PORTCULLIS. 2nd Annual Financial Services Cyber Security Summit. CBEST Workshop
|
|
- Barnaby Porter
- 8 years ago
- Views:
Transcription
1 PORTCULLIS 2nd Annual Financial Services Cyber Security Summit CBEST Workshop
2 CBEST portcullis David Byrne CBEST Service Owner
3 Introduction Portcullis has been established for over 23 years as an independent professional services firm focused on security. Providing IA Consultancy, dedicated R&D, Forensics / Incident Response and security testing including intelligence-led services Red Teaming; War Gaming; CBEST / CSTAR. Portcullis was the first partner fully qualified under CBEST. Now one of six accredited partners of CBEST PT in the UK providing both CC SAM and CC SAS certified individuals.
4 Reading and References: Bank of England - /cbest.aspx Lists out an overview and key resources CREST - Much the same info as above BUT includes: List of certified providers Syllabus overviews for CC SAM, CC SAS and CC TIM certifications
5 Why are we here? Two quotes from the Financial Policy Committee: In June 2013: HM Treasury, working with the relevant Government agencies, the PRA, the Bank s financial market infrastructure supervisors and the FCA should work with the core UK financial system and its infrastructure to put in place a programme of work to improve and test resilience to cyber attack. In September 2013: The Committee... encouraged Her Majesty s Treasury and the regulators to ensure that the various institutions at the core of the financial system, including banks and infrastructure providers, had a high level of protection against cyber attacks to ensure such attacks do not undermine the system.
6 Where does CBEST fit? CBEST-CSTAR CHECK/CREST PT Vulnerability Assessment Cyber Essentials Cyber Essentials Plus
7 What is CBEST? Formal framework and methodology for the delivery of intelligence-led, Red Teaming designed to replicate current threats and attack vectors Aimed at improving firms understanding of Cyber threats and focuses on the systems critical to operation of the UK economy A realistic assessment of how your organisation can withstand real world attacks through risk managed, open scope testing: An agreed approach to testing high value systems An understanding of the maturity level and current capabilities of the defences in place Actionable outcomes for improvement A move to break the constraints of typical assurance projects: Scenario and threat based objectives rather than specific system reviews Holistic assessment of people, processes and technology In line with UK Govt. strategy to develop industry capabilities
8 The Approach
9 Key Stages of CBEST Reconnaissance (Threat Intel) Staging - staging platforms will be implemented to emulate that of the agreed threat actors Exploitation - Identified vulnerabilities will be exploited to gain unauthorised access to the target. Control and Movement - Attempt to move from initial compromised systems to further vulnerable or high value systems. Actions On Target - Gaining further access on compromised systems and acquiring access to previously agreed target information and data. Persistence and egress - Mimicking an advanced attacker, persistent access to the network will be secured and simulated exfiltration of staged data performed.
10 Outcomes Threat Intelligence Report Test Plan Incident Response Maturity Report Security Improvement Plan System Security Blue Team Capability
11 Portcullis Journey to CBEST Founding members of CHECK and CREST Dedicated Research and Development function Delivering Security Testing and Consultancy for over 20 years Including War Gaming, Scenario based-testing and Red Teaming to Financial Services, Media, Retail, CNI and Government organisations Scenario based testing for the London 2012 Games - Case study available Invited to help shape the CBEST Framework First private company fully certified to deliver CBEST PT
12 CBEST Team Technical Director CBEST Service Owner CC SAM Dedicated Account Manager CC SAS Intrusion Analyst Exploit Developer Phishing Expert CREST Team Leaders
13 Questions from Banks Common questions raised throughout the initial engagement process: 1. Can you limit the scope / exclude specific systems? 2. What CEFs will you target? 3. What systems are in scope? 4. What scenarios will you test? 5. Can you provide the KPI details? 6. Is there a remediation window between TI reporting and PT scoping? 7. What is the best way to engage TI and PT?
14 How to engage PT and TI Firm TI Partner PT Partner
15 How to engage PT and TI Firm TI Partner PT Partner
16 How to engage PT and TI Firm TI Partner PT Partner Key message it doesn t matter! Every CBEST provider should be willing and able to work with anyone from the framework
17 BoE Q&A Useful to describe the Pre- and Post-CBEST processes? Thoughts on firms volunteering for CBEST? How would one go about this? Key considerations for scoping? Thoughts on the future of CBEST?
18 END OF PRESENTATION Presentation by: David Byrne Title: Service Owner Telephone: +44 (0)
19 CBEST Threat Intelligence June 2015
20 OVERVIEW Why Threat Intelligence in CBEST Demonstration What do we actually do? Summary
21 Digital Footprint Information intentionally projected, shared and pro-actively managed by an organisation Digital Shadow Information un-intentionally exposed that may reveal an attackers intentions or weakness in an organisation 3
22 The adversary has its own shadow Patterns of behavior Goals and Motives Attack vectors of choice Crime: Dark web activities Associations 4
23 (Cyber) threat intelligence - many different things
24 Technical data feeds 6
25 Human enriched feeds 7
26 Human first, curated feeds 8
27 Digital Shadows provides cyber situational awareness Alerts to potential threats, instances of sensitive data loss or compromised brand integrity. Analyze the adversary through an attacker s eye view Relevant, tailored threat intelligence based on sector, size, geography Robust library of attacker profiles, actor groups, TTPs Search beyond traditional dark web to include criminal sites, IRC, Tor, I2P 9
28 10
29 Digital Shadows SearchLight 11
30 Model overview ACTOR ACTIONS ASSETS Entity Model Goals: Motivation, intentions Capabilities: Resources, Skill, Access to target Recon Prep Infil exfil exploit Activity Model Activity Indicators Artifacts Output: Threat Scenarios to be used in a test 17
31 Threat profiles 23
32 Intel link charts 25
33 Portal screenshot (Dashboard) 20
34 Portal Screenshot 1 21
35 Example incident 22
36 timelines 24
37 THREAT LED SECURITY TESTING In May 2014, the Bank of England, Certified Register of Ethical Security Testers (CREST) launched CBEST. CBEST is a threat led approach to conducting security testing. Why is it different? 1. It aims for realistic tests based upon a set of evidence of threats observed in the wild. Tailored to the client. UK Intelligence support this input. 2. It is focused on testing the resilience of systems to attacks. 3. It is much broader in scope than a traditional pen test (a red team approach) Tests are voluntary and the working style is intended to be collaborative
38 2 REPORTING TYPES PRODUCED 1 Threat Intelligence Report 2 Targeting (Foot printing) Report Provides analysis of threat groups based on thorough research Evidence to justify and support actions of testing team OUTPUT: Threat Scenarios USE CASE: Provides supporting evidence for use in security test. Broad analysis of digital footprint to identify riskier areas NOT a full reconnaissance exercise OUTPUT: Initial targets for test USE CASE: Provides input into reconnaissance phase of security test.
39 TI Report Approach INPUTS THREAT LIBRARY OSINT RESEARCH 1 Background Research 2 Develop Threat Summary (Landscape) SCORED THREAT TYPES 3 Develop Actor Profiles SPECIFIC ACTORS (Model) 4 Develop Threat Scenarios THREAT SCENARIOS
40 OSINT Hostile Mentions in Social Media Search over Dark Web Marketplaces Looking for mentions of client across hostile actors. Delivered as filtered alerts. Brings Twitter traffic into scope Identifying discussions on specific fora that might show threats to NS&I, includes ToR and IRC Intelligence Profiles Access to our curated intelligence profiles RFI Requests for Information Tailored Incidents We can provide a default number of hours of analyst time each month to respond to situational awareness requests. We can take your threat profiles as an input and can focus collection on specific groups, countries or other places of concern. We would continue tailor the service based on new finding and your previous incidents and concerns
41 Threat landscape Threat source Capability Intent/ activity Threat score to Client Insider intentional* H H 16 Nation State Disruption and Attack (CNA) VH M 15 Nation State Espionage (CNE) VH M 15 Organised Crime Economic H M 12 Nation State Proxy M M 9 Hacktivist L-M M 6 Journalist/researcher L L 4 Organised Crime Extortion M VL 3 Insider unintentional VL VL 1 Scoring based on high watermark assessment
42 THREAT PROFILES CONSIDERED Islamic Republic of Iran (CNA) Peoples Republic of China (CNE) Russian Speaking O.C.G. Al-Qassam Cyber fighters (CNA) Anonymous / Occupy (hacktivism)
43 THREAT SCENARIO Russian Speaking O.C.G. Islamic Republic of Iran (CNA) Peoples Republic of China (CNE)
44 SCENARIOS AS Narrative
45 Mapping to a storyline
46 Mapping to a storyline
47 Key outputs Scenarios Threat scenario Based on detailed research Emulating real threat Tailored to YOUR assets Goals A set of Goals for the test team A set of agreed flags the team must capture Evidence A lot of Supporting Evidence to show that the test is real Validated by GCHQ SUPPORTS SELECTION OF TARGET and TEST PLAN PRIORITISES FLAGS AGAINST GOALS AND MOTIVATION BACKS UP BUSINESS CASE FOR MITIGATING CONTROLS
48 Project plan and structure 30
49 TI Project plan (6 + 3 Weeks) KEY: Week 1 Week 2 Week 3 Week 4 Week 5 Week 6 1 Deliverable Milestone Configure Collect & Collate Work Commences Workshop DS Tasks Client Tasks C Config Doc Agreed Analyse TI Report Write up Digital Footprint Write up Testing Reconaissance QA INTERNAL 1 2 TI Report Foot printing Report Final Reports CONTINUE MONITORING Alerts Incident Management (SOC) A A Alerts A Alerts A Threat and DL Monitoring
50 What happens with GCHQ Input? Report submitted to BofE BoE submit report to GCHQ Meeting booked by BofE to discuss review outputs Client/TI Provider/ BoE/ GCHQ Week 1 Week 2 Week 3 BoE Reviews (2 weeks) GCHQ Review (2 weeks) Collate Feedback
51 Key performance indicators for TI SAY IT SEE IT PROVE IT 23 measures H/M/L in 6 Categories - Organisation - Direction - Collection - Processing - Dissemination - Review
52 CBEST is an opportunity A justification for a broad test A live measurement of the playbook in realistic circumstances A way of trying out threat intelligence, or comparing it to existing feeds or capability Validation of existing thinking and controls, risk and response plans Evidence to support business cases Use a regulatory driver to support a business case to achieve the things you wanted to do anyway
53 Why we can help Experienced Led development of the TI standards Delivered 5 existing tests Breadth of research Only provider including a breadth of OSINT. Specific to you not a copy/paste, we talk about your assets, your threats. Tailored not just a subscription to existing threat data. Focused on evidence of threat to YOUR assets, based on evidence of threats to YOUR business.
54 SUMMARY A company looking at the digital shadows cast by threats An approach based on real scenarios, goals and evidence Opportunity: use it as a business case We re there to help
55 Thank you For enquiries concerning CBEST/CSTAR contact Portcullis at London San Francisco Level 39, One Canada Square, London, E14 5AB 535 Mission St, Fl. 14, San Francisco, CA (0)
CBEST/STAR Threat Intelligence
CBEST/STAR Threat Intelligence Systemically-important financial institutions that form part of the UK s Critical National Infrastructure need to remain resilient to cyber attack. To help them achieve this,
More informationCBEST Implementation Guide
CBEST Implementation Guide Introduction Existing penetration testing services conducted within the financial services sector are well understood and utilised. Whilst these services have provided a good
More informationCFTC BRIEFING 2 JUNE 2015 CYBERSECURITY CONSIDERING BANK OF ENGLAND S CBEST PROGRAM
CFTC BRIEFING 2 JUNE 2015 CYBERSECURITY CONSIDERING BANK OF ENGLAND S CBEST PROGRAM Objectives Provide an overview of the CBEST program Overview will include answers to the following questions: What types
More informationCBEST FAQ February 2015
CBEST Frequently Asked Questions: February 2015 At this time, the UK Financial Authorities have only made CBEST available to firms and FMIs which they consider to be core to the UK financial system. Those
More informationManaging cyber risk the global banking perspective
1 Managing cyber risk the global banking perspective Speech given by Andrew Gracie, Executive Director, Resolution, Bank of England British Bankers Association Cyber Conference, London 10 June 2014 2 I
More informationCYBER SECURITY TRAINING SAFE AND SECURE
CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need
More informationA Primer on Cyber Threat Intelligence
A Primer on Cyber Threat Intelligence AS ADVERTISED 2 BUZZWORD BINGO! 3 TODAY S CYBER SECURITY CHALLENGES CISOs finding it difficult to define security ROI to executives Short shelf life for CISOs Vastly
More informationInformation Technology Solutions
THE THREAT Organizations are making large investment in cyber defense, but are still in the dark in terms of how they would fare up against one of the simplest attacks that Cyber-criminals use to take
More informationCBEST Threat Intelligence Framework Qualities of a threat intelligence provider
CBEST Threat Intelligence Framework Qualities of a threat intelligence provider Contents Document control... 3 Copyright notice... 3 Executive summary... 4 1. Introduction... 5 1.1. Purpose of this document...
More informationCASSIDIAN CYBERSECURITY
CASSIDIAN CYBERSECURITY ADVANCED PERSISTENT THREAT (APT) SERVICE In a world where cyber threats are emerging daily, often from unknown sources, information security is something no organisation can afford
More informationTechnology and Cyber Resilience Benchmarking Report 2012. December 2013
Technology and Cyber Resilience Benchmarking Report 2012 December 2013 1 Foreword by Andrew Gracie Executive Director, Special Resolution Unit, Bank of England On behalf of the UK Financial Authorities
More informationResilience and Cyber Essentials
Resilience and Cyber Essentials Richard Bach Assistant Director Cyber Security Talk outline Why Cyber Essentials: the Policy context What is Cyber Essentials: Scheme background How the Scheme works: accreditation,
More informationHelmut Wacket Head of Oversight Division. Cybersecurity: regulatory framework and central bank initiatives in the EU
Helmut Wacket Head of Oversight Division Cybersecurity: regulatory framework and central bank initiatives in the EU Cybersecurity in the EU Securing network and information systems in the EU is essential
More informationINTELLIGENCE. RISK MITIGATION. RESPONSE. CONSULTANCY.
INTELLIGENCE. RISK MITIGATION. RESPONSE. CONSULTANCY. 23 Grafton Street London W1S 4EY UK Main Tel: +44 (0) 207 887 2699 ABOUT PGI PGI is a privately owned UK business offering integrated, intelligence-led
More informationESKISP6055.01 Manage security testing
Overview This standard covers the competencies concerning with managing security testing activities. Including managing resources activities and deliverables. This includes planning, conducting and reporting
More informationCyber Security for SCADA/ICS Networks
Cyber Security for SCADA/ICS Networks GANESH NARAYANAN HEAD-CONSULTING CYBER SECURITY SERVICES www.thalesgroup.com Increasing Cyber Attacks on SCADA / ICS Systems 2 What is SCADA Supervisory Control And
More informationEnterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security
Enterprise Security Governance Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security Governance and Organisational Model Risk Mgmt & Reporting Digital Risk & Security
More informationCyber Security: Threat & The Maritime Environment Cyber Security: now byting the maritime industry
Cyber Security: Threat & The Maritime Environment Cyber Security: now byting the maritime industry Templar Executives NIAS 2007 DHR 2008 IAMM 2008 1 st CSS 2009 2 nd CSS 2011 Advising Government & Industry
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationCREST EXAMINATIONS. CREST (GB) Ltd 2016 All Rights Reserved
CREST EXAMINATIONS This document and any information therein are the property of CREST and without infringement neither the whole nor any extract may be disclosed, loaned, copied or used for manufacturing,
More informationISO 27001 Information Security Management Services (Lot 4)
ISO 27001 Information Security Management Services (Lot 4) CONTENTS 1. WHY LEICESTERSHIRE HEALTH INFORMATICS SERVICE?... 3 2. LHIS TECHNICAL ASSURANCE SERVICES... 3 3. SERVICE OVERVIEW... 4 4. EXPERIENCE...
More informationCyber Threat Intelligence Move to an intelligencedriven cybersecurity model
Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Stéphane Hurtaud Partner Governance Risk & Compliance Deloitte Laurent De La Vaissière Director Governance Risk & Compliance
More informationISO27032 Guidelines for Cyber Security
ISO27032 Guidelines for Cyber Security Deloitte Point of View on analysing and implementing the guidelines Deloitte LLP Enterprise Risk Services Security & Resilience Contents Foreword 1 Cyber governance
More informationCyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte
Cyber security Time for a new paradigm Stéphane Hurtaud Partner Information & Technology Risk Deloitte 90 More than ever, cyberspace is a land of opportunity but also a dangerous world. As public and private
More informationAccenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges
Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287
More informationAdvanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA
Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery
More informationCyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention
Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen 14th Annual Risk Management Convention New York, New York March 13, 2013 Today s Presentation 1)
More informationPOWERFUL SOFTWARE. FIGHTING HIGH CONSEQUENCE CYBER CRIME. KEY SOLUTION HIGHLIGHTS
ADVANCED CYBER THREAT ANALYTICS POWERFUL SOFTWARE. FIGHTING HIGH CONSEQUENCE CYBER CRIME. Wynyard Advanced Cyber Threat Analytics (ACTA) is a Pro-active Cyber Forensics solution that helps protect organisations
More informationThreat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations
Threat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations September 2015 Copyright 2015 Deloitte Development LLC. All rights reserved. This presentation
More information2 Gabi Siboni, 1 Senior Research Fellow and Director,
Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,
More informationAdvanced Threats: The New World Order
Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China gary.lau@rsa.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC
More informationIT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies
IT Professional Standards Information Security Discipline Sub-discipline 605 Information Security Testing and Information Assurance Methodologies December 2012 Draft Version 0.6 DOCUMENT REVIEW Document
More information81% of participants believe the government should share more threat intelligence with the private sector.
Threat Intelligence Sharing & the Government s Role in It Results of a Survey at InfoSec 2015 Section 1 1.1 Executive summary The last few years has seen a rise in awareness regarding security breaches
More informationwww.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
More informationThreat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437. Specialist Security Training Catalogue
Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437 Specialist Security Training Catalogue Did you know that the faster you detect a security breach, the lesser the impact to the organisation?
More informationCyber Essentials Scheme
Cyber Essentials Scheme Assurance Framework January 2015 December 2013 Contents Introduction... 3 Change from June 2014 version... 3 Overview... 4 Stage Definitions... 5 Stage 1 Cyber Essentials: verified
More informationPwC s Advanced Threat and Vulnerability Management Services
www.pwc.ch PwC s Advanced Threat and Vulnerability Management Services Our comprehensive approach PwC s security assessment services A joint business relationship provides clients with access to High-Tech
More informationProcuring Penetration Testing Services
Procuring Penetration Testing Services Introduction Organisations like yours have the evolving task of securing complex IT environments whilst delivering their business and brand objectives. The threat
More informationPaul Vlissidis Group Technical Director NCC Group plc paulv@nccgroup.com
Managing IT Fraud Using Ethical Hacking Paul Vlissidis Group Technical Director NCC Group plc paulv@nccgroup.com Agenda Introductions Context for Ethical Hacking Effective use of ethical hacking in fraud
More informationCyber Security Evolved
Cyber Security Evolved Aware Cyber threats are many, varied and always evolving Being aware is knowing what is going on so you can figure out what to do. The challenge is to know which cyber threats are
More informationPENETRATION TESTING GUIDE. www.tbgsecurity.com 1
PENETRATION TESTING GUIDE www.tbgsecurity.com 1 Table of Contents What is a... 3 What is the difference between Ethical Hacking and other types of hackers and testing I ve heard about?... 3 How does a
More informationRethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council
Rethinking Information Security for Advanced Threats CEB Information Risk Leadership Council Advanced threats differ from conventional security threats along many dimensions, making them much more difficult
More informationESKISP6064.03 Conducts vulnerability assessment under supervision
Conducts vulnerability assessment under supervision Overview This standard covers the competencies required to conduct vulnerability assessments under supervision. This includes following processes for
More informationThe FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
More informationCYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS
CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations
More informationPractical Steps To Securing Process Control Networks
Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationCan We Become Resilient to Cyber Attacks?
Can We Become Resilient to Cyber Attacks? Nick Coleman, Global Head Cyber Security Intelligence Services December 2014 Can we become resilient National Security, Economic Espionage Nation-state actors,
More informationSeparating Signal from Noise: Taking Threat Intelligence to the Next Level
SESSION ID: SPO2-T09 Separating Signal from Noise: Taking Threat Intelligence to the Next Level Doron Shiloach X-Force Product Manager IBM @doronshiloach Agenda Threat Intelligence Overview Current Challenges
More informationCyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats
Cyber4sight TM Threat Intelligence Services Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Preparing for Advanced Cyber Threats Cyber attacks are evolving faster than organizations
More informationIntelligence Driven Security
Intelligence Driven Security RSA Advanced Cyber Defense Workshop Shane Harsch Senior Solutions Principal, RSA 1 Agenda Approach & Activities Operations Intelligence Infrastructure Reporting & Top Findings
More informationCYBER SECURITY INFORMATION SHARING & COLLABORATION
Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers
More informationCyber Security for audit committees
AUDIT COMMITTEE INSTITUTE Cyber Security for audit committees An introduction kpmg.com/globalaci 2 Audit Committee Institute An introduction to cyber security for audit committees Audit committees have
More informationThe Role of Intelligence in Network Defence Rob Sloan
Rob Sloan 15th May 2014 response@contextis.com / Contents Contents 1 Abstract 3 2 The Role of Intelligence in Computer Network Defence 4 2.1 Background 4 2.2 What is Intelligence? 4 2.3 Using Intelligence
More informationRisk Analytics for Cyber Security
Risk Analytics for Cyber Security Justin Coker, VP EMEA, Skybox Security IT Challenges 2015, Belgium 2nd October 2014 www.skyboxsecurity.com justin.coker@skyboxsecurity.com +44 (0) 7831 691498 Risk Analytics
More informationAddressing Cyber Risk Building robust cyber governance
Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationSecurity-as-a-Service (Sec-aaS) Framework. Service Introduction
Security-as-a-Service (Sec-aaS) Framework Service Introduction Need of Information Security Program In current high-tech environment, we are getting more dependent on information systems. This dependency
More informationThe Next Generation Security Operations Center
The Next Generation Security Operations Center Vassil Barsakov Regional Manager, CEE & CIS RSA, the Security Division of EMC 1 Threats are Evolving Rapidly Criminals Petty criminals Unsophisticated Organized
More informationPASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013
2013 PASTA Abstract Process for Attack S imulation & Threat Assessment Abstract VerSprite, LLC Copyright 2013 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
More informationThreat intelligence. A buyer s guide
Threat intelligence A buyer s guide 1 Table of Contents Executive summary... 03 1. Introduction... 04 The rise of digital business... 05 What is cyber threat intelligence?... 07 Common types of cyber threat
More informationCESG CIR SCHEME AND CREST CSIR SCHEME FREQUENTLY ASKED QUESTIONS
CESG CIR SCHEME AND CREST CSIR SCHEME FREQUENTLY ASKED QUESTIONS QUESTION General What is the Cyber Security Incident Response (CSIR) Scheme? What is the Cyber Incident Response (CIR) scheme? Why have
More informationBT Assure Rethink the Risk
BT Assure Rethink the Risk Analyst and Consultant Update May 2012 BT Assure. Security that matters Today's agenda Introductions Neil Sutton Vice President, Global Portfolio 3 Minutes BT Assure Overview
More informationIT Security Testing Services
Context Information Security T +44 (0)207 537 7515 W www.contextis.com E gcloud@contextis.co.uk IT Security Testing Services Context Information Security Contents 1 Introduction to Context Information
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationTy Miller. Director, Threat Intelligence Pty Ltd
Ty Miller Director, Threat Intelligence Pty Ltd Security Specialist Creator of Threat Analytics CREST Tech Lead, Assessor, Board of Directors Trained likes of FBI, US DoD, US Mil, International Govt agencies,
More informationSR B17. The Threat Landscape Continues to Change: How are You Keeping Pace? Dean Turner
SR B17 The Threat Landscape Continues to Change: How are You Keeping Pace? Dean Turner Director - Engineering, Global Intelligence Network Symantec Intelligence Group Agenda 1 2 3 5 Symantec Intelligence
More informationAdvanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA
Advanced SOC Design Next Generation Security Operations Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA 1 ! Why/How security investments need to shift! Key functions of a Security Operations
More informationCyberNEXS Global Services
CyberNEXS Global Services CYBERSECURITY A cyber training, exercising, competition and certification product for maximizing the cyber skills of your workforce The Cyber Network EXercise System CyberNEXS
More informationA NEW APPROACH TO CYBER SECURITY
A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively
More informationCyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015
Cyber Threats Insights from history and current operations Prepared by Cognitio May 5, 2015 About Cognitio Cognitio is a strategic consulting and engineering firm led by a team of former senior technology
More informationCYBER SECURITY PROTECTING YOUR BUSINESS James Hatch Director, Cyber Services BAE Systems Applied Intelligence 1 CYBER SECURITY AT BAE SYSTEMS Professional Services Technical Services Prepare Protect Cyber
More informationThe Cyber Threat Profiler
Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are
More informationRisk Management in Global Operating Industry
Risk Management in Global Operating Industry World Financial Symposium 2015 Here is the News Saleema Brohi Aviation Legal Expert Session Sponsor World Financial Symposium 2015 Cyber Attack! - Beyond Firewalls
More informationSymantec Cyber Security Services: A Recipe for Disaster
When On-The-Job Training Is a Recipe for Disaster How security simulation prepares IT staff for APTs, breaches and data leakages Contents Sometimes On-The-Job Training Is a Lousy Idea... 2 On-The-Job Training
More informationFS-ISAC CHARLES BRETZ
FS-ISAC CHARLES BRETZ Information Sharing To be forewarned is to be fore-armed MISSION: Sharing Timely, Relevant, Actionable Cyber and Physical Security Information & Analysis A nonprofit private sector
More informationEight Essential Elements for Effective Threat Intelligence Management May 2015
INTRODUCTION The most disruptive change to the IT security industry was ignited February 18, 2013 when a breach response company published the first research that pinned responsibility for Advanced Persistent
More informationCybercrime: risks, penalties and prevention
Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,
More information2011 Forrester Research, Inc. Reproduction Prohibited
1 2011 Forrester Research, Inc. Reproduction Prohibited Information Security Metrics Present Information that Matters to the Business Ed Ferrara, Principal Research Analyst July 12, 2011 2 2009 2011 Forrester
More informationdeveloping your potential Cyber Security Training
developing your potential Cyber Security Training The benefits of cyber security awareness The cost of a single cyber security incident can easily reach six-figure sums and any damage or loss to a company
More informationOperational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel
Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel @Ben_Smith Ben Smith, CISSP Field CTO (US East), Security Portfolio A Security Maturity Path CONTROLS COMPLIANCE IT RISK BUSINESS
More informationHow To Integrate Intelligence Based Security Into Your Organisation
Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437 Threat Intelligence Managed Intelligence Service Did you know that the faster you detect a security breach, the lesser the impact to
More informationCyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks
Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks July 2014 Cyber Threat Intelligence and Incident Coordination Center: Protecting
More informationESKISP6053.01 Assist security testing, under supervision
Overview This standard covers the competencies required to assist security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to
More informationSPEAR PHISHING UNDERSTANDING THE THREAT
SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationScoping Questionnaire for Penetration Testing
Scoping Questionnaire for Penetration Testing BII Compliance and its contractors adhere to the OSSTMM penetration testing methodology and code of ethics. The analysts performing these tests will each be
More informationA Guide to the Cyber Essentials Scheme
A Guide to the Cyber Essentials Scheme Published by: CREST Tel: 0845 686-5542 Email: admin@crest-approved.org Web: http://www.crest-approved.org/ Principal Author Jane Frankland, Managing Director, Jane
More informationWhite Paper An Enterprise Security Program and Architecture to Support Business Drivers
White Paper An Enterprise Security Program and Architecture to Support Business Drivers seccuris.com (866) 644-8442 Contents Introduction... 3 Information Assurance... 4 Sherwood Applied Business Security
More informationCyber, Social Media and IT Risks. David Canham (BA) Hons, MIRM
IIA South Event 16 th June 2015 Cyber, Social Media and IT Risks 1 st and 2 nd Line Perspective David Canham (BA) Hons, MIRM Agenda This evening we ll cover the following: Who, why and what? Traditional
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationCyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen
Cyber Security : preventing and mitigating incidents Alexander Brown Robert Allen 07 & 08 October 2015 Cyber Security context of the threat The magnitude and tempo of [cyber security attacks], basic or
More informationAssessing the strength of your security operating model
www.pwc.com Assessing the strength of your security operating model May 2014 Assessing the strength of your security operating model Retail stores, software companies, the U.S. Federal Reserve it seems
More informationCaretower s SIEM Managed Security Services
Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During
More informationEXTREME CYBER SCENARIO PLANNING & ATTACK TREE ANALYSIS
EXTREME CYBER SCENARIO PLANNING & ATTACK TREE ANALYSIS Ian Green Manager, Cybercrime & Intelligence Commonwealth Bank of Australia Session ID: GRC T17 Session Classification: ADVANCED WHY? What keeps you
More informationSecurity Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013
Security Architecture: From Start to Sustainment Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture Topics Introduction Reverse Engineering the Threat Operational
More informationSecurity Analytics for Smart Grid
Security Analytics for Smart Grid Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC robert.griffin@rsa.com blogs.rsa.com/author/griffin @RobtWesGriffin 1 No Shortage of Hard
More informationWhite Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation
White Paper Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation Table of Contents Introduction... 3 Common DDoS Mitigation Measures...
More informationSECURITY. Risk & Compliance Services
SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More information