• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Presentation   crafting your active security management strategy 3 keys and 4 steps
 

Presentation crafting your active security management strategy 3 keys and 4 steps

on

  • 784 views

 

Statistics

Views

Total Views
784
Views on SlideShare
784
Embed Views
0

Actions

Likes
0
Downloads
18
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Presentation   crafting your active security management strategy 3 keys and 4 steps Presentation crafting your active security management strategy 3 keys and 4 steps Presentation Transcript

    • Crafting Your Active Security Management Strategy: 3 Keys and 4 StepsEMC CONFIDENTIAL—INTERNAL USE ONLY 1
    • Agenda• Security Challenges: A Root-Cause Analysis• 3 Keys to Effective Security Management• RSA’s 4-Step ApproachEMC CONFIDENTIAL—INTERNAL USE ONLY 2
    • EMC eGRC Strategy eGRC Business Solutions Business Security Information Continuity Management Governance Management RSA Archer eGRC Management Platform Consulting/Implementation Best PracticesEMC CONFIDENTIAL—INTERNAL USE ONLY 3
    • Pop Quiz You have not maximized your security management program if… You are assessing compliance one regulation at a time You can’t prioritize your projects by risk You handle incidents like playing Whack-a-Mole You have mountains of security data and don’t use it Management has no idea how well you are doing (and Finance can’t see why you deserve a bigger budget)EMC CONFIDENTIAL—INTERNAL USE ONLY 4
    • Security Challenges: A Root-Cause AnalysisEMC CONFIDENTIAL—INTERNAL USE ONLY 5
    • Traditional Approach Team Team Policy Point Tool Policy Point Tool Network Datacenter Team Team Policy Point Tool Policy Point Tool Endpoint Applications Siloed Inflexible Inconsistent CostlyEMC CONFIDENTIAL—INTERNAL USE ONLY 6
    • Result: Uncontrolled Risk Risk = Likelihood × Impact • threats • detection • vulnerabilities • response • value of target • value of target PRIORITIZE BY RISK: LIKELIHOOD IMPACT HIGH MEDIUM MEDIUM LOWEMC CONFIDENTIAL—INTERNAL USE ONLY 7
    • PlayStation suffersBusiness Impact massive data breach… Uncontrolled risk leads to… Increased Exposure to Inhibited Business Catastrophic Loss Objectives • Theft of trade secrets • Virtualization • Headline-making breaches • Consumer web services • Fines and penalties • Geographic expansionEMC CONFIDENTIAL—INTERNAL USE ONLY 8
    • Security is about… Security isn’t about security. It is about managing risk at some cost. In the absence of metrics, we tend to over compensate and focus on risks that are either familiar or recent. Hugh Thompson, Chief Security Strategist People SecurityEMC CONFIDENTIAL—INTERNAL USE ONLY 9
    • The 3 Keys to Effective Security ManagementEMC CONFIDENTIAL—INTERNAL USE ONLY 10
    • #1: Begin and End with Business Context Executive Audit Risk Legal, HR, etc Committee Committee Committee Business Authoritative Business Policies Objectives Sources Criticality Governance Security Monitoring ManagementEMC CONFIDENTIAL—INTERNAL USE ONLY 11
    • #2: Follow an Integrated Approach How? Define business objectives Business Define business-level risk targets Governance Define business-critical assets Security Risk Understand external and internal threat landscape Identify vulnerabilities Management Classify high-value assets Prioritize work by risk Operations Add security controls where needed Management Maximize monitoring and visibility Identify security events Incident Prioritize by business impact Management Report to business owners Reassess business risk and critical assetsSecurity Management framework: ISO 27001 Risk Management framework: ISO 31000 EMC CONFIDENTIAL—INTERNAL USE ONLY 12
    • #3: Develop a Maturity Strategy Where do you want to be in 3 years? Current state Desired state Business Governance Security buried Basic guidelines Security is part of every inside IT defined by business business processSecurity RiskManagement Newspaper view Follow industry Manage business- of risk practices specific risks OperationsManagement Bare minimum tools Compliance- Risk-based controls driven controls and monitoring IncidentManagement Siloed monitoring Correlation and Advanced analytics prioritization Tactical Maturity Strategic EMC CONFIDENTIAL—INTERNAL USE ONLY 13
    • RSA’s 4-Step ApproachEMC CONFIDENTIAL—INTERNAL USE ONLY 14
    • RSA Enables Security Management Archer Policy Management Business Archer Enterprise Management Governance Archer Compliance Management Security Risk Archer Risk and Threat Management DLP Risk Remediation Manager and Policy Workflow Manager Management NetWitness Spectrum Archer Enterprise Management Operations Solution for Cloud Security and Compliance Management EMC Ionix Integrations with asset managers Archer Incident Management Incident enVision SIEM Management DLP (Data Loss Prevention) NetWitness InvestigatorSecurity Management framework: ISO 27001 Risk Management framework: ISO 31000 EMC CONFIDENTIAL—INTERNAL USE ONLY 15
    • Step 1:Security Risk Management Context Identification Assessment Mitigation EstablishmentEMC CONFIDENTIAL—INTERNAL USE ONLY 16
    • Security Risk Management Example: DLP Risk Remediation Manager Day 40 90% of files remediatedDay 3 Repeatable and1200 Owners continuously monitoredin 43 CountriesIdentified Analyst work space and executive metrics in RRM. Day 10 Day 1 RRM sends initial 30K files discovered questionnaire to data by RSA DLP owners “The new process was more than 4 times faster and much less disruptive to business.” - EMC CIRC EMC CONFIDENTIAL—INTERNAL USE ONLY 17
    • Step 2:Operations Management Control Configuration Operation Monitoring StandardsEMC CONFIDENTIAL—INTERNAL USE ONLY 18
    • Operations Management Example: RSA Solution for Cloud Security and Compliance Component Discovery and Population Configuration Measurement (40% automated) > 130 VMware Specific Archer Control Procedures Connector Framework alerts enVision >380 log messagesEMC CONFIDENTIAL—INTERNAL USE ONLY 19
    • Step 3:Incident Management Collection/ Correlation/ Investigation Remediation Detection PrioritizationEMC CONFIDENTIAL—INTERNAL USE ONLY 20
    • Incident Management Example:RSA Solution for Security Incident Management Enterprise and Policy MgrenVision alerts are put in context with enterprise assets, risk, process, Context Policy teams, etc. Connector Framework Incident Dashboards Near Real-time feed into Archer and Workflow Plug-in Architecture for additional Incidents are assigned in work incident and compliance solutions queues, workflow automates the case management process. Metrics are rolled up into an executive level dashboard SIEM Formatted XML data out of enVision Task Triage – Incident details with “We saved 1,500 associated notes hours a month due to the integration.” - EMC CIRCEMC CONFIDENTIAL—INTERNAL USE ONLY 21
    • Step 4:Business-Driven Management IT Risk Operations Incident Management Management Management “MassMutual’s approach to security is now based on a more current holistic view of the enterprise.” - Mike Foley, CIO, MassMutualEMC CONFIDENTIAL—INTERNAL USE ONLY 22
    • Business Driven Customer Success BEFORE AFTER NEEDS Protect More current, holistic view • 6,000 employees and PCs of the enterpriseManaging risk in a • Thousands of servers andfinancial services network devices Faster response to critical • 700 applicationsfirm with $420B in threats and potential • Personal information of moreassets than 12 million customers exploitsMassMutual’s approach See big picture and drill Consolidated all critical ITto security is “now down on specifics risks into real timebased on a morecurrent holistic view of executive dashboards Identify & Prioritizethe enterprise.” critical risks Mike Foley, CIO 97.5% cost reduction in MassMutual the risk analysis process Information Week Article Automate risk assessmentsEMC CONFIDENTIAL—INTERNAL USE ONLY 23
    • Leading Products, Better Together Archer enVision DLP VMware Integration & Solution Sol’n for Security Incident Mgmt DLP Risk Remediation Manager DLP Policy Workflow Manager Content-aware SIEM Sol’n for Cloud Security & Compliance SecurBook for VMware View (VDI) NetWitness: integrations to be announced! Leader Leader Leader eGRC SIEM Data Loss PreventionEMC CONFIDENTIAL—INTERNAL USE ONLY 24
    • Take a Strategic Approach with RSA Step 4: Most organizations are here Business-Oriented • Security fully Step 3: embedded in IT Risk-Oriented enterprise processes • data fully integrated • Proactive and with business context Step 2: assessment based • Security tools Compliance-Driven • Collect data needed to integrated with detect advanced business tools • Check-box mentality threats Step 1: • Collect data needed • Security tools Legacy for compliance integration providing • Tactical tools with technical visibility Approach • Security is “necessary compliance reporting evil”Information • No monitoringTechnology • Reactive and tactical point products “Security management is going to be baked into many layers of business operations. That’s what I’m seeing in my organization.” - Member, RSA Security Management Working Group EMC CONFIDENTIAL—INTERNAL USE ONLY 25
    • In Action: Critical Incident Response CenterEMC Critical Incident Response Center, Bedford, MA Integrated Business Context Process Automation Visibility Approach EMC CONFIDENTIAL—INTERNAL USE ONLY 26
    • Next Steps and Resources • Round Table Discussion on Privacy • Incident Management Solution Brief • Privacy Survey • eGRC White Paper • Ovum ResearchEMC CONFIDENTIAL—INTERNAL USE ONLY 27
    • THANK YOUEMC CONFIDENTIAL—INTERNAL USE ONLY 28
    • These backup slides just provide more product details on the 4 stepsEMC CONFIDENTIAL—INTERNAL USE ONLY 29
    • Step 1:Security Risk Management Context Identification Assessment Mitigation Establishment Archer • Capture and relate risks to business objectives • Import data from vulnerability assessments, threat feeds (eGRC) • Build and deliver online assessments • Resolve findings to reduce risk to tolerable levels DLP • Map DLP policies to business policies • Identify sensitive data in vulnerable locations • Just-in-time education of end-users reduce future risksNetWitness • Risk-based identification of malicious codeEMC CONFIDENTIAL—INTERNAL USE ONLY 30
    • Step 2:Operations Management Control Configuration Operation Monitoring Standards Archer • Control Standards: 900+ standards • Configuration: 4500+ control procedures (eGRC) • Monitoring: 8500+ question library enVision • Real-time monitoring from the most event sources • Reporting: 1200+ out of box reports (SIEM)EMC CONFIDENTIAL—INTERNAL USE ONLY 31
    • Step 3:Incident Management Collection/ Correlation/ Investigation Remediation Detection Prioritization Archer • Business-level incident management including Legal, HR, BUs enVision • Unmatched depth and breadth of event collection (SIEM) • Some of the largest SIEM deployments in the world • Prioritize by vulnerability feeds and watch listsNetWitness • Capture and visualize all network traffic for real time analysis • Unparalleled network forensics DLP • Data-centric view of policy violations everywhere • Automatically quarantine emails, block file transfersEMC CONFIDENTIAL—INTERNAL USE ONLY 32
    • Step 4: Business-Driven Management IT Risk Operations Incident Management Management Management RSA Archer eGRC Suite• Central repository for policies, risks, and incidents• All data presented in business context• Integration with key security systems• Comprehensive audits and reports EMC CONFIDENTIAL—INTERNAL USE ONLY 33