Atlantic Security Conference 2015 (AtlSecCon) Presentation on IT Security @UNB
-
Upload
david-shipley -
Category
Technology
-
view
86 -
download
0
Transcript of Atlantic Security Conference 2015 (AtlSecCon) Presentation on IT Security @UNB
What are we here to talk about?
uUNB’s titanic cyber security struggle
uUse threat intelligence for both tactical and strategic decisions
uMoving away from playing a losing game
My backgroundu Bachelor of Arts in Information and Communications
Studies (‘05) u Former Canadian Army reservist (armoured vehicle driver
& gunner) u Former reporter for the provincial newspaper u Former web content strategist for UNB Communications
& Marketing u Accidental IT Security professional and fortunate member
of an amazing team u Master of Business Administration (‘15)
The Security Action Team (SAT)
uProvides IT security leadership uFormulates, implements and
coordinates polices, plans and projects uIncident Response uAdvises IT security resourcing,
technologies, and community education.
About UNB
u North America’s oldest English public university (Est. 1785)
u 11,000 students
u 2,000 FTE Faculty and Staff
u Hybrid IT environment (centralized and decentralized)
In defence of “cybersecurity”
Officially, ISO/IEC 27032 addresses “Cybersecurity” or “Cyberspace security”, defined as the “preservation of confidentiality, integrity and availability of information in the Cyberspace”.
In turn “the Cyberspace” (complete with definite article) is defined as “the complex environment resulting from the interaction of people, software and services on the Internet by means of technology devices and networks connected to it, which does not exist in any physical form”.
Why are universities a target?
uWe we’re designed to be open (we’re easy)
uWe have a treasure trove of PII uWe have valuable intellectual property uWe have others valuable intellectual
property uWe are a route into more secure orgs
Our challenges
u We average between 83 and 55 attempts per second to breach our network (massively automated threats)
u We have more than 2.2 million security events daily on our network
u We have more than 500 offences weekly
u We have as many as 120 compromised endpoints a month (half of which are students)
u We are the ultimate BYOD environment
The cost of a breach
u$184 dollars on average per record in education, based on figures from a 2014 Ponemon Institute Study
Threat Intelligence Sources
uQRadar Security Inteligence Event Management (SIEM)
u Trend Micro Deep Discovery Malware detection tool
uKaspersky Anti-Virus Reporting System uGovernment, industry contacts and listservs u InfoSec News Sources and Social Media
UNB’s move to IT Risk Management
Day-to-day IT Operations
IT Security Operations
Threat Analysis, Policy & Procedure Development
IT Risk Management
Maturity
Iterative improvement model
Risk Management
IT Operations
Security Operations
Threat AnalysisPolicy &
Procedure Development
The Security Building Blocks
Operations Service Desk
Security Action Team
Communications:
Risk Management, Quality Assurance and Standards Development
Service Desk
uHelp Desk escalates threats to SAT
uAssists with user education
uDesktop Group helps harden end points and triage compromises
Operations
uSystems and Network monitoring, reporting of threats, ensuring patching and reporting policy or procedure compliance issues. Participates in incident response.
Communications
uAssists with development and execution of user awareness and culture change campaigns.
uAssists with developing and executing incident communications
Security and Operationsu Operations: Trying to keep the lights on
u IT Security: ensuring compliance with protective measures
u Critical to avoid ineffective communications. Security and Operations groups in IT have different goals and in some cases cultures. Critical to ensure alignment with overall IT Strategy
The cross-functional workflow
Client provides username and
password in phishing attempt
Help Desk or Level One advises + assists client
with safe password reset
IT Security initiates incident investigation
Operations staff engaged to assist with
log review / access checks
UNB Privacy Officer engaged in event of a potential data breach
Client advised of investigation,
encouraged to take awareness course
A harsh truth:
uSimply buying the latest and greatest big shiny security technology will not make your organization safer
Security Strategy Pillars
Security Strategy
IT Security PolicyData Governance
Security Architecture:Tools, People, Process
Culture Change:User Awareness +
Behaviour Change