Transcript Slide 1
Data Protection Strategy Bob Maley, CEO, Strategic CISO & former CISO, State of Pennsylvania Cyber Protection Strategy Tactical or Strategic? Vendor Driven or business driven Reactive or proactive StrategicCISO.com The trouble is that criminals seem to be able to stay one step ahead, and the lawabiding have to spend to much time trying to catch up – Nigel Phair, Cybercrime, The Reality of the Threat, page 178 StrategicCISO.com Securing Endpoints? Data wants to be free What are your endpoints Data classification It’s what you don’t know you don’t know that gets you Email Business Processes Data transfers StrategicCISO.com It’s in the cloud already Google Amazon Web Services StrategicCISO.com Security Trends – Current View Governance Risk and Compliance Security Information and Event Management • • • • • User Policy Compliance • Compliance Workflow and Reporting • Remediation Workflow and Reporting Alerts Log Mgt Event Correlation Compliance Certification Endpoint Suites - CONFIDENTIAL - Network UTM Application Security StrategicCISO.com Vulnerability Management [Other Point Products] Scanning (web and/or network) products identify potential weaknesses – Data overload including false positives/negatives – not most critical threats – Does not prove exploitability, limited-view point solution, single vector IT-GRC gathers information to aggregate and report – Mostly used for higher-level policy and governance with little “R” SIEM aggregates real data, dash-boarding, drill-down, etc. – SIM/SEM correlates and presents what has happened (via alert), but doesn’t tell you if your defenses are working – Operational data, not situational. Just incidents or log data from past events Security Risk Mgmt is simulator/model – Correlates scanned, imported and entered data to infer highest risk vulnerabilities, doesn’t do actual testing – Network only and works on models vs. a real test of the security DLP detects and prevents transmission of confidential information To date, the critical challenge of how to provide insight into actual risks across multiple layers StrategicCISO.com of infrastructure still remains! Security – Future View IT Security Management Vendors: IBM, HP, Cisco, Computer Associates, Symantec, McAfee Security Information and Event Management • • • • Alerts Log Mgt Event Correlation Compliance Certification Endpoint Suites - CONFIDENTIAL - Comprehensive Security Test and Measurement •Verify and Validate Security Controls •Measure Real-world Threat Readiness Governance Risk and Compliance • User Policy Compliance • Compliance Workflow and Reporting • Remediation Workflow and Reporting •Measure Security Effectiveness Network UTM StrategicCISO.com Application Security Vulnerability Management [Other Point Products] Know your Strategy Cyber Strategy Musings (WordPress) The Key of Knowledge – Book 2 The second area of knowledge in this key is “Knowing your environment”. By Extension – Know Your Strategy StrategicCISO.com Your Guide StrategicCISO.com Key of Knowledge What are your critical business assets? Data / Asset Classification You can’t protect everything Focus on the most important assets StrategicCISO.com Evaluate your existing controls Anti-Virus and Firewalls are not enough StrategicCISO.com Evaluate your existing controls Compliance Checklists are not enough Network Solutions was PCI compliant before breach Angela Moscaritolo, July 27, 2009 Web hosting firm Network Solutions on Friday announced that, despite its being PCI compliant, a breach had compromised approximately 573,928 individuals' credit card information. http://www.scmagazineus.com/network-solutionswas-pci-compliant-before-breach/article/140642/ StrategicCISO.com Evaluate your existing controls Layered Security – The Castle Model StrategicCISO.com Understand the threat Report: Targeted Attacks Evolve, New Malware Variants Spike By 100 Percent New Symantec Global Internet Threat Report shows evolution of targeted attacks, prevalence of Web-borne attacks, increase in malware variants in 2009 Apr 20, 2010 By Kelly Jackson Higgins DarkReading The Symantec Global Internet Threat Report, which covers trends in 2009, says attackers are aggressively targeting employees' social networking profiles to help target key personnel inside targeted companies. Meanwhile, Web-based attacks targeting PDF views accounted for half of all Web-based attacks last year, up from 11 percent in 2008. And malware creation increased thanks to more automated tools, according to Symantec, which says it identified more than 240 million new malware programs last year, a 100 percent increase over 2008 http://www.darkreading.com/vulnerability_management/security/antivirus/showArticle.jhtml?articleID=224500064 Understand the threat Insider Threats StrategicCISO.com Understand the Threat Officials Scramble to Review Emerging Afghan War Documents for 'Damage' Published July 26, 2010 | FoxNews.com U.S. government agencies have been bracing for a deluge of thousands more classified documents since the leak of helicopter cockpit video of a 2007 firefight in Baghdad. That was blamed on a U.S. Army intelligence analyst, Spc. Bradley Manning, 22, of Potomac, Md. He was charged with releasing classified information this month. Manning had bragged online that he downloaded 260,000 classified U.S. cables and transmitted them to Wikileaks.org. http://www.foxnews.com/politics/2010/07/26/damage-control-leak-afghan-war-docs/ StrategicCISO.com Understand the threat Know your threat matrix StrategicCISO.com Develop your Risk Strategy Determine your organizations risk tolerance Know your vulnerabilities Understand how the threats apply StrategicCISO.com Develop your protection Strategy Compliance requirements Protect your valuable data Put systems in place that protect your data as it moves Proactive intelligence on your environment Discover your real vulnerabilities Break the malware cycle The barbarians will get in StrategicCISO.com Understand the overhead Operationalize Security Use Managed Services / Cloud Services where practicable Use automated systems StrategicCISO.com Complexity can break security StrategicCISO.com Understand your organization’s business need Be an enabler of business Connect to your Enterprise Risk Management Show how it affects the bottom line StrategicCISO.com Execute Response and remediation Robust Incident Response Plan Response not react Don’t merely remediate StrategicCISO.com Execute Real time Protection Find the barbarians that get past the gate New Technologies StrategicCISO.com Execute - Test StrategicCISO.com Evaluate Col. John Boyd’s OODA Loop StrategicCISO.com Evaluate Metrics INCREASING CYBER-SITUATIONAL AWARENESS VIA ENTERPRISE METRICS Core Security Technologies Blog Today’s ferocious cybersecurity environment is dynamic. One of the challenges that organizations, both public and private sector, have encountered in attempting to mature their IT security and risk management plans has been a lack of methods to calculate truly relevant metrics that would allow for them to better understand and benchmark their security standing over time. http://blog.coresecurity.com/2010/04/29/increasingcyber-situational-awareness-via-enterprise-level-metrics/ StrategicCISO.com The Future of Data Protection StrategicCISO.com Questions Contact Information [email protected]