Security Information and Event Management
|
|
- Anissa Allison
- 8 years ago
- Views:
Transcription
1 Security Information and Event Management sponsored by: ISSA Web Conference April 26, 2011 Start Time: 9 am US Pacific, Noon US Eastern, 5 pm London
2 Welcome Conference Moderator Phillip H. Griffin ISSA Web Conference Committee 2
3 Agenda The Truth & Reality of a SIEM Implementation Candy Frances Alexander, CISSP CISM - Chief Information Security Officer, Long Term Care Partners Data Governance in Today s World Peter Kohler - Optim, Guardium, and Discovery Business Unit Executive - IBM Cloud Automation Protocols for SIEM Erin Connor - Director, EWA-Canada Open Panel with Audience Q&A Closing Remarks 3
4 The Truth & Reality of a SIEM Implementation Candy Alexander, CISSP CISM 4
5 Topics Background Requirements Typical challenges Doing it the right way If I were to do it all over again 5
6 Background Jumped into the SIEM game 3 years ago Requirements were defined as Compliance monitoring (HIPAA, FISMA) Identify security posture Central security management console (central view) Audit evidence/artifacts Incident response/investigations IT optimalization Security Maturity Level: Evolving Common challenges Multiple Stakeholders without clear expectations Getting IT involved (i.e. care and feed) Where does it really fit? Has it hurt or helped? 6
7 Requirements Understand what YOU need the tool to do Regulatory Scalability Learn what you don t know Factor in vendor support/training Understand what the TOOL needs you to do Skills FTE/PTE? Budget to grow on? 7
8 Challenges Who needs a Project manager? Security maturity of Program Evolving Program = people/culture challenges Implementation Program = technology challenges Well Established Program = skill levels, resources Business Value 8
9 Doing it the right way No matter what, before you begin Get common agreement Use sound project management methodologies 9
10 If I were to do it all over again NO matter what, this is one of the biggest investments and implementations that you will undertake Look at your options In-house (mature security programs with a huge scope) Out-source (any level of maturity with a smaller scope or resources) * Hybrid (any level of maturity with smaller resources but want/need to keep in house) 10
11 Question and Answer Candy Alexander, CISSP CISM Chief Information Security Officer Long Term Care Partners 11
12 Data Governance in Today s World Peter Kohler Data Governance Business Unit Executive 12
13 The Challenges Around Data Governance Application Redundancies Application Portfolio Rationalization Sunset legacy applications Reduce operational IT spend Rampant Data Growth Cost effectively support your information retention policies while controlling data growth. Meet SLA s Reduce operational IT spend Information Security Protect and enable secure sharing of information 84% of security breaches come from internal sources, from non-production. Average Costs and Fines for a Data Breach $6.6M Information Compliance Reduce brand reputation risks and audit deficiencies 63% IT executives rate compliance with regulations a top challenge. Sources: CIO Magazine survey 2007;
14 Protecting Information Security & Privacy Across the Enterprise Define policies Classify & define data types Discover where sensitive data resides Discover & Define De-identify confidential data in non-production environments Safeguard sensitive data in documents Protect enterprise data from both authorized & unauthorized access Secure & Protect Assess database vulnerabilities Monitor and enforce database access Audit and report for compliance Monitor & Audit Information Governance Core Disciplines Quality Management Lifecycle Security & Privacy
15 Securing and Protecting Your Information Supply Chain Protecting the data across the enterprise, both internal and external threats Knowing who s accessing your data when, how and why Monitoring and reporting on database access for audit purposes Test/Dev Discover & Define Monitor & Audit Secure & Protect
16 Complete Business Object Challenge for Retention and Masking Referentially-intact subset of data across related tables and applications; includes metadata Provides historical reference snapshot of business activity Federated object support across enterprise data stores Payments
17 De-identify Data in Non-Production Environments without Impacting Test & Development Mask or de-identify sensitive data elements that could be used to identify an individual Ensure masked data is contextually appropriate to the data it replaced, so as not to impede testing Data is realistic but fictional Masked data is within permissible range of values Support referential integrity of the masked data elements to prevent errors in testing JASON MICHAELS ROBERT SMITH Personal identifiable information is masked with realistic but fictional data for testing & development purposes.
18 Real-Time Database Monitoring DB2 Non-invasive architecture Outside database Minimal performance impact (2-3%) No DBMS or application changes Cross-DBMS solution 100% visibility including local DBA access Enforces separation of duties (SoD) Does not rely on DBMS-resident logs that can easily be erased by attackers, rogue insiders Granular, real-time policies & auditing Who, what, when, how Automated compliance reporting, sign-offs & escalations (SOX, PCI, NIST, etc.) 18
19 Protect Sensitive Data Values within Documents Redact (or remove) sensitive unstructured data found in documents and forms, protecting confidential information while supporting the need to share critical business information Support compliance with industry-specific and global data privacy requirements or mandates Leverage an automated redaction process for speed, accuracy and efficiency Ensure hidden source data (or metadata) within documents is redacted as well Prevent unintentional disclosure by using role-based masking to confidently share data Ensure multiple file formats are support, including PDF, text, TIFF and Microsoft Word documents Redact Full Name & Street Address
20 Question and Answer Peter Kohler - Optim, Guardium, and Discovery Business Unit Executive - IBM pkohler@us.ibm.com 20
21 SIEM and Automation Protocols Erin Connor Director EWA-Canada
22 Overview Issues & Answers for Security Automation Security Content Automation Protocol Common Language Elements Operational Elements SCAP Content & Scanning On the Automation Horizon Why Automation Protocols Over the Automation Horizon
23 Issues for Security Automation Proprietary information and formats across products Incompatible information across technologies Information collection is costly and error prone Inefficient use of resources managing configurations, vulnerabilities and patches Same or similar problems when systems connected into networks and events start happening Doesn t scale well as networks grow and the number of desirable and undesirable events multiply
24 Answers for Security Automation Standard Language Using the same name for the same object in all instances Lends itself to the use of automated tools, reducing manual requirements increases accuracy in reporting and subsequent response Valuable human resources can be tasked to more difficult problems
25 Security Content Automation Protocol (SCAP) Initial foray into automation protocols to deal with configuration and patch issues Seven Underlying Standards Validation Program to test and verify that scanning tools properly implement and understand the language defined by the six standards, and can properly execute SCAP content
26 SCAP Common Language Elements Common Platform Enumeration (CPE ) defines a structured naming scheme for information technology systems, platforms, and packages Common Configuration Enumeration (CCE ) defines unique identifiers for system configuration issues in order to facilitate fast and accurate correlation of configuration data across multiple information sources and tools Common Vulnerabilities and Exposures (CVE ) comprises a dictionary of publicly known information security vulnerabilities and exposures (configuration issue)
27 SCAP Operational Elements extensible Configuration Checklist Description Format (XCCDF) defines a specification language for writing security checklists, benchmarks, and related kinds of documents representing a structured collection of security configuration rules for some set of target systems Open Vulnerability Assessment Language (OVAL) an information security community effort to standardize how to assess and report upon the machine state of computer systems, i.e., how to query configuration, vulnerability, etc., status of a target Common Vulnerability Scoring System (CVSS) provides an industry standard for assessing the severity of computer system security vulnerabilities thereby allowing comparison and prioritization of response Open Checklist Interactive Language (OCIL) defines a framework for expressing a set of questions to be presented to a user and corresponding procedures to interpret responses to these questions, i.e., non-automated manual checks
28 SCAP Content Four Tiers identifying the form of the content: I Prose checklist II Non-standard (non-scap) machine readable III SCAP expressed but not validated (should work in validated tool) IV validated SCAP content (will work in validated tool) Tier IV content (OMB & NIST) for: WinXP, WinVista (and associated WinFWs), IE 7 - FDCC Win7, Win7 FW & IE8 - USGCB RHEL 5 Desktop (Beta USGCB) National Vulnerability Database U.S. government repository of standards based vulnerability management data represented using SCAP Validated SCAP Tools -
29 SCAP Scanning Internet Router DMZ Firewall Web Servers Application Servers Database Systems Intranet DNS Server Mail Server Web Servers Desktop Systems Desktop Systems Desktop Systems SCAP Scanner SCAP Scanner
30 Validated SCAP Tool Vendors
31 On the Automation Horizon Event Management Automation Protocol Being developed to do for event management what SCAP has been able to do for configuration and vulnerability management Builds on another set of standards, including: Common Event Expression (CEE ) provide a standardized way for computer events to be described, logged, and exchanged allowing for more efficient enterprise-wide log management, correlation, aggregation, auditing, and incident handling Common Attack Pattern Enumeration and Classification (CAPEC) - objective to provide a publicly available catalogue of attack patterns along with a comprehensive schema and classification taxonomy Malware Attribute Enumeration and Characterization (MAEC) - a standardized language for encoding and communicating high-fidelity information about malware based upon attributes such as behaviors, artefacts, and attack patterns
32 Why Automation Protocols? SCAP provides the ability to use standardized tools to determine and report baseline configurations in the network in real time, i.e., not only discover what is there but individual hardened status on an ongoing basis EMAP will provide a standardized language for network attached systems to report what is happening As more and more system vendors implement SCAP and EMAP compatible interfaces and information reporting: SIEM vendors will be able to concentrate on enhancing analysis and correlation capabilities rather than keeping up-to-date with changes system vendors may make to proprietary event information reporting formats End users will be able to decide among SIEM tools based on comparison of analysis and reporting capabilities, and not whether the tools speak the same language as the devices on their networks Up-to-date configuration status can affect the importance of a network event, e.g., probes against systems known to have up-to-date mitigations may be in the category Of Interest rather than Panic!
33 Over the Automation Horizon From Public/Private Collaboration Efforts for Enterprise Security Automation presented at Software Assurance Forum 27 September 2010
34 Over the Automation Horizon Automation Protocol initiatives underway or proposed, including: Enterprise Remediation Automation Protocol Enterprise System Information Protocol Enterprise Compliance Automation Protocol Threat Analysis Automation Protocol Software Assurance Automation Protocol Incident Management Automation Protocol Longer term goal to get to the point where network managers can respond to events in real time by changing policies and configurations from a central management point
35 Questions Erin Connor EWA-Canada, Director x1214
36 References/Resources Selected Standards: Security Content Automation Protocol (SCAP) Common Platform Enumeration (CPE) Common Configuration Enumeration (CCE) Common Vulnerabilities & Exposures (CVE) extensible Configuration Checklist Description Format (XCCDF) Open Vulnerability Assessment Language (OVAL) Common Vulnerability Scoring System (CVSS) Open Checklist Interactive Language (OCIL) CWE Common Event Expression (CEE) Common Attack Pattern Enumeration and Classification (CAPEC) Malware Attribute Enumeration and Characterization (MAEC) Asset Reporting Format (ARF)
37 References / Resources Automation Content Federal Desktop Core Configuration United States Government Configuration Baseline (USGCB) Conferences NIST Annual Security Automation Conference Autumn time frame, 2011 not yet formally announced, Software Assurance Forum semi-annual Spring and Autumn forums National Vulnerability Database (NVD)
38 Question and Answer Erin Connor - Director, EWA-Canada econnor@ewa-canada.com 38
39 Panel Discussion Phillip H. Griffin - ISSA Web Conference Committee Candy Frances Alexander, CISSP CISM - Chief Information Security Officer, Long Term Care Partners Peter Kohler - Optim, Guardium, and Discovery Business Unit Executive - IBM Erin Connor - Director, EWA-Canada
40 Closing Remarks Thank you to our Sponsor Thank you to Citrix for donating this Webcast service Online Meetings Made Easy 40
41 CPE Credit Within 24 hours of the conclusion of this webcast, you will receive a link to a post Web Conference quiz. After the successful completion of the quiz you will be given an opportunity to PRINT a certificate of attendance to use for the submission of CPE credits. 41
Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities
Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Sean Barnum sbarnum@mitre.org September 2011 Overview What is SCAP? Why SCAP?
More informationHow To Monitor Your Entire It Environment
Preparing for FISMA 2.0 and Continuous Monitoring Requirements Symantec's Continuous Monitoring Solution White Paper: Preparing for FISMA 2.0 and Continuous Monitoring Requirements Contents Introduction............................................................................................
More informationReal-Time Database Protection and. Overview. 2010 IBM Corporation
Real-Time Database Protection and Monitoring: IBM InfoSphere Guardium Overview Agenda Business drivers for database security InfoSphere Guardium architecture Common applications The InfoSphere portfolio
More informationHow To Use A Policy Auditor 6.2.2 (Macafee) To Check For Security Issues
Vendor Provided Validation Details - McAfee Policy Auditor 6.2 The following text was provided by the vendor during testing to describe how the product implements the specific capabilities. Statement of
More informationBMC Client Management - SCAP Implementation Statement. Version 12.0
BMC Client Management - SCAP Implementation Statement Version 12.0 BMC Client Management - SCAP Implementation Statement TOC 3 Contents SCAP Implementation Statement... 4 4 BMC Client Management - SCAP
More informationInformation Security & Privacy Solutions Enabling Information Governance
Information Security & Privacy Solutions Enabling Information Governance LYNDA KEITANY IM SALES SPECIALIST July 11, 2012 What s at Stake? Damage to company reputation Brand equity damage; negative publicity
More informationFederal Desktop Core Configuration (FDCC)
Federal Desktop Core Configuration (FDCC) Presented by: Saji Ranasinghe Date: October, 2007 FDCC Federal Desktop Core Configuration (FDCC) Standardized Configuration with Hardened Security Settings to
More informationAn Enterprise Continuous Monitoring Technical Reference Architecture
An Enterprise Continuous Monitoring Technical Reference Architecture 12/14/2010 Presenter: Peter Mell Senior Computer Scientist National Institute of Standards and Technology http://twitter.com/petermmell
More informationInformation Security Standards: How have they evolved throughout 2010
Information Security Standards: How have they evolved throughout 2010 Sponsored by: ISSA Web Conference November 16, 2010 Start Time: 9 am US Pacific, Noon US Eastern, 5 pm London 1 Welcome: Conference
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationHow To Protect Data From Attack On A Computer System
Information Management White Paper Understanding holistic database security 8 steps to successfully securing enterprise data sources 2 Understanding holistic database security News headlines about the
More informationObtaining Value from Your Database Activity Monitoring (DAM) Solution
Obtaining Value from Your Database Activity Monitoring (DAM) Solution September 23, 2015 Mike Miller Chief Security Officer Integrigy Corporation Stephen Kost Chief Technology Officer Integrigy Corporation
More informationContinuous Monitoring
Continuous Monitoring The Evolution of FISMA Compliance Tina Kuligowski Tina.Kuligowski@Securible.com Overview Evolution of FISMA Compliance NIST Standards & Guidelines (SP 800-37r1, 800-53) OMB Memorandums
More informationFDCC & SCAP Content Challenges. Kent Landfield Director, Risk and Compliance Security Research McAfee Labs
FDCC & SCAP Content Challenges Kent Landfield Director, Risk and Compliance Security Research McAfee Labs Where we have been 1 st Security Automation Workshop nearly 20 people in a small room for the day
More informationQualys PC/SCAP Auditor
Qualys PC/SCAP Auditor Getting Started Guide August 3, 2015 COPYRIGHT 2011-2015 BY QUALYS, INC. ALL RIGHTS RESERVED. QUALYS AND THE QUALYS LOGO ARE REGISTERED TRADEMARKS OF QUALYS, INC. ALL OTHER TRADEMARKS
More informationEnterprise Security Solutions
Enterprise Security Solutions World-class technical solutions, professional services and training from experts you can trust ISOCORP is a Value-Added Reseller (VAR) and services provider for best in class
More informationData Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan
WHITE PAPER Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan Introduction to Data Privacy Today, organizations face a heightened threat landscape with data
More informationReview: McAfee Vulnerability Manager
Review: McAfee Vulnerability Manager S3KUR3, Inc. Communicating Complex Concepts in Simple Terms Tony Bradley, CISSP, Microsoft MVP September 2010 Threats and vulnerabilities are a way of life for IT admins.
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationHow To Achieve Pca Compliance With Redhat Enterprise Linux
Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving
More informationEnhancing Security for Next Generation Networks and Cloud Computing
V1.0 Enhancing Security for Next Generation Networks and Cloud Computing Tony Rutkowski Yaana Technologies Georgia Tech ITU-T Q.4/17 Rapporteur ETSI Workshop 19-20 January 2011 Sophia Antipolis, France
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationHow To Secure A Database From A Leaky, Unsecured, And Unpatched Server
InfoSphere Guardium Ingmārs Briedis (ingmars.briedis@also.com) IBM SW solutions Agenda Any questions unresolved? The Guardium Architecture Integration with Existing Infrastructure Summary Any questions
More informationReport: Symantec Solutions for Federal Government: CyberScope
CyberScope and Tighter Cybersecurity y Reporting Requirements: Are You Ready? Report: Symantec Solutions for Federal Government: CyberScope CyberScope and Tighter Cybersecurity y Reporting Requirements:
More informationIT Security & Compliance. On Time. On Budget. On Demand.
IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount
More informationQRadar SIEM 6.3 Datasheet
QRadar SIEM 6.3 Datasheet Overview Q1 Labs flagship solution QRadar SIEM is unrivaled in its ability to provide an organization centralized IT security command and control. The unique capabilities of QRadar
More information8 Steps to Holistic Database Security
Information Management White Paper 8 Steps to Holistic Database Security By Ron Ben Natan, Ph.D., IBM Distinguished Engineer, CTO for Integrated Data Management 2 8 Steps to Holistic Database Security
More informationTechnology Blueprint. Assess Your Vulnerabilities. Maintain a continuous understanding of assets and manage vulnerabilities in real time
Technology Blueprint Assess Your Vulnerabilities Maintain a continuous understanding of assets and manage vulnerabilities in real time LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1
More informationSecurity Content Automation Protocol for Governance, Risk, Compliance, and Audit
UNCLASSIFIED Security Content Automation Protocol for Governance, Risk, Compliance, and Audit presented by: Tim Grance The National Institute of Standards and Technology UNCLASSIFIED Agenda NIST s IT Security
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationEffective Threat Management. Building a complete lifecycle to manage enterprise threats.
Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive
More informationTotal Protection for Compliance: Unified IT Policy Auditing
Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.
More informationIBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems
IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems Proactively address regulatory compliance requirements and protect sensitive data in real time Highlights Monitor and audit data activity
More informationIBM Data Security Services for endpoint data protection endpoint data loss prevention solution
Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Facilitate policy-based expertise and
More informationProtect the data that drives our customers business. Data Security. Imperva s mission is simple:
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
More informationBIG SHIFT TO CLOUD-BASED SECURITY
GUIDE THE BIG SHIFT TO CLOUD-BASED SECURITY How mid-sized and smaller organizations can manage their IT risks and meet regulatory compliance with minimal staff and budget. CONTINUOUS SECURITY TABLE OF
More informationLeveraging a Maturity Model to Achieve Proactive Compliance
Leveraging a Maturity Model to Achieve Proactive Compliance White Paper: Proactive Compliance Leveraging a Maturity Model to Achieve Proactive Compliance Contents Introduction............................................................................................
More informationSTIGs,, SCAP and Data Metrics
Defense Information Systems Agency A Combat Support Agency STIGs,, SCAP and Data Metrics Roger S. Greenwell, CISSP, CISA, CISM Technical Director / Capabilities Implementation Division DISA Field Security
More informationNOTICE: This publication is available at: http://www.nws.noaa.gov/directives/.
Department of Commerce National Oceanic & Atmospheric Administration National Weather Service NATIONAL WEATHER SERVICE INSTRUCTION 60-703 23 April 2013 Information Technology IT Security VULNERABILITY
More informationSymantec Control Compliance Suite Standards Manager
Symantec Control Compliance Suite Standards Manager Automate Security Configuration Assessments. Discover Rogue Networks & Assets. Harden the Data Center. Data Sheet: Security Management Control Compliance
More informationSCAP for VoIP Automating Configuration Compliance. 6 th Annual IT Security Automation Conference
SCAP for VoIP Automating Configuration Compliance 6 th Annual IT Security Automation Conference Presentation Overview 1. The Business Challenge 2. Securing Voice over IP Networks 3. The ISA VoIP Security
More informationInfoSphere Governance Solutions Maximizing your Information Supply Chain
Kimberly Madia, IBM InfoSphere Product Marketing kmadia@us.ibm.com, 412-667-3256 InfoSphere Governance Solutions Maximizing your Information Supply Chain Information Management Version 2010.09.03 What
More informationIBM Security QRadar Vulnerability Manager
IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk
More informationSecurity compliance automation with Red Hat Satellite
Security compliance automation with Red Hat Satellite Matt Micene Solution Architect, DLT Solutions @cleverbeard @nzwulfin Created with http://wordle.net Compliance is a major problem About half of the
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationThe Emergence of Security Business Intelligence: Risk
The Emergence of Security Business Intelligence: Risk Management through Deep Analytics & Automation Mike Curtis Vice President of Technology Strategy December, 2011 Introduction As an industry we are
More informationSecurity of Cloud Computing for the Power Grid
ANNUAL INDUSTRY WORKSHOP NOVEMBER 12-13, 2014 Security of Cloud Computing for the Power Grid Industry Panel November 12, 2014 UNIVERSITY OF ILLINOIS DARTMOUTH COLLEGE UC DAVIS WASHINGTON STATE UNIVERSITY
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationINFORMATION SECURITY STRATEGIC PLAN
INFORMATION SECURITY STRATEGIC PLAN UNIVERSITY OF CONNECTICUT INFORMATION SECURITY OFFICE 4/20/10 University of Connecticut / Jason Pufahl, CISSP, CISM 1 1 MISSION STATEMENT The mission of the Information
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More informationSecurity management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.
Security management solutions White paper IBM Tivoli and Consul: Facilitating security audit and March 2007 2 Contents 2 Overview 3 Identify today s challenges in security audit and compliance 3 Discover
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationInformation & Asset Protection with SIEM and DLP
Information & Asset Protection with SIEM and DLP Keeping the Good Stuff in and the Bad Stuff Out Professional Services: Doug Crich Practice Leader Infrastructure Protection Solutions What s driving the
More informationMcAfee Database Security. Dan Sarel, VP Database Security Products
McAfee Database Security Dan Sarel, VP Database Security Products Agenda Databases why are they so frail and why most customers Do very little about it? Databases more about the security problem Introducing
More informationMaking Database Security an IT Security Priority
Sponsored by Oracle Making Database Security an IT Security Priority A SANS Whitepaper November 2009 Written by Tanya Baccam Security Strategy Overview Why a Database Security Strategy? Making Databases
More informationTop Five Database Security and Compliance Resolutions for 2008
Top Five Database Security and Compliance Resolutions for 2008 Speakers Michael Krieger, VP, Market Experts Group Ziff Davis Enterprise Rich Mogull, Founder Securosis Roxana Bradescu, Senior Product Director,
More informationWhite Paper. Managing Risk to Sensitive Data with SecureSphere
Managing Risk to Sensitive Data with SecureSphere White Paper Sensitive information is typically scattered across heterogeneous systems throughout various physical locations around the globe. The rate
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationBIO Safety - Tips For Maintaining Good Compliance
Using SIEM for Compliance Adrian Lane Security Strategist Securosis.com Overview SIM/SEM Introduction Compliance Initiatives Implementation Examples Tips Other Considerations Evolution of Terminology SIM
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationThreat and Vulnerability Management (TVM) Protecting IT assets through a comprehensive program. Chicago IIA/ISACA
www.pwc.com Vulnerability Management (TVM) Protecting IT assets through a comprehensive program Chicago IIA/ISACA 2 nd Annual Hacking Conference Introductions Paul Hinds Managing Director Cybersecurity
More informationSecuring and protecting the organization s most sensitive data
Securing and protecting the organization s most sensitive data A comprehensive solution using IBM InfoSphere Guardium Data Activity Monitoring and InfoSphere Guardium Data Encryption to provide layered
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationIBM Security. 2013 IBM Corporation. 2013 IBM Corporation
IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure
More informationSample Vulnerability Management Policy
Sample Internal Procedures and Policy Guidelines February 2015 Document Control Title: Document Control Number: 1.0.0 Initial Release: Last Updated: February 2015, Manager IT Security February 2015, Director
More informationClearSkies SIEM Security-as-a-Service (SecaaS) Infocom Security Athens April 2014
1 ClearSkies SIEM Security-as-a-Service (SecaaS) Infocom Security Athens April 2014 About the Presenters Ms. Irene Selia, Product Manager, ClearSkies SecaaS SIEM Contact: iselia@odysseyconsultants.com,
More informationViewfinity Privilege Management Integration with Microsoft System Center Configuration Manager. By Dwain Kinghorn
4 0 0 T o t t e n P o n d R o a d W a l t h a m, M A 0 2 4 5 1 7 8 1. 8 1 0. 4 3 2 0 w w w. v i e w f i n i t y. c o m Viewfinity Privilege Management Integration with Microsoft System Center Configuration
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationMaintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com
Maintaining PCI-DSS compliance Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Sessione di Studio Milano, 21 Febbraio 2013 Agenda 1 Maintaining PCI-DSS compliance
More informationPrevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management
Prevent cyber attacks. SEE what you are missing. See Your Network MAPS. Prevent cyber attacks. [RedSeal] is meeting our expectations and is playing an integral role as it feeds right into our overall risk
More informationNetIQ FISMA Compliance & Risk Management Solutions
N E T I Q C O M P L I A N C E S E R I E S NetIQ FISMA Compliance & Risk Management Solutions The Federal Information Security Management Act (FISMA) requires federal agencies to create and implement a
More informationwww.obrela.com Swordfish
Swordfish Web Application Firewall Web Application Security as a Service Swordfish Web Application Security provides an innovative model to help businesses protect their brand and online information, incorporating
More informationBoosting enterprise security with integrated log management
IBM Software Thought Leadership White Paper May 2013 Boosting enterprise security with integrated log management Reduce security risks and improve compliance across diverse IT environments 2 Boosting enterprise
More information8 Key Requirements of an IT Governance, Risk and Compliance Solution
8 Key Requirements of an IT Governance, Risk and Compliance Solution White Paper: IT Compliance 8 Key Requirements of an IT Governance, Risk and Compliance Solution Contents Introduction............................................................................................
More informationMetrics that Matter Security Risk Analytics
Metrics that Matter Security Risk Analytics Rich Skinner, CISSP Director Security Risk Analytics & Big Data Brinqa rskinner@brinqa.com April 1 st, 2014. Agenda Challenges in Enterprise Security, Risk
More informationSCAC Annual Conference. Cybersecurity Demystified
SCAC Annual Conference Cybersecurity Demystified Me Thomas Scott SC Deputy Chief Information Security Officer PMP, CISSP, CISA, GSLC, FEMA COOP Practitioner Tscott@admin.sc.gov 803-896-6395 What is Cyber
More informationInformation Technology Policy
Information Technology Policy Security Information and Event Management Policy ITP Number Effective Date ITP-SEC021 October 10, 2006 Category Supersedes Recommended Policy Contact Scheduled Review RA-ITCentral@pa.gov
More informationNIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT
NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a
More informationVirtualization Impact on Compliance and Audit
2009 Reflex Systems, LLC Virtualization Impact on Compliance and Audit Michael Wronski, CISSP VP Product Management Reflex Systems Agenda Introduction Virtualization? Cloud? Risks and Challenges? Compliance
More informationHow To Improve Nasa'S Security
DECEMBER 5, 2011 AUDIT REPORT OFFICE OF AUDITS NASA FACES SIGNIFICANT CHALLENGES IN TRANSITIONING TO A CONTINUOUS MONITORING APPROACH FOR ITS INFORMATION TECHNOLOGY SYSTEMS OFFICE OF INSPECTOR GENERAL
More informationTowards security management in the cloud utilizing SECaaS
Towards security management in the cloud utilizing SECaaS JAN MÉSZÁROS University of Economics, Prague Department of Information Technologies W. Churchill Sq. 4, 130 67 Prague 3 CZECH REPUBLIC jan.meszaros@vse.cz
More informationVulnerability management lifecycle: defining vulnerability management
Framework for building a vulnerability management lifecycle program http://searchsecurity.techtarget.com/magazinecontent/framework-for-building-avulnerability-management-lifecycle-program August 2011 By
More informationIntro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe
Intro to QualysGuard IT Risk & Asset Management Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe A Unified and Continuous View of ICT Security, Risks and Compliance
More informationBreaking down silos of protection: An integrated approach to managing application security
IBM Software Thought Leadership White Paper October 2013 Breaking down silos of protection: An integrated approach to managing application security Protect your enterprise from the growing volume and velocity
More informationADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT
ADDING NETWORK INTELLIGENCE INTRODUCTION Vulnerability management is crucial to network security. Not only are known vulnerabilities propagating dramatically, but so is their severity and complexity. Organizations
More informationIBM Rational AppScan: enhancing Web application security and regulatory compliance.
Strategic protection for Web applications To support your business objectives IBM Rational AppScan: enhancing Web application security and regulatory compliance. Are untested Web applications putting your
More informationWhite paper. Four Best Practices for Secure Web Access
White paper Four Best Practices for Secure Web Access What can be done to protect web access? The Web has created a wealth of new opportunities enabling organizations to reduce costs, increase efficiency
More informationSIEM Implementation Approach Discussion. April 2012
SIEM Implementation Approach Discussion April 2012 Agenda What are we trying to solve? Summary Observations from the Security Assessments related to Logging & Monitoring Problem Statement Solution Conceptual
More informationDatabase Security & Auditing
Database Security & Auditing Jeff Paddock Manager, Enterprise Solutions September 17, 2009 1 Verizon 2009 Data Breach Investigations Report: 285 million records were compromised in 2008 2 Agenda The Threat
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationHow To Get The Nist Report And Other Products For Free
National Institute of Standards and Technology (NIST) The Information Technology Lab Computer Security Division (893) Now What? What does NIST have for you to use and how do you get it? How do you contact
More informationIBM SECURITY QRADAR INCIDENT FORENSICS
IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise
More informationKey Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking
Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking SUMMARY The Payment Card Industry Data Security Standard (PCI DSS) defines 12 high-level security requirements directed
More informationNEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015
NEXPOSE ENTERPRISE METASPLOIT PRO Effective Vulnerability Management and validation March 2015 KEY SECURITY CHALLENGES Common Challenges Organizations Experience Key Security Challenges Visibility gaps
More informationWhy Add Data Masking to Your IBM DB2 Application Environment
Why Add Data Masking to Your IBM DB2 Application Environment dataguise inc. 2010. All rights reserved. Dataguise, Inc. 2201 Walnut Ave., #260 Fremont, CA 94538 (510) 824-1036 www.dataguise.com dataguise
More informationPenetration Testing Guidelines For the Financial Industry in Singapore. 31 July 2015
For the Financial Industry in Singapore 31 July 2015 TABLE OF CONTENT 1. EXECUTIVE SUMMARY 3 2. INTRODUCTION 4 2.1 Audience 4 2.2 Purpose and Scope 4 2.3 Definitions 4 3. REQUIREMENTS 6 3.1 Overview 6
More informationVulnerability Management. Information Technology Audit. For the Period July 2010 to July 2011
O L A OFFICE OF THE LEGISLATIVE AUDITOR STATE OF MINNESOTA FINANCIAL AUDIT DIVISION REPORT Vulnerability Management Information Technology Audit For the Period July 2010 to July 2011 May 22, 2012 Report
More informationEnterprise Database Security & Monitoring: Guardium Overview
Enterprise Database Security & Monitoring: Guardium Overview Phone: 781.487.9400 Email: info@guardium.com Guardium: Market-Proven Leadership Vision Enterprise platform for securing critical data across
More information