Intelligence-led Cybersecurity


Published on

A presentation I gave at the 2011 44con on the near-future of Intelligence-led Cybersecurity.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Intelligence-led Cybersecurity

  1. 1. Intelligence-led CybersecurityPhil Huggins at 44con2 September 2011
  2. 2. Agenda► Changes to the Threat Landscape► Risk Management► Threat Management► Intelligence Process► Access► Problems to watch for► Integration with Information SecurityPage 1 Intelligence-led Cybersecurity
  3. 3. Changes to the Threat Landscape Unsophisticated Increasing attackers; targets are sophistication and Advanced persistent Corporate espionage anyone with a organisation; criminally threat vulnerability motivated ‘Hobbyists’ Organised crime Corporate espionage Advanced Persistent ► Fun ► Criminal intent ► Economically Threat (APT) ► Challenge ► More coordinated motivated ► Long-term pattern of attacks ► Theft of intellectual targeted, sophisticated Financially motivated property attacks aimed at (e.g., theft of credit governments, companies card numbers for use and political activists or sale) ► Politically and economically motivated ► Well-funded, sophisticated resourcesPage 2 Intelligence-led Cybersecurity
  4. 4. Risk Management► Media coverage indicates an increase in threats► Impacts can be limited by collecting less assets ► Less opportunities for managing the risk► Vulnerabilities are the focus of vulnerability management ► Maturing approaches in industry, not solved► Threats are mostly unmanaged ► Opportunities: ► Prevent ► Disrupt ► Degrade ► DivertPage 3 Intelligence-led Cybersecurity
  5. 5. Intelligence-driven Threat Management► Threat characteristics ► ‘What they are’ ► Intent ► Opportunity ► Capability► Threat descriptions ► ‘What we can know’ ► Targets ► Behaviours► Targets and Behaviours leave Attack IndicatorsPage 4 Intelligence-led Cybersecurity
  6. 6. The Security Intelligence Process Direction Action Customer Access Analysis Dissemination and assessmentPage 5 Intelligence-led Cybersecurity
  7. 7. Access Protective Change Web Internal Monitoring Requests Analytics Incident Business Staff Reports Information Forums Human Industry Newspapers External Intelligence Liaison Blogs Public Private Gov/LEA Forums Social Forums Liaison Networks Secrets Open SourcesPage 6 Intelligence-led Cybersecurity
  8. 8. Problems to watch for► Lack of access to necessary sources► Errors in interpreting reliability of sources► Errors in interpreting meaning from sources► Taking too long to analyse► Policy over-influencing analysis► Not getting the right product to the right customers► Not able to communicate uncertainty to customers► Not being able to act effectively on product► Not tracking or planning for strategic changesPage 7 Intelligence-led Cybersecurity
  9. 9. Integrating Security Intelligence Vision Strategy Policy Standards Development Engagement Governance Engineering Compliance Operations Risk IntelligencePage 8 Intelligence-led Cybersecurity
  10. 10. DisclaimerThis presentation is proprietary to Ernst & Young LLP(‘Ernst & Young’). It is supplied in confidence and should not bedisclosed, duplicated or otherwise revealed in whole or in part toany third parties without the prior consent of Ernst & YoungThe information in this pack is intended to provide only a generaloutline of the subjects covered. It should not be regarded ascomprehensive or sufficient for making decisions, nor should it beused in place of professional advice. Accordingly, Ernst & YoungLLP accepts no responsibility for loss arising from any actiontaken or not taken by anyone using this pack© Ernst & Young LLP 2011. Published in the UK.All rights reserved.Page 9 Intelligence-led Cybersecurity
  11. 11. Thank youPhil