Cyber Protection Strategy
StrategicCISO.com
Tactical or Strategic?
Vendor Driven
or business driven
Reactive
or proactive
The trouble is that criminals seem to be able
to stay one step ahead, and the law-
abiding have to spend to much time trying
to catch up– Nigel Phair, Cybercrime, The Reality of the Threat, page 178
StrategicCISO.com
Securing Endpoints?
StrategicCISO.com
Data wants to be free
What are your endpoints
Data classification
It’s what you don’t know you
don’t know that gets you
Business Processes
Data transfers
Security Trends – Current View
StrategicCISO.com- CONFIDENTIAL -
Endpoint Suites Network UTM ApplicationSecurity
VulnerabilityManagement
[Other PointProducts]
Security Information and Event Management
• Alerts • Log Mgt • Event Correlation • Compliance Certification
Governance Risk and Compliance
• User Policy Compliance • Compliance Workflow and Reporting• Remediation Workflow and Reporting
Scanning (web and/or network) products identify potential weaknesses
– Data overload including false positives/negatives – not most critical threats
– Does not prove exploitability, limited-view point solution, single vector
IT-GRC gathers information to aggregate and report
– Mostly used for higher-level policy and governance with little “R”
SIEM aggregates real data, dash-boarding, drill-down, etc.
– SIM/SEM correlates and presents what has happened (via alert), but doesn’t tell
you if your defenses are working
– Operational data, not situational. Just incidents or log data from past events
Security Risk Mgmt is simulator/model
– Correlates scanned, imported and entered data to infer highest risk
vulnerabilities, doesn’t do actual testing
– Network only and works on models vs. a real test of the security
DLP detects and prevents transmission of confidential information
To date, the critical challenge of how to provide insight into actual risks
across multiple layers of infrastructure still remains!StrategicCISO.com
Security – Future View
StrategicCISO.com- CONFIDENTIAL -
Endpoint Suites Network UTM ApplicationSecurity
VulnerabilityManagement
IT Security Management
Vendors: IBM, HP, Cisco, Computer Associates, Symantec, McAfee
[Other PointProducts]
Comprehensive Security Test and Measurement
•Verify and Validate Security Controls
•Measure Real-world Threat Readiness
•Measure Security Effectiveness
Security Information and Event Management
• Alerts • Log Mgt • Event Correlation • Compliance Certification
Governance Risk and Compliance
• User Policy Compliance • Compliance Workflow and Reporting• Remediation Workflow and Reporting
Cyber Strategy Musings
(WordPress)
The Key of Knowledge – Book 2
The second area of knowledge in
this key is “Knowing your
environment”.
By Extension – Know Your Strategy
Know your Strategy
StrategicCISO.com
What are your critical
business assets?
Data / Asset Classification
You can’t protect
everything
Focus on the most
important assets
Key of Knowledge
StrategicCISO.com
Compliance Checklists are not enough
Network Solutions was PCI compliant
before breach
Angela Moscaritolo, July 27, 2009
Web hosting firm Network Solutions on Friday
announced that, despite its being PCI compliant, a
breach had compromised approximately 573,928
individuals' credit card information.
http://www.scmagazineus.com/network-solutions-
was-pci-compliant-before-breach/article/140642/
Evaluate your existing controls
StrategicCISO.com
The Symantec Global Internet Threat Report, which covers trends in
2009, says attackers are aggressively targeting employees' social
networking profiles to help target key personnel inside targeted
companies. Meanwhile, Web-based attacks targeting PDF views
accounted for half of all Web-based attacks last year, up from 11
percent in 2008.
And malware creation increased thanks to more automated tools,
according to Symantec, which says it identified more than 240
million new malware programs last year, a 100 percent increase
over 2008
Understand the threat
Report: Targeted Attacks Evolve, New Malware Variants Spike By 100 Percent
New Symantec Global Internet Threat Report shows evolution of targeted attacks,
prevalence of Web-borne attacks, increase in malware variants in 2009
Apr 20, 2010 By Kelly Jackson Higgins
DarkReading
http://www.darkreading.com/vulnerability_management/security/antivirus/showArticle.jhtml?articleID=224500064
U.S. government agencies have been bracing
for a deluge of thousands more classified
documents since the leak of helicopter cockpit
video of a 2007 firefight in Baghdad. That was
blamed on a U.S. Army intelligence analyst,
Spc. Bradley Manning, 22, of Potomac, Md. He
was charged with releasing classified
information this month. Manning had bragged
online that he downloaded 260,000 classified
U.S. cables and transmitted them to
Wikileaks.org.
Officials Scramble to Review Emerging Afghan War
Documents for 'Damage'Published July 26, 2010 | FoxNews.com
http://www.foxnews.com/politics/2010/07/26/damage-control-leak-afghan-war-docs/
Understand the Threat
StrategicCISO.com
Determine your organizations risk
tolerance
Know your vulnerabilities
Understand how the threats apply
Develop your Risk Strategy
StrategicCISO.com
Compliance requirements
Protect your valuable data
Put systems in place that protect your data as
it moves
Proactive intelligence on your environment
Discover your real vulnerabilities
Break the malware cycle
Develop your protection Strategy
Operationalize Security
Use Managed Services / Cloud Services
where practicable
Use automated systems
Understand the overhead
StrategicCISO.com
Be an enabler of business
Connect to your Enterprise Risk
Management
Show how it affects the bottom line
Understand your organization’s business need
StrategicCISO.com
Response and remediation
Robust Incident Response Plan
Response not react
Don’t merely remediate
Execute
StrategicCISO.com
Real time Protection
Find the barbarians that get past the gate
New Technologies
Execute
StrategicCISO.com
Metrics
INCREASING CYBER-SITUATIONAL
AWARENESS VIA ENTERPRISE METRICS
Core Security Technologies Blog
Today’s ferocious cybersecurity environment is dynamic. One
of the challenges that organizations, both public and private
sector, have encountered in attempting to mature their IT
security and risk management plans has been a lack of
methods to calculate truly relevant metrics that would allow for
them to better understand and benchmark their security
standing over time.
http://blog.coresecurity.com/2010/04/29/increasing-
cyber-situational-awareness-via-enterprise-level-metrics/
Evaluate
StrategicCISO.com
Top Related