Solution Briefing. Integrating the LogLogic API with NSN s Remediation & Escalation Mgmt. System
|
|
- Delphia Ferguson
- 8 years ago
- Views:
Transcription
1 Solution Briefing Integrating the LogLogic API with NSN s Remediation & Escalation Mgmt. System Tim Larson August 2009
2 Introduction Nokia Siemens Network s environment Company: Leading provider of mobile phone network gear, employing 65,000 people in over 120 countries. Network: Large-scale manufacturing systems with vendor and customer access and supported by numerous service provider organizations. Tim Larson IT Security Consultant BSIE, MBA, CISA Message: Knowing How. - This message addresses the fact that in today s world, it s no longer only about what resources (people, process, products, partners) you possess - it s about HOW to make the best use of them. Company Confidential 1
3 IT is missing IT level reporting and management of problems Current state: - there is NO IT wide problem management, only bits and pieces in various organizations, e.g. CERT Process (for security related vulnerabilities & incidents), Service Provider escalation management process, asset ownership, SLA Management process Company Confidential 2
4 Business Problem/Regulatory Concerns What is the change in the world that has brought this issue to the forefront? Virtualization within the enterprise. Utilizing multiple vendors and technologies internal and external. Centralized auditing of how incidents are handled. What is the scale of the problem? MTTR (Mean Time To Remediate) an incident was increasing. No risk-based plan for remediation. Only a manual process for tracking performance of SLA s (Service Level Agreements). Limited automation for auditing how incidents are handled (as required for SOX testing). Low level of connectivity on the part CERT team members and service providers doing remediation. No commercial tools for leveraging investment in security products like LogLogic, Qualys, idefense and Source Fire with internal stakeholders. How has your organization dealt with this problem in the past? Maintained manual standalone solutions and offered a minimal amount of stakeholder process integration. What are the cultural concerns? International Data Privacy laws relevant to local jurisdictions Involvement of Corp Sec., HR, Legal Communication with Worker s Council members Handling of sensitive information transferring outside the EU Monitoring enterprise Integrity Company Confidential 3
5 Solution Strategy What exactly were you trying to resolve? Consolidation of information from multiple systems while ensuring that high priority incidents are worked based on risk factor (security severity and asset classification). How did you approach problem? Discovering and changing processes, assessing and implementing technologies, convince management to address the problem in parallel with the technology deployment plan. Formula for Success = 50% process integration + 25% technology integration + 25% over come internal resistance What was the high-level Goal? - Actionable Security Intelligence Integrate SOC Security Data (Vulnerability, Log data and Attack data) Integrate distributed sources of relevant Asset Data Develop a CERT workbench for Remediation & Escalation Mgmt Enable SLA Performance Monitoring and centralized IT Auditing Prepare for Adaptive Remediation and Escalation Enable Enterprise Integrity Develop a Real-Time Event Management Application Company Confidential 4
6 The Challenge and the Promise Integration of Remediation & Escalation Processes NSN CERT Ticket Handling Process Version updated August 5,2008 SPs (SIS, HP, Nokia, IBM) MSSP NSN CERT Other source of Incident information Incident handling Verification & Analysis Create OTRS Ticket Update SP ticket HP, SIS,Nokia,Xerox Inform NSN CERT NSN CERT duty-officer MSSP / SOC Monitoring & Alerting Incident Handling Remediation Valid NSN incident No Update OTRS ticket MSSP Portal Create a SP ticket Vuln is in MP/ SC Inform NSN CERT Possible Incident Detected No Incident handling Counter measure Case assigned to CERT & MSSP Update OTRS ticket Update MSSP Ticket Create MSSP Ticket Approve to close SP ticket Level 4-5 Event Inform NSN CERT More SP remediation needed? No Std Conf mismatch, Update OTRS ticket Incident handling Remediation verification Level 1-3 Event No Define new controls in MP / Std Config Implementation Review/update MP/Std Conf NSN System Designer MSSP Portal Report Company Confidential 5
7 CERT s Centralized Workbench (REMS) Company Confidential 6
8 Correlating Security Knowledge, Escalate to Service Provider(s) Security Knowledgebase Log Logic Data Qualys Vuln Report CERT Incident -001 Tickets SP Support Incident 001-#2 SP #2 Incident 001-#2 DNS Tool Report Service Mgt Report NSN Asset Report Qualys Asset Report SP #3 Incident 001-#3 Cost Code Report SOC Asset Report SP Asset Report IP Block Report SP Asset Report Centralized Workbench for CERT Company Confidential 7
9 Integrated Solution: REM tool and LogLogic How did we leverage our deployment of Log Logic? Centralized log management used by SOC and MSSP analyst teams Log file Request Tool for stakeholders for network troubleshooting Audit tool for IT Auditors Secure storage for forensic investigations by Corp Sec and CERT Company Confidential 8
10 Solution Specifics What steps did you take to solve the problem? Requirements Gathering, Process Discovery, Solution Concept, Coding, User Acceptance, Documentation, Deployment, Enhancements Roadmap TIG team (Technology Integration Group). SIG team. (Stakeholder Integration Group) Weekly team review meetings with one common project manager. Created the REM System (REMS workbench) to solve integration gap What resources did you employ while solving the problem? Who was involved? All Stakeholders (HR, Legal, LOB, CERT, SOC team) Did you use outside consultants? Company Confidential 9
11 Integrating TIG & SIG Project Teams Project #1 Conduct interviews, gather findings, complete Arch design, financial impact analysis Technology Vendor meetings to review product capabilities Process Model Phase 2 & 3 Responsibilities & Deliverables Resource/Responsibility Allocation: Revised: Nov. 15, 2008 Present Gap Analysis Final Report & Overview of Phase # 2 Define SOW, time and cost for Phase # 2 Prepare Detail Project Plan for Phase # 2 SG approval Phase 2 starts here Kick-Off Meeting with Stakeholders Preimplementation Project Planning Milestone review Structure has to be in place. Phase # 2 SOW & costs SG approval Re-define Phaset # 2 SOW and costs Communication Kit Action Item Tracker Change Mgmt Plan Dev LM Std. Define Deployment Plan Business Case Scope, Risk Acceptance criteria Team TIG Shared Team SIG Process flow has to be precise. Audit/Scan Findings Compliance Reqmts Asset Ownership, Risk Impact dbase TIG = Technology Integration Team SIG = Stakeholder Integration Team Stakeholders = XYZ, SOC/ MSSP, SP s Team Collaboration is essential. Review BIA Inv. Critical Assets Communication Kit IR Implementation Plan LMS IR Processes Incident Mgmt Reqmts Deployment Planning Phase Action Item Tracker Approve Arch design Log Source Validation; Cap Plan Logging Facilities Reqmts; USE Case Solution Dev and Testing Communication Kit Action Item Tracker Conduct Pilot Test Plan Log Analysis process End User Docs Log Analysis Reqmts Service Support Doc Reporting Reqmts Test Plan for LMS Communication Kit Integration Plan Ticketing System Solution Deployment SG approval Action Item Tracker Implementation Plan Test Performance, validation testing Install TAS modules Pilot Qualys Create Final Deliverables Communication Kit Action Item Tracker Collect, Forward, alerts, correllate, report Integrate with ESM Install technology Pilot IDS Build, install custom App log connectors Install technology Define Log Reqmts Communication Kit Knowledge Transfer Training, Workshops Operational docs Hand Over docs Company Confidential 10
12 Use Case 1: Classification of informational assets Company Confidential 11
13 Information Asset (Container) Classification and Mapping to Asset Ownership Company Confidential 12
14 Mapping Attack & Vulnerability Data to Asset Data to Asset Ownership Information Company Confidential 13
15 Prioritization of Remediation based of Risk Factor Security Severity Rating = IDS + VMS + LMS Risk Factor = Security Severity Rating + Asset Class Value Escalation based on Risk Factor and Internal Controls Alignment with Business Requirements (SLA monitoring) Company Confidential 14
16 Risk Management Reporting on Alignment of Service Providers to NSN Goals Company Confidential 15
17 Use Case 2. Rogue system in datacenter 1) 2:00AM Qualys API scan report of IP address in Munich datacenter; IP address does not appear in REMS consolidated Asset database. 2) IP address does not appear in REMS consolidated Asset database, therefore reported as Rogue IP address and alert sent to CERT duty officer. 3) REMS triggers DNS Look-up to identify IP address for CERT duty officer. 4) REMS triggers ticket to VeriSign SOC to be on the alert for this IP address in Munich. 5) REMS triggers LogLogic API to search for systems rogue IP address. 6) CERT notifies IT Security NOC and Service Provider of condition. 7) Audit trail of activities are recorded & time-stamped automatically within REMS. Company Confidential 16
18 Process Automation Remediation and Escalation Process Diagram Version updated August 15,2008 SEM SOC Analyst Remediation Partners Other source of Incident information SEM Data SP ticket Update SP ticket MSSP / SOC Monitoring & Alerting Incident Handling Remediation Create a SP ticket Vuln is in MP/ SC or Exception Incident Update REMS More SP handling Valid incident ticket remediation Verification No needed? Automate & Analysis the ticket escalation system SOC define No No Incident handling exception Create REMS Countermeasure Approve to Ticket,exception close SP ticket SOC duty-officer SOC Portal Inform SOC Possible Incident Detected Create SOC Ticket Level 4-5 Event Inform SOC Automate tracking of remediation processes SOC ticket system Incident handling Remediation verification Level 1-3 Event Collaborate with SOC to define new controls in MP / Std Config Implementation Review/update MP/Std Conf Std Conf mismatch, Update REMS REMS ticket Ticket Update REMS Engineering ticket system Automate integration Case of assigned Asset to data and Log data Inform SOC exception SOC Update Ticket Portal Report Automate the Integration of Qualys Vuln and asset data No Company Confidential 17
19 Communications with Partners Corporate Security Service Providers & External partners IT Security IT Regions CERT/SOC Knowledge base IT Auditors IT Operations SP-1 SP-2 Internal Customers VeriSign Industry SIRT Legal Risk Management Human Resources Physical Security Finance Company Confidential 18
20 Overview of Financial Benefit Company Confidential 19
21 Summary of Results What was the final result? Utilized commercial security technology solutions; developed in-house integrated solution for automating the remediation and escalation management of IDS incident and vulnerability tickets. How did it work out? An automated, integrated approach to REM which benefited client by protected access to and storage of sensitive data enabled organization to reduce IT Operational costs reduced risks to business critical assets increased CERT and Service Provider effectiveness and efficiency facilitated a risk-based plan for remediation and escalation management enabled tracking of REM processes and monitoring of SLA obligations enabled enterprise integrity thru continous internal controls monitoring How much time did it take? Six months Industry Analysis feedback? a road you traveled more successfully than folks like ArcSight and RSA. Stakeholder feedback? All is better as the tool is a really good solution Company Confidential 20
22 Lessons Learnt Engage with stakeholders (internal and external to your organization) Enable API level integration of upstream and downstream internal systems Integrate business process and provide automated workflow Integrate a dedicated ticketing solution Integrate project teams Integrate auditing requirements to ensure incidents are handled properly Provide Actionable Intelligence into the SOC by de-stovepiping feeds Enable enterprise Integrity, and realize that The Automation of REM processes provides IT Security a clean slate in terms of utilization of resources. Company Confidential 21
23 Contact Information Thanks Contact Information Tim Larson Company Confidential 22
24 FMO Integrate REMS with the Impact Value of Business Critical Information Assets We re looking for the Business Impact Value in the process where the confidentiality, integrity or availability of your application or platform is endangered. Four Measures of Impact F,O,C,E Company Confidential 23
Sourcefire Customer Case Study Nokia Siemens Networks: Creating Actionable Security Intelligence for Global IT Infrastructures
Sourcefire Customer Case Study Nokia Siemens Networks: Creating Actionable Security Intelligence for Global IT Infrastructures Tim Larson Host Integrity Systems Inc. 1 Agenda Introduction of Case Study
More informationSecurity Services. A Solution for Providing BPM of Security Services within the Enterprise Environment.
Security Services A Solution for Providing BPM of Security Services within the Enterprise Environment. First steps towards Next Generations Operations (OPS) to drive Gross Margin Dear security colleagues,
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationIBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer
IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.
More informationAccenture Cyber Security Transformation. October 2015
Accenture Cyber Security Transformation October 2015 Today s Presenter Antti Ropponen, Nordic Cyber Defense Domain Lead Accenture Nordics Antti is a leading consultant in Accenture's security consulting
More informationBusiness Case Outsourcing Information Security: The Benefits of a Managed Security Service
Business Case Outsourcing Information Security: The Benefits of a Managed Security Service seccuris.com (866) 644-8442 Contents Introduction... 3 Full- Time Experts vs. a Part- Time In- House Staff...
More informationInformation & Asset Protection with SIEM and DLP
Information & Asset Protection with SIEM and DLP Keeping the Good Stuff in and the Bad Stuff Out Professional Services: Doug Crich Practice Leader Infrastructure Protection Solutions What s driving the
More informationOrganizational Issues of Implementing Intrusion Detection Systems (IDS) Shayne Pitcock, CISSP First Data Corporation
Organizational Issues of Implementing Intrusion Detection Systems (IDS) Shayne Pitcock, CISSP First Data Corporation Agenda Problem Description Issues for Consideration Mitigation of the Issues Options
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationCaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security
CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security 1 Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
More informationIntro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe
Intro to QualysGuard IT Risk & Asset Management Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe A Unified and Continuous View of ICT Security, Risks and Compliance
More informationEffective Threat Management. Building a complete lifecycle to manage enterprise threats.
Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive
More informationEnabling Security Operations with RSA envision. August, 2009
Enabling Security Operations with RSA envision August, 2009 Agenda What is security operations? How does RSA envision help with security operations? How does RSA envision fit with other EMC products? If
More informationTivoli Security Information and Event Manager V1.0
Tivoli Security Information and Event Manager V1.0 Summary Security information and event management (SIEM) is a primary concern of the CIOs and CISOs in many enterprises. They need to centralize security-relevant
More informationBest Practices in File Integrity Monitoring. Ed Jowett, CISSP ITIL Practitioner Sr. Systems Engineer, Tripwire Inc.
Best Practices in File Integrity Monitoring Ed Jowett, CISSP ITIL Practitioner Sr. Systems Engineer, Tripwire Inc. Who is Ed Jowett 2 Agenda Best Practices in FIM The 3 Main Drivers of FIM Lessons Learned
More informationHP Change Configuration and Release Management (CCRM) Solution
HP Change Configuration and Release Management (CCRM) Solution HP Service Manager, HP Release Control, and HP Universal CMDB For the Windows Operating System Software Version: 9.30 Concept Guide Document
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationAccenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges
Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287
More informationRSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief
RSA Solution Brief RSA envision Platform Real-time Actionable Information, Streamlined Incident Handling, Effective Measures RSA Solution Brief The job of Operations, whether a large organization with
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationSIEM Implementation Approach Discussion. April 2012
SIEM Implementation Approach Discussion April 2012 Agenda What are we trying to solve? Summary Observations from the Security Assessments related to Logging & Monitoring Problem Statement Solution Conceptual
More informationOperational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel
Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel @Ben_Smith Ben Smith, CISSP Field CTO (US East), Security Portfolio A Security Maturity Path CONTROLS COMPLIANCE IT RISK BUSINESS
More informationEnterprise Security and Risk Management
Enterprise Security and Risk Management Growth, innovation, efficiency depend on security HP protects what matters Banking Manufacturing Public Sector $9 trillion USD per day 1000+ Business processes 13
More informationBe Fast, but be Secure a New Approach to Application Security July 23, 2015
Be Fast, but be Secure a New Approach to Application Security July 23, 2015 Copyright 2015 Vivit Worldwide Copyright 2015 Vivit Worldwide Brought to you by Copyright 2015 Vivit Worldwide Hosted by Paul
More informationState of Oregon. State of Oregon 1
State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information
More informationIntelligence Driven Security
Intelligence Driven Security RSA Advanced Cyber Defense Workshop Shane Harsch Senior Solutions Principal, RSA 1 Agenda Approach & Activities Operations Intelligence Infrastructure Reporting & Top Findings
More informationEMA CMDB Assessment Service
The Promise of the CMDB The Configuration Management Database (CMDB) provides a common trusted source for all IT data used by the business and promises to improve IT operational efficiency and increase
More informationCaretower s SIEM Managed Security Services
Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationHow to Define SIEM Strategy, Management and Success in the Enterprise
How to Define SIEM Strategy, Management and Success in the Enterprise Security information and event management (SIEM) projects continue to challenge enterprises. The editors at SearchSecurity.com have
More informationSIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security
SIEM Optimization 101 ReliaQuest E-Book Fully Integrated and Optimized IT Security Introduction SIEM solutions are effective security measures that mitigate security breaches and increase the awareness
More informationBuilding a Security Operations Center (SOC)
Building a Security Operations Center (SOC) Ben Rothke, CISSP CISM Wyndham Worldwide Corp. Session ID: TECH-203 Session Classification: Advanced About me Ben Rothke, CISSP, CISM, CISA Manager - Information
More informationSplunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF
Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF Businesses around the world have adopted the information security standard ISO 27002 as part of their overall risk
More informationIntroduction to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe
Introduction to QualysGuard IT Compliance SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe A Unified and Continuous View of ICT Security, Risks and
More informationIntroduction to QualysGuard IT Risk SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe
Introduction to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys at a Glance Software-as-a-Service (SaaS) Founded in 1999
More informationRSA Data Loss Prevention (DLP) Understand business risk and mitigate it effectively
RSA Data Loss Prevention (DLP) Understand business risk and mitigate it effectively Arrow ECS DLP workshop, Beograd September 2011 Marko Pust marko.pust@rsa.com 1 Agenda DLP in general What to expect from
More informationIBM ISS Optimizacija Sigurnosti
IBM ISS Optimizacija Sigurnosti Slaven Novak IBM ISS Technical Sales Specialist slaven.novak@hr.ibm.com 1 The Business Challenge: New Methods and Motives: Adding to the complexity and sheer number of risks
More information1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges... 5 4 Copyright... 5
KuppingerCole Report EXECUTIVE VIEW by Alexei Balaganski May 2015 is a business-critical application security solution for SAP environments. It provides a context-aware, secure and cloud-ready platform
More informationDefining, building, and making use cases work
Defining, building, and making use cases work Paul Brettle Presales Manager, Americas Pacific Region What is a use case? Compliance FISMA, PCI, SOX, etc Network security firewalls, IDS, routers & switches
More informationCurrent IBAT Endorsed Services
Current IBAT Endorsed Services Managed Network Intrusion Prevention and Detection Service SecureWorks provides proactive management and real-time security event monitoring and analysis across your network
More informationEllucian Cloud Services. Joe Street Cloud Services, Sr. Solution Consultant
Ellucian Cloud Services Joe Street Cloud Services, Sr. Solution Consultant Confidentiality Statement The information contained herein is considered proprietary and highly confidential by Ellucian Managed
More informationRSA SIEM and DLP Infrastructure and Information Monitoring in One Solution
RSA SIEM and DLP Infrastructure and Information Monitoring in One Solution David Mateju RSA Sales Consultant, RSA CSE david.mateju@rsa.com Adding an information-centric view Infrastructure Information
More informationSarbanes-Oxley (SOX) The Migration from Project to Process. Practical Actions for Getting Started. Jim DeLoach, Managing Director.
Sarbanes-Oxley (SOX) The Migration from Project to Process Practical Actions for Getting Started Jim DeLoach, Managing Director November 7, 2006 The Results So Far? Source: AuditAnalytics.com May 2006
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationPublished April 2010. Executive Summary
Effective Incident, Problem, and Change Management Integrating People, Process, and Technology in the Datacenter Published April 2010 Executive Summary Information technology (IT) organizations today must
More informationIT audit updates. Current hot topics and key considerations. IT risk assessment leading practices
IT audit updates Current hot topics and key considerations Contents IT risk assessment leading practices IT risks to consider in your audit plan IT SOX considerations and risks COSO 2013 and IT considerations
More informationFind the intruders using correlation and context Ofer Shezaf
Find the intruders using correlation and context Ofer Shezaf Agenda The changing threat landscape What can you do to find intruders? Best practices for timely detection and mitigation HP ArcSight 2 Find
More informationWith Cloud Defender, Alert Logic combines products to deliver outcome-based security
With Cloud Defender, Alert Logic combines products to deliver outcome-based security Analyst: Javvad Malik 13 Nov, 2014 Security has typically been a technology-driven area. If a company puts up a website,
More informationProject Update December 2, 2008 2008 Innovation Grant Program
Tri-University Vulnerability Scanning/Management Solution Project Update December 2, 2008 2008 Innovation Grant Program 1 Project Summary This grant application is part of a previous project report presented
More informationAchieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR
Achieving Actionable Situational Awareness... McAfee ESM Ad Quist, Sales Engineer NEEUR The Old SECURITY Model Is BROKEN 2 Advanced Targeted Attacks The Reality ADVANCED TARGETED ATTACKS COMPROMISE TO
More informationFeature. Multiagent Model for System User Access Rights Audit
Feature Christopher A. Moturi is the head of School of Computing and Informatics at the University of Nairobi (Kenya) and has more than 20 years of experience teaching and researching on databases and
More informationHP Fortify Application Security Lucas v. Stockhausen PreSales Manager HP Fortify EMEA lvonstockhausen@hp.com +49 1520 1898430 Enterprise Security
HP Fortify Application Security Lucas v. Stockhausen PreSales Manager HP Fortify EMEA lvonstockhausen@hp.com +49 1520 1898430 Enterprise Security The problem Cyber attackers are targeting applications
More informationEverything You Always Wanted to Know About Log Management But Were Afraid to Ask. August 21, 2013
Everything You Always Wanted to Know About Log Management But Were Afraid to Ask August 21, 2013 Logging and Log Management Logging and Log Management The authoritative Guide to Understanding the Concepts
More informationWilhelmenia Ravenell IT Manager Eli Lilly and Company
Wilhelmenia Ravenell IT Manager Eli Lilly and Company Agenda Introductions The Service Management Framework Keys of a successful Service management transformation Why transform? ROI and the customer experience
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationDEMONSTRATING THE ROI FOR SIEM
DEMONSTRATING THE ROI FOR SIEM Tales from the Trenches HP Enterprise Security Business Whitepaper Introduction Security professionals sometimes struggle to demonstrate the return on investment for new
More informationIT ASSET MANAGEMENT Securing Assets for the Financial Services Sector
IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector V.2 Final Draft May 1, 2014 financial_nccoe@nist.gov This revision incorporates comments from the public. Page Use case 1 Comments
More informationStepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM
Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationThe Importance of Information Delivery in IT Operations
The Importance of Information Delivery in IT Operations David Williams Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with written approval from
More informationSecuring your IT infrastructure with SOC/NOC collaboration
Technical white paper Securing your IT infrastructure with SOC/NOC collaboration Universal log management for IT operations Table of contents Executive summary 2 IT operations: Handle IT incidents and
More informationIBM Security QRadar Vulnerability Manager
IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk
More informationObtaining Enterprise Cybersituational
SESSION ID: SPO-R06A Obtaining Enterprise Cybersituational Awareness Eric J. Eifert Sr. Vice President Managed Security Services DarkMatter Agenda My Background Key components of the Cyber Situational
More informationBUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports
BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security
More informationHigh End Information Security Services
High End Information Security Services Welcome Trion Logics Security Solutions was established after understanding the market's need for a high end - End to end security integration and consulting company.
More informationCritical Watch aims to reduce countermeasure deployment pain by doing it all for you
Critical Watch aims to reduce countermeasure deployment pain by doing it all for you Analyst: Javvad Malik 6 Sep, 2012 Critical Watch offers Active Countermeasure Intelligence, a combination of risk intelligence
More informationKelvin Wee CISA, CISM, CISSP Principal Consultant (DLP Specialist) Asia Pacific and Japan
The Truth about Data Loss Kelvin Wee CISA, CISM, CISSP Principal Consultant (DLP Specialist) Asia Pacific and Japan RSA Data Loss Prevention Data Breaches Overview RSA DLP Solution Five Critical Factors
More informationQRadar SIEM and FireEye MPS Integration
QRadar SIEM and FireEye MPS Integration March 2014 1 IBM QRadar Security Intelligence Platform Providing actionable intelligence INTELLIGENT Correlation, analysis and massive data reduction AUTOMATED Driving
More informationApplication Management Services (AMS)
Contents 1. AMS : An Overview 2. AMS : Models 3. Delivery Organization 4. Processes & Tools 5. Transition Methodology 6. Pricing Application Management Services (AMS) Enterprise Application Services Capability
More information2011 Forrester Research, Inc. Reproduction Prohibited
1 2011 Forrester Research, Inc. Reproduction Prohibited Information Security Metrics Present Information that Matters to the Business Ed Ferrara, Principal Research Analyst July 12, 2011 2 2009 2011 Forrester
More informationPASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013
2013 PASTA Abstract Process for Attack S imulation & Threat Assessment Abstract VerSprite, LLC Copyright 2013 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
More informationSecurity. Security consulting and Integration: Definition and Deliverables. Introduction
Security Security Introduction Businesses today need to defend themselves against an evolving set of threats, from malicious software to other vulnerabilities introduced by newly converged voice and data
More informationIntro to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe
Intro to QualysGuard IT Compliance SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe QualysGuard ICT Security Management Integrated Suite of ICT Security
More informationFrom the Bottom to the Top: The Evolution of Application Monitoring
From the Bottom to the Top: The Evolution of Application Monitoring Narayan Makaram, CISSP Director, Security Solutions HP/Enterprise Security Business Unit Session ID: SP01-202 Session 2012 Classification:
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationDemonstrating the ROI for SIEM: Tales from the Trenches
Whitepaper Demonstrating the ROI for SIEM: Tales from the Trenches Research 018-101409-01 ArcSight, Inc. 5 Results Way, Cupertino, CA 95014, USA www.arcsight.com info@arcsight.com Corporate Headquarters:
More informationEMA Service Catalog Assessment Service
MORE INFORMATION: To learn more about the EMA Service Catalog, please contact the EMA Business Development team at +1.303.543.9500 or enterpriseit@enterprisemanagement.com The IT Service Catalog Aligning
More informationWhat is Security Intelligence?
2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the
More informationHow To Secure A Database From A Leaky, Unsecured, And Unpatched Server
InfoSphere Guardium Ingmārs Briedis (ingmars.briedis@also.com) IBM SW solutions Agenda Any questions unresolved? The Guardium Architecture Integration with Existing Infrastructure Summary Any questions
More informationCrosswalk Between Current and New PMP Task Classifications
Crosswalk Between Current and New PMP Task Classifications Domain 01 Initiating the Project Conduct project selection methods (e.g., cost benefit analysis, selection criteria) through meetings with the
More informationModular Network Security. Tyler Carter, McAfee Network Security
Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution
More informationCisco Process Orchestrator Adapter for Cisco UCS Manager: Automate Enterprise IT Workflows
Solution Overview Cisco Process Orchestrator Adapter for Cisco UCS Manager: Automate Enterprise IT Workflows Cisco Unified Computing System and Cisco UCS Manager The Cisco Unified Computing System (UCS)
More informationHow To Manage Log Management
: Leveraging the Best in Database Security, Security Event Management and Change Management to Achieve Transparency LogLogic, Inc 110 Rose Orchard Way, Ste. 200 San Jose, CA 95134 United States US Toll
More informationOSS LOGISTICS: DRIVING INNOVATIVE SOFTWARE FROM DEVELOPER TO CUSTOMER Alex Bigmore Senior Architect & Open Source Governance Programme Manager SITA
OSS LOGISTICS: DRIVING INNOVATIVE SOFTWARE FROM DEVELOPER TO CUSTOMER Alex Bigmore Senior Architect & Open Source Governance Programme Manager SITA Phil Granof EVP & Chief Marketing Officer Black Duck
More informationBuilding a Security Operations Center. Randy Marchany VA Tech IT Security Office and Lab marchany@vt.edu
Building a Security Operations Center Randy Marchany VA Tech IT Security Office and Lab marchany@vt.edu CyberSecurity Operations Center Security Operations Center (SOC) term is being taken over by physical
More informationHP and netforensics Security Information Management solutions. Business blueprint
HP and netforensics Security Information Management solutions Business blueprint Executive Summary Every day there are new destructive cyber-threats and vulnerabilities that may limit your organization
More informationApplication Security Center overview
Application Security overview Magnus Hillgren Presales HP Software Sweden Fredrik Möller Nordic Manager - Fortify Software HP BTO (Business Technology Optimization) Business outcomes STRATEGY Project &
More informationIBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager!
IBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager! IBM can provide unmatched global coverage and security awareness! 4,300 Strategic outsourcing security delivery resources 1,200
More informationGETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"
GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA" A Roadmap for "Big Data" in Security Analytics ESSENTIALS This paper examines: Escalating complexity of the security management environment, from threats
More informationHow to build and run a Security Operations Center
How to build and run a Security Operations Center v1.1 Nicolas FISCHBACH Senior Manager, Network Engineering Security, COLT Telecom nico@securite.org - http://www.securite.org/nico/ About Nicolas Fischbach
More informationSECURITY. Risk & Compliance Services
SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize
More informationCyber Security Services: Data Loss Prevention Monitoring Overview
WHITE PAPER: DLP MONITORING OVERVIEW........................................ Cyber Security Services: Data Loss Prevention Monitoring Overview Who should read this paper Customers who are interested in
More informationGeneral Platform Criterion Assessment Question
Purpose: [E]nsure that the assets required to deliver services are properly controlled, and that accurate and reliable information about those assets is available when and where it is needed. (ST 4.3.1)
More informationOIT User Conference Security Team November 2014
OIT User Conference Security Team November 2014 Welcome and Introductions What will we be covering today? Introductions Office of Information Security and Privacy (OISP) and the Transformation effort Staffing
More informationRapidly Defining a Lean CMMI Maturity Level 3 Process
Rapidly Defining a Lean CMMI Maturity Level 3 Process Zia Tufail, zia@hp.com, 301.233.4228 Julie Kellum, Julie.Kellum@hp.com, 404.731. 52.63 Tim Olson-QIC, Tim.Olson@qic-inc.com, 760.804.1405 2004 Hewlett-Packard
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationBest Practices for Building a Security Operations Center
OPERATIONS SECURITY Best Practices for Building a Security Operations Center Diana Kelley and Ron Moritz If one cannot effectively manage the growing volume of security events flooding the enterprise,
More informationHP Service Manager. Software Version: 9.40 For the supported Windows and Linux operating systems. Processes and Best Practices Guide (Codeless Mode)
HP Service Manager Software Version: 9.40 For the supported Windows and Linux operating systems Processes and Best Practices Guide (Codeless Mode) Document Release Date: December, 2014 Software Release
More information