Ernie Hayden CISSP CEH Executive Consultant

Similar documents
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

THE EVOLUTION OF SIEM

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

11/27/2015. Cyber Risk as a Component of Business Risk: Communicating with the C-Suite. Conflict of interest. Learning Objectives

Security Intelligence

Using Monitoring, Logging, and Alerting to Improve ICS Security ICSJWG 2015 Fall Meeting October 27, 2015

Designing & Building a Cybersecurity Program. Based on the NIST Cybersecurity Framework (CSF)

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

Presented by Evan Sylvester, CISSP

Ernie Hayden CISSP CEH GICSP Executive Consultant

Report on CAP Cybersecurity November 5, 2015

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

A Primer on Cyber Threat Intelligence

Big Data and Security: At the Edge of Prediction

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3

Patch and Vulnerability Management Program

End-user Security Analytics Strengthens Protection with ArcSight

UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY

Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks

Defending Against Data Beaches: Internal Controls for Cybersecurity

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

Sorting out SIEM strategy Five step guide to full security information visibility and controlled threat management

Seven Strategies to Defend ICSs

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

Intelligence Driven Security

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

Defending against Cyber Attacks

WHITE PAPER: THREAT INTELLIGENCE RANKING

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Best Practices to Improve Breach Readiness

Stay ahead of insiderthreats with predictive,intelligent security

The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v

THE TOP 4 CONTROLS.

Changing the Enterprise Security Landscape

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Patching & Malicious Software Prevention CIP-007 R3 & R4

Goals. Understanding security testing

Cyber Security Incident Response High-level Maturity Assessment Tool

Cybersecurity and internal audit. August 15, 2014

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

7 Things All CFOs Should Know About Cyber Security

Data Driven Security Framework to Success

IoT & INFOSEC: A REPORT FROM THE TRENCHES - AGC IT Conference- July 2015 MIKE.ZUSMAN@CARVESYSTEMS.COM

The Future of the Advanced SOC

Service Description DDoS Mitigation Service

Critical Security Controls

Information Security solutions that protect your business

How To Protect Your Network From Attack

Continuous Network Monitoring

The Protection Mission a constant endeavor

Separating Signal from Noise: Taking Threat Intelligence to the Next Level

Network Security Landscape

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

Getting real about cyber threats: where are you headed?

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

SORTING OUT YOUR SIEM STRATEGY:

Attack Intelligence: Why It Matters

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

The Role of Security Monitoring & SIEM in Risk Management

Performing Advanced Incident Response Interactive Exercise

Windows Server 2003 End of Support. What does it mean? What are my options?

Overview Commitment to Energy and Utilities Robert Held Sr. Systems Engineer Strategic Energy August 2015

Is Your IT Environment Secure? November 18, Sarah Ackerman, Greg Bernard, Brian Matteson Clark Schaefer Consulting

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

KEY STEPS FOLLOWING A DATA BREACH

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

Average annual cost of security incidents

Network Security Monitoring

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

Defending Against Cyber Security Threats to the Payment and Banking Systems

Feeling safe? Try attending Internet security conference 22 April 2015, by By Brandon Bailey

Network Instruments white paper

The session is about to commence. Please switch your phone to silent!

Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013

Managing cyber risks with insurance

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

Cybersecurity Governance Update on New FFIEC Requirements

Analyzing HTTP/HTTPS Traffic Logs

IBM Security Strategy

Developing Secure Software in the Age of Advanced Persistent Threats

NYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011

NIST Cybersecurity Framework Impacting Your Company? April 24, 2014 Presented By Sheila FitzPatrick, NetApp Jeff Greene, Symantec Andy Serwin, MoFo

Targeted Intrusion Remediation: Lessons From The Front Lines. Jim Aldridge

Eliminating Cybersecurity Blind Spots

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

A Wake-Up Call? Fight Back Against Cybercrime. Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014

Healthcare Security: Improving Network Defenses While Serving Patients

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

Bring Your Own Internet of Things: BYO IoT

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

LogRhythm and NERC CIP Compliance

Building the Next Generation of Computer Security Professionals. Chris Simpson

The Importance of Cyber Threat Intelligence to a Strong Security Posture

Anatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow

This policy shall be reviewed at least annually and updated as needed to reflect changes to business objectives or the risk environment.

Transcription:

Ernie Hayden CISSP CEH Executive Consultant

The Old Paradigm The New Philosophies What to Do? Discussion, Q&A http://ptcdigitalworld.wikispaces.com/file/view/14.jpg/91941753/964x515/14.jpg

Herstmonceux Castle and Moat http://www.geograph.org.uk/photo/1530793

http://www.gutenberg.org/files/28742/28742- h/images/full_illus014.jpg

http://wallpoper.com/images/00/26/18/15/castles-architecture_00261815.jpg

Heartland Sony Sega WikiLeaks Etc. http://tinyurl.com/m8v73ev

Deborah Plunket NSA Information Assurance Directorate December 2010 (Note 1) computer systems must be built with the assumption that the adversaries will get in. Further: Most sophisticated attackers are going to go unnoticed on the NSA s networks http://www.forbes.com/fdc/welcome_mjx.shtml Note 1: http://www.eweek.com/c/a/security/nsa-assume-attackers- Will-Compromise-Networks-395027/

January 2011 Recognition that you have been or will be breached.and protect your systems and data accordingly. This approach is more realistic and allows for more flexibility in protection of highvalue assets. http://www.pwc.com/us/en/forensicservices/publications/are-youcompromised.jhtml

Mr. Kris Herrin, CTO, Heartland Payment Systems June 2011 the new approach by Heartland is to take all possible and practical steps to protect the data but they will assume the security systems and data can and have been breached. http://www.heartlandpaymentsystems.com/about-heartland/leadership-team/kris- Herrin

More companies every day are acknowledging that in order to survive in this new era of attacks we all have to accept the fact that the bad guys are in our network. Period. RSA CONFERENCE EUROPE 2012 LONDON, OCTOBER 9, 2012 http://www.emc.com/about/news/press/2012/20121009-03.htm http://www.emc.com/corporate/ emc-at-glance/execteam/heiser.htm

Kirk Bailey University of Washington CISO 2003 Introduced everyone to the idea of assumption of breach It is not a matter of if but when. http://events.nytimes.com/1999/12/13/tech nology/13kirk.1.jpg

The Assumption of Breach is a new philosophy vs. what we were taught in Security 101 or our CISSP classes. This Requires: Board-Level Support CEO Support Recognition that the Key Data is the focus http://searchsecurity.techtarget.com/tip/assumption-ofbreach-how-a-new-mindsetcan-help-protect-critical-data

Still Keep the Fortress Evidence of Due Care Recognize the Strainer Model Kirk Bailey Top 10 http://www.wiremeshdir.com/products/pasta_s trainer/3.jpg

1. Implement a Risk Management Framework Repeatable, Demonstrates Trends 2. Conduct Asset Profiling and Inventory Know Where Your Crown Jewels Are Separate Out Critical and Non-Critical Data 3. Prioritize Assets and Related Risk-Mitigation Efforts Focus on the Crown Jewels 4. Incident Response Roles and Communications Plans

5. Implement Aggressive Risk Transfer Programs Through Detailed Contracts and Insurance Underwriting 6. Establish and Sustain Active and Strategic Alliances Allows for Effective and Trusted Cross- Communications About Threats, Mitigation Schemes and Lessons Learned Include Trusted Vendors and Security Providers 7. Implement a Business Intelligence Program Include Dashboards and Situational Awareness

8. Establish Advanced Incident Response and Management Think and Look Outside the Normal Cyber Incident Response Practices Example: Phishing Attacks on Executives 9. Practice Strategic Isolation and Enclaving of: Critical Data Key Executives, Scientists, Knowledge Workers Limit Presence on Social Networks 10. Consider an Active Response Capability

Unusually heavy network traffic Out of disk space or significantly reduced free disk space Unusually high CPU usage Creation of new user accounts Attempted or actual use of administrator-level accounts Locked-out accounts Account in-use when the user is not at work Cleared log files Full log files with unusually large number of events Antivirus or IDS alerts Disabled antivirus software and other security controls Unexpected patch changes Machines connecting to outside IP addresses Requests for information about the system (social engineering attempts) Unexpected changes in configuration settings Unexpected system shutdown. http://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-82r1.pdf Pages 6-19 to 6-20

The new paradigm for utility information security: assume your security system has already been breached Asian Power Magazine http://asian-power.com/node/11144 Assumption of breach: How a new mindset can help protect critical data Search Security Magazine http://searchsecurity.techtarget.com/tip/a ssumption-of-breach-how-a-newmindset-can-help-protect-critical-data

Are you compromised but don t know it? PWC White Paper http://www.pwc.com/us/en/forensicservices/publications/are-youcompromised.jhtml New SCADA Security Reality: Assume a Security Breach Tofino Security Blog http://www.tofinosecurity.com/blog/newscada-security-reality-assume-securitybreach

Ernie Hayden CISSP CEH Executive Consultant Securicon, LLC 1321 La Forest Drive SE North Bend, WA 98045 Phone: 425-765-1400 Email: ernie.hayden@securicon.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information