled, and EMET is installed and up-to-date on every Windows server and workstation. CSC 5-7 CSC 5-8 CSC 5-11 Limit use of external devices to those that have a business need. Ensure that automated monitoring tools use behaviorbased anomaly detection. Detect hostname lookup for known malicious C2 domains. Nexpose connects to DHCP servers to automatically discover unknown devices connecting to the network. UserInsight monitors and analyzes activity across the network, endpoints, cloud services and mobile devices to detect unusual behavior. UserInsight monitors the network for DNS queries to known malicious domains and newly registered internet domains. CSC 6: Application Software Security Manage the security lifecycle of all in-house developed and acquired software in order to prevent, detect, and correct security weaknesses. CSC 6-1 CSC 6-4 CSC 6-6 CSC 6-7 CSC 6-9 For all acquired application software, check the version is still supported. Test web applications for common security weaknesses. Maintain separate environments for production and nonproduction systems. Test in-house-developed web and other application software prior to deployment. For applications that rely on a database, use standard hardening configuration templates. Nexpose automatically scans all software on the network for vulnerabilities and identifies relevant patches to be applied. AppSpider dynamically scans and tests web applications for vulnerabilities. Metasploit automates web app testing for OWASP Top 10 vulnerabilities. UserInsight provides ability to configure network zone policies for separate production and nonproduction systems, and detect policy violations. Rapid7 can perform manual penetration testing on web and mobile applications to identify security weaknesses. Nexpose automatically scans database servers to check their compliance with secure configuration policies. Rapid7.com Top 20 Critical Security Controls 5
7 CSC 7: Wireless Access Control The processes and tools used to track/control/prevent/correct the security use of wireless local area networks (LANs), access points, and wireless client systems. In addition to the solution listed below, Rapid7 can help with this control by performing wireless penetration testing to assess the security of wireless network infrastructure and identify rogue access points. CSC 7-2 Detect wireless access points connected to the wired network. Nexpose scans the entire network for wireless access points and provides ability to detect presence of unauthorized access points. CSC 9: Security Skills Assessment and Appropriate Training to Fill Gaps For all functional roles in the organization (prioritizing those mission-critical to the business and its security), identify the specific knowledge, skills, and abilities needed to support defense of the enterprise; develop and execute an integrated plan to assess, identify gaps, and remediate through policy, organizational planning, training, and awareness programs. CSC 9-3 CSC 9-4 Implement an online security awareness program. Validate and improve awareness levels through periodic tests. Rapid7 can provide customizable online security awareness training modules, with reporting system to monitor progress of learners. Metasploit provides ability to simulate phishing campaigns to measure user susceptibility and effectiveness of security awareness training. CSC 10: Secure Configurations for Network Devices Establish, implement, and actively manage (track, report on, correct) the security configuration of network infrastructure devices using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings. CSC 10-1 CSC 10-3 Compare firewall, router, and switch configuration against standard secure configurations. Use automated tools to verify standard device configurations. Nexpose provides fully customizable policy scanning to assess configuration of network devices such as firewalls, routers, and switches. Nexpose automatically scans network devices to check their compliance with secure configuration standards. CSC 11: Limitation and Control of Network Ports, Protocols, and Services Manage (track/control/correct) the ongoing operational use of ports, protocols, and services on networked devices in order to minimize windows of vulnerability available to attackers. CSC 11-1 Ensure that only ports, protocols, and services with validated business needs are running on each system. Nexpose scans every Windows server to verify that outbound service ports are blocked and IPv6 communications protocol is disabled. Rapid7.com Top 20 Critical Security Controls 6
8 CSC 11-2 CSC 11-3 CSC 11-4 CSC 11-6 Apply host-based firewalls or port filtering tools on end systems. Perform automated port scans on a regular basis. Uninstall and remove any unnecessary components from the system. Operate critical services on separate physical or logical host machines. Nexpose provides fully customizable policy scanning to audit whether Windows firewall is on and configured securely. Nexpose automatically scans all servers, including their ports, protocols and services, to check their compliance with secure configuration policies. Nexpose checks obsolete services are disabled on every Windows server, and compilers, libraries and desktop applications are not installed. Nexpose scans every Windows server to verify that a single critical role, such as DNS, file, mail, web and database, is installed. CSC 12: Controlled Use of Administrative Privileges The processes and tools used to track/control/prevent/correct the use, assignment, and configuration of administrative privileges on computers, networks, and applications. CSC 12-1 CSC 12-2 CSC 12-3 Minimize administrative privileges. Use automated tools to inventory all administrative accounts. Configure all administrative passwords to be complex. UserInsight monitors users with administrative privileges. Nexpose scans every Windows server to verify that services are run with non-admin accounts. UserInsight provides visibility of all administrative accounts on the network, on local systems, and corporate cloud services. Nexpose provides fully customizable policy scanning to audit passwords for minimum level of complexity. Metasploit tests password strength through online brute-force attacks, offline password cracking, and credentials re-use testing. CSC 12-4 Change all default passwords. Nexpose scans the entire network for systems using default credentials. CSC 12-5 CSC 12-6 CSC 12-8 CSC 12-9 CSC CSC Ensure that all service accounts have long and difficult-to-guess passwords. Passwords should be hashed or encrypted in storage. Each person requiring administrative access should be given his/her own separate account. Configure operating systems so that passwords cannot be re-used within a time frame of six months. Configure systems to issue a log entry and alert when an account is added to or removed from a domain administrators' group. Configure systems to issue a log entry and alert when unsuccessful login to an administrative account is attempted. UserInsight provides visibility of all service accounts on the network. Nexpose provides ability to audit passwords for minimum level of complexity. Nexpose provides fully customizable policy scanning to audit passwords including whether password encryption is enabled. UserInsight detects users sharing administrative accounts. Nexpose checks that admin credentials are unique on every Windows server and workstation. Nexpose provides the ability to audit passwords including minimum amount of time before passwords can be reused. UserInsight provides visibility of all administrative accounts on the network and alerts on new domain administrator accounts. UserInsight provides visibility of all authentication activity on admin accounts and alerts on excessive failed authentication attempts. Rapid7.com Top 20 Critical Security Controls 7
9 CSC 13: Boundary Defense Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data. CSC 13-1 CSC Deny communications with known malicious IP addresses. Devise internal network segmentation schemes to limit traffic to only those services needed for business use. UserInsight alerts on network access to/from known malicious IP addresses. Nexpose checks URL filtering and reputation scanning are enabled on web browsers for every Windows workstation. Metasploit automates task of testing network segmentation is operational and effective. UserInsight provides ability to configure network zones and detect network traffic that violates defined user access policies. CSC 14: Maintenance, Monitoring, and Analysis of Audit Logs Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack. CSC 14-3 CSC 14-4 CSC 14-5 CSC 14-7 CSC 14-8 Ensure adequate storage space for the logs generated on a regular basis. Make sure that logs are kept for a sufficient period of time. Run bi-weekly reports that identify anomalies in logs. For all servers, ensure that logs are written to dedicated logging servers. Deploy a SIEM or log analytic tools for log aggregation and consolidation. UserInsight collects a wide variety of system and network logs and continuously stores copies of them in a secure, scalable cloud platform. Userlnsight retains security incident data from the day the solution is installed and makes the data readily available for investigation. UserInsight automatically analyzes log data against user behavior baselines and alerts on any anomalies or suspicious activities. UserInsight collects logs and continuously stores copies of them in a secure, scalable cloud where they cannot be manipulated by an attacker. UserInsight collects logs, correlates events by user, machine and IP, and analyzes for anomalies and suspicious activities with low false positives. CSC 15: Controlled Access Based on the Need to Know The processes and tools used to track/control/prevent/correct secure access to critical assets (e.g., information, resources, systems) according to the formal determination of which persons, computers, and applications have a need and right to access these critical assets based on an approved classification. CSC 15-2 CSC 15-3 Enforce detailed audit logging for access to nonpublic data. Segment the network based on trust levels. UserInsight provides visibility of all authentication activity on assets classified as restricted, and alerts on access from a new user or source. Metasploit automates task of testing network segmentation is operational and effective. UserInsight provides ability to configure network zones and detect network traffic that violates defined user access policies. Rapid7.com Top 20 Critical Security Controls 8
10 CSC 16: Account Monitoring and Control Actively manage the life-cycle of system and application accounts their creation, use, dormancy, deletion - in order to minimize opportunities for attackers to leverage them. CSC 16-1 Review all system accounts. UserInsight provides visibility of all active user accounts across the organization, including domain, local, and cloud service accounts. CSC 16-6 CSC 16-8 CSC 16-9 CSC CSC CSC Configure screen locks on systems. Require that all nonadministrator accounts have strong passwords. Use and configure account lockouts. Monitor attempts to access deactivated accounts. Profile each user's typical account usage. Verify that all password files are encrypted or hashed. Nexpose provides fully customizable policy scanning to audit screen lock configurations, including amount of idle time before screen lock is applied. Nexpose provides fully customizable policy scanning to audit passwords for minimum level of complexity including length and required characters. Nexpose provides fully customizable policy scanning to audit account lockout configurations, including attempt threshold and lockout duration. UserInsight alerts on authentication attempts to disabled accounts. UserInsight monitors user account activity, and alerts on access from an unusual location or from multiple locations within a short period of time. Nexpose provides fully customizable policy scanning to audit passwords including whether password encryption is enabled. CSC 17: Data Protection The processes and tools used to prevent data exfiltration, mitigate the effects of exfiltrated data, and ensure the privacy and integrity of sensitive information. CSC 17-8 CSC Configure systems so that they will not write data to USB drives. Monitor all traffic leaving the organization. Nexpose provides fully customizable policy scanning to audit whether autoplay is allowed on devices. UserInsight provides visibility into cloud services such as Office 365, Google Apps, Box and AWS, which may be used for data exfiltration. CSC18: Incident Response and Management Protect the organization s information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g., plans, defined roles, training, communications, management oversight) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker s presence, and restoring the integrity of the network and systems. CSC 18-1 CSC 18-4 CSC 18-7 Ensure that there are written incident response procedures. Devise standards for incident reporting. Conduct periodic incident scenario sessions. Rapid7 can perform an assessment of the organization's current preparedness and help them to develop an incident response plan. UserInsight provides ability to map incident investigation findings to an interactive timeline and produce a final report for communication. Rapid7 can conduct exercises that simulate an actual threat scenario to practice and optimize the incident response plan. Rapid7.com Top 20 Critical Security Controls 9
11 CSC 19: Secure Network Engineering Make security an inherent attribute of the enterprise by specifying, designing, and building-in features that allow high confidence systems operations while denying or minimizing opportunities for attackers. CSC 19-4 Segment the enterprise network into multiple, separate trust zones. Metasploit automates task of testing network segmentation is operational and effective. UserInsight provides ability to configure network zones and detect network traffic that violates defined user access policies. CSC 20: Penetration Tests and Red Team Exercises Test the overall strength of an organization s defenses (the technology, the processes, and the people) by simulating the objectives and actions of an attacker. In addition to the solutions described below, Rapid7 can address this control by performing penetration tests to simulate real-world attack vectors and uncover security weaknesses from the attacker s perspective. CSC 20-1 CSC 20-5 CSC 20-6 Conduct regular external and internal penetration tests. Plan clear goals with blended attacks in mind. Use vulnerability scanning and penetration testing tools in concert. Metasploit provides ability to discover hosts, exploit systems, bruteforce passwords, and simulate other attacker methods. Metasploit provides ability to conduct and manage social engineering campaigns as part of a penetration test. Metasploit integrates with Nexpose to validate exploitability of vulnerabilities automatically and return results for prioritization. Rapid7.com Top 20 Critical Security Controls 10
12 04 ABOUT RAPID7 Rapid7 is a leading provider of security data and analytics solutions that enable organizations to implement an active, analytics-driven approach to cyber security. We combine our extensive experience in security data and analytics and deep insight into attacker behaviors and techniques to make sense of the wealth of data available to organizations about their IT environments and users. Our solutions empower organizations to prevent attacks by providing visibility into vulnerabilities and to rapidly detect compromises, respond to breaches, and correct the underlying causes of attacks. Rapid7 is trusted by more than 3,900 organizations across 90 countries, including 30% of the Fortune For more information, please visit Rapid7.com Top 20 Critical Security Controls 11
Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationIntroduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec
Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing
More informationTHE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols
THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationNETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
More informationBEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT
BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT Boeing and Exostar Cyber Security Supply Chain Risk Management INTERVIEWS Robert Shaw Computing Security & Information Protection Specialist, Boeing
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationGlobal Partner Management Notice
Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationSANS Institute First Five Quick Wins
#1 QUICK WIN- APPLICATION WHITELISTING SANS Critical Controls: #2: Inventory of Authorized and Unauthorized Software 1) Deploy application whitelisting technology that allows systems to run software only
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Controls Book
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program s Book Cyber-security s Summary Council on Cyber-security Critical Security s (CSC) CSC-01 CSC-02 CSC-03 CSC-04 CSC-05 IT Asset
More informationIntroduction. PCI DSS Overview
Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure with products such as Network monitoring, Helpdesk management, Application management,
More informationPCI Compliance for Cloud Applications
What Is It? The Payment Card Industry Data Security Standard (PCIDSS), in particular v3.0, aims to reduce credit card fraud by minimizing the risks associated with the transmission, processing, and storage
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationNEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015
NEXPOSE ENTERPRISE METASPLOIT PRO Effective Vulnerability Management and validation March 2015 KEY SECURITY CHALLENGES Common Challenges Organizations Experience Key Security Challenges Visibility gaps
More informationAutomate PCI Compliance Monitoring, Investigation & Reporting
Automate PCI Compliance Monitoring, Investigation & Reporting Reducing Business Risk Standards and compliance are all about implementing procedures and technologies that reduce business risk and efficiently
More informationFISMA / NIST 800-53 REVISION 3 COMPLIANCE
Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001
001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationCybersecurity Health Check At A Glance
This cybersecurity health check provides a quick view of compliance gaps and is not intended to replace a professional HIPAA Security Risk Analysis. Failing to have more than five security measures not
More informationWhite Paper: Consensus Audit Guidelines and Symantec RAS
Addressing the Consensus Audit Guidelines (CAG) with the Symantec Risk Automation Suite (RAS) White Paper: Consensus Audit Guidelines and Symantec RAS Addressing the Consensus Audit Guidelines (CAG) with
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationThe Role of Security Monitoring & SIEM in Risk Management
The Role of Security Monitoring & SIEM in Risk Management Jeff Kopec, MS, CISSP Cyber Security Architect Oakwood Healthcare Jeff Bell, CISSP, GSLC, CPHIMS, ACHE Director, IT Security & Risk Services CareTech
More informationDefending against Cyber Attacks
2015 AMC Privacy & Security Conference Defending against Cyber Attacks MICHAEL DOCKERY CHRIS BEAL PAUL HOWELL Security & Privacy Track June 24, 2015 In the News 2015 MCNC General Use v1.0 Healthcare Data
More informationWindows Operating Systems. Basic Security
Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationWhite Paper The Dynamic Nature of Virtualization Security
White Paper The Dynamic Nature of Virtualization Security The need for real-time vulnerability management and risk assessment Introduction Virtualization is radically shifting how enterprises deploy, deliver,
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationDefence Cyber Protection Partnership Cyber Risks Profile Requirements
Good Governance L.01 Define and assign information security relevant roles and responsibilities. L.02 Define and implement a policy that addresses information security risks within supplier relationships.
More information5 Steps to Advanced Threat Protection
5 Steps to Advanced Threat Protection Agenda Endpoint Protection Gap Profile of Advanced Threats Consensus Audit Guidelines 5 Steps to Advanced Threat Protection Resources 20 Years of Chasing Malicious
More informationJumpstarting Your Security Awareness Program
Jumpstarting Your Security Awareness Program Michael Holcomb Director, Information Security HO20110473 1 Jumpstarting Your Security Awareness Program Classification: Confidential Owner: Michael Holcomb
More informationSpeed Up Incident Response with Actionable Forensic Analytics
WHITEPAPER DATA SHEET Speed Up Incident Response with Actionable Forensic Analytics Close the Gap between Threat Detection and Effective Response with Continuous Monitoring January 15, 2015 Table of Contents
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationProtect the data that drives our customers business. Data Security. Imperva s mission is simple:
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationWhat is Penetration Testing?
White Paper What is Penetration Testing? An Introduction for IT Managers What Is Penetration Testing? Penetration testing is the process of identifying security gaps in your IT infrastructure by mimicking
More information¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India
CIRCULAR CIR/MRD/DP/13/2015 July 06, 2015 To, All Stock Exchanges, Clearing Corporation and Depositories. Dear Sir / Madam, Subject: Cyber Security and Cyber Resilience framework of Stock Exchanges, Clearing
More informationSmarter Security for Smarter Local Government. Craig Sargent, Solutions Specialist
Smarter Security for Smarter Local Government Craig Sargent, Solutions Specialist SUMMARY 1 Trustwave and SpiderLabs 2 Penetration Testing 3 Web Application Firewall (WAF) 4 Security Information & Event
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationThe Critical Security Controls: What s NAC Got to Do with IT?
The Critical Security Controls: What s NAC Got to Do with IT? A SANS Product Review 2nd Edition, updated January 2015 Sponsored by ForeScout Technologies 2015 SANS Institute Introduction Although attacks
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationCORE Security and the Payment Card Industry Data Security Standard (PCI DSS)
CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) Addressing the PCI DSS with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com
More informationMarch 2012 www.tufin.com
SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...
More informationOverview. Summary of Key Findings. Tech Note PCI Wireless Guideline
Overview The following note covers information published in the PCI-DSS Wireless Guideline in July of 2009 by the PCI Wireless Special Interest Group Implementation Team and addresses version 1.2 of the
More informationNERC CIP VERSION 5 COMPLIANCE
BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining
More informationAppalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2
Report No. 13-35 September 27, 2013 Appalachian Regional Commission Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning
More informationAn Overview of Information Security Frameworks. Presented to TIF September 25, 2013
An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information
More informationWhy Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation www.lumeta.
Why Leaks Matter Leak Detection and Mitigation as a Critical Element of Network Assurance A publication of Lumeta Corporation www.lumeta.com Table of Contents Executive Summary Defining a Leak How Leaks
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationINFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION
INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION Information security is a critical issue for institutions of higher education (IHE). IHE face issues of risk, liability, business continuity,
More informationCORE IMPACT AND THE CONSENSUS AUDIT GUIDELINES (CAG)
CORE IMPACT AND THE CONSENSUS AUDIT GUIDELINES (CAG) Extending automated penetration testing to develop an intelligent and cost-efficient security strategy for enterprise-scale information systems CAG
More informationNorth American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)
Whitepaper North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5) NERC-CIP Overview The North American Electric Reliability Corporation (NERC) is a
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationNetwork Access Control in Virtual Environments. Technical Note
Contents Security Considerations in.... 3 Addressing Virtualization Security Challenges using NAC and Endpoint Compliance... 3 Visibility and Profiling of VMs.... 4 Identification of Rogue or Unapproved
More informationMEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance
MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile
More informationNIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT
NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationHow To Secure Your System From Cyber Attacks
TM DeltaV Cyber Security Solutions A Guide to Securing Your Process A long history of cyber security In pioneering the use of commercial off-the-shelf technology in process control, the DeltaV digital
More informationStrategies to Mitigate Targeted Cyber Intrusions Mitigation Details
CYBER SECURITY OPERATIONS CENTRE 13/2011 21 July 2011 Strategies to Mitigate Targeted Cyber Intrusions Mitigation Details INTRODUCTION 1. This document provides further information regarding DSD s list
More informationSeven Strategies to Defend ICSs
INTRODUCTION Cyber intrusions into US Critical Infrastructure systems are happening with increased frequency. For many industrial control systems (ICSs), it s not a matter of if an intrusion will take
More informationRedhawk Network Security, LLC 62958 Layton Ave., Suite One, Bend, OR 97701 sales@redhawksecurity.com 866-605- 6328 www.redhawksecurity.
Planning Guide for Penetration Testing John Pelley, CISSP, ISSAP, MBCI Long seen as a Payment Card Industry (PCI) best practice, penetration testing has become a requirement for PCI 3.1 effective July
More informationEverything You Wanted to Know about DISA STIGs but were Afraid to Ask
Everything You Wanted to Know about DISA STIGs but were Afraid to Ask An EiQ Networks White Paper 2015 EiQ Networks, Inc. All Rights Reserved. EiQ, the EiQ logo, the SOCVue logo, SecureVue, ThreatVue,
More informationTRIPWIRE NERC SOLUTION SUITE
CONFIDENCE: SECURED SOLUTION BRIEF TRIPWIRE NERC SOLUTION SUITE TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on our mission of delivering
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE
ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE AGENDA PCI DSS Basics Case Studies of PCI DSS Failure! Common Problems with PCI DSS Compliance
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More informationPenetration Test Report
Penetration Test Report MegaCorp One August 10 th, 2013 Offensive Security Services, LLC 19706 One Norman Blvd. Suite B #253 Cornelius, NC 28031 United States of America Tel: 1-402-608-1337 Fax: 1-704-625-3787
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationncircle and Core Security: Solutions for Automating the Consensus Audit Guidelines Critical Security Controls
ncircle and Security: Solutions for Automating the Consensus Audit Guidelines Overview The Consensus Audit Guidelines are put forward by a diverse working group designed to begin the process of establishing
More informationGuideline on Auditing and Log Management
CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More informationPCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR
PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR AUTHOR: UDIT PATHAK SENIOR SECURITY ANALYST udit.pathak@niiconsulting.com Public Network Intelligence India 1 Contents 1. Background... 3 2. PCI Compliance
More informationGuide to Vulnerability Management for Small Companies
University of Illinois at Urbana-Champaign BADM 557 Enterprise IT Governance Guide to Vulnerability Management for Small Companies Andrew Tan Table of Contents Table of Contents... 1 Abstract... 2 1. Introduction...
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationSection 12 MUST BE COMPLETED BY: 4/22
Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege
More informationInformation Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis
Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University
More informationCyberArk Privileged Threat Analytics. Solution Brief
CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationNessus Agents. October 2015
Nessus Agents October 2015 Table of Contents Introduction... 3 What Are Nessus Agents?... 3 Scanning... 4 Results... 6 Conclusion... 6 About Tenable Network Security... 6 2 Introduction Today s changing
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationExecutive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:
Executive Summary Texas state law requires that each state agency, including Institutions of Higher Education, have in place an Program (ISP) that is approved by the head of the institution. 1 Governance
More informationIBM Security QRadar Vulnerability Manager
IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk
More informationUnder the Hood of the IBM Threat Protection System
Under the Hood of the System The Nuts and Bolts of the Dynamic Attack Chain 1 Balazs Csendes IBM Security Intelligence Leader, CEE balazs.csendes@cz.ibm.com 1 You are an... IT Security Manager at a retailer
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationApplying the CPNI Top 20 Critical Security Controls in a University Environment
IT Services Applying the CPNI Top 20 Critical Security Controls in a University Environment RUGIT IT Security Group October 2013 1. Introduction Universities UK (UUK) has published a policy briefing on
More information