• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Intelligence-led Cybersecurity

Intelligence-led Cybersecurity



A presentation I gave at the 2011 44con on the near-future of Intelligence-led Cybersecurity.

A presentation I gave at the 2011 44con on the near-future of Intelligence-led Cybersecurity.



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Intelligence-led Cybersecurity Intelligence-led Cybersecurity Presentation Transcript

    • Intelligence-led CybersecurityPhil Huggins at 44con2 September 2011
    • Agenda► Changes to the Threat Landscape► Risk Management► Threat Management► Intelligence Process► Access► Problems to watch for► Integration with Information SecurityPage 1 Intelligence-led Cybersecurity
    • Changes to the Threat Landscape Unsophisticated Increasing attackers; targets are sophistication and Advanced persistent Corporate espionage anyone with a organisation; criminally threat vulnerability motivated ‘Hobbyists’ Organised crime Corporate espionage Advanced Persistent ► Fun ► Criminal intent ► Economically Threat (APT) ► Challenge ► More coordinated motivated ► Long-term pattern of attacks ► Theft of intellectual targeted, sophisticated Financially motivated property attacks aimed at (e.g., theft of credit governments, companies card numbers for use and political activists or sale) ► Politically and economically motivated ► Well-funded, sophisticated resourcesPage 2 Intelligence-led Cybersecurity
    • Risk Management► Media coverage indicates an increase in threats► Impacts can be limited by collecting less assets ► Less opportunities for managing the risk► Vulnerabilities are the focus of vulnerability management ► Maturing approaches in industry, not solved► Threats are mostly unmanaged ► Opportunities: ► Prevent ► Disrupt ► Degrade ► DivertPage 3 Intelligence-led Cybersecurity
    • Intelligence-driven Threat Management► Threat characteristics ► ‘What they are’ ► Intent ► Opportunity ► Capability► Threat descriptions ► ‘What we can know’ ► Targets ► Behaviours► Targets and Behaviours leave Attack IndicatorsPage 4 Intelligence-led Cybersecurity
    • The Security Intelligence Process Direction Action Customer Access Analysis Dissemination and assessmentPage 5 Intelligence-led Cybersecurity
    • Access Protective Change Web Internal Monitoring Requests Analytics Incident Business Staff Reports Information Forums Human Industry Newspapers External Intelligence Liaison Blogs Public Private Gov/LEA Forums Social Forums Liaison Networks Secrets Open SourcesPage 6 Intelligence-led Cybersecurity
    • Problems to watch for► Lack of access to necessary sources► Errors in interpreting reliability of sources► Errors in interpreting meaning from sources► Taking too long to analyse► Policy over-influencing analysis► Not getting the right product to the right customers► Not able to communicate uncertainty to customers► Not being able to act effectively on product► Not tracking or planning for strategic changesPage 7 Intelligence-led Cybersecurity
    • Integrating Security Intelligence Vision Strategy Policy Standards Development Engagement Governance Engineering Compliance Operations Risk IntelligencePage 8 Intelligence-led Cybersecurity
    • DisclaimerThis presentation is proprietary to Ernst & Young LLP(‘Ernst & Young’). It is supplied in confidence and should not bedisclosed, duplicated or otherwise revealed in whole or in part toany third parties without the prior consent of Ernst & YoungThe information in this pack is intended to provide only a generaloutline of the subjects covered. It should not be regarded ascomprehensive or sufficient for making decisions, nor should it beused in place of professional advice. Accordingly, Ernst & YoungLLP accepts no responsibility for loss arising from any actiontaken or not taken by anyone using this pack© Ernst & Young LLP 2011. Published in the UK.All rights reserved.Page 9 Intelligence-led Cybersecurity
    • Thank youPhil Hugginsphuggins@uk.ey.com