SlideShare a Scribd company logo

The New Normal - Rackspace Solve 2015

Major Hayden
Major Hayden

With new vulnerabilities surfacing daily, businesses need a solid strategy and internal plans to deal with them. This vendor-neutral talk helps people discover the things they need to do to get their house in order before considering costly technology purchases.

Technology
1 of 15
Download to read offline
The New Normal Managing the constant stream of new vulnerabilities A a r on H a ck n ey, P r i n ci p a l A r ch i t ect a a r on . h a ck n ey@r a ck sp a ce. com M a j or H a yd en , P r i n ci p a l A r ch i t ect m a j or. h a yd en @r a ck sp a ce. com
2 2014 Was Rough Heartbleed April 2014 Sandworm October 2014 POODLE October 2014 Shellshock September 2014
3 Vulnerabilities Are Now Mainstream News Source: https://twitter.com/mattblaze/status/573938261325844480
4 OUR MISSION TODAY: To a r m y o u w i t h a s o l i d s t r a te g y to s e c u r e y o u r i n f r a s t r u c t u r e e f f i c i e n t l y.
5 Understand Cognitive Bias “...we respond to the feeling of security and not the reality. Now most of the time, that works. Most of the time, feeling and reality are the same…if our feelings match reality, we make better security trade-offs.” Bruce Schneier TEDxPSU, 2010 5
6 If I had a dollar to spend on security, I’d spend 99 cents on detection and a penny on prevention.
7 • Start with common sense prevention • Principle of least privilege • Then spend the bulk of your budget on layers of detection • Assume incidents will happen • Create a rock-solid response plan • Take feedback from the response process and invest in prevention The Security Life Cycle Incident Detection ResponsePrevention
Image FPO Detection 101: Logging • Every server, network device, and application generates some type of logs • Collect your logs in a central location • Monitor for critical events first • Authentication attempts(successful and failed) • Service/system restarts • Network errors • Configuration changes • Monitoring for events can be cumbersome in busy environments • Graph your log line counts over time and look for unusual peaks or spikes 8
9 Integrity Monitoring & Auditing • Use best practices and hardening standardstoset a minimum security spec for your systems • Monitor for configuration changes with strong change control processes • Use deployment frameworks, like Ansible, Puppet, or Chef – Revision control makes change control easier – Easy to audit large amounts of systems quickly • Network segmentation can be a detection and prevention mechanism – Force attackers to be noisy if they choose to cross a network segment – Trending via NetFlow analysis may reveal attacks in progress Community-driven hardening standardsfor common systems, including Linux, Windows, and Cisco devices. For more information, visit: http://www.cisecurity.org/
10 Incident Response Detect & Analyze Contain & Recover Root Cause Analysis Rely on solid processes so that everyone knows their place during an incident • Gather data from any available sensors, logs, or observations. • Determine which systems are involved and the severity of the breach. • Bring systems offline or remove network connectivity. • Provision new systems and carefully restore from clean backups. • How could we have prevented the attack or detected it sooner? • Turn security failures into solid investments in prevention. 10www.rackspace.com
Image FPO Incident Management • Communicate about an incident using criteria that your employees and customers understand – Reduce anxiety with frequent, concise communications – Using code names or alert levels mayhelp – Example: U.S. Department of Defense’s DEFCON • Ensure everyone knows what’shappening what part they play in the incident 11
12 After the incident • “What could we have done to prevent incidents like these?” • Fishbone diagramshelp with larger organizations • Make a larger number of smaller changes • Focus on the user experience – Then find security improvements that provide good trade-offs The book you never thought was actually about information security.
13 Security User Experience Business and user requirements Security, legal and compliance requirements Customer requirements Review Process Process improvement Technology upgrades Vendor products Communication
14 Plan for the unknowns “Reports that say...thatsomething hasn't happened are always interesting to me, because as we know, there are known knowns; there are things that we know that we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns, the ones we don't know we don't know.” —Donald Rumsfeld, Former United States Secretary of Defense Photo source: Wikipedia, Scott Davis US Army Public Domain
O N E FAN AT I C AL P L AC E | S AN AN T O N I O , T X 7 8 2 1 8 U S S AL ES : 1 - 8 0 0 - 9 6 1 - 2 8 8 8 | U S S U P P O R T: 1 - 8 0 0 - 9 6 1 - 4 4 5 4 | W W W . R AC KS PAC E. C O M © RAC KS PAC E LTD. | RAC KS PAC E® AND FANATIC AL S UPPORT® ARE S ERVIC E MARKS OF RAC KS PAC E US , INC . REGIS TERED IN THE UNITED S TATES AND OTHER C OUNTRIES . | WWW.RAC KS P AC E.C OM Thank you

Recommended

Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information securityMajor Hayden
 
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the BattlefieldPhil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefieldcentralohioissa
 
Community IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for NonprofitsCommunity IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for NonprofitsCommunity IT Innovators
 
Business-Critical Backup: Preparing for a Disaster
Business-Critical Backup: Preparing for a DisasterBusiness-Critical Backup: Preparing for a Disaster
Business-Critical Backup: Preparing for a DisasterNetWize
 
Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To PrepareResilient Systems
 
Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictionscentralohioissa
 
Assessing Your security
Assessing Your securityAssessing Your security
Assessing Your securityLegal Services National Technology Assistance Project (LSNTAP)
 
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon MurphyNTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon MurphyNorth Texas Chapter of the ISSA
 

Recommended

Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information securityMajor Hayden
 
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the BattlefieldPhil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefieldcentralohioissa
 
Community IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for NonprofitsCommunity IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for NonprofitsCommunity IT Innovators
 
Business-Critical Backup: Preparing for a Disaster
Business-Critical Backup: Preparing for a DisasterBusiness-Critical Backup: Preparing for a Disaster
Business-Critical Backup: Preparing for a DisasterNetWize
 
Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To PrepareResilient Systems
 
Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictionscentralohioissa
 
Assessing Your security
Assessing Your securityAssessing Your security
Assessing Your securityLegal Services National Technology Assistance Project (LSNTAP)
 
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon MurphyNTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon MurphyNorth Texas Chapter of the ISSA
 
Beyond the Hype: Understanding Cloud Security by Bryan D. Payne
Beyond the Hype: Understanding Cloud Security by Bryan D. PayneBeyond the Hype: Understanding Cloud Security by Bryan D. Payne
Beyond the Hype: Understanding Cloud Security by Bryan D. PayneNebula
 
Cyberwar Gets Personal
Cyberwar Gets PersonalCyberwar Gets Personal
Cyberwar Gets PersonalNicholas Davis
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
 
Network security monitoring with open source tools
Network security monitoring with open source toolsNetwork security monitoring with open source tools
Network security monitoring with open source toolsterriert
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorSandra (Sandy) Dunn
 
Prevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerPrevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerGFI Software
 
"make secure" securing the development supply chain All Things Open 2019
"make secure" securing the development supply chain All Things Open 2019"make secure" securing the development supply chain All Things Open 2019
"make secure" securing the development supply chain All Things Open 2019Wes Widner
 
Securing the Development Supply Chain
Securing the Development Supply ChainSecuring the Development Supply Chain
Securing the Development Supply ChainAll Things Open
 
Cultivating security in the small nonprofit
Cultivating security in the small nonprofitCultivating security in the small nonprofit
Cultivating security in the small nonprofitRoger Hagedorn
 
29386971 hacking
29386971 hacking29386971 hacking
29386971 hackingjoeymar143
 
10 things to teach end users
10 things to teach end users10 things to teach end users
10 things to teach end usersProgressive Integrations
 
Everything is not awesome: The rising threat of Cyber-attack and what to do a...
Everything is not awesome: The rising threat of Cyber-attack and what to do a...Everything is not awesome: The rising threat of Cyber-attack and what to do a...
Everything is not awesome: The rising threat of Cyber-attack and what to do a...Robi Sen
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
By Popular Demand: Co3's Latest and Greatest Features
By Popular Demand: Co3's Latest and Greatest Features By Popular Demand: Co3's Latest and Greatest Features
By Popular Demand: Co3's Latest and Greatest Features Resilient Systems
 
terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433Terry Gilsenan
 
2015 Cyber Security
2015 Cyber Security2015 Cyber Security
2015 Cyber SecurityAllen Zhang
 
Co3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarCo3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarResilient Systems
 
2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class Ten2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class TenFRSecure
 
Cyber security training
Cyber security trainingCyber security training
Cyber security trainingWilmington University
 
"We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect...
"We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect..."We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect...
"We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect...Jack Pringle
 
The New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesThe New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesMajor Hayden
 
Daniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdfDaniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdfAlejandro Daricz
 

More Related Content

What's hot

Beyond the Hype: Understanding Cloud Security by Bryan D. Payne
Beyond the Hype: Understanding Cloud Security by Bryan D. PayneBeyond the Hype: Understanding Cloud Security by Bryan D. Payne
Beyond the Hype: Understanding Cloud Security by Bryan D. PayneNebula
 
Cyberwar Gets Personal
Cyberwar Gets PersonalCyberwar Gets Personal
Cyberwar Gets PersonalNicholas Davis
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
 
Network security monitoring with open source tools
Network security monitoring with open source toolsNetwork security monitoring with open source tools
Network security monitoring with open source toolsterriert
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorSandra (Sandy) Dunn
 
Prevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerPrevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerGFI Software
 
"make secure" securing the development supply chain All Things Open 2019
"make secure" securing the development supply chain All Things Open 2019"make secure" securing the development supply chain All Things Open 2019
"make secure" securing the development supply chain All Things Open 2019Wes Widner
 
Securing the Development Supply Chain
Securing the Development Supply ChainSecuring the Development Supply Chain
Securing the Development Supply ChainAll Things Open
 
Cultivating security in the small nonprofit
Cultivating security in the small nonprofitCultivating security in the small nonprofit
Cultivating security in the small nonprofitRoger Hagedorn
 
29386971 hacking
29386971 hacking29386971 hacking
29386971 hackingjoeymar143
 
Everything is not awesome: The rising threat of Cyber-attack and what to do a...
Everything is not awesome: The rising threat of Cyber-attack and what to do a...Everything is not awesome: The rising threat of Cyber-attack and what to do a...
Everything is not awesome: The rising threat of Cyber-attack and what to do a...Robi Sen
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
By Popular Demand: Co3's Latest and Greatest Features
By Popular Demand: Co3's Latest and Greatest Features By Popular Demand: Co3's Latest and Greatest Features
By Popular Demand: Co3's Latest and Greatest Features Resilient Systems
 
terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433Terry Gilsenan
 
2015 Cyber Security
2015 Cyber Security2015 Cyber Security
2015 Cyber SecurityAllen Zhang
 
Co3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarCo3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarResilient Systems
 
2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class Ten2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class TenFRSecure
 
"We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect...
"We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect..."We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect...
"We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect...Jack Pringle
 

What's hot (20)

Beyond the Hype: Understanding Cloud Security by Bryan D. Payne
Beyond the Hype: Understanding Cloud Security by Bryan D. PayneBeyond the Hype: Understanding Cloud Security by Bryan D. Payne
Beyond the Hype: Understanding Cloud Security by Bryan D. Payne
 
Cyberwar Gets Personal
Cyberwar Gets PersonalCyberwar Gets Personal
Cyberwar Gets Personal
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
 
Network security monitoring with open source tools
Network security monitoring with open source toolsNetwork security monitoring with open source tools
Network security monitoring with open source tools
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
 
Prevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerPrevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability Scanner
 
"make secure" securing the development supply chain All Things Open 2019
"make secure" securing the development supply chain All Things Open 2019"make secure" securing the development supply chain All Things Open 2019
"make secure" securing the development supply chain All Things Open 2019
 
Securing the Development Supply Chain
Securing the Development Supply ChainSecuring the Development Supply Chain
Securing the Development Supply Chain
 
Cultivating security in the small nonprofit
Cultivating security in the small nonprofitCultivating security in the small nonprofit
Cultivating security in the small nonprofit
 
29386971 hacking
29386971 hacking29386971 hacking
29386971 hacking
 
10 things to teach end users
10 things to teach end users10 things to teach end users
10 things to teach end users
 
Everything is not awesome: The rising threat of Cyber-attack and what to do a...
Everything is not awesome: The rising threat of Cyber-attack and what to do a...Everything is not awesome: The rising threat of Cyber-attack and what to do a...
Everything is not awesome: The rising threat of Cyber-attack and what to do a...
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
By Popular Demand: Co3's Latest and Greatest Features
By Popular Demand: Co3's Latest and Greatest Features By Popular Demand: Co3's Latest and Greatest Features
By Popular Demand: Co3's Latest and Greatest Features
 
terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433
 
2015 Cyber Security
2015 Cyber Security2015 Cyber Security
2015 Cyber Security
 
Co3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarCo3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions Webinar
 
2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class Ten2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class Ten
 
Cyber security training
Cyber security trainingCyber security training
Cyber security training
 
"We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect...
"We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect..."We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect...
"We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect...
 

Similar to The New Normal - Rackspace Solve 2015

The New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesThe New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesMajor Hayden
 
Blameless Post-mortems: Everything You Ever Wanted to Know
Blameless Post-mortems: Everything You Ever Wanted to KnowBlameless Post-mortems: Everything You Ever Wanted to Know
Blameless Post-mortems: Everything You Ever Wanted to KnowVictorOps
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezEC-Council
 
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckLuncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckNorth Texas Chapter of the ISSA
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghEndpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghNapier University
 
React Faster and Better: New Approaches for Advanced Incident Response
React Faster and Better: New Approaches for Advanced Incident ResponseReact Faster and Better: New Approaches for Advanced Incident Response
React Faster and Better: New Approaches for Advanced Incident ResponseSilvioPappalardo
 
Digital Forensics & Incident Response Fundamentals.pdf
Digital Forensics & Incident Response Fundamentals.pdfDigital Forensics & Incident Response Fundamentals.pdf
Digital Forensics & Incident Response Fundamentals.pdfChristopher Doman
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
Share Orlando Ulf Mattsson session 9353 2011
Share Orlando Ulf Mattsson session 9353 2011Share Orlando Ulf Mattsson session 9353 2011
Share Orlando Ulf Mattsson session 9353 2011Ulf Mattsson
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and HealthcareJonathon Coulter
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101
DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101
DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101Felipe Prado
 
Five Mistakes of Incident Response
Five Mistakes of Incident ResponseFive Mistakes of Incident Response
Five Mistakes of Incident ResponseAnton Chuvakin
 
Security Snake Oil Cycle 2019
Security Snake Oil Cycle 2019Security Snake Oil Cycle 2019
Security Snake Oil Cycle 2019Dave Cole
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are ComingErnest Staats
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunk
 

Similar to The New Normal - Rackspace Solve 2015 (20)

The New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesThe New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilities
 
Daniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdfDaniel_CISSP_Dom7__1_.pdf
Daniel_CISSP_Dom7__1_.pdf
 
Blameless Post-mortems: Everything You Ever Wanted to Know
Blameless Post-mortems: Everything You Ever Wanted to KnowBlameless Post-mortems: Everything You Ever Wanted to Know
Blameless Post-mortems: Everything You Ever Wanted to Know
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
 
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckLuncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghEndpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
 
React Faster and Better: New Approaches for Advanced Incident Response
React Faster and Better: New Approaches for Advanced Incident ResponseReact Faster and Better: New Approaches for Advanced Incident Response
React Faster and Better: New Approaches for Advanced Incident Response
 
Digital Forensics & Incident Response Fundamentals.pdf
Digital Forensics & Incident Response Fundamentals.pdfDigital Forensics & Incident Response Fundamentals.pdf
Digital Forensics & Incident Response Fundamentals.pdf
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes
 
Share Orlando Ulf Mattsson session 9353 2011
Share Orlando Ulf Mattsson session 9353 2011Share Orlando Ulf Mattsson session 9353 2011
Share Orlando Ulf Mattsson session 9353 2011
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and Healthcare
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
 
DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101
DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101
DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101
 
Five Mistakes of Incident Response
Five Mistakes of Incident ResponseFive Mistakes of Incident Response
Five Mistakes of Incident Response
 
Security Snake Oil Cycle 2019
Security Snake Oil Cycle 2019Security Snake Oil Cycle 2019
Security Snake Oil Cycle 2019
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are Coming
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
 
Janitor vs cleaner
Janitor vs cleanerJanitor vs cleaner
Janitor vs cleaner
 

More from Major Hayden

Continuous Kernel Integration
Continuous Kernel IntegrationContinuous Kernel Integration
Continuous Kernel IntegrationMajor Hayden
 
I was too burned out to name this talk
I was too burned out to name this talkI was too burned out to name this talk
I was too burned out to name this talkMajor Hayden
 
Cookies for kernel developers
Cookies for kernel developersCookies for kernel developers
Cookies for kernel developersMajor Hayden
 
Deploying Kubernetes without scaring off your security team - KubeCon 2017
Deploying Kubernetes without scaring off your security team - KubeCon 2017Deploying Kubernetes without scaring off your security team - KubeCon 2017
Deploying Kubernetes without scaring off your security team - KubeCon 2017Major Hayden
 
Securing OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with AnsibleSecuring OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with AnsibleMajor Hayden
 
Grow your community: Inspire an Impostor
Grow your community: Inspire an ImpostorGrow your community: Inspire an Impostor
Grow your community: Inspire an ImpostorMajor Hayden
 
Holistic Security for OpenStack Clouds
Holistic Security for OpenStack CloudsHolistic Security for OpenStack Clouds
Holistic Security for OpenStack CloudsMajor Hayden
 
When flexibility met simplicity: the friendship of OpenStack and Ansible
When flexibility met simplicity: the friendship of OpenStack and AnsibleWhen flexibility met simplicity: the friendship of OpenStack and Ansible
When flexibility met simplicity: the friendship of OpenStack and AnsibleMajor Hayden
 
Flexible, simple deployments with OpenStack-Ansible
Flexible, simple deployments with OpenStack-AnsibleFlexible, simple deployments with OpenStack-Ansible
Flexible, simple deployments with OpenStack-AnsibleMajor Hayden
 
Automated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-AnsibleAutomated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-AnsibleMajor Hayden
 
Taming the Technical Talk - OWASP San Antonio
Taming the Technical Talk - OWASP San AntonioTaming the Technical Talk - OWASP San Antonio
Taming the Technical Talk - OWASP San AntonioMajor Hayden
 
OpenStack-Ansible Security
OpenStack-Ansible SecurityOpenStack-Ansible Security
OpenStack-Ansible SecurityMajor Hayden
 
Taming the Technical Talk
Taming the Technical TalkTaming the Technical Talk
Taming the Technical TalkMajor Hayden
 
Be an inspiration, not an impostor (Texas Linux Fest 2015)
Be an inspiration, not an impostor (Texas Linux Fest 2015)Be an inspiration, not an impostor (Texas Linux Fest 2015)
Be an inspiration, not an impostor (Texas Linux Fest 2015)Major Hayden
 
Be an inspiration, not an impostor (Fedora Flock 2015)
Be an inspiration, not an impostor (Fedora Flock 2015)Be an inspiration, not an impostor (Fedora Flock 2015)
Be an inspiration, not an impostor (Fedora Flock 2015)Major Hayden
 
Cloud Data Security
Cloud Data SecurityCloud Data Security
Cloud Data SecurityMajor Hayden
 
ISACA Cloud Security Presentation 2013-09-24
ISACA Cloud Security Presentation 2013-09-24ISACA Cloud Security Presentation 2013-09-24
ISACA Cloud Security Presentation 2013-09-24Major Hayden
 

More from Major Hayden (17)

Continuous Kernel Integration
Continuous Kernel IntegrationContinuous Kernel Integration
Continuous Kernel Integration
 
I was too burned out to name this talk
I was too burned out to name this talkI was too burned out to name this talk
I was too burned out to name this talk
 
Cookies for kernel developers
Cookies for kernel developersCookies for kernel developers
Cookies for kernel developers
 
Deploying Kubernetes without scaring off your security team - KubeCon 2017
Deploying Kubernetes without scaring off your security team - KubeCon 2017Deploying Kubernetes without scaring off your security team - KubeCon 2017
Deploying Kubernetes without scaring off your security team - KubeCon 2017
 
Securing OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with AnsibleSecuring OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with Ansible
 
Grow your community: Inspire an Impostor
Grow your community: Inspire an ImpostorGrow your community: Inspire an Impostor
Grow your community: Inspire an Impostor
 
Holistic Security for OpenStack Clouds
Holistic Security for OpenStack CloudsHolistic Security for OpenStack Clouds
Holistic Security for OpenStack Clouds
 
When flexibility met simplicity: the friendship of OpenStack and Ansible
When flexibility met simplicity: the friendship of OpenStack and AnsibleWhen flexibility met simplicity: the friendship of OpenStack and Ansible
When flexibility met simplicity: the friendship of OpenStack and Ansible
 
Flexible, simple deployments with OpenStack-Ansible
Flexible, simple deployments with OpenStack-AnsibleFlexible, simple deployments with OpenStack-Ansible
Flexible, simple deployments with OpenStack-Ansible
 
Automated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-AnsibleAutomated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-Ansible
 
Taming the Technical Talk - OWASP San Antonio
Taming the Technical Talk - OWASP San AntonioTaming the Technical Talk - OWASP San Antonio
Taming the Technical Talk - OWASP San Antonio
 
OpenStack-Ansible Security
OpenStack-Ansible SecurityOpenStack-Ansible Security
OpenStack-Ansible Security
 
Taming the Technical Talk
Taming the Technical TalkTaming the Technical Talk
Taming the Technical Talk
 
Be an inspiration, not an impostor (Texas Linux Fest 2015)
Be an inspiration, not an impostor (Texas Linux Fest 2015)Be an inspiration, not an impostor (Texas Linux Fest 2015)
Be an inspiration, not an impostor (Texas Linux Fest 2015)
 
Be an inspiration, not an impostor (Fedora Flock 2015)
Be an inspiration, not an impostor (Fedora Flock 2015)Be an inspiration, not an impostor (Fedora Flock 2015)
Be an inspiration, not an impostor (Fedora Flock 2015)
 
Cloud Data Security
Cloud Data SecurityCloud Data Security
Cloud Data Security
 
ISACA Cloud Security Presentation 2013-09-24
ISACA Cloud Security Presentation 2013-09-24ISACA Cloud Security Presentation 2013-09-24
ISACA Cloud Security Presentation 2013-09-24
 

Recently uploaded

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Recently uploaded (20)

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

The New Normal - Rackspace Solve 2015

  • 1. The New Normal Managing the constant stream of new vulnerabilities A a r on H a ck n ey, P r i n ci p a l A r ch i t ect a a r on . h a ck n ey@r a ck sp a ce. com M a j or H a yd en , P r i n ci p a l A r ch i t ect m a j or. h a yd en @r a ck sp a ce. com
  • 2. 2 2014 Was Rough Heartbleed April 2014 Sandworm October 2014 POODLE October 2014 Shellshock September 2014
  • 3. 3 Vulnerabilities Are Now Mainstream News Source: https://twitter.com/mattblaze/status/573938261325844480
  • 4. 4 OUR MISSION TODAY: To a r m y o u w i t h a s o l i d s t r a te g y to s e c u r e y o u r i n f r a s t r u c t u r e e f f i c i e n t l y.
  • 5. 5 Understand Cognitive Bias “...we respond to the feeling of security and not the reality. Now most of the time, that works. Most of the time, feeling and reality are the same…if our feelings match reality, we make better security trade-offs.” Bruce Schneier TEDxPSU, 2010 5
  • 6. 6 If I had a dollar to spend on security, I’d spend 99 cents on detection and a penny on prevention.
  • 7. 7 • Start with common sense prevention • Principle of least privilege • Then spend the bulk of your budget on layers of detection • Assume incidents will happen • Create a rock-solid response plan • Take feedback from the response process and invest in prevention The Security Life Cycle Incident Detection ResponsePrevention
  • 8. Image FPO Detection 101: Logging • Every server, network device, and application generates some type of logs • Collect your logs in a central location • Monitor for critical events first • Authentication attempts(successful and failed) • Service/system restarts • Network errors • Configuration changes • Monitoring for events can be cumbersome in busy environments • Graph your log line counts over time and look for unusual peaks or spikes 8
  • 9. 9 Integrity Monitoring & Auditing • Use best practices and hardening standardstoset a minimum security spec for your systems • Monitor for configuration changes with strong change control processes • Use deployment frameworks, like Ansible, Puppet, or Chef – Revision control makes change control easier – Easy to audit large amounts of systems quickly • Network segmentation can be a detection and prevention mechanism – Force attackers to be noisy if they choose to cross a network segment – Trending via NetFlow analysis may reveal attacks in progress Community-driven hardening standardsfor common systems, including Linux, Windows, and Cisco devices. For more information, visit: http://www.cisecurity.org/
  • 10. 10 Incident Response Detect & Analyze Contain & Recover Root Cause Analysis Rely on solid processes so that everyone knows their place during an incident • Gather data from any available sensors, logs, or observations. • Determine which systems are involved and the severity of the breach. • Bring systems offline or remove network connectivity. • Provision new systems and carefully restore from clean backups. • How could we have prevented the attack or detected it sooner? • Turn security failures into solid investments in prevention. 10www.rackspace.com
  • 11. Image FPO Incident Management • Communicate about an incident using criteria that your employees and customers understand – Reduce anxiety with frequent, concise communications – Using code names or alert levels mayhelp – Example: U.S. Department of Defense’s DEFCON • Ensure everyone knows what’shappening what part they play in the incident 11
  • 12. 12 After the incident • “What could we have done to prevent incidents like these?” • Fishbone diagramshelp with larger organizations • Make a larger number of smaller changes • Focus on the user experience – Then find security improvements that provide good trade-offs The book you never thought was actually about information security.
  • 13. 13 Security User Experience Business and user requirements Security, legal and compliance requirements Customer requirements Review Process Process improvement Technology upgrades Vendor products Communication
  • 14. 14 Plan for the unknowns “Reports that say...thatsomething hasn't happened are always interesting to me, because as we know, there are known knowns; there are things that we know that we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns, the ones we don't know we don't know.” —Donald Rumsfeld, Former United States Secretary of Defense Photo source: Wikipedia, Scott Davis US Army Public Domain
  • 15. O N E FAN AT I C AL P L AC E | S AN AN T O N I O , T X 7 8 2 1 8 U S S AL ES : 1 - 8 0 0 - 9 6 1 - 2 8 8 8 | U S S U P P O R T: 1 - 8 0 0 - 9 6 1 - 4 4 5 4 | W W W . R AC KS PAC E. C O M © RAC KS PAC E LTD. | RAC KS PAC E® AND FANATIC AL S UPPORT® ARE S ERVIC E MARKS OF RAC KS PAC E US , INC . REGIS TERED IN THE UNITED S TATES AND OTHER C OUNTRIES . | WWW.RAC KS P AC E.C OM Thank you