Best Practices to Improve Breach Readiness

Transcription

1 Best Practices to Improve Breach Readiness Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC 1

2 Security Breaches 2

3 Security Breaches today Source 2013 Information Breaches Survey PwC 3

4 Organisation and Cost of Breaches Source 2013 Information Breaches Survey PwC 4

5 Security Incidents are Going Unnoticed * ESG white Paper The Big Data Security Analytics is Here, January 2014 Security Attacks are Sophisticated Too Many False Positive Responses Too Many Non-Integrated Tools Too Many Manual Processes Lack of Staff 5

6 Taking Charge of Security Organisations taking responsibility Conducting assessments of business risk Most breaches result from stumbling on basics: Neglecting basic security hygiene Relying only on threat prevention and detection Mistaking compliance for security Inadequate user training 6

7 What is the right level of Security? Organisations risk and requirements Value of Information assets Risk and Threat the organisation can expect to face Prevailing security practices for the organisation s peers 7

8 People Infrequent/irrelevant user training Inadequate security staff Teams roles and responsibilities not defined 8

9 Process Poor patch management Ad hoc incident response, no well defined processes Respond to fire drills no time to improve from learning 9

10 Technology No central monitoring or alerting Poor incident response and workflow Insufficient tools for forensics No threat intelligence collection or analysis 10

11 Best Practices 11

12 Transparency Trust Imperatives Relevance Resilience 12

13 Best Practices for Breach Readiness - 1 Conduct on-going, all-inclusive Risk Assessments Facilities and suppliers How you sell your goods and services Channel Partners Global coverage Annually baked into new services RISK 13

14 Best Practices for Breach Readiness - 2 Locate and track High Value Digital Assets What are they? Where are they? Who has access to them? Who in the business owns the risk? How can the risk be managed? 14

15 Best Practices for Breach Readiness - 3 Model Threats and Vulnerabilities Start with threat modelling Collaborative and multi-disciplinary Think like an attacker! Forensic evaluations of previous threats 15

16 Best Practices for Breach Readiness - 4 Master Change Management Not an administrative tick box Must be part of project management Qualify and quantify risk to stakeholders Identify and document dependencies 16

17 Best Practices for Breach Readiness - 5 Integrated Security Bring together Process + Technology + People People Process Incident Response Technology 17

18 Readiness, Response & Resilience (R3) A/V IDS/IPS Firewall/VPN Proxy Controls SIEM Log Alerts Visibility Single UI Incident Management & Reporting Context Business Context Line of Business Owner Policy DLP DLP Alerts Risk Context Assessments Criticality Vulnerability Packets Host File Signature less Alerts Threat Context Subscriptions Community Open Source Device Administration Security Architecture Team Workflow & Automation, Rules, Alerts & Reports Content Intelligence Level 1 Triage Level 2 Triage Analytic Intelligence Expertise Level 3 Triage Threat Triage Threat Intelligence Data Warehouse & Ticketing System IT Team 18

19 Best Practices for Breach Readiness - 6 Build Security Staff Define roles and responsibilities Establish capabilities in four key areas : Cyber risk intelligence and cyber analytics Security Data Management Risk Consultancy Controls design and assurance Response planning 19

20 Best Practices for Breach Readiness - 7 Invest in Threat Intelligence METRICS ANALYSIS ACTIONS 20

21 Best Practices for Breach Readiness - 8 Quantify Impact of Security investments Model what if scenarios Full costs : business, reputation and risk Deploying Backup systems Prioritizing budget 21

22 To... not prepare is the greatest of crimes; to be prepared beforehand for any contingency is the greatest of virtues Sun Tzu The Art of War 22

23 Resources Breach readiness df Breach reports df Intelligence-driven security 23

24