Your SlideShare is downloading. ×
  • Like
Sensing: Integrating Network Protection Tools into GRC
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Sensing: Integrating Network Protection Tools into GRC

  • 469 views
Published

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
469
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
6
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Inputs to provide detailed data; to demonstrate compliance to legislation and regulation (and non-compliance) – for example PCI DSS says that logs should be reviewed for falied logins etc to demonstrate working controls (and not working controls) – failed logins could be positive evidence that access controls are working. to highlight risks – new vulnerabilities being discovered and notified. to highlight threats – missing patches, data leakage – copying of sensitive date to USB drives or cut and paste to email. Monitoring / prevention of out-bound email documents. Identity failure – authentication failures – controls are working reputation damage – leaked information, internet gossip
  • Best established CVE and CVSS Common language – computer and human readable Common Vulnerabilities and Exposures , or CVE , is a dictionary of publicly-known information security vulnerabilities and exposures. Common Vulnerability Scoring System ( CVSS ) is an industry standard for assessing the severity of computer system security vulnerabilities. It attempts to establish a measure of how much concern a vulnerability warrants, compared to other vulnerabilities, so efforts can be prioritized. The score is based on a series of measurements (called metrics) based on expert assessment. About FIRST and CVSS-SIG FIRST, the world’s leading incident-handling forum, is an international confederation of trusted computer incident response teams who cooperatively handle computer security incidents and promote incident prevention programs. FIRST sponsors and supports the CVSS-SIG, a diverse group of security professionals who have a keen interest in security vulnerabilities and use CVSS in their daily work. In addition, FIRST hosts a special interest group to update and promote CVSS and provides a central repository for CVSS documentation. CVE uses today Vulnerability Management Patch Management Vulnerability Alerting Intrusion Detection NVD (National Vulnerability Database) US-CERT Bulletins / Vendor bulletins SANS Top 20

Transcript

  • 1. GRC Sensors Nick Connor Assuria Limited
  • 2. GRC Product Architecture Source: Information Governance
  • 3. Sensors can ..
    • provide automated inputs from low level data;
    • to demonstrate compliance to legislation and regulation (and non-compliance)
    • to demonstrate working controls (and not working controls)
    • to highlight risks / threats
    • to identify incidents
    • to highlight possible data leakage
    • identify potential reputation damage
    • + many more……
  • 4. Example sensors
    • Sensors to detect events
    • System monitors
      • Vulnerability assessment, configuration and policy compliance
    • Network traffic monitors
      • Intrusion detection, Intrusion prevention, Firewalls, Routers,
    • Access and identity monitors
      • Failed logins, privilege escalation, Bio-metric identities
    • Web site monitors
      • Pages visited, referred from,
    • End point monitoring
      • Data leakage
      • Anti-virus, anti-phishing, Malware detection
    • Others
      • Event and Audit log collection – OS, Infrastructure, applications
      • CMDB systems
      • Incident management
      • Backup software, Business continuity management
      • IT Security Information (intelligence feeds)
    • Emerging
      • Virtualised environments / ‘Cloud’ computing
  • 5. Sensors can add value
    • Sensors could:
    • Monitor against expected controls, policies
    • Filter out normal and report abnormal
    • Aggregate many events into a threat or risk
    • Map events to standards / external references
    • Provide automatic feeds to GRC
  • 6. Controls ISO 27001, ISO 13335, NIST 800-53, CIS Source: Gartner (January 2006) Software sensors For example: Configuration assurance, Vulnerability assessment, Policy compliance, Change detection, Audit log management Governance, Risk and Compliance SENSORS GRC and Sensors Regulations SOX, HIPPA, GLBA, PCI Governance Framework COSO,CoCO, Turnbull Control Objectives COBIT, ITIL, ISMS More General More specific
  • 7. Need for common language
    • Common language – computer and human readable
    • Standards and emerging standards.
    • In IT Security the best established CVE and CVSS
    • Common Vulnerabilities and Exposures , or CVE , is a dictionary of publicly-known information security vulnerabilities and exposures.
    • Common Vulnerability Scoring System ( CVSS ) is an industry standard for assessing the severity of computer system security vulnerabilities.
  • 8.   Similar Standards
    • CVE is sponsored by MITRE, US Federally supported orgaisation
    • Other standard being promoted include:
    • Configurations (CCE)
    • Software Weakness Types (CWE)
    • Attack Patterns (CAPEC)
    • Platforms (CPE)
    • Log Format (CEE)
    • Reporting (CRF)
    • Checklist Language (XCCDF)
    • Assessment Language (OVAL)
    • Security Content Automation (SCAP)
    • Making Security Measurable 
    • All are XML based to facilitate data interchange
    • More information at http://www.mitre.org/work/cybersecurity.html
  • 9. Sensors feed into GRC Aggregation Aggregation Sensors Sensors Sensors Sensors Sensors Sensors Sensors Sensors Sensors Sensors Sensors
  • 10. Challenges for SITC SIG
    • Broad range of possible sensors, including
      • configuration auditing
      • identity and access management
      • security information
      • event information and management
    • Not all are obviously security related but all are CIA (Confidentiality, Integrity, Availability) related
    • Aggregation of information – consolidate events (data) into GRC usable information
    • Reference to external standards
    • Use of emerging standards for the definition of common formats for information exchange between sensors and GRC
    • Limited only by our imagination
  • 11. Thank you Questions?