The Path Ahead for Security Leaders

Similar documents
Advanced Threat Protection with Dell SecureWorks Security Services

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Cyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

CORE Security and GLBA

Gaining the upper hand in today s cyber security battle

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Cyber Security and the Board of Directors

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Attack Intelligence: Why It Matters

IBM Security QRadar Risk Manager

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

McAfee epolicy Orchestrator

Security and Privacy Trends 2014

Application Security 101. A primer on Application Security best practices

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

Cybersecurity: Mission integration to protect your assets

Cisco Security Optimization Service

Technical Testing. Network Testing DATA SHEET

RETHINKING CYBER SECURITY

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v

Carbon Black and Palo Alto Networks

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector

Some Thoughts on the Future of Cyber-security

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue.

Defense Security Service

Cisco SAFE: A Security Reference Architecture

Microsoft s cybersecurity commitment

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Application Security in the Software Development Lifecycle

Address C-level Cybersecurity issues to enable and secure Digital transformation

Cyber Watch. Written by Peter Buxbaum

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Secure by design: taking a strategic approach to cybersecurity

future data and infrastructure

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director

Cyber threat intelligence and the lessons from law enforcement. kpmg.com.au

Leveraging Network and Vulnerability metrics Using RedSeal

Enterprise Security Platform for Government

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape

Defending Against Data Beaches: Internal Controls for Cybersecurity

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

Technical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments

Five Key Outcomes of Social CRM

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

Security Technology Vision 2016: Empowering Your Cyber Defenders to Enable Digital Trust Executive Summary

Stay ahead of insiderthreats with predictive,intelligent security

Cyber Information-Sharing Models: An Overview

HP Fortify Software Security Center

Cybersecurity and internal audit. August 15, 2014

I D C A N A L Y S T C O N N E C T I O N

Your asset is your business. The more challenging the economy, the more valuable the asset becomes. Decisions are magnified. Risk is amplified.

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

Redefining Incident Response

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

Building a Business Case:

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

PENETRATION TESTING GUIDE. 1

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks

THE SECURITY EXECUTIVE S GUIDE TO A SECURE INBOX. How to create a thriving business through trust

Microsoft Services Premier Support. Security Services Catalogue

Defending Against Cyber Attacks with SessionLevel Network Security

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

SOLUTION BRIEF. Next Generation APT Defense for Healthcare

A NEW APPROACH TO CYBER SECURITY

Obtaining Enterprise Cybersituational

Cyber Security Management

HP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

Breaking the Cyber Attack Lifecycle

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity

PCI DSS Top 10 Reports March 2011

Leveraging a Maturity Model to Achieve Proactive Compliance

Cybersecurity Awareness for Executives

Zak Khan Director, Advanced Cyber Defence

Things To Do After You ve Been Hacked

Implement a unified approach to service quality management.

Solutions Brochure. Security that. Security Connected for Financial Services

How To Protect Your Organization From Insider Threats

Protecting against cyber threats and security breaches

White Paper. Emergency Incident Response: 10 Common Mistakes of Incident Responders

Transcription:

The Path Ahead for Security Leaders Executive Summary What You Will Learn If you asked security leaders five years ago what their primary focus was, you would likely get a resounding: securing our operations. However, with the increased spotlight on cybersecurity and its influence on business growth and strategy, the security leader role has rapidly evolved from an operational focus to a balance of assessing and influencing business strategy while maintaining a strong security posture. In this white paper we will discover what the evolving path ahead for security leaders looks like, the importance of communication from top to bottom, focusing on how proactive measures can stop threat actors from derailing businesses, and how building a security architecture that protects the most critical assets will support the overall goals of an organization.» How successful security leaders must balance their focus on both business strategy and security operations.» Proactive communication from top to bottom promotes clarity of goals and checks and balances across organizations.» How proactive measures can stop threat actors earlier in the Kill Chain.» Building a security architecture that supports the busines starts with understanding what data is most critical. Who Should Read This White Paper» Board of Directors» C-Suite» CISO/CSOs» Directors of Security By linking your identity to business value rather than limiting it to technology subject matter expertise, the security leaders of today can earn a strategic role on the executive teams of tomorrow.

The Path Ahead for Security Leaders As security becomes a business-critical issue in addition to an IT challenge, the role of the security leader is crossing traditional boundaries between day-to-day security operations into evaluating and implementing transformational business change. Security leaders have a delicate balance ahead of them, staying technically focused while assessing the risk appetite of the company in relation to its business goals. The prevalence of high-profile breaches reported by media just last year has raised visibility and priorities related to security for organizations across industries, as well as with boards of directors. The growth in cyber threats and the creative approaches to exploits requires keeping your eyes on two key areas: the evolution of business goals and the ongoing IT security operations. The path ahead for security leaders merges the worlds of business strategy and security operations. This requires finesse, but when achieved can enable the effective development and line of communication required to transform a company. As security leaders manage to keep their eyes on both priorities, a platform for business growth is established with the backing of a solid security posture that mitigates risk. Abnormal business churn rates over the past 3 years following a security breach. 3.3% 3.4% 2.8% 2013 2014 2015 Eyes on the Business: Proactive communication top to bottom To successfully move into the future, security leaders will need to shift from a narrow focus on technology and solutions to a broader business focus by acquiring the skills necessary to communicate effectively with the executive team and board. They will also need to be adept at building the business case for security as a critical and integral component of business strategy. With the ability to approach security as a business challenge, rather than an IT mandate, security leaders can win alignment with business executives who relate to the business in terms of winning, retaining, and serving customers. Any communications with the board should be packaged appropriately and transferred from the top down. Objectives and strategy articulated from the top help to drive clarity of goals and purpose on all levels. Allowing for open lines of communication both vertically and horizontally promotes checks and balances that enable all parties to be heard. As the ambassador between the board and the IT security practice it is critical for the security leader to maintain the delicate balance of the technical security standards and the strategic business vision. Gaining the respect of all parties from top to bottom requires the shift from reactive to proactive management. Organizational fire drills diminish confidence and cause anxiety across the organization on all levels. Ensuring plans are in place, all personnel are trained, and communication that has a cadence builds a framework which clears the clutter and opens the eyes and ears of the parties security leaders need to influence. While the basis for cyber security is IT, the way in which it is perceived, respected and acted upon within the organization will increasingly rely on a security leader s ability to tie it to business objectives and enabling the safe pursuit of those business objectives. The ability to do so relies on obtaining the resources necessary to approach security in three dimensions: with people, process and technology. Without any one of those elements, the three legs that hold up the stool that s the core of security will break. People are both the strongest and weakest link in the security posture. Processes help to strengthen them and the technology supports their ability to resist threats and defend the organization when threat actors strike.

Eyes on Security Operations: Security Posture, Visibility and the Kill Chain Cyber criminals will never go away. They will continue to look for new ways to infiltrate systems and steal personal data. Keeping track of the latest threats, new pieces of malware, and latest compliance requirements will always be a key focus area for security leaders. Understanding that cyber criminals operate with processes and procedures similar to legitimate business entities is the first piece of the puzzle. The Kill Chain is a documented methodology that explains a threat actor s process. Learning this process even though each incident will have variables enables security leaders to take a strategic approach to defend, resist, and respond to disrupt the threat actor s progress toward acting on their objectives. Finally, the threat actor must be eradicated from your environment. The growth in cyber threats and the creative approaches to exploits requires keeping your eyes on two key areas: the evolution of business goals and the ongoing IT security operations. Understanding the process threat actors pursue allows security leaders to overlay security posture to stop the threat actor earlier in the Kill Chain. Developing this capability requires specific resources and activities, including: Identifying the critical information that s at risk within your company, where it lives and who has access to it including third parties Putting the right people, processes and technology in place to mount a defense Reacting swiftly to remove identified vulnerabilities Identifying threat actors, their capabilities and how they plan to exploit the company s data Conducting continuous assessments of the environment to enable timely response and resistance Know your adversaries and their methods Eradicate actor presence and remove the threat Development Delivery Installation Action on Objective Target Defined Objective Met Recon Weaponization Exploitation Command & Control Detect threat activity earlier in the kill chain Disrupt the kill chain and stop the attack Figure 1: The Kill Chain with Security Posture Overlay

As you can see in Figure 1 above, knowing your adversaries and identifying what they re after provides ample opportunity at the beginning of the Kill Chain to detect and disrupt threat actors earlier before damage can be inflicted. With the capabilities above in place, the security team is better able to understand the threat actors targeting the company, know what data they are after and how they may go after it. This insight can be used to detect activity earlier in the Kill Chain. The level of visibility into the operations and security of systems, networks, and assets is critical to Many organizations pursue compliance as the path to security. This is a flawed assumption. A healthy number of the companies with breaches you see in the headlines meet compliancy requirements. the ability of the security team to detect threat activity from both behind and in front of the firewall. Disrupting the threat actor earlier in the Kill Chain relies on this visibility, as well as the expertise deployed to monitor and address threats in real time. Maintaining a reactive stance, rather than taking a proactive approach to security, is what causes organizations to find threats later in the Kill Chain. Being reactive wastes valuable time when organizations must scramble to bring in experts after the fact to determine root cause and eradicate the threat. A proactive and purposeful approach that provides visibility into security gaps will help eliminate the chaos that is the constant companion to a data breach. Visibility across your environment requires understanding your network architecture. This also includes the architecture of your third party partners. The relationship you establish with any external vendor must be structured and governed. Successful security leaders ensure proper documentation of the relationship with the vendor on the front end is above and beyond the necessary legal documentation. In addition to keeping tabs on third parties, leveraging technology to provide automated insight into your network can help accelerate response capabilities when a breach occurs. Investing in capabilities that monitor networks and endpoints for signs of advanced threat actor activity can provide early detection or detailed information on the threat allowing you to take actionable next steps at containing and eradicating the threat actor. A breach is a when, not if event. It is critical that security leaders have a documented security incident response plan in place detailing roles and responsibilities across the organization, and that the plan is tested regularly to ensure effectiveness. Once the attack has been verified and the root cause has been identified, security leaders will need to determine the most effective and expedient way to break the Kill Chain, or remediate the issue. This decision is not trivial and requires input from senior management, legal counsel, and based on materiality likely law enforcement, government, and the board of directors. Building a Security Architecture that Supports the Business While it s true that the level of resources available for security architecture are often different based on the size of the company, this shouldn t be the determining factor for how your organization approaches cyber security. Nor is it strategic to implement incremental security enhancements that don t tackle the broader issues associated with the overall information security threat or business goals. As mentioned above, developing adequate security defenses is not solely about technology, but must include people and process. Performing a risk assessment that determines which data is the most critical to sustaining your business model and then identifying the threat actors that are targeting your organization is the starting point. Many organizations pursue compliance as the path to security. This is a flawed assumption. A healthy number of the companies with breaches you see in the headlines meet compliancy requirements.

Once armed with knowledge about your key data and the threat actors that may target your organization, a security assessment can help to determine where vulnerabilities exist. Prioritizing those vulnerabilities based on an assessment of the organization s risk appetite will help to determine the actions taken to mitigate the most pernicious risk. In addition, consider goals that security should produce, such as compliance, in order to develop a comprehensive and practical defense strategy. Only with this information in hand can a security architecture that includes the appropriate people, technology and processes be designed specifically to protect the unique attributes of the business. Whether the organization is an SMB or enterprise, the priorities identified during these assessments will ensure that as the architecture is built, the choices made will evolve in a proactive approach to a strategic defense. Conclusion The Path Won t Be Easy, but it Will Be Worthwhile The security leader s role is evolving. The skillsets needed are expanding to straddle both IT and the business. If you want to manage the whole strategy instead of taking the role of a technical expert brought in only to advise on technology, the time to start developing business acumen has arrived. Security leaders have the opportunity to establish business value by taking active roles in information management, risk management, brand protection, third-party relationship management, as well as to pursue roles other than those related strictly to technology. By linking your identity to business value rather than limiting it to technology subject matter expertise, the security leaders of today can earn a strategic role on the executive teams of tomorrow. For more information, call (877) 838-7947 to speak to a Dell SecureWorks security specialist. www.secureworks.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information