The Future Is SECURITY THAT MAKES A DIFFERENCE. Overview of the 20 Critical Controls. Dr. Eric Cole



Similar documents
An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

THE TOP 4 CONTROLS.

Looking at the SANS 20 Critical Security Controls

The Protection Mission a constant endeavor

Wasting Money on the Tools? Automating the Most Critical Security Controls. Mason Brown Director, The SANS Institute

Critical Controls for Cyber Security.

Jumpstarting Your Security Awareness Program

Defending Against Data Beaches: Internal Controls for Cybersecurity

Solving the CIO s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

SANS Top 20 Critical Controls for Effective Cyber Defense

Information Technology Risk Management

Building a More Secure and Prosperous Texas through Expanded Cybersecurity

Independent Security Operations Oversight and Assessment. Captain Timothy Holland PM NGEN

Great Now We Have to Secure an Internet of Things. John Pescatore SANS Director, Emerging Security

Check Point and Security Best Practices. December 2013 Presented by David Rawle

Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

5 Steps to Advanced Threat Protection

Security Management. Keeping the IT Security Administrator Busy

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

White Paper: Consensus Audit Guidelines and Symantec RAS

SCAC Annual Conference. Cybersecurity Demystified

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

20 Critical Security Controls

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement... 2

Critical Security Controls

Assessing the Effectiveness of a Cybersecurity Program

PCI DSS AND THE TOP 20 CRITICAL SECURITY CONTROLS COMPARING SECURITY FRAMEWORKS SERIES

Twenty Critical Controls for Effective Cyber Defense: Consensus Audit Guidelines

Twenty Most Important Controls and Metrics for Effective Cyber Defense and Continuous FISMA Compliance Draft 1.0: February 23, 2009

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia

Top 20 Critical Security Controls

Leveraging SANS and NIST to Evaluate New Security Tools

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

Information Technology Control Framework in the Federal Government Considerations for an Audit Strategy

How To Secure Your System From Cyber Attacks

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Company Profile S Flores #205 San Antonio, TX

Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines (CAG)

Detect, Contain and Control Cyberthreats

Cybersecurity Health Check At A Glance

National Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement Exit Conference...

Cisco Advanced Services for Network Security

Data Security and Healthcare

The Cyber OODA Loop: How Your Attacker Should Help You Design Your Defense. Tony Sager The Center for Internet Security

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Security Controls in Service Management

Tuesday, August 19th Prevent, Detect, Respond: A Framework for Effective Cyber Defense Dr. Eric Cole, Fellow, SANS Institute

Technical Testing. Network Testing DATA SHEET

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

ABB s approach concerning IS Security for Automation Systems

Connect with Addressing Intelligence to Automate IPv6 Planning, Transition & Cyber Security

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Goals. Understanding security testing

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

MEMORANDUM. Date: October 28, Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.

McAfee Server Security

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

SECURITY CONSIDERATIONS FOR LAW FIRMS

External Supplier Control Requirements

Information Security and Risk Management

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

Cisco Security Optimization Service

RETHINKING CYBER SECURITY

NERC CIP VERSION 5 COMPLIANCE

Cyber Security Management

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

Professional Services Overview

Worldwide Security and Vulnerability Management Forecast and 2008 Vendor Shares

Improving Application and Privilege Management: Critical Security Controls Update

Cyber Essentials KAMI VANIEA 2

How To Prevent Hacker Attacks With Network Behavior Analysis

CyberNEXS Global Services

SECURITY. Risk & Compliance Services

The Business Case for Security Information Management

Obtaining Enterprise Cybersituational

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

OFFICE OF ENTERPRISE TECHNOLOGY SERVICES QUARTERLY REPORT ON

Minnesota State Community and Technical College Detroit Lakes Campus

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

RETHINKING CYBER SECURITY

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Increase insight. Reduce risk. Feel confident.

SOLUTION BRIEF. Next Generation APT Defense for Healthcare

Protecting critical infrastructure from Cyber-attack

Cybersecurity and internal audit. August 15, 2014

MONITORING AND VULNERABILITY MANAGEMENT PCI COMPLIANCE JUNE 2014

The SIEM Evaluator s Guide

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks

INFORMATION TECHNOLOGY ENGINEER V

The Role of Security Monitoring & SIEM in Risk Management

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

ForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002

Transcription:

The Future Is SECURITY THAT MAKES A DIFFERENCE Overview of the 20 Critical Controls Dr. Eric Cole

Introduction Security is an evolution! Understanding the benefit and know how to implement the 20 critical controls is key. The controls are prescriptive The controls can be automated

Is the World Safe?

Examples from the News PrivacyRights.org (updated weekly) Here are some that are reported (most are not) Just a small sample (organization/records breached): Heartland Payment Systems (130+ million 1/2009) Oklahoma Dept of Human Services (1 million 4/2009) Oklahoma Housing Finance Agency (225,000 4/2009) University of California (160,000 5/2009) Network Solutions (573,000 7/2009) U.S. Military Veterans Administration (76 million 10/2009) BlueCross BlueShield Assn. (187,000 10/2009)

Why is it Important? Government & private sector organizations are being attacked and compromised daily What we re doing today to defend systems is mostly not working! We are spending money defending against attacks that are not happening. We need priorities and a meta-view of the problem We need someone to take a stand and provide the industry with a set of real priorities for defense

Types of Computer Attacker Activities these Controls Are Designed to Help Thwart

Project Guiding Principles Defenses should focus on addressing the most common and damaging attack activities occurring today, and those anticipated in the near future. Enterprise environments must ensure consistent controls across an enterprise to effectively negate attacks.

Categories of Sub-Controls Quick Wins (QW) Improved Visibility and Attribution (Vis/Attrib) Hardened Configuration and Improved Information Security Hygiene (Config/Hygiene) Advanced (Adv)

Why are the Controls Important? Cyber security is complex and becoming even more complicated every day Organizations are being compromised, even after spending large portions of their budget on infosec CIOs & CISOs need prioritized controls to get the most return from their investment More controls rarely hurt, but how do we decide which controls to start with? It s critical that we have priorities!

Critical Controls: 15 + 5 1. Inventory of Authorized and Unauthorized Devices 2. Inventory of authorized and unauthorized software 3. Secure configurations for hardware and software on laptops, workstations, and servers 4. Secure configurations for network devices such as firewalls, routers, and switches 5. Boundary Defense

Critical Controls (2 of 4) 6. Maintenance, Monitoring and Analysis of Audit Logs 7. Application Software Security 8. Controlled Use of Administrative Privileges 9. Controlled Access Based On Need to Know 10. Continuous Vulnerability Assessment and Remediation

Critical Controls (3 of 4) 11. Account Monitoring and Control 12. Malware Defenses 13. Limitation and Control of Network Ports, Protocols, and Services 14. Wireless Device Control 15. Data Loss Prevention

Critical Controls (4 of 4) 16. Secure Network Engineering 17. Penetration Tests and Red Team Exercises 18. Incident Response Capability 19. Data Recovery Capability 20. Security Skills Assessment and Appropriate Training To Fill Gaps

Future Evolution of the Controls The controls are meant as a living document New updates come up periodically based on new threat and attack patterns While the document might change, the core controls represent a solid start and critical foundation to build a security program on The principles of the controls are sound and represent a clear path for automation and keeping pace or staying ahead of the threats

Critical Controls Summary Most organizations are not aware of what is happening on their network Many organizations do not have enough staff to tackle all of the difficult problems The critical controls provides a focused approach for automating and better understanding the areas that organizations need to focus on to increase their overall security. For more information on the CAG please reference: http://www.sans.org/critical-security-controls/

THANK YOU for your time Dr. Eric Cole is an industry-recognized security expert with over 20 years of hands-on experience. Cole currently performs leading-edge security consulting and works in research and development to advance the state of the art in information systems security. Cole has experience in information technology with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. Cole has a master's degree in computer science from NYIT and a PhD from Pace University with a concentration in information security. Dr. Cole is the author of several books, including Hackers Beware, Hiding in Plain Site, Network Security Bible, and Insider Threat. He is the inventor of over 20 patents and is a researcher, writer, and speaker. He is also a member of the Commission on Cyber Security for the 44th President and several executive advisory boards. Dr. Cole is founder of Secure Anchor Consulting in which he provides state of the art security services and expert witness work. Cole is actively involved with the SANS Technology Institute (STI) and SANS working with students, teaching, and maintaining and developing courseware. He is a SANS faculty fellow and course author. Dr. Eric Cole Twitter: drericcole ecole@secureanchor.com eric@sans.org

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information