SECURITY OPERATIONS CENTER (SOC) Implementing Security Monitoring in Small and Mid-Sized Organizations
|
|
- Ira McKinney
- 8 years ago
- Views:
Transcription
1 SECURITY OPERATIONS CENTER (SOC) Implementing Security Monitoring in Small and Mid-Sized Organizations A White Paper Presented by: MindPoint Group, LLC 8078 Edinburgh Drive Springfield, VA (o) (f) blog.mindpointgroup.com SBA 8(a) Certified Small Disadvantage Business Woman-Owned Small Business (WOSB) Economically Disadvantaged Woman-Owned Small Business (EDWOSB) Minority-Owned Small Business
2 BACKGROUND The primary goal of a Security Operations Center (SOC), or a security-monitoring infrastructure, is to provide the capability to detect and analyze potential information security and privacyrelated incidents. Security and privacy incidents can greatly impact any organization s operational effectiveness and can hinder the organization s ability to complete its mission. The SOC also provides several other capabilities that are of importance to a security program. For example, a properly designed and implemented SOC will provide the ability to easily interpret and output security metrics. Security metrics provide support to the organization in assessing security initiatives and investments, which can aid in decision-making, planning, resource allocation, and product and service selection. In addition, security metrics can also provide tactical oversight enabling the ability to monitor and report on the security posture of systems in real time, gauge the effectiveness of controls, and provide reporting and trending data. (Jansen, 2009) This true is regardless of an organization s size - the SOC is no less important to smaller organization than larger ones. For instance small or mid-sized organizations may still be part of a formally regulated industry, or may wish to simply implement security best practices in order to protect customer data or proprietary company data. Additionally, a data breach in a small or mid-sized agency can have just as much of an impact as a breach that occurs within a larger organization. In fact, organizations of a smaller size may not have the same level of resources available to them as large organizations in responding to a data breach. Legal resources, damage to the company brand, investigative and clean up costs after an incident can quickly add up for a small operation. Effectively an identical breach could impact a smaller organization more in terms of its ability to absorb the associated costs and consequences. The primary issue affecting smaller organizations is the perception that SOCs are for large enterprises and cost tens of millions of dollars to implement, or that small organizations cannot realize the benefits of implementing a SOC due to environmental constraints even though they need one. In response to this smaller organizations tend to implement one of the following approaches: Decide that it is out of reach for their organization, and go no further; Decide that the only cost-effective option for a small to mid-sized organization is to contract the work to a Managed Security Service Provider (MSSP); Decide to implement security monitoring in-house. In spite of the perceived restrictions to implementing a SOC, MindPoint Group has helped implement cost-effective monitoring solutions and as a result many small organizations have been able to successfully implement and run comprehensive security monitoring solutions. In order to have a successful solution, there are certain choices that need to be made in order to keep the solution within the budget limitations of the organization, but it does not make it impossible. In fact, extremely effective features can be implemented even with a limited budget. By having a clear picture of your environment, the threats your organization faces, your available 1
3 budget, the recurring costs involved in the final solution, available human resources to support the solution, careful planning, and the support of management you have a strong chance of implementing a successful SOC solution. COMPARISON OF THE OPTIONS When an organization decides to tackle the challenge of implementing a SOC they are going to essentially take one of two main approaches: implement an MSSP solution; or implement an inhouse SOC. The MSSP solution is an attempt to generalize security-monitoring so that it can be resold to many different clients in order to achieve economies of scale. The MSSP will often provide a good basic level of protection but due to the generalized nature of their solution they infrequently ever provide much beyond that basic level of protection. These services rarely provide equipment and software tuning for an organization s specific needs or a staff solely focused on researching and developing protection for the organization s specific threats. Additionally the organization may lose long term value gained from implementing and customizing equipment and software for their organization, as well as the knowledge and experience developed by a dedicated staff. All the equipment, software, staff, and all the data and knowledge stored in these resources are solely the property of the MSSP and are lost when switching providers or moving to an in-house solution. The in-house SOC solution is primarily designed, implemented, managed, and operated by internal resources. In most cases support from consultants that are experts in the area of security monitoring and analysis are used to assist with the initial planning, design, and implementation. Additionally, there is some outside help from vendors providing specific equipment as part of the solution. The benefit of an in-house SOC solution is that the solution is tailored to the environment. All of the devices are tuned specifically to protect against the threats facing the environment, and in-house staff usually have the skills and knowledge necessary to ensure that the solution comprehensively addresses the security needs of the organization. An in-house SOC solution routinely works for most organizations, but proper staffing can sometimes be difficult for smaller organizations. OUR EXPERIENCE MindPoint Group s team has extensive experience in implementing the various stages of the SOC and security-monitoring program life-cycle. We are equipped to help clients design, implement, manage, and operate a SOC. Additionally our experience in a variety of SOC environments means that we are well equipped to assist with staffing, perform training, process development, as well as researching threats and developing customized protection mechanisms. We were recently contracted to design and build a security-monitoring infrastructure for a small government agency. This type of solution would be categorized as an in-house solution that started with a reliance on our expertise during the design and build-out, but ultimately transitions to using internal organizational employees for management and operation of the SOC. Despite the size of the agency, highly sensitive data is processed at the core of their business processes, 2
4 and their operations are spread across seven main sites with more than two dozen satellite offices. When we first began work at the agency there was little to no security monitoring program established. Significant, recent turnover in the Chief Information Officer (CIO) office included the security staff. The program that was established was focused on compliance, policies, and vulnerability management/system patching. While those are important aspects in a security program they do not address actively monitoring the traffic on the network. The security and network teams had little insight into what was actually occurring on the network. Although there were some incidents they could respond to, they did not have the tools, personnel, or processes in place to identify the incidents in the first place. Even with this nearly blank slate we still had a few technologies already in place that could be used in the design and implementation of the SOC. Anti-Virus: The organization had a centrally managed host-based anti-virus solution in place. Firewalls: The organization had proper firewall technologies in place at their egress/ingress points. Security Information and Event Management (SIEM): The organization had purchased a product for log collection and correlation which was actually a full-featured SIEM priced for small and mid-sized environments. However, the product had not been put into production at the time we started. Because these products were already purchased we were able to focus more effort on selecting technologies to provide intrusion detection and data loss prevention capabilities. We were also able to put significant effort into the technical design of the components and how they would interact, as well as effective configuration and tuning. Often times these projects can get bogged down in vendor and product selection. The more important tasks of proper design, implementation, and customization/tuning suffer. Our design phase consisted of the following steps: Client consultation to get a better understanding of the client business and the threats they faced on a regular basis. We worked with the client on daily activities to see if there were any differences between perceived threats and actual threats. We identified various sources of data which could be considered the most sensitive data by the client as well as the high-value targets present in their network. We consult with the various teams within the organization; network infrastructure, server, desktop; in order to get a better understanding of needs as well as a clear picture of how a proper monitoring solution could be integrated in the environment most efficiently. From these data points we crafted a comprehensive Concept of Operations (CONOPS) for the SOC. The CONOPS clearly described the current state of the security monitoring program, issues, strong points, and impacts of problems with the program. The document then followed with a clear picture of the recommendations we had for implementing the SOC program. This included recommendations for changes to current technologies; procurement of new 3
5 technologies; staffing needs; standard operating procedure and policy development; incident/case management processes; and knowledge sharing/training initiatives. Some of the challenges in developing this type of to-be state involve effectively dealing with the unknowns. Sometimes budgetary or staffing constraints are not clear. However, we are always focused on creating the right solution for the given environment, and focus on understanding the client as much as we understand the technology. We knew the organization needed an IDS and DLP solution, and we set out to propose the most effective solution that would meet the needs of the organization; be manageable by a limited staff; and would provide the greatest value. Our design strategically combined commercial tool options with free open source software (FOSS) tools, and utilized existing hardware and resources where available. Ultimately we knew that the Data Loss Prevention (DLP) space was the one area that the organization needed the most advanced and effective solution, and that funds would need to be directed there first in order to build a program that secured the data assets of the client. Because of this we planned for and proposed an intrusion detection system (IDS) solution that utilized leading edge FOSS IDS technology alongside commercial tools. The proposed FOSS IDS solution gave the organization an IDS infrastructure that matched or exceeded the commercial solutions in terms of detection capability but cost more in terms of administration and resource utilization. Working closely with the client, ultimately the design allowed for the procurement of an industry leading commercial solution in the DLP space due to cost-savings related to hardware repurposing and the use of FOSS tools Once the solution was designed and approved a project plan was built and the solution was implemented. The implementation experienced several issues that threatened successful completion within the defined timeframes: Procurement: The organization experienced many issues in procuring the technology in a timely fashion. Due to the layout of the project plan this began to delay certain aspects of the project. We were able to quickly reorganize the plan in order to work around these issues. Staffing: The organization had multiple staffing and resource availability issues during the project that caused delays. We were able to work around these issues in most instances but these are unfortunately the biggest threat to completing projects on time within a small organization. Other projects: The organization had multiple other large-scale infrastructure projects taking place during the time of implementation. Shifting of already thin personnel resources to these projects caused the delay of certain pieces of the implementation. The above issues did cause minor delays with the project but in most cases we were able to quickly pivot the project onto another task to minimize the impact. We accomplished this by minimizing task dependencies, keeping the project team small to maximize agility when switching tasks, and by being flexible and client-focused. By focusing on the client needs we were able to deliver tasks at the appropriate times, provide guidance on the impact of other 4
6 projects, and provide support on tertiary tasks in order to free up organizational resources and move our tasks forward. The final implementation consisted of the following capabilities: Network IDS Network Data Loss Prevention SIEM Host-based AV and Host-based IDS Centralized Log Collection In addition to the functions above we developed Standard Operating Procedures (SOPs) and helped to institute processes. Throughout the project we provided knowledge transfer and staff training. Also, we were able to utilize several products to fill gaps in the security infrastructure. For instance full packet capture is an invaluable resource to a security program but it is often expensive in terms of the hardware and software required. We considered using OpenFPC to perform packet capture which would have eliminated software costs but would have still required an expensive capital expenditure on hardware. Instead we were able to fill this need by utilizing a feature built into the SIEM which allowed us to capture and store internal/external traffic. TAKEAWAYS Security monitoring and analysis is a key capability needed to support ongoing security operations. An organization s incident handling capability relies on a strong security monitoring capability in order to identify all potential incidents and to capture as much information as possible about those incidents. Some things to keep in mind when entering into a SOC or security-monitoring project: Each organization has its own requirements, priorities, and operating environment that need to be identified and addressed in any solution design. Sometimes the key-players at the organization are too close to identify any or all of the above items. This makes outside input all the more important to successfully design a solution. In-house and MSSP solutions can in most cases meet all of an organizations needs and be successful, but the right decisions need to be made upfront during the design phase. Commercial solutions are not always necessary and many FOSS products can lower costs while providing great functionality. Don t forget to factor in the increase in resource usage (i.e. administration, maintenance, and setup) that is often hidden. When deciding whether to use an MSSP, remember that their business model is to use the same cookie-cutter solution for all customers. If you don t need customization, then this is truly a viable option. Consider having a third-party evaluate the organizational needs and then work as an advocate for the organization during the selection and implementation phases of an MSSP solution. 5
7 At MindPoint Group we take an approach focused on logical design, identifying customer needs, efficient implementation, extensive tuning, and effective staffing. We understand the challenges associated with keeping an organization secure and have experience staffing, designing, and building SOCs at small and large organizations. You can leverage or use our expertise to help implement this type of capability in your organization and determine whether an in-house or MSSP solution is the right fit for you. ABOUT MINDPOINT GROUP MindPoint Group, LLC (MPG) is a Small Business Administration (SBA) certified 8(a), Woman-Owned (WOSB), Economically Disadvantaged Woman-Owned (EDWOSB), and Minority-Owned Small Disadvantaged Business (SDB) with its headquarters in Springfield, VA. MPG s Information Security and Privacy (ISP) services provide program management support, security assessment & authorization (S&A formerly C&A), independent verification and validation (IV&V), continuous monitoring, cyber security, security controls and vulnerability assessments, penetration testing, and security operations center support. MPG understands that information security has a broad scope, and an effective information security program must integrate with a number of other organizational processes in order to function effectively. MPG has experience developing and implementing a wide range of security policies, procedures, and technologies in a variety of environments with the goal of ensuring the confidentiality, integrity, and availability (CIA) of our clients sensitive assets and information systems. MPG specializes in implementing IT Security Program Management through our IS&P methodology of establishing a collaborative working environment across all disciplines through innovation, technical excellence and a dedication to repeatable processes. MPG goes beyond FISMA compliance by helping our clients align Federal regulations with their operational mission. Through this methodology, MPG has successfully supported various clients integrate security across a wide range of security domains and environments. For more information on our solutions, please visit our web site at or check out our blog at blog.mindpointgroup.com. 6
How To Manage A Vulnerability Management Program
VULNERABILITY MANAGEMENT A White Paper Presented by: MindPoint Group, LLC 8078 Edinburgh Drive Springfield, VA 22153 (o) 703.636.2033 (f) 866.761.7457 www.mindpointgroup.com blog.mindpointgroup.com SBA
More informationCorporate Overview. MindPoint Group, LLC 8078 Edinburgh Drive, Springfield, VA 22153 Office: 703.636.2033 Fax: 866.761.7457 www.mindpointgroup.
Corporate Overview MindPoint Group, LLC 8078 Edinburgh Drive, Springfield, VA 22153 Office: 703.636.2033 Fax: 866.761.7457 www.mindpointgroup.com IS&P Practice Areas Core Competencies Clients & Services
More informationCOMPANY PROFILE. Expert Advice. Experience Advantage. Proactive Security Solutions Through Cutting-Edge Research. www.pandoralabs.
A Security-as-a-Service Company. We Make IT Secure. COMPANY PROFILE Expert Advice. Experience Advantage. Proactive Security Solutions Through Cutting-Edge Research. Table of Contents PANDORA SECURITY LABS...
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationManaged Security Service Providers vs. SIEM Product Solutions
White Paper The Business Case for Managed Security Services Managed Security Service Providers vs. SIEM Product Solutions www.solutionary.com (866) 333-2133 The Business Case for Managed Security Services
More informationHOSTING. Managed Security Solutions. Managed Security. ECSC Solutions
Managed Security Managed Security MANAGED SECURITY SOLUTIONS I would highly recommend for your company s network review... were by far the best company IT Manager, Credit Management Agency Presenting IT
More informationCHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
: INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS 1 FIVE KEY RECOMMENDATIONS During 2014, NTT Group supported response efforts for a variety of incidents. Review of these engagements revealed some observations
More informationMANAGED SECURITY SERVICES
MANAGED SECURITY SERVICES True Managed Security Services give you the freedom and confidence to focus on your business, knowing your information assets are always fully protected and available. Finding
More informationMANAGED SECURITY SERVICES (MSS)
MANAGED SECURITY SERVICES (MSS) The Cyber Security Initiative. Cybercrime is becoming an important factor for CIOs and IT professionals, but also for CFOs, compliance officers and business owners. The
More informationBusiness Case Outsourcing Information Security: The Benefits of a Managed Security Service
Business Case Outsourcing Information Security: The Benefits of a Managed Security Service seccuris.com (866) 644-8442 Contents Introduction... 3 Full- Time Experts vs. a Part- Time In- House Staff...
More informationStatement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education
Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education Before the U.S. House Oversight and Government Reform Committee Hearing on Agency Compliance with the Federal Information
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationManaged Services. Business Intelligence Solutions
Managed Services Business Intelligence Solutions Business Intelligence Solutions provides an array of strategic technology services for life science companies and healthcare providers. Our Managed Services
More informationIntelligence Driven Security
Intelligence Driven Security RSA Advanced Cyber Defense Workshop Shane Harsch Senior Solutions Principal, RSA 1 Agenda Approach & Activities Operations Intelligence Infrastructure Reporting & Top Findings
More informationState of Information Security
State of Information Security Second Annual Assessment Study 2013 Table of Contents: Synopsis and Methodology _ page 2 A Snapshot of Participants _ page 2 Survey Findings _ page 5 Final Thoughts _ page
More informationGREEN HOUSE DATA. Managing IT in Uncertain Economic Times: Is a An External Private Cloud the Way to Go? Built right. Just for you.
Built right. Just for you. Managing IT in Uncertain Economic Times: Is a An External Private Cloud the Way to Go? Presented by: Shawn Mills, Founder and CEO of Green House Data Green House Data 340 Progress
More informationEVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07
EVALUATION REPORT Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review March 13, 2015 REPORT NUMBER 15-07 EXECUTIVE SUMMARY Weaknesses Identified During the FY 2014
More informationSITUATIONAL AWARENESS MITIGATE CYBERTHREATS
Gaining the SITUATIONAL AWARENESS needed to MITIGATE CYBERTHREATS Industry Perspective EXECUTIVE SUMMARY To become more resilient against cyberthreats, agencies must improve visibility and understand events
More informationU.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems
U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)
More informationManaged Security Services for Data
A v a y a G l o b a l S e r v i c e s Managed Security Services for Data P r o a c t i v e l y M a n a g i n g Y o u r N e t w o r k S e c u r i t y 2 4 x 7 x 3 6 5 IP Telephony Contact Centers Unified
More informationMANAGED SECURITY SERVICES (MSS)
MANAGED SECURITY SERVICES (MSS) THE CYBER SECURITY INITIATIVE. Cybercrime is becoming an important factor for CIOs and IT professionals, but also for CFOs, compliance officers and business owners. The
More informationForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)
ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) CONTENT Introduction 2 Overview of Continuous Diagnostics & Mitigation (CDM) 2 CDM Requirements 2 1. Hardware Asset Management 3 2. Software
More informationSIEM Implementation Approach Discussion. April 2012
SIEM Implementation Approach Discussion April 2012 Agenda What are we trying to solve? Summary Observations from the Security Assessments related to Logging & Monitoring Problem Statement Solution Conceptual
More informationStrategy and Management Services (SAMS), Inc.
Strategy and Management Services (SAMS), Inc. Exceeding Expectations with People Who Make a Difference! Strategy and Management Services (SAMS), Inc. 8117 Lake Park Dr. Alexandria, VA 22309 1 703-969-7949
More informationCybersecurity Awareness for Executives
SESSION ID: SOP-R04 Cybersecurity Awareness for Executives Rob Sloan Head of Cyber Content and Data Dow Jones @_rob_sloan Session Overview Aim: Provide a high level overview of an effective cybersecurity
More informationThe Business Value of Managed Security Services
The Business Value of Managed Security Services SilverSky 440 Wheelers Farm Road Suite 202 Milford CT 06461 silversky.com 2013 SilverSky P.2 The Business Value of Managed Security Services Contents Abstract...
More information_experience the commitment TM. Seek service, not just servers
The complete cloud Creating and preserving cloud savings, security and service quality transition planning and service management ABOUT THIS PAPER Creating and preserving cloud infrastructure savings,
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationCounselorMax and ORS Managed Hosting RFP 15-NW-0016
CounselorMax and ORS Managed Hosting RFP 15-NW-0016 Posting Date 4/22/2015 Proposal submission deadline 5/15/2015, 5:00 PM ET Purpose of the RFP NeighborWorks America has a requirement for managed hosting
More informationOFFICE OF ENTERPRISE TECHNOLOGY SERVICES QUARTERLY REPORT ON
OFFICE OF ENTERPRISE TECHNOLOGY SERVICES QUARTERLY REPORT ON PERIODIC INFORMATION SECURITY AND PENETRATION AUDITS OF THE EXECUTIVE BRANCH INFORMATION TECHNOLOGY SYSTEMS APRIL 1, 2016 SUBMITTED TO THE TWENTY-EIGHTH
More informationSYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.
SYMANTEC MANAGED SECURITY SERVICES Superior information security delivered with exceptional value. A strong security posture starts with a smart business decision. In today s complex enterprise environments,
More informationE-Guide. Sponsored By:
E-Guide Network Management Fundamentals Network management is a complex topic. In today's diverse networking infrastructure, the network has to handle more instances of unified communications, video, and
More informationREMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION
REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION The modern data centre has ever-increasing demands for throughput and performance, and the security infrastructure required to protect and segment the network
More informationImplement security solutions that help protect your IT systems and facilitate your On Demand Business initiatives.
Security solutions To support your business objectives Implement security solutions that help protect your IT systems and facilitate your On Demand Business initiatives. For an On Demand Business, security
More informationUSING SECURITY METRICS TO ASSESS RISK MANAGEMENT CAPABILITIES
Christina Kormos National Agency Phone: (410)854-6094 Fax: (410)854-4661 ckormos@radium.ncsc.mil Lisa A. Gallagher (POC) Arca Systems, Inc. Phone: (410)309-1780 Fax: (410)309-1781 gallagher@arca.com USING
More informationBrocade Network Monitoring Service (NMS) Helps Maximize Network Uptime and Efficiency
WHITE PAPER SERVICES Brocade Network Monitoring Service (NMS) Helps Maximize Network Uptime and Efficiency Brocade monitoring service delivers business intelligence to help IT organizations meet SLAs,
More informationIT Security Strategy and Priorities. Stefan Lager CTO Services stefan.lager@addpro.se
IT Security Strategy and Priorities Stefan Lager CTO Services stefan.lager@addpro.se Cyberthreat update Why would anyone want to hack me? I am not a bank! Security Incidents with Confirmed Data Loss Source:
More informationLeveraging Your Tools for Better Compliance
Leveraging Your Tools for Better Compliance Using People, Process, and Technology to Measure Compliance Agenda Why are we doing it? Current Sources of Information (People, Process, Technology) Limitation
More informationThe Business Case For Private Cloud Services
Velocity Technology Solutions / April 2015 This Private Cloud Services guide will: Define a common vocabulary around Private Cloud Service Providers Describe how Private Cloud Services can reduce the total
More informationDefending against modern cyber threats
Defending against modern cyber threats Protecting Critical Assets October 2011 Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Agenda 1. The seriousness of today s situation
More informationRegional Grocers Gain a Fast, Differentiating Competitive Edge with SaaS
Regional Grocers Gain a Fast, Differentiating Competitive Edge with SaaS Contents 03 04 07 10 Introduction What CMOs Want What CIOs Want Key Considerations with Cloud Based Strategies Introduction Today
More informationAvoiding the Top 5 Vulnerability Management Mistakes
WHITE PAPER Avoiding the Top 5 Vulnerability Management Mistakes The New Rules of Vulnerability Management Table of Contents Introduction 3 We ve entered an unprecedented era 3 Mistake 1: Disjointed Vulnerability
More informationManaged Enterprise Internet and Security Services
Managed Enterprise Internet and Security Services NOMINATING CATEGORY: CYBER SECURITY INITIATIVES NOMINATOR: TONY ENCINIAS, CHIEF INFORMATION OFFICER COMMONWEALTH OF PENNSYLVANIA FINANCE BUILDING HARRISBURG,
More informationFIVE PRACTICAL STEPS
WHITEPAPER FIVE PRACTICAL STEPS To Protecting Your Organization Against Breach How Security Intelligence & Reducing Information Risk Play Strategic Roles in Driving Your Business CEOs, CIOs, CTOs, AND
More informationInformation & Asset Protection with SIEM and DLP
Information & Asset Protection with SIEM and DLP Keeping the Good Stuff in and the Bad Stuff Out Professional Services: Doug Crich Practice Leader Infrastructure Protection Solutions What s driving the
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationTHE BUSINESS VALUE OF MANAGED SECURITY SERVICES.
THE BUSINESS VALUE OF MANAGED SECURITY SERVICES. INTRODUCTION For many organizations, outsourcing network security services appears to be a logical choice. You avoid hardware, licensing, and maintenance
More informationIntegrating Security into Your Corporate Infrastructure
Integrating Security into Your Corporate Infrastructure December 13, 2001 Matthew K. Miller, CISSP, GIAC Manager, Security Services RedSiren Technologies 1 Who is RedSiren? We are a MSSP Managed Security
More informationThe Benefits of an Integrated Approach to Security in the Cloud
The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationManaging the Ongoing Challenge of Insider Threats
CYBERSECURITY IN THE FEDERAL GOVERNMENT Managing the Ongoing Challenge of Insider Threats A WHITE PAPER PRESENTED BY: May 2015 PREPARED BY MARKET CONNECTIONS, INC. 11350 RANDOM HILLS ROAD, SUITE 800 FAIRFAX,
More informationPREMIER SERVICES MAXIMIZE PERFORMANCE AND REDUCE RISK
MAXIMIZE PERFORMANCE AND REDUCE RISK 1 BROCHURE COMPLEXITIES IN MISSION CRITICAL SYSTEMS CONTINUE TO INCREASE Mission critical communications systems have become increasingly complex as more features and
More informationFull-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform
Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Solution Brief Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Finding
More informationBeyond Point Technology and The Managed Security Service Provider (MSSP) Co-management applied across the entire security environment
Beyond Point Technology and The Managed Security Service Provider (MSSP) Co-management applied across the entire security environment Whitepaper May 2015 2 Table of Contents THE RISE OF CO-MANAGEMENT...
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationHow to Define SIEM Strategy, Management and Success in the Enterprise
How to Define SIEM Strategy, Management and Success in the Enterprise Security information and event management (SIEM) projects continue to challenge enterprises. The editors at SearchSecurity.com have
More informationSecurity from a customer s perspective. Halogen s approach to security
September 18, 2015 Security from a customer s perspective Using a cloud-based talent management program can deliver tremendous benefits to your organization, including aligning your workforce, improving
More informationInformation Security Services. Achieving PCI compliance with Dell SecureWorks security services
Information Security Services Achieving PCI compliance with Dell SecureWorks security services Executive summary In October 2010, the Payment Card Industry (PCI) issued the new Data Security Standard (DSS)
More informationD. Grzetich 6/26/2013. The Problem We Face Today
Ideas on Using Asset Criticality Inference (ACI) Through Gathering and Processing of Asset Contextual Utilizing Analytical Models and Processing Rules D. Grzetich 6/26/2013 The Problem We Face Today Security
More informationSTATE OF MARYLAND 2017 INFORMATION TECHNOLOGY MASTER PLAN (ITMP) Department of Information Technology David Garcia; State CIO
STATE OF MARYLAND 2017 INFORMATION TECHNOLOGY MASTER PLAN (ITMP) Department of Information Technology David Garcia; State CIO Introduction Since taking office in January 2015, Governor Larry Hogan has
More informationManaging IT Security Risks (Build, Buy, or Both?)
August 7, 2001 Colorado Office 1600 Stout Street Suite 1510 Denver, CO 80202 303.446.0001 Managing IT Security Risks (Build, Buy, or Both?) Oklahoma Office 1307 South Boulder Avenue Suite 120 Tulsa, OK
More informationSorting out SIEM strategy Five step guide to full security information visibility and controlled threat management
Sorting out SIEM strategy Five step guide to full security information visibility and controlled threat management This guide will show you how a properly implemented and managed SIEM solution can solve
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationWhite paper. Creating an Effective Security Operations Function
White paper Creating an Effective Security Operations Function Awareness of security issues is fundamental to an effective policy. When we think of a security operations center (SOC), we often have an
More informationMANAGED SERVICES PROVIDER. Dynamic Solutions. Superior Results.
MANAGED SERVICES PROVIDER Dynamic Solutions. Superior Results. REVOLUTIONIZE YOUR INSTITUTION BY FULLY LEVERAGING THE BENEFITS OF TECHNOLOGY MAXIMIZE YOUR TECHNOLOGY INVESTMENTS ENHANCE SECURITY OF YOUR
More informationTime Is Not On Our Side!
An audit sets the baseline. Restricting The next steps Authenticating help prevent, Tracking detect, and User Access? respond. It is rare for a few days to pass without news of a security breach affecting
More informationMANAGEMENT CONSULTING ENTERPRISE SOLUTIONS IT OUTSOURCING. CAPABILITY briefing
MANAGEMENT CONSULTING ENTERPRISE SOLUTIONS IT OUTSOURCING MILESTONES 1999-Present 8(a) / SDB Certified Woman-Owned Certified GSA Schedule 70 GSA STARS II NAICS Codes 541511, 541512, 541519, 541618, 541611,
More informationAchieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations
Achieving Control: The Four Critical Success Factors of Change Management Technology Concepts & Business Considerations T e c h n i c a l W H I T E P A P E R Table of Contents Executive Summary...........................................................
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationindustry perspective: MAKING SMARTER IT INVESTMENTS: Customizing the Cloud
industry perspective: MAKING SMARTER IT INVESTMENTS: Customizing the Cloud 1 A Brief Introduction Today, cloud computing offers government the opportunity to re-imagine how services are delivered. But
More informationYour Infrastructure. Our Responsibility.
Know Us The SRM group is four decades old multi-million dollar business house currently operational in 15 cities worldwide. SRM group has made its presence felt in education, training, Electronics, Technology,
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More informationThe Case for Managed Security Services for Log Monitoring and Management
White Paper The Case for Managed Security Services for Log Monitoring and Management www.solutionary.com (866) 333-2133 The Case for Managed Security Services for Log Monitoring and Management Contents
More informationNASA OFFICE OF INSPECTOR GENERAL
NASA OFFICE OF INSPECTOR GENERAL OFFICE OF AUDITS SUITE 8U71, 300 E ST SW WASHINGTON, D.C. 20546-0001 April 14, 2016 TO: SUBJECT: Renee P. Wynn Chief Information Officer Final Memorandum, Review of NASA
More informationNetwork Intrusion Prevention Systems Justification and ROI
White Paper October 2004 McAfee Protection-in-Depth Strategy Network Intrusion Prevention Systems 2 Table of Contents Are My Critical Data Safe? 3 The Effects and Results of an Intrusion 3 Why the Demand
More informationSELECTING THE RIGHT HOST INTRUSION PREVENTION SYSTEM:
SELECTING THE RIGHT HOST INTRUSION PREVENTION SYSTEM: 12 Key Questions to Ask Executive Summary Host Intrusion Prevention Systems (HIPS) complement perimeter defenses, and play a vital role in protecting
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationRight-Sizing Electronic Discovery: The Case For Managed Services. A White Paper
Right-Sizing Electronic Discovery: The Case For Managed Services A White Paper 1 2 Table of Contents Introduction....4 An Overview of the Options...4 Insourcing: Bringing E-Discovery Processes In-House....4
More informationERP Challenges and Opportunities in Government
ERP Challenges and Opportunities in Government www.frost.com 1 Table of Contents Executive Summary... 3 Introduction... 4 Survey Methodology... 4 A Word About Frost & Sullivan... 5 ERP Systems in Government:
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationINFORMATION SECURITY Humboldt State University
CSU The California State University Office of Audit and Advisory Services INFORMATION SECURITY Humboldt State University Audit Report 14-50 October 30, 2014 EXECUTIVE SUMMARY OBJECTIVE The objectives of
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationMANAGED SECURITY SERVICES: WHEN IT'S TIME TO STOP GOING "IT" ALONE
MANAGED SECURITY SERVICES: WHEN IT'S TIME TO STOP GOING "IT" ALONE August 2014 Derek E. Brink, CISSP, Vice President and Research Fellow, IT Security and IT GRC Report Highlights p2 p3 p6 p7 Security is
More informationA THINKstrategies Primer for CIOs
A THINKstrategies Primer for CIOs Making the Move to a Cloud-Based IT Service : Why the Time Is Right to Put Aside Your Fears & Capitalize on Today s Latest Innovations Published on Behalf of BMC Software
More informationSORTING OUT YOUR SIEM STRATEGY:
SORTING OUT YOUR SIEM STRATEGY: FIVE-STEP GUIDE TO TO FULL SECURITY INFORMATION VISIBILITY AND CONTROLLED THREAT MANAGEMENT INTRODUCTION It s your business to know what is happening on your network. Visibility
More informationGet Confidence in Mission Security with IV&V Information Assurance
Get Confidence in Mission Security with IV&V Information Assurance September 10, 2014 Threat Landscape Regulatory Framework Life-cycles IV&V Rigor and Independence Threat Landscape Continuously evolving
More informationState of South Carolina Policy Guidance and Training
State of South Carolina Policy Guidance and Training Policy Workshop Small Agency Threat and Vulnerability Management Policy May 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy
More informationAN EXECUTIVE S GUIDE TO BUDGETING FOR SECURITY INFORMATION & EVENT MANAGEMENT
WHITE PAPER AN EXECUTIVE S GUIDE TO BUDGETING FOR SECURITY INFORMATION & EVENT MANAGEMENT COST ANALYSIS OF TWO DELIVERY MODELS: SELF-MANAGED SIEM VS. MANAGED SIEM SERVICES AN EXECUTIVE S GUIDE TO BUDGETING
More informationLogging In: Auditing Cybersecurity in an Unsecure World
About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that
More informationPublic or Private Cloud: The Choice is Yours
white paper Public or Private Cloud: The Choice is Yours Current Cloudy Situation Facing Businesses There is no debate that most businesses are adopting cloud services at a rapid pace. In fact, a recent
More informationCompany Overview. Enterprise Cloud Solutions
2016 Company Overview Enterprise Cloud Solutions ENTERPRISE CLOUD SOLUTIONS Unitas Global utilizes leading cloud technologies to optimize enterprise IT environments. By designing, deploying, and managing
More informationFY 2016 Inspector General Federal Information Security Modernization Act of 2014 Reporting Metrics V1.0
FY 2016 Inspector General Federal Information Security Modernization Act of 2014 Reporting Metrics V1.0 June 20, 2016 Document History Version Date Comments Sec/Page 1.0 19 June 2016 Aligned questions
More information