Lessons from the DHS Cyber Test Bed Project
|
|
- Rudolf Briggs
- 8 years ago
- Views:
Transcription
1 Lessons from the DHS Cyber Test Bed Project Theresa Payton President/CEO Fortalice, LLC Presented by: Kemal O. Piskin Senior Cyber Security Engineer Applied Research Associates, Inc.
2 What We ll Discuss DHS Cyber Test Bed (CTB) Overview Discuss the CTB methodology Highlight the CTB Team and participants Share CTB activities Summarize findings the CTB network vulnerability assessments and threat presentation interactions Key observations Project impact Cover best practices validated from the project 2
3 ARA Cyber Test Bed (CTB) The Cyber Test Bed was a project of the Institute of Homeland Security Solutions (Research Triangle Institute, Duke, the University of North Carolina and the NC Military Foundation) and Applied Research Associates. ARA was the principle subcontractor and architect of the CTB methodology and conceptual framework. The CTB was carried out by the Department of Homeland Security - Partners of IHSS Cyber Division. 3
4 CTB Project The Test Bed was a demonstration project to identify, deploy, and evaluate best practices for cyber security in small and mid-size companies. The project was carried out in a real-world environment, and it is supported by an evaluation and research framework that can illuminate multi-dimensional aspects of the impact of the project on the security of the participating companies. 4
5 CTB Project The Test Bed approach led to a better understanding of threats, the development of models to predict potential impacts, and the deployment of tactical deterrents. By identifying and testing best practices using existing technologies in cyber security for the private sector, the Test Bed will contribute to DHS s mission to improve cyber security while also mitigating intellectual property loss critical to economic and national security. 5
6 Cyber Test Bed Overview CTB employed an asset protection methodology focused on: People Security Physical Security Cyber Security Intellectual Property Protection Contingency Planning Four-stage process that comprised of: Briefings Assessments Hardware/Software Training Policy framework development Designed to be executed over a month period 6
7 CTB Participant Company Demographics Nine Companies participated Participants are located throughout North Carolina Company statistics 1 to 160 employees 467 total (60% overall attended first threat brief) 50 average Annual revenues range from $20K-20M (~$12M average) Businesses fall within the following market sectors: Construction / Commercial Property Management IT Services Legal Technology Telecommunications Manufacturing Venture Capital Research and STEM 7
8 Initial Security Assessment 8
9 Network Assessments Tools Used Mandiant Used to detect and characterize any potential Advanced Persistent Threat on participant networks Required on-site visits to install server and client based hardware and software ARA performed the installs and coordinated with Mandiant to ensure configuration was correct Mandiant generated a findings report in each instance and forwarded to ARA for inclusion in our overall Network findings document Snort Free, open-source Intrusion Detection System software to allow CTB team to view and log ingress/egress traffic Used the same IDS signature base for all scans performed for consistency Fairly easy to deploy, required leave behind of ARA configured laptop Retained logs in case participant system administrators requested to review raw traffic (3 of 7 did) GFI LanGuard A fairly low cost network security and vulnerability scanner that provides a security overview mainly for Microsoft OS based systems Typically a LanGuard scan would be run during the Mandiant and Snort installation visit Provided a snapshot in time of missing patches or service packs, open share drives on workstations, security audit and password policies, open firewall ports and checks that no port hijacking is in force CTB Network Assessment Report 9
10 General Threat Findings General Findings All companies had compromises Companies who outsource assume security is rolled into the service they are buying (it is not) Largely, very little to no formal security policies or IT policies exist No application or understanding of defense in depth Lack of security trained personnel on-site No active patch management performed Network Scan Results All companies had some sort of nefarious activities, even ones with industrial grade enterprise security suites Most common threat appears to originate from Russian Business Network actors All companies had what appeared to be fully compromised computers (remote desktop connections, backdoors, etc.) No APT found over 4 week-long scans (Scanned 7 of 9 participants) Most/all vulnerabilities could have been avoided through common security practices 10
11 Specific Threats Found Specifically, CTB analysts discovered the following vulnerabilities: Numerous servers across all participants appeared to be compromised with: Domain Name Server (DNS) exploits Directly connecting to known Russian Business Network (RBN) IP addresses Connecting to questionable domains such as as well as other co.cc domains. Observed backdoors, Trojans and rootkits on two Unix based servers About 20 percent of one CTB participant s network computers were observed communicating with questionable IPs within the co.kr, com.cn, com.ru, and co.cc domains. DropBox, a cloud storage service which has many associated vulnerabilities, was being used extensively to store company related data for two of the nine CTB participants 11
12 Specific Threats Found But wait, there s more! GFI LanGuard results rated all seven companies as high, meaning they had significant vulnerabilities. The number of patches missing ranged between 112 and 742 Large amounts of BitTorrent data was being exchanged at one site As high as 40% of computers at one site were observed communicating with known RBN IPs BotNet related activity was noted on one-third of the computers one particular network Unauthorized Remote Desktop Connections were observed at three of the seven participants sites. 12
13 Vulnerability Assessment Statistics Beeswax Coral Curacao Honeysuckle Lavender Peony Phlox Silver Avg Number of Computers Number of Days Scanned Number of Events 1,024,100 67, , , NDC* 1, , ,879 Patches Missing NDC NDC 386 Number of Vulnerabilities 1,436 1, , ,041 NDC 1,160 Events Per Day 20,080 1,250 1,926 9, NDC 35 1,548 4,873 Patches Missing Per Computer NDC NDC 8 Number of Vulnerabilities Per Computer NDC 40 *NDC=No data collected 13
14 CTB Project Findings Policy 100% of the companies do not have a written information security policy 100% of the companies do not have a written password policy 88% of the companies do not have reporting procedures in place for data breaches and / or suspicious activity 75% of companies do not have a documented intellectual property policy 14
15 CTB Project Findings Software / Hardware All companies allowed the installation of personal IT hardware / software assets to be used with enterprise resources Limited capability, if any, is in place to automate hardware / software updates and patches None of the participating companies evaluate their assets for risk and/or conduct risk assessments 75% of companies allowed personal IT assets to be connected to company resources 75% of companies allowed all users to install software on enterprise resources for personal use 63% of companies allowed all users to have administrative privileges 25% of companies were able to determine if the latest firmware update have been installed 15
16 CTB Project Findings Software/ Hardware (cont d) 50% of companies were able to determine if the appropriate drivers were installed for all IT assets 87% of the companies do not implement an automation process to patch or update application software, although the capability exists. 87% of companies stated that most software installed on personal/enterprise IT assets did not serve an operational purpose. 63% of companies perform an asset inventory. In addition, the companies surveyed do not maintain records of utilized countermeasures. 16
17 CTB Project Findings Network All companies employed the use of a network based firewall 50% of the deployed network firewalls were not configured appropriately to secure the corporate infrastructure 75% of companies use wireless technologies on their network 40% do not employ any wireless security on their network 90% of companies do not have a network map to show the layout of the enterprise network and location of network resources (i.e., , file servers) 90% of companies do not employ an Intrusion Detection System/Intrusion Prevention System to actively monitor their network 17
18 CTB Project Findings Intellectual Property Protection Company employees have not been provided training on formal / informal processes for protecting Intellectual Property 38% of companies have an informal process that identifies organizational intellectual property 75% of companies do not have a documented intellectual property policy 25% of companies handle their intellectual property differently than other types of data 63% of companies do not arrange intellectual property agreements with their employees (and possible contractors and vendors) 50% of companies take legal action to protect their intellectual property by employing the use of patents, trademarks, copyrights, and/or trade secrets 50% of companies strictly control access to their intellectual property 18
19 CTB Project Findings Physical Security Companies do not have any means to determine if their investments into information security save the organization money by reducing loss 63% of companies do not employ a Security Manager or a centralized resource that manages organizational / enterprise security 87% of companies estimate the amount of revenue spent on security All companies can not determine if the money spent on security saves the organization money by reducing losses. 19
20 Training and Awareness CTB Project Findings Minimal information security training is not being provided to company employees Company participants do not implement a security awareness and training program for its employees 100% of companies do not implement or maintain a security awareness and training program for its personnel 100% of all companies do not provide information security training for their employees annually or as part of a new hire orientation process 20
21 Contingency Planning CTB Project Findings Companies that have a formally documented contingency plan are not familiar enough with the processes in order to implement it in the event of an outage Companies that have a formally documented contingency plan are not testing their plans to ensure feasibility Companies may not have adequate protection against IT outages since contingency plans are not being tested for feasibility 38% of companies have a contingency plan in place that addresses IT outages 25% of companies employ the use of a hot / cold site for continuity of network operations 21
22 Key Observations Leadership engagement is critical Threat briefings create the awareness and environment for change Network assessments are pivotal and provide the nexus for change Policy frameworks missing missing link once change begins Asset protection and a human factor approach is comprehensive Individuals begin to think differently about security Training makes a difference Some elements are low cost or marginal cost (time) and effective 22
23 Key Observations 2 CTB recruits did not see themselves as potential targets or at risk for cyber attack CTB recruits are intrigued by our credentials and the team we have pulled together to execute the program CTB companies are sophisticated, well traveled, global and aware that cyber security is a growing risk CTB companies view this experience as a chance to learn and benefit possible gain market advantage Financial institutions have regulatory hurdles/concerns that make them risk adverse to participate 23
24 Project Impact Project changed attitudes and behaviors toward security Changed technical behaviors (network and individual) More awareness and understanding of risks and threats Ability to make more informed decisions about security Participants began including security in all facets of business and strategic planning Policies provide a great foundational framework to bring structure to cyber security efforts Ability to ask questions to make the right hiring decisions when interviewing potential candidates Asset Cards stimulated discussions and questions about all facets of security 24
25 Examples of Changed Behaviors Implementing a recurring security awareness program Lavender, Phlox, Coral Made changes (increased or added responsibilities) to Staff to address security requirements Phlox, Curacao, Honeysuckle, Coral, Silver, Lavender Reserved computers strictly for travel that did not have corporate information or access Curacao, Silver, Lavender Decision to completely re-architect their network Honeysuckle, Curacao Integrating risk and security elements into operational and strategic business management decision-making Peony Made changes to how they conducted financial transactions Silver, Curacao, Peony Implementation of encryption where possible, elimination of remote log-in and remote desktop capabilities, update of policies and continuity of operations plan - Lavender 25
26 Best Practices Corporate leadership and buy-in are critical to engaging participants and encouraging change Policy, training and awareness significantly reduces organizational security risk Have been applying ISO 27001/2 methodologies and checklists (Information Security Framework) Threat understanding pivotal network analysis changes behavior Leveraged existing reference materials from Operations Security practices, open source literature and in-house expertise Human factors portion is critical aspect to security. All security measures can be defeated through ignorance, insider threat (malicious or not) or human vulnerability 26
27 FOR ADDITIONAL INFORMATION PLEASE CONTACT Theresa Payton Kemal O. Piskin
Cyber Security Test Bed: Summary and Evaluation Results
Cyber Security Test Bed: Summary and Evaluation Results Final Report October 2012 Prepared for Kristina Dorville National Protection and Programs Directorate U.S. Department of Homeland Security Prepared
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationLifecycle Solutions & Services. Managed Industrial Cyber Security Services
Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements
More informationClient Security Risk Assessment Questionnaire
Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More information24/7 Visibility into Advanced Malware on Networks and Endpoints
WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationFundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals
Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure.
More informationCyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies
Cyber Security in Taiwan's Government Institutions: From APT To Investigation Policies Ching-Yu, Hung Investigation Bureau, Ministry of Justice, Taiwan, R.O.C. Abstract In this article, we introduce some
More informationAppalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2
Report No. 13-35 September 27, 2013 Appalachian Regional Commission Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationPatch and Vulnerability Management Program
Patch and Vulnerability Management Program What is it? A security practice designed to proactively prevent the exploitation of IT vulnerabilities within an organization To reduce the time and money spent
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More informationABB s approach concerning IS Security for Automation Systems
ABB s approach concerning IS Security for Automation Systems Copyright 2006 ABB. All rights reserved. Stefan Kubik stefan.kubik@de.abb.com The problem Most manufacturing facilities are more connected (and
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationSESSION 507 Thursday, March 26, 11:15 AM - 12:15 PM Track: Desktop Support
SESSION 507 Thursday, March 26, 11:15 AM - 12:15 PM Track: Desktop Support Desktop Support and Data Breaches: The Unknown Dangers Bryan Hood Senior Solutions Engineer, Bomgar bhood@bomgar.com Session Description
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More informationCommon Cyber Threats. Common cyber threats include:
Common Cyber Threats: and Common Cyber Threats... 2 Phishing and Spear Phishing... 3... 3... 4 Malicious Code... 5... 5... 5 Weak and Default Passwords... 6... 6... 6 Unpatched or Outdated Software Vulnerabilities...
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationTHE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols
THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationINFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION
INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION Information security is a critical issue for institutions of higher education (IHE). IHE face issues of risk, liability, business continuity,
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationHow Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER
WHITE PAPER CHALLENGES Protecting company systems and data from costly hacker intrusions Finding tools and training to affordably and effectively enhance IT security Building More Secure Companies (and
More informationNETWORK PENETRATION TESTING
Tim West Consulting 6807 Wicklow St. Arlington, TX 76002 817-228-3420 Twest@timwestconsulting.com OVERVIEW Tim West Consulting Tim West Consulting is a full service IT security and support firm that specializes
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationBeyond the Hype: Advanced Persistent Threats
Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationAll Information is derived from Mandiant consulting in a non-classified environment.
Disclaimer: All Information is derived from Mandiant consulting in a non-classified environment. Case Studies are representative of industry trends and have been derived from multiple client engagements.
More informationCreated By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee
Windows Server Security Best Practices Initial Document Created By: 2009 Windows Server Security Best Practices Committee Document Creation Date: August 21, 2009 Revision Revised By: 2014 Windows Server
More informationITEC441- IS Security. Chapter 15 Performing a Penetration Test
1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and
More informationLooking at the SANS 20 Critical Security Controls
Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of
More information7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008
U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationReference Architecture: Enterprise Security For The Cloud
Reference Architecture: Enterprise Security For The Cloud A Rackspace Whitepaper Reference Architecture: Enterprise Security for the Cloud Cover Table of Contents 1. Introduction 2 2. Network and application
More informationREGULATIONS FOR THE SECURITY OF INTERNET BANKING
REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationThe Business Case for Security Information Management
The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un
More information5 Steps to Advanced Threat Protection
5 Steps to Advanced Threat Protection Agenda Endpoint Protection Gap Profile of Advanced Threats Consensus Audit Guidelines 5 Steps to Advanced Threat Protection Resources 20 Years of Chasing Malicious
More informationSystem Security Policy Management: Advanced Audit Tasks
System Security Policy Management: Advanced Audit Tasks White Paper October 6, 2005 2005 Altiris Inc. All rights reserved. ABOUT ALTIRIS Altiris, Inc. is a pioneer of IT lifecycle management software that
More informationSANS Institute First Five Quick Wins
#1 QUICK WIN- APPLICATION WHITELISTING SANS Critical Controls: #2: Inventory of Authorized and Unauthorized Software 1) Deploy application whitelisting technology that allows systems to run software only
More informationNetwork and Host-based Vulnerability Assessment
Network and Host-based Vulnerability Assessment A guide for information systems and network security professionals 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free:
More informationRecommended Practice Case Study: Cross-Site Scripting. February 2007
Recommended Practice Case Study: Cross-Site Scripting February 2007 iii ACKNOWLEDGEMENT This document was developed for the U.S. Department of Homeland Security to provide guidance for control system cyber
More informationState of Oregon. State of Oregon 1
State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information
More informationBest Practices For Department Server and Enterprise System Checklist
Best Practices For Department Server and Enterprise System Checklist INSTRUCTIONS Information Best Practices are guidelines used to ensure an adequate level of protection for Information Technology (IT)
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,
More informationTop 20 Critical Security Controls
Top 20 Critical Security Controls July 2015 Contents Compliance Guide 01 02 03 04 Introduction 1 How Rapid7 Can Help 2 Rapid7 Solutions for the Critical Controls 3 About Rapid7 11 01 INTRODUCTION The Need
More information4. Getting started: Performing an audit
4. Getting started: Performing an audit Introduction Security scans enable systems administrators to identify and assess possible risks within a network. Through GFI LANguard N.S.S. this is performed automatically,
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationSupplier Security Assessment Questionnaire
HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.
More informationFear Not What Security Can Do to Your Firm; Instead, Imagine What Your Firm Can Do When Secured!
Fear Not What Security Can Do to Your Firm; Instead, Imagine What Your Firm Can Do When Secured! Presented by: Kristen Zarcadoolas, Jim Soenksen, and Ed Sale PART 2: plan, act, repeat (from the look, plan,
More informationThe Benefits of an Integrated Approach to Security in the Cloud
The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The
More informationVulnerability Audit: Why a Vulnerability Scan Isn t Enough. White Paper
Vulnerability Audit: Why a Vulnerability Scan Isn t Enough White Paper May 10, 2005 TABLE OF CONTENTS Introduction: How Secure Are My Systems?... 3 Vulnerability: The Modern Meaning Of A Muddled Word...
More informationInformation Technology Security Review April 16, 2012
Information Technology Security Review April 16, 2012 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing
More informationDoes your Citrix or Terminal Server environment have an Achilles heel?
CRYPTZONE WHITE PAPER Does your Citrix or Terminal Server environment have an Achilles heel? Moving away from IP-centric to role-based access controls to secure Citrix and Terminal Server user access cryptzone.com
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationDevice Hardening, Vulnerability Remediation and Mitigation for Security Compliance
Device Hardening, Vulnerability Remediation and Mitigation for Security Compliance Produced on behalf of New Net Technologies by STEVE BROADHEAD BROADBAND TESTING 2010 broadband testing and new net technologies
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationHosts HARDENING WINDOWS NETWORKS TRAINING
BROADVIEW NETWORKS Hosts HARDENING WINDOWS NETWORKS TRAINING COURSE OVERVIEW A hands-on security course that teaches students how to harden, monitor and protect Microsoft Windows based networks. A hardening
More information2012 North Dakota Information Technology Security Audit Vulnerability Assessment and Penetration Testing Summary Report
2012 North Dakota Information Technology Security Audit Vulnerability Assessment and Penetration Testing Summary Report 28 September 2012 Submitted to: Donald Lafleur IS Audit Manager ND State Auditor
More informationStreamlining Web and Email Security
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor
More informationHigh Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe
2/1/2012 Assessor: J. Doe Disclaimer This report is provided as is for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information
More informationCourse Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)
Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses
More informationHow a Company s IT Systems Can Be Breached Despite Strict Security Protocols
How a Company s IT Systems Can Be Breached Despite Strict Security Protocols Brian D. Huntley, CISSP, PMP, CBCP, CISA Senior Information Security Advisor Information Security Officer, IDT911 Overview Good
More informationEnterprise Cybersecurity: Building an Effective Defense
: Building an Effective Defense Chris Williams Scott Donaldson Abdul Aslam 1 About the Presenters Co Authors of Enterprise Cybersecurity: How to Implement a Successful Cyberdefense Program Against Advanced
More informationAddressing the United States CIO Office s Cybersecurity Sprint Directives
RFP Response Addressing the United States CIO Office s Cybersecurity Sprint Directives How BeyondTrust Helps Government Agencies Address Privileged Account Management and Improve Security July 2015 Addressing
More informationBellevue University Cybersecurity Programs & Courses
Undergraduate Course List Core Courses: CYBR 250 Introduction to Cyber Threats, Technologies and Security CIS 311 Network Security CIS 312 Securing Access Control CIS 411 Assessments and Audits CYBR 320
More informationINCIDENT RESPONSE CHECKLIST
INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged
More informationA Systems Approach to HVAC Contractor Security
LLNL-JRNL-653695 A Systems Approach to HVAC Contractor Security K. M. Masica April 24, 2014 A Systems Approach to HVAC Contractor Security Disclaimer This document was prepared as an account of work sponsored
More informationPCI Compliance in Multi-Site Retail Environments
TECHNICAL ASSESSMENT WHITE PAPER PCI Compliance in Multi-Site Retail Environments Executive Summary As an independent auditor, Coalfire seeks to be a trusted advisor to our clients. Our role is to help
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationInformation System Audit. Arkansas Administrative Statewide Information System (AASIS) General Controls
Information System Audit Arkansas Administrative Statewide Information System (AASIS) General Controls ARKANSAS DIVISION OF LEGISLATIVE AUDIT April 12, 2002 April 12, 2002 Members of the Legislative Joint
More informationUniversity of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template
University of California, Riverside Computing and Communications IS3 Local Campus Overview Departmental Planning Template Last Updated April 21 st, 2011 Table of Contents: Introduction Security Plan Administrative
More informationNorth American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)
Whitepaper North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5) NERC-CIP Overview The North American Electric Reliability Corporation (NERC) is a
More informationLogging In: Auditing Cybersecurity in an Unsecure World
About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationIncident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com
Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices
More informationNetwork/Cyber Security
Network/Cyber Security SCAMPS Annual Meeting 2015 Joe Howland,VC3 Source: http://www.information-age.com/technology/security/123458891/how-7-year-old-girl-hacked-public-wi-fi-network-10-minutes Security
More informationBuilding a Business Case:
Building a Business Case: Cloud-Based Security for Small and Medium-Size Businesses table of contents + Key Business Drivers... 3... 4... 6 A TechTarget White Paper brought to you by Investing in IT security
More informationPCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst. 2010. Page 1 of 7 www.ecfirst.com
Policy/Procedure Description PCI DSS Policies Install and Maintain a Firewall Configuration to Protect Cardholder Data Establish Firewall and Router Configuration Standards Build a Firewall Configuration
More informationMEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance
MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile
More informationCORE IMPACT AND THE CONSENSUS AUDIT GUIDELINES (CAG)
CORE IMPACT AND THE CONSENSUS AUDIT GUIDELINES (CAG) Extending automated penetration testing to develop an intelligent and cost-efficient security strategy for enterprise-scale information systems CAG
More informationCORE Security and the Payment Card Industry Data Security Standard (PCI DSS)
CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) Addressing the PCI DSS with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationSecuring Endpoints without a Security Expert
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Securing Endpoints without a Security Expert sponsored by Introduction to Realtime Publishers by Don Jones, Series
More informationNYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011
NYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011 Executive Summary BACKGROUND The NYS Local Government Vulnerability Scanning Project was funded by a U.S. Department of Homeland Security
More informationIndustrial Security for Process Automation
Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical
More informationHow To Protect A Network From Attack From A Hacker (Hbss)
Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures DAVID COLE, DIRECTOR IS AUDITS, U.S. HOUSE OF REPRESENTATIVES Assessment Planning Assessment Execution Assessment
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationNetwork Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting
Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order
More informationSeven Strategies to Defend ICSs
INTRODUCTION Cyber intrusions into US Critical Infrastructure systems are happening with increased frequency. For many industrial control systems (ICSs), it s not a matter of if an intrusion will take
More information