Dr. Samuel Liles - Selil and SV...
Transcript of Dr. Samuel Liles - Selil and SV...
![Page 1: Dr. Samuel Liles - Selil and SV Eotiselil.com/wp-content/uploads/2016/04/Metrics_of_Precision_For...Dr. Samuel Liles Caveat: ... • Identifies cybersecurity best practices ... (2004,](https://reader034.fdocuments.in/reader034/viewer/2022051802/5aeb860e7f8b9a90318d2527/html5/thumbnails/1.jpg)
Metricsofprecisionforleadersofsecurity
programsDr.SamuelLiles
Caveat:Thesearemyviews,youcanhaveyourownviews,butthesearemine.Myemployerscurrentandprevioushaveviews,andopinionstoo.Thesearenottheirviews,opinions,orotherwise.I’mhererepresenting thedisciplineofinformationsecurityasappliedtonationalsecurity.Iamnotrepresentinganyagency,organization,orentity.Otherthanmyself.
![Page 2: Dr. Samuel Liles - Selil and SV Eotiselil.com/wp-content/uploads/2016/04/Metrics_of_Precision_For...Dr. Samuel Liles Caveat: ... • Identifies cybersecurity best practices ... (2004,](https://reader034.fdocuments.in/reader034/viewer/2022051802/5aeb860e7f8b9a90318d2527/html5/thumbnails/2.jpg)
Agenda• Goal:Givereasonable,actionable,andrealisticmetricsforsecurityofanenterpriseforseniorleaders
• Scope:ThereisFISMA,FITARAandvariousothercompliancedrills.Thisisnotaboutthose
• Topics:Risk,vulnerabilities,investment,workforce,policy
Complianceisnotsecurity.Manyorganizationshavebeenfullycompliantandbreached.Complianceisaboutmeetingrequirements.Securityisaboutbeingfreefromdangerorthreat.Compliancecanbedemonstratedwhereassecurityisaprocessthatincludesadaptionandinnovationbeyondcompliancetorequirements.Requirementshavetobedescribedanddefinedbeforetheycanbecompelled.• http://blog.kaseya.com/blog/2014/09/03/home-depot-yet-another-retail-breach/
• https://pciguru.wordpress.com/2011/08/30/compliance-is-not-security-%E2%80%93-busted/
• http://www.csoonline.com/article/2995924/data-protection/compliant-does-not-equal-protected-our-false-sense-of-security.html
• https://www.schneier.com/essays/archives/2000/04/the_process_of_secur.html
4/28/16 UNCLASSIFIED 2
![Page 3: Dr. Samuel Liles - Selil and SV Eotiselil.com/wp-content/uploads/2016/04/Metrics_of_Precision_For...Dr. Samuel Liles Caveat: ... • Identifies cybersecurity best practices ... (2004,](https://reader034.fdocuments.in/reader034/viewer/2022051802/5aeb860e7f8b9a90318d2527/html5/thumbnails/3.jpg)
Partiallybasedon:Ryan,JulieJ.C.H.andDanielJ.Ryan,PerformanceMetricsforInformationSecurityRiskManagement,IEEESecurityandPrivacy,vol.6no.5,Sep/Oct2008,pp.38-44
4/28/16 UNCLASSIFIED 3
![Page 4: Dr. Samuel Liles - Selil and SV Eotiselil.com/wp-content/uploads/2016/04/Metrics_of_Precision_For...Dr. Samuel Liles Caveat: ... • Identifies cybersecurity best practices ... (2004,](https://reader034.fdocuments.in/reader034/viewer/2022051802/5aeb860e7f8b9a90318d2527/html5/thumbnails/4.jpg)
CybersecurityforExecutives:APracticalGuide1stEdition• GregoryJ.Touhill• C.JosephTouhillFromAmazon.com: Practicalguidethatcanbeusedbyexecutivestomakewell-informeddecisionsoncybersecurityissuestobetterprotecttheirbusinessEmphasizes,inadirectanduncomplicatedway,howexecutivescanidentify,understand,assess,andmitigaterisksassociatedwithcybersecurityissues• Covers'WhattoDoWhenYouGetHacked?'includingBusinessContinuityandDisasterRecoveryplanning,PublicRelations,LegalandRegulatoryissues,andNotificationsandDisclosures
• ProvidesstepsforintegratingcybersecurityintoStrategy;PolicyandGuidelines;ChangeManagementandPersonnelManagement
• Identifiescybersecuritybestpracticesthatexecutivescanandshouldusebothintheofficeandathometoprotecttheirvitalinformation
(2014)Touhill,G.,Touhill C.J.,Cybersecurityforexecutives:ApracticalGuide,Wiley,IAChE4/28/16 UNCLASSIFIED 4
![Page 5: Dr. Samuel Liles - Selil and SV Eotiselil.com/wp-content/uploads/2016/04/Metrics_of_Precision_For...Dr. Samuel Liles Caveat: ... • Identifies cybersecurity best practices ... (2004,](https://reader034.fdocuments.in/reader034/viewer/2022051802/5aeb860e7f8b9a90318d2527/html5/thumbnails/5.jpg)
Measure1: HowVulnerableAreOurSystems?Purpose:IdentifyriskassociatedwithknownvulnerabilitiesMeasure1A:Numberofunpatchedknownvulnerabilities
• Whattomeasure:High,Medium,andLowvulnerabilitiesfromtheCVElist. HighvulnerabilitiesiswhatexecutivesintheC-suiteworryaboutandarewhereyouaremostvulnerable.
• Whentomeasure:Subordinatesshouldbelookingatthiscontinuously(seeDHSContinuousDiagnostics&MitigationeffortfortheUSgovernment)mostexecutivesshouldbelookingatthisatleastmonthly.Well-informedboardsandC-suitesshouldseethisatleastquarterly
• Whymeasure:Badactorsviewexploitationofknownvulnerabilitiesaslow-hangingfruittobeplucked. Properlypatchedandconfiguredsystemsarenotattractivetargets.
• Decisionsthismeasuredrives:Accept,mitigate,avoid,ortransferrisk. Forexample,fixingthehighvulnerabilitieswithinarecommendedtimeframe,addressmediumsasresourcespermit,andacceptlowvulnerabilitiesastheenvironmentdictates. Seniorsshouldknowwhereriskexistsanddictatetheriskappetite,notthetechnicians. Showingstaffcapacitytoaddressmeasures1Aand1BwillgarnerC-suitesupporttoinvestinreinforcements/augmentationto “buydown”risk.
V
(2014)Touhill,G.,Touhill C.J.,Cybersecurityforexecutives:ApracticalGuide,Wiley,IAChE
4/28/16 UNCLASSIFIED 5
![Page 6: Dr. Samuel Liles - Selil and SV Eotiselil.com/wp-content/uploads/2016/04/Metrics_of_Precision_For...Dr. Samuel Liles Caveat: ... • Identifies cybersecurity best practices ... (2004,](https://reader034.fdocuments.in/reader034/viewer/2022051802/5aeb860e7f8b9a90318d2527/html5/thumbnails/6.jpg)
MITRECVE:Data1999-2011
V
4/28/16 UNCLASSIFIED 6
1020
4638
6612
Younan,Y.(2013).25YearsofVulnerabilities:1988-2012.SourcefireVulnerabilityResearchTeam.
Dataset:BlackBeltCyberProject,2011-2012
![Page 7: Dr. Samuel Liles - Selil and SV Eotiselil.com/wp-content/uploads/2016/04/Metrics_of_Precision_For...Dr. Samuel Liles Caveat: ... • Identifies cybersecurity best practices ... (2004,](https://reader034.fdocuments.in/reader034/viewer/2022051802/5aeb860e7f8b9a90318d2527/html5/thumbnails/7.jpg)
DataderivedfromMITRECVEdatabase.
V
4/28/16 UNCLASSIFIED 7
Arora,A.,Krishnan, R.,Nandkumar,A.,Telang,R.,&Yang,Y.(2004,May).Impactofvulnerabilitydisclosureandpatchavailability-anempiricalanalysis.InThirdWorkshopontheEconomicsofInformationSecurity (Vol.24,pp.1268-1287).
McQueen,M.A.,McQueen,T.A.,Boyer,W.F.,&Chaffin,M.R.(2009,January).Empiricalestimatesandobservationsof0dayvulnerabilities.InSystemSciences,2009.HICSS'09.42ndHawaiiInternationalConferenceon (pp.1-12).IEEE.
1)In2006approximately2500zerodaysinexistenceonanygivenday2)Averagelifespanfromcreationtopatch169days3)ChangesovertimetotheCVEdatabase(backlog,prioritization,exclusion)tendtoinaccuratelyskewpredictiveestimates(downwards!)
![Page 8: Dr. Samuel Liles - Selil and SV Eotiselil.com/wp-content/uploads/2016/04/Metrics_of_Precision_For...Dr. Samuel Liles Caveat: ... • Identifies cybersecurity best practices ... (2004,](https://reader034.fdocuments.in/reader034/viewer/2022051802/5aeb860e7f8b9a90318d2527/html5/thumbnails/8.jpg)
Measure1B:Amountofout-of-datesoftware• Whattomeasure:Numberofsystems(e.g.servers,clients,andmobiledevices)whosesoftwareisnotconfiguredwiththelatestversion
• Whentomeasure:Sameas1Aabove• Whymeasure:Similarto1A. Properlypatchedandconfiguredsoftwaregenerallyhasbettersecuritycontrolsthanpreviousversions
• Decisionsthismeasuredrives:Accept,mitigate,avoid,ortransferrisk. Aswith1A,out-of-datesoftwarehasbecomeatargetofchoiceforbadactors.Whilehavingaplantokeepyoursoftwareup-to-datewiththelatestversionsisimportant(andrecommended),runningout-of-datesoftwareoftenmakessenseforsomeorganizationsaslongastheyhavecompensatingcontrolsinplace. KnowingtheriskandarticulatingittoyourboardandC-suiteinamannertheyunderstandiscriticallyimportant.
V
(2014)Touhill,G.,Touhill C.J.,Cybersecurityforexecutives:ApracticalGuide,Wiley,IAChE
4/28/16 UNCLASSIFIED 8
![Page 9: Dr. Samuel Liles - Selil and SV Eotiselil.com/wp-content/uploads/2016/04/Metrics_of_Precision_For...Dr. Samuel Liles Caveat: ... • Identifies cybersecurity best practices ... (2004,](https://reader034.fdocuments.in/reader034/viewer/2022051802/5aeb860e7f8b9a90318d2527/html5/thumbnails/9.jpg)
Imageontheleft:YearX/OSILayerYImageontheright:YearY/OSILayerX
KeyTakeAway:NoticeimageonrightdefinitetrackingofCVE’stodifferentlayersovertheyears.Showsbroadtrendsinmovementfromdatalinktoapplicationlayervulnerabilities
Dataset:BlackBeltCyberProject,2011-2012
V
4/28/16 UNCLASSIFIED 9
![Page 10: Dr. Samuel Liles - Selil and SV Eotiselil.com/wp-content/uploads/2016/04/Metrics_of_Precision_For...Dr. Samuel Liles Caveat: ... • Identifies cybersecurity best practices ... (2004,](https://reader034.fdocuments.in/reader034/viewer/2022051802/5aeb860e7f8b9a90318d2527/html5/thumbnails/10.jpg)
Measure2:HowVulnerableIsOurWorkForce?Purpose: Identifyriskassociatedwithaproperlytrainedand“cyberaware”workforceMeasure2A:WorkForceCybersecurityTraining• Whattomeasure:Percentageofworkforcecurrentontheirorganizationalcybersecuritytraining
• Whentomeasure:Considerquarterlyatyourlevelandmonthlytosupervisors
• Whymeasure:Atrainedworkforcethatisawareofcybersecurityissuesandhowtopreventthemislesslikelytomakemistakesthatexposeyourorganizationanditsinformationtotrouble. Forexample,trainedpersonnelarelesslikelytofallpreytosocialengineeringandotherhumanfactors.Thisreducestheorganizationalriskexposure(noteitisnotstatedthatiteliminatesrisk,justreducesit)
• Decisionsthismeasuredrives:Accept,mitigate,avoid,ortransferrisk. Mostorganizationsmitigatethisriskbymakingcybersecuritytrainingmandatory. Thekeyhereistohaveaneffectiveandmeaningfultrainingprogramwhileholdingallpersonnel(includingseniorleaders)accountabletobeproperlytrained.
V
(2014)Touhill,G.,Touhill C.J.,Cybersecurityforexecutives:ApracticalGuide,Wiley,IAChE
4/28/16 UNCLASSIFIED 10
![Page 11: Dr. Samuel Liles - Selil and SV Eotiselil.com/wp-content/uploads/2016/04/Metrics_of_Precision_For...Dr. Samuel Liles Caveat: ... • Identifies cybersecurity best practices ... (2004,](https://reader034.fdocuments.in/reader034/viewer/2022051802/5aeb860e7f8b9a90318d2527/html5/thumbnails/11.jpg)
4/28/16 UNCLASSIFIED 11
©SamuelLiles
![Page 12: Dr. Samuel Liles - Selil and SV Eotiselil.com/wp-content/uploads/2016/04/Metrics_of_Precision_For...Dr. Samuel Liles Caveat: ... • Identifies cybersecurity best practices ... (2004,](https://reader034.fdocuments.in/reader034/viewer/2022051802/5aeb860e7f8b9a90318d2527/html5/thumbnails/12.jpg)
Measure2B:ITTechnicalStaffQualifications• Whattomeasure:PercentageofITtechnicalstaffcurrentontheirtechnicaltrainingandcertifications
• Whentomeasure:Considerquarterlyreviews• Whymeasure:Awell-trainedITtechnicalstaffislesslikelytomisconfiguresystemssuchasgrantingunauthorizedpermissions(i.e.leastprivilege,etc.),notimplementingapplicationwhitelisting,punchingholesinfirewalls,etc.
• Decisionsthismeasuredrives:Accept,mitigate,avoid,ortransferrisk.Itcanbesuccessfullyarguedforandadditionalresourcesreceivedfromseniorstomaintaintechniciantrainingandcertifications. Thisinturnhasledtobettermorale, retention,andperformanceinorganizations.
V
(2014)Touhill,G.,Touhill C.J.,Cybersecurityforexecutives:ApracticalGuide,Wiley,IAChE
4/28/16 UNCLASSIFIED 12
![Page 13: Dr. Samuel Liles - Selil and SV Eotiselil.com/wp-content/uploads/2016/04/Metrics_of_Precision_For...Dr. Samuel Liles Caveat: ... • Identifies cybersecurity best practices ... (2004,](https://reader034.fdocuments.in/reader034/viewer/2022051802/5aeb860e7f8b9a90318d2527/html5/thumbnails/13.jpg)
Youshould lookattrainingandskillassessmentasanadaptiveproblemneedinganswered.Thisisaprocessandsustainmentissue.
4/28/16 UNCLASSIFIED 13
©SamuelLiles
![Page 14: Dr. Samuel Liles - Selil and SV Eotiselil.com/wp-content/uploads/2016/04/Metrics_of_Precision_For...Dr. Samuel Liles Caveat: ... • Identifies cybersecurity best practices ... (2004,](https://reader034.fdocuments.in/reader034/viewer/2022051802/5aeb860e7f8b9a90318d2527/html5/thumbnails/14.jpg)
Measure3:AreWeDoingtheRightThings?Purpose:DemonstrateduecareandduediligenceMeasure3A:Well-definedanddocumentedpoliciesandprocedures• Whattomeasure:Percentageofcurrentorganizationalpoliciesandprocedures
• Whentomeasure:Annually• Whymeasure:Well-definedanddocumentedpoliciesandproceduresarethestartofgoodorderanddisciplineandarefoundationaltoduecareandduediligence. Toomanycompaniesinvolvedinlitigationwheretheydidnotfollowbestpractices(withtheNISTCyberFrameworkcontinuingtogainmomentumasanexemplar),didnothave policiesandproceduresdefined,ordidn’tfollowtheirownprocedures. Aleadingindicatorishavingasetofcurrent,up-to-date,andmeaningfulpoliciesandproceduresforyourworkforce.
• Decisionsthismeasuredrives:Disciplineinarticulatingstandards. Thisisanareawheretheoutsideauditorsshouldevaluatethepoliciesandproceduresatleastonceayear. Theyshouldbereviewedforcompletenessandcurrency.
C
(2014)Touhill,G.,Touhill C.J.,Cybersecurityforexecutives:ApracticalGuide,Wiley,IAChE
4/28/16 UNCLASSIFIED 14
![Page 15: Dr. Samuel Liles - Selil and SV Eotiselil.com/wp-content/uploads/2016/04/Metrics_of_Precision_For...Dr. Samuel Liles Caveat: ... • Identifies cybersecurity best practices ... (2004,](https://reader034.fdocuments.in/reader034/viewer/2022051802/5aeb860e7f8b9a90318d2527/html5/thumbnails/15.jpg)
Measure3B:WorkForcePolicyAcknowledgement• Whattomeasure:Percentageofworkforcethathasacknowledgedthepoliciesandprocedures.
• Whentomeasure:Quarterly• Whymeasure:PoliciesandproceduresthatarepostedonaSharepoint siteandNOBODYreadsorunderstandsthemareworthless.Havingtheaffectedworkforceacknowledgethepoliciesandproceduresfostersbothbettercomprehensionaswellasasenseofaccountability. Anexampleisyour “AcceptableUsePolicy”,butthatshouldn’tbetheonlyoneyouhave!
• Decisionsthismeasuredrives:Workforcetrainingandaccountability
C
(2014)Touhill,G.,Touhill C.J.,Cybersecurityforexecutives:ApracticalGuide,Wiley,IAChE
4/28/16 UNCLASSIFIED 15
![Page 16: Dr. Samuel Liles - Selil and SV Eotiselil.com/wp-content/uploads/2016/04/Metrics_of_Precision_For...Dr. Samuel Liles Caveat: ... • Identifies cybersecurity best practices ... (2004,](https://reader034.fdocuments.in/reader034/viewer/2022051802/5aeb860e7f8b9a90318d2527/html5/thumbnails/16.jpg)
Measure3C:AdherencetoPolicyandProcedures• Whattomeasure:NumberofCyberIncidentsresultingfromfailuretofollowstandards
• Whentomeasure:Monthly• Whymeasure:Peoplewhofollowgoodpoliciesandproceduresreducethecybersecurityriskexposureoftheorganization. Spotlightingthelinkagebetweensoundpolicy,adherence,ANDaccountabilityisapotentmeasure.
• Decisionsthismeasuredrives:Thedecisionsrangefromchangingpoliciesandprocedureswhentheyarenolongereffective,refocusingtrainingefforts,toaddressinghowpersonnelareheldaccountable
C
(2014)Touhill,G.,Touhill C.J.,Cybersecurityforexecutives:ApracticalGuide,Wiley,IAChE
4/28/16 UNCLASSIFIED 16
![Page 17: Dr. Samuel Liles - Selil and SV Eotiselil.com/wp-content/uploads/2016/04/Metrics_of_Precision_For...Dr. Samuel Liles Caveat: ... • Identifies cybersecurity best practices ... (2004,](https://reader034.fdocuments.in/reader034/viewer/2022051802/5aeb860e7f8b9a90318d2527/html5/thumbnails/17.jpg)
Measure4:AreWeEfficient?Purpose:Makingsurethattheorganizationisproperlybalancedandprovidesagoodreturnoninvestmentbasedontheorganization’sriskappetiteMeasure4A:InformationAssetValuation• Whattomeasure:Percentageofinformationmaintainedbytheorganizationhasbeenassigneda “value”
• Whentomeasure:Annually• Whymeasure:Informationhasavalueyetmostorganizationsdonotconsideritasanassetontheirbalancesheets. Asaresult,techniciansintheserverroomsareleftwithoutdirectionastowhatthepriorityinformationassetsareandtrytodefendeverythingequally. Thatapproachnolongerisviablenorcosteffective.
• Decisionsthismeasuredrives:Adisciplinedapproachoninformationassetvaluationleadingtobetterdecisionsregardinghowtoapportionresourceswhilemanagingrisk
I
(2014)Touhill,G.,Touhill C.J.,Cybersecurityforexecutives:ApracticalGuide,Wiley,IAChE
4/28/16 UNCLASSIFIED 17
![Page 18: Dr. Samuel Liles - Selil and SV Eotiselil.com/wp-content/uploads/2016/04/Metrics_of_Precision_For...Dr. Samuel Liles Caveat: ... • Identifies cybersecurity best practices ... (2004,](https://reader034.fdocuments.in/reader034/viewer/2022051802/5aeb860e7f8b9a90318d2527/html5/thumbnails/18.jpg)
4/28/16 UNCLASSIFIED 18
©SamuelLiles
Poweristheabilitytoinfluenceresults
Bennis,W.G.,Berkowitz,N.,Affinito,M.,&Malone,M.(1958).Authority,power,andtheabilitytoinfluence.HumanRelations,11(2),143-155.
Cast,A.D.(2003).Powerandtheabilitytodefinethesituation.SocialPsychologyQuarterly,185-201.
Balanceinallthingscreatesequanimity
![Page 19: Dr. Samuel Liles - Selil and SV Eotiselil.com/wp-content/uploads/2016/04/Metrics_of_Precision_For...Dr. Samuel Liles Caveat: ... • Identifies cybersecurity best practices ... (2004,](https://reader034.fdocuments.in/reader034/viewer/2022051802/5aeb860e7f8b9a90318d2527/html5/thumbnails/19.jpg)
Measure4B:InformationCost/BenefitAnalysis• Whattomeasure:TotalCostofOwnershipvsTotalAssetValue
• Whentomeasure:Quarterly• Whymeasure:Manyorganizationsspendtoomuchprotectingtrifleswhilespendingfarlessthantheyneedtoontreasures. Onceyouunderstandthevalueofyourinformation(see4A),youcancompareyouractualTCOagainstthevaluetoensurethe “juiceisworththesqueeze”.Manyareshockedwhentheyfindouthowtheystandinthisarea…
• Decisionsthismeasuredrives:Accept,mitigate,avoid,ortransferrisk. Thedecisionsherearebusiness101itemsandordinarilyaretransparentcorporateresourceallocationandapportionmentissues. BoardsandC-suitesappreciateawell-reasonedand auditableapproachtoinformation;theydon’twanttospend$50protectingtencentsworthofinformation.Youshouldn’teither.
I
(2014)Touhill,G.,Touhill C.J.,Cybersecurityforexecutives:ApracticalGuide,Wiley,IAChE
4/28/16 UNCLASSIFIED 19
![Page 20: Dr. Samuel Liles - Selil and SV Eotiselil.com/wp-content/uploads/2016/04/Metrics_of_Precision_For...Dr. Samuel Liles Caveat: ... • Identifies cybersecurity best practices ... (2004,](https://reader034.fdocuments.in/reader034/viewer/2022051802/5aeb860e7f8b9a90318d2527/html5/thumbnails/20.jpg)
4/28/16 UNCLASSIFIED 20
• Generalizedspendingtrendstendtobeinacurate.Considerhowthisgraphchangesassystemcriticalityisaddedasafactor.
• GartnerusesperuserandpercentofITbudgetasmetricsforsecurityspendrate(budget).HowdoesthatfitwithaTCO/ROIanddifferentsystemcriticallevels?
![Page 21: Dr. Samuel Liles - Selil and SV Eotiselil.com/wp-content/uploads/2016/04/Metrics_of_Precision_For...Dr. Samuel Liles Caveat: ... • Identifies cybersecurity best practices ... (2004,](https://reader034.fdocuments.in/reader034/viewer/2022051802/5aeb860e7f8b9a90318d2527/html5/thumbnails/21.jpg)
Measure5:AreWeReadyandResilient?Purpose:Makingsuretheorganizationispreparedforacyberincidentandresilienttorecover;i.e.can “takeacyberpunchandkeepgoing”• Measure5A:BusinessContinuityandDisasterRecoveryPlanning
• Whattomeasure:Currencyandcompletenessofanorganizationalbusinesscontinuityanddisasterrecoveryplan
• Whentomeasure:Annually• Whymeasure:Duecareandduediligence.Thebesttimetorespondtoanincidentisbeforeitoccurs. SeeChapter9.0inthebook.
• Decisionsthismeasuredrives:Creationandregularmaintenanceofaplanhelpsidentifyandmanagerisks. Gettingitbeforeseniorleadersisessentialsothatriskisappropriatelyaddressedattherightlevel.
I
(2014)Touhill,G.,Touhill C.J.,Cybersecurityforexecutives:ApracticalGuide,Wiley,IAChE
4/28/16 UNCLASSIFIED 21
![Page 22: Dr. Samuel Liles - Selil and SV Eotiselil.com/wp-content/uploads/2016/04/Metrics_of_Precision_For...Dr. Samuel Liles Caveat: ... • Identifies cybersecurity best practices ... (2004,](https://reader034.fdocuments.in/reader034/viewer/2022051802/5aeb860e7f8b9a90318d2527/html5/thumbnails/22.jpg)
ISO/IEC27035:2011providesastructuredandplannedapproachto:1.detect,reportandassessinformationsecurityincidents;2.respondtoandmanageinformationsecurityincidents;3.detect,assessandmanageinformationsecurityvulnerabilities;and4.continuouslyimproveinformationsecurityandincidentmanagementasaresultofmanaginginformationsecurityincidentsandvulnerabilities.
Preparation, identification, containment, eradication, recovery, and lessons learned.
Incident triage, incident coordination, incident resolution
ISO/IEC27035:2011:InformationSecurityIncidentManagement
SANS:CreatingandManaginganIncidentResponseTeam
RFC2350:ExpectationsforComputerSecurityIncidentResponse
CERT: Handbook for Computer Security Incident Response Teams (CSIRTs)
NIST800-61:ComputerSecurityIncidentHandlingGuide
4/28/16 UNCLASSIFIED 22
![Page 23: Dr. Samuel Liles - Selil and SV Eotiselil.com/wp-content/uploads/2016/04/Metrics_of_Precision_For...Dr. Samuel Liles Caveat: ... • Identifies cybersecurity best practices ... (2004,](https://reader034.fdocuments.in/reader034/viewer/2022051802/5aeb860e7f8b9a90318d2527/html5/thumbnails/23.jpg)
Measure5B:ResiliencyEffectiveness• Whattomeasure:Numberofdrillsandexercisesthattestthebusinesscontinuityanddisasterrecoveryplan
• Whentomeasure:Monthly• Whymeasure:AsVinceLombardistated, “PerfectPracticeMakesPerfect”. Makesureyouroperationalandtacticallevelleadersroutinelyconductdrillsandexercisesandreviewtheirfindingsandfixeswiththem. Instillacultureofcontinualimprovementandencouragepeopletofindandfixweaknesses.Whenyoudothat,youwillbebetterpreparedforwhentheyou-know-whathitsthefan.
• Decisionsthismeasuredrives:Inadditiontoresourceallocationandapportionmentdecisions,thismeasurealsodrivesdecisionsregardingorganizationalalignment,rolesandresponsibilities,andliabilities
I
(2014)Touhill,G.,Touhill C.J.,Cybersecurityforexecutives:ApracticalGuide,Wiley,IAChE
4/28/16 UNCLASSIFIED 23
![Page 24: Dr. Samuel Liles - Selil and SV Eotiselil.com/wp-content/uploads/2016/04/Metrics_of_Precision_For...Dr. Samuel Liles Caveat: ... • Identifies cybersecurity best practices ... (2004,](https://reader034.fdocuments.in/reader034/viewer/2022051802/5aeb860e7f8b9a90318d2527/html5/thumbnails/24.jpg)
Questions?
4/28/16 UNCLASSIFIED 24