Transcript Slide 1
Data Protection
Strategy
Bob Maley, CEO, Strategic CISO & former CISO, State of
Pennsylvania
Cyber Protection Strategy
Tactical or Strategic?
Vendor Driven
or business driven
Reactive
or proactive
StrategicCISO.com
The trouble is that criminals seem to be able
to stay one step ahead, and the lawabiding have to spend to much time trying
to catch up
– Nigel Phair, Cybercrime, The Reality of the Threat, page 178
StrategicCISO.com
Securing Endpoints?
Data wants to be free
What are your endpoints
Data classification
It’s what you don’t know you
don’t know that gets you
Email
Business Processes
Data transfers
StrategicCISO.com
It’s in the cloud already
Google
Amazon
Web Services
StrategicCISO.com
Security Trends – Current View
Governance Risk
and Compliance
Security Information and Event
Management
•
•
•
•
• User Policy Compliance
• Compliance Workflow and Reporting
• Remediation Workflow and Reporting
Alerts
Log Mgt
Event Correlation
Compliance Certification
Endpoint Suites
- CONFIDENTIAL -
Network UTM
Application
Security
StrategicCISO.com
Vulnerability
Management
[Other Point
Products]
Scanning (web and/or network) products identify potential weaknesses
– Data overload including false positives/negatives – not most critical threats
– Does not prove exploitability, limited-view point solution, single vector
IT-GRC gathers information to aggregate and report
– Mostly used for higher-level policy and governance with little “R”
SIEM aggregates real data, dash-boarding, drill-down, etc.
– SIM/SEM correlates and presents what has happened (via alert), but doesn’t tell
you if your defenses are working
– Operational data, not situational. Just incidents or log data from past events
Security Risk Mgmt is simulator/model
– Correlates scanned, imported and entered data to infer highest risk
vulnerabilities, doesn’t do actual testing
– Network only and works on models vs. a real test of the security
DLP detects and prevents transmission of confidential information
To date, the critical challenge of how to provide insight into actual risks
across multiple layers StrategicCISO.com
of infrastructure still remains!
Security – Future View
IT Security Management
Vendors: IBM, HP, Cisco, Computer Associates, Symantec, McAfee
Security Information and Event
Management
•
•
•
•
Alerts
Log Mgt
Event Correlation
Compliance Certification
Endpoint Suites
- CONFIDENTIAL -
Comprehensive
Security Test and Measurement
•Verify and Validate Security Controls
•Measure Real-world Threat Readiness
Governance Risk
and Compliance
• User Policy Compliance
• Compliance Workflow and Reporting
• Remediation Workflow and Reporting
•Measure Security Effectiveness
Network UTM
StrategicCISO.com
Application
Security
Vulnerability
Management
[Other Point
Products]
Know your Strategy
Cyber Strategy Musings
(WordPress)
The Key of Knowledge – Book 2
The second area of knowledge in
this key is “Knowing your
environment”.
By Extension – Know Your
Strategy
StrategicCISO.com
Your Guide
StrategicCISO.com
Key of Knowledge
What are your critical
business assets?
Data / Asset Classification
You can’t protect
everything
Focus on the most
important assets
StrategicCISO.com
Evaluate your existing controls
Anti-Virus and
Firewalls are not
enough
StrategicCISO.com
Evaluate your existing controls
Compliance Checklists are not enough
Network Solutions was PCI compliant
before breach
Angela Moscaritolo, July 27, 2009
Web hosting firm Network Solutions on Friday
announced that, despite its being PCI compliant, a
breach had compromised approximately 573,928
individuals' credit card information.
http://www.scmagazineus.com/network-solutionswas-pci-compliant-before-breach/article/140642/
StrategicCISO.com
Evaluate your existing controls
Layered Security – The Castle Model
StrategicCISO.com
Understand the threat
Report: Targeted Attacks Evolve, New Malware Variants Spike By 100 Percent
New Symantec Global Internet Threat Report shows evolution of targeted attacks,
prevalence of Web-borne attacks, increase in malware variants in 2009
Apr 20, 2010 By Kelly Jackson Higgins
DarkReading
The Symantec Global Internet Threat Report, which covers trends in
2009, says attackers are aggressively targeting employees' social
networking profiles to help target key personnel inside targeted
companies. Meanwhile, Web-based attacks targeting PDF views
accounted for half of all Web-based attacks last year, up from 11
percent in 2008.
And malware creation increased thanks to more automated tools,
according to Symantec, which says it identified more than 240
million new malware programs last year, a 100 percent increase
over 2008
http://www.darkreading.com/vulnerability_management/security/antivirus/showArticle.jhtml?articleID=224500064
Understand the threat
Insider Threats
StrategicCISO.com
Understand the Threat
Officials Scramble to Review Emerging Afghan War
Documents for 'Damage'
Published July 26, 2010 | FoxNews.com
U.S. government agencies have been bracing
for a deluge of thousands more classified
documents since the leak of helicopter cockpit
video of a 2007 firefight in Baghdad. That was
blamed on a U.S. Army intelligence analyst,
Spc. Bradley Manning, 22, of Potomac, Md. He
was charged with releasing classified
information this month. Manning had bragged
online that he downloaded 260,000 classified
U.S. cables and transmitted them to
Wikileaks.org.
http://www.foxnews.com/politics/2010/07/26/damage-control-leak-afghan-war-docs/
StrategicCISO.com
Understand the threat
Know your threat matrix
StrategicCISO.com
Develop your Risk Strategy
Determine your organizations risk
tolerance
Know your vulnerabilities
Understand how the threats apply
StrategicCISO.com
Develop your protection Strategy
Compliance requirements
Protect your valuable data
Put systems in place that protect your data as
it moves
Proactive intelligence on your environment
Discover your real vulnerabilities
Break the malware cycle
The barbarians will get in
StrategicCISO.com
Understand the overhead
Operationalize Security
Use Managed Services / Cloud Services
where practicable
Use automated systems
StrategicCISO.com
Complexity can break security
StrategicCISO.com
Understand your organization’s business need
Be an enabler of business
Connect to your Enterprise Risk
Management
Show how it affects the bottom line
StrategicCISO.com
Execute
Response and remediation
Robust Incident Response Plan
Response not react
Don’t merely remediate
StrategicCISO.com
Execute
Real time Protection
Find the barbarians that get past the gate
New Technologies
StrategicCISO.com
Execute - Test
StrategicCISO.com
Evaluate
Col. John Boyd’s OODA Loop
StrategicCISO.com
Evaluate
Metrics
INCREASING CYBER-SITUATIONAL
AWARENESS VIA ENTERPRISE METRICS
Core Security Technologies Blog
Today’s ferocious cybersecurity environment is dynamic. One
of the challenges that organizations, both public and private
sector, have encountered in attempting to mature their IT
security and risk management plans has been a lack of
methods to calculate truly relevant metrics that would allow for
them to better understand and benchmark their security
standing over time.
http://blog.coresecurity.com/2010/04/29/increasingcyber-situational-awareness-via-enterprise-level-metrics/
StrategicCISO.com
The Future of Data Protection
StrategicCISO.com
Questions
Contact Information
[email protected]