Addressing cyber security


Published on

Strategy and approach for addressing cyber security.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Addressing cyber security

  1. 1. Addressing Cyber Security Presented by: Femi Ashaye
  2. 2.  What is Cyber Security?  Cyber Security Cases  Cyber Security Strategy  A Risk Based Approach  Managing Cyber Attacks.. CHECK and ACT  The Bigger Picture!! Agenda
  3. 3. What is Cyber Security??  Protection of ICT system, network and data in Cyber Space (i.e. any communications environment, particularly the Internet).  Protection through prevention, detection and response to attacks from wide Cyber Threats such as Cyber Crime, Cyber Terror, Cyber Espionage,  Cyber War etc..  Impact Governments, Financial Organisations, Critical National Infrastructures, Individuals etc.. at significantly different levels of technical sophistication.  Exploits varied Cyber Space offerings (e.g. Cloud, Mobile, Social Networking, Shopping, Online Games etc..) not previously dealt with in traditional Information Security World.
  4. 4. Cyber Security Cases  Student, After Delay, Is Charged In Crippling of Computer Network "After more than eight months, the Justice Department said yesterday that a Federal grand jury in Syracuse had indicted the 24-year-old Cornell University graduate student who has been blamed for crippling a nationwide computer network with a rogue software program... The student, Robert Tappan Morris, was charged with a single felony count under a 1986 computer crimes law, the Computer Fraud and Abuse Act ..." The New York Times (27 July 1989)  Youth Sentenced in Government Hacking Case "A 16-year-old from Miami who repeatedly penetrated computer systems of the Defense  Department and the space agency has been sentenced to six months in juvenile  detention. The Justice Department said he is the first juvenile hacker to be sentenced to serve time..." The New York Times (23 Sept 2000)
  5. 5. Cyber Security Cases (cont’d..)  Downloaded music by Jay-Z ... all I got was snooped, dog "Fans of rapper Jay-Z who thought they'd grabbed hold of an app granting them access to an early release of his new album Magna Carta Holy Grail have found themselves on the receiving end of an anti- PRISM Android Trojan designed to slurp all their data..." The Register (05 July 2013)
  6. 6. Cyber Security Strategy  United Kingdom - Cyber Security Strategy  Improving knowledge, capabilities and decision-making  Reducing risk from the UK’s use of cyber space  Exploiting opportunities in cyber space  United States - Comprehensive National Cyber Security Initiative  Establish a front line of defence against today’s immediate threats  Defend against the full spectrum of threats  Strengthen the future cyber space environment  Similar goals - Understand Cyber Space offerings to exploit the opportunities it delivers and address its risks. However Governments are breaking their own privacy laws on wire snooping to understand and combat Cyber Threats!!!
  7. 7. A Risk Based Approach  Risk based approach with emphasis on likelihood of most dangerous attacks on assets with most impact to the organisation needs to be applied.  Objective feedback from existing controls to assess exposure to, and deal instantly with Cyber Threats.   Interrelated international standards already exist to support this approach:  ISO27001 (Design and develop Information Security Controls, Processes and Awareness)  ISO27005 (Manage Information Security Risks)   ISO27035 (Manage Information Security Incidents)  ISO27001 and ISO 27005 uses Deming Cycle for development, maintenance and improvement of Information Security: Plan->Do->Check->Act->Plan->Do->Check->Act->Plan->.... (Anticlockwise 0)  Deming Cycle is more linear to address Cyber Security concentrating on maintenance and improvement exercises to deal with growing Cyber Threats at a faster pace:    Plan->Do->Check->Act->Check->Act->Check->Act->Check->.... (Anticlockwise 6)
  8. 8. A Risk Based Approach.. (continue)  ISO standards cover following processes and activities to aid Cyber Security:  Understanding of actual business context information and security related context information (PLAN)  Risk Assessments conducted to understand likelihood of threats and vulnerabilities and impact to the organisation (PLAN and CHECK)  Awareness for the need, and responsibility, for security by all parties (DO)  Security design and implementation of controls commensurate to assessed risk (PLAN and DO)  Prevent, detect and respond to security incidents including review of existing state of security (CHECK and ACT).  Measurement of control effectiveness and maturity of overall security to enable when, where and how to improve overall security posture (CHECK and ACT).
  9. 9. A Risk Based Approach.. (continue) Acceptable Risk = Monitor To Ensure stability Significant Risk = Appropriate Actions Required Critical Risk = Immediate Actions Required Acceptable Risk = Monitor To Ensure stability Significant Risk = Appropriate Actions Required Significant Risk = Appropriate Actions Required Negligible Risk = No Action Required Acceptable Risk = Monitor To Ensure stability Acceptable Risk = Monitor To Ensure stability LOW MEDIUM HIGH HIGHMEDIUMLOW <<<<<<<<< Impact (Assets) >>>>>>>>> <<<Likelihood(ThreatsxVulnerabilities)>>> <<<<<<RiskRelatedInformation>>>>>> <<<<<<<< Risk Related Information >>>>>>>>
  10. 10. Managing Cyber Attacks.. CHECK and ACT  Identify Cyber Space assets, threats, vulnerabilities and appropriate controls (i.e. risk related information) to address:  IF we are to be attacked what should we have in place to PREVENT an attack?  WHEN we are attacked what should we have in place, and how, to DETECT the attack? And can we RESPOND to it and PREVENT it from happening again?  To address WHEN situation, Preventative and Detective controls need to be implemented to discover, and protect important assets from, attacks. These controls are prime sources for providing risk related information as events in real time.  Event monitoring provides recording of risk related information such as:  Malicious traffic to specific systems  Suspicious activity across domain boundaries  User session activity.. and more...
  11. 11. Managing Cyber Attacks.. (..continue) Threat Firewall Identity and Access Manager DLP Vulnerability Vulnerability Scanner Asset Preventative and Detective Controls IDS/IPS Suspicious Login or Access Event Malicious Port Scanning Event Malware Event Data Theft Event Mitigates or stop attack against... Discovers attack against.. Suspicious Network Access Event Application; DB and OS etc.. information Asset Inventory and compliance Information Un-patched OS/Application Denial of Service Event Mounts attack on.. Can be exploited on,, Discovers and protects against Discovers and protects against.  Threat Correlation/Aggregation  Vulnerability Correlation/Aggregation  Asset Correlation/Aggregation  Event Logging and Reporting Risk Information SIEM & Logger AV Gateway ALARM Security Incidents 
  12. 12. Managing Cyber Attacks.. (..continue)  SIEM (Security and Information Event Management) requires understanding of business and security related context information to enable:  Correlation and aggregation of event data (i.e. risk related information) for risk assessment  Capability to generate alarms against security incidents  Not all tools can help in instantaneously managing, preventing or detecting all threats and attacks. Computer Forensics provides a methodology to address:  Unknown threats and attacks not picked up as part of security monitoring  How, where and when such threats were realised  Real time assessment of threats and vulnerabilities provides understanding of the effectiveness of controls and risks to assets.  Measurement of control effectiveness can be obtained through a combination of output of incidents; events and information acquired through forensics investigation.
  13. 13. Managing Cyber Attacks.. (..continue) Acceptable Event = Monitor To Ensure stability (e.g. Admin is logged on to Catalogue Server for > 8 hours) Significant Event = Appropriate Actions Required (e.g. Malicious script on company’s Intranet portal) Critical Event = Immediate Actions Required (e.g. Worm discovered on air traffic control system) Acceptable Event = Monitor To Ensure stability Significant Event = Appropriate Actions Required Significant Event = Appropriate Actions Required Negligible Event = No Action Required (e.g. Legitimate user carries out a wrong search on Catalogue server.) Acceptable Event = Monitor To Ensure stability Acceptable Event = Monitor To Ensure stability LOW MEDIUM HIGH HIGHMEDIUMLOW <<<<<<<<< Impact (Assets) >>>>>>>>> <<<Likelihood(ThreatsxVulnerabilities)>>> <<<<Correlated/AggregatedEvents>>>> <<<<<<< Correlated/Aggregated Events >>>>>>>>
  14. 14. The Bigger Picture!!  Addressing Cyber Security is not so fundamentally different to Information Security.  Main difference is keeping up with growing opportunities and challenges (i.e. risks) in Cyber Space. These differences are created by:  Expanding technology and new, but converging, service offerings (e.g. cloud, social networking and mobile) landscape in the past twenty or so years.  The business and user interaction with new services like social networking and it's impact on personal data privacy, politics, etc..  Risk based approach required to fully understand the scale and impact of Cyber Threats.  Indicators for risk exposure and control effectiveness identifies key risks over time.  Data and system centric processes and key controls already exists for dealing with Cyber Threats.  Might require help from other disciplines such as criminologists, sociologists, psychologists. lawyers etc.. leading to people and behaviour centric controls.  Additional control types required but continuous maintenance and improvement activities to deal with risk at real time is important.
  15. 15. The Bigger Picture!!.. (continue)  Approach covers risk identified across people and process activities not just technical.  Existing Information Security related standards, regulations and guidelines important to risk based approach for addressing Cyber Security.  Changes to old legislation, and new legislations, on computer misuse, fraud and abuse aim to further tighten the noose on individuals involved in Cyber Security breaches. Thank You!!Thank You!!