SlideShare a Scribd company logo
1 of 24
Download to read offline
Finding and Protecting Your
Organization’s Crown Jewels
Doug Landoll , CEO Lantego
Background
2
• 25+ Years Experience in Information Security
• Led Professional Service Organizations for
Several Large Consultancies
• Assessed and Built Information Security
Programs for Federal Agencies, State Agencies,
Universities, Hospitals, Major Retailers, and
Internet Companies.
• Prepared over 2000+ students for security
certifications
• Developed RIOT Data Gathering Method for
Risk Assessment
• Revised Security Policy Development
Approaches
Background
3
Work Smarter – Not Harder
Overview
Threat Update
Response - Spot Solutions
Crown Jewels Approach
Summary and Discussion
4
Threat Update
…Target Review
Information Security Breaches 2013-2015
6
Symantec Internet Security Threat Report, April 2016
Information Security Breaches 2013-2015
7
Symantec Internet Security Threat Report, April 2016
Overview
Threat Update
Response - Spot Solutions
Crown Jewels Approach
Summary and Discussion
8
Information Security Breach Response
Detection Initial
Assessment
Triage Escalation
Analysis
Recovery
Post-
Incident
9Parsons ProprietaryITAR CM.01.2014
Many Breaches Go Undiscovered / Unreported
Detecting intrusions and breaches
64% - percentage of organizations that took
greater than 90 days to detect a breach
243 days – median number of days that
attackers were present on a victim network
before detection
86% of breaches were reported by an external
party (U.S. Justice Dept notified Target)
Information Security Breach Response
Detection
Analysis
Impact
Analysis
Response
Activities
Initial
Recovery
Recovery
Post-
Incident
10Parsons ProprietaryITAR CM.01.2014
Incident Response Mistakes:
- Under-scoping incident
- Improperly staffed response
- Legal Missteps
Information Security Breach Response
Detection
Analysis
Recovery Impact
Mitigation
Eradication Recovery
Post-
Incident
11Parsons ProprietaryITAR CM.01.2014
Incident Recovery Mistakes:
- Communication Errors
- Incomplete Mitigation / Eradication
Information Security Breach Response
Detection
Analysis
Recovery
Post-
Incident
Root Cause
Analysis
Incident
Costing
Prevention
Activities
12Parsons ProprietaryITAR CM.01.2014
Post-Incident Response Mistakes:
- Lack / Improper Root Cause Analysis
- Incomplete Costing (e.g., operational, fines)
- Effective Prevention
Typical Responses
 Spot Solutions –
• Security Awareness
• System Hardening / Patching
• Access Control
• Network / System Monitoring
• Vulnerability Scanning / Penetration Testing
• Secure Development
• Email Filtering
• Boundary Defense
13Parsons ProprietaryITAR CM.01.2014
Overview
Threat Update
Response - Spot Solutions
Crown Jewels Approach
Summary and Discussion
14
Crown Jewel Approach
15Parsons ProprietaryITAR CM.01.2014
Threats Impact
Most Critical Data &
Systems
All System Threats
+ Unique threats
+ Targeted attacks
Catastrophic Impact
• upon system loss
• upon data loss
Crown Jewels
16Parsons ProprietaryITAR CM.01.2014
Volume Impact
Most Critical Data &
Systems
For most organizations –
0.01% - 2.0% of total
sensitive data
Represents up to
70% of sensitive
data value
Source: U.S. President’s 2006
Economic Report to Congress
Crown Jewels Project
17ITAR CM.01.2014
Define For Each
Business Unit:
Identify Critical
Systems
Define Critical
Data
Discover For Each Crown
Jewel:
Identify
Lifecycle,
Environment,
and Flows
Identify System
& Environment
Controls
Baseline For Each Crown
Jewel:
Identify
Requirements
Assess Control
Effectiveness
Analyze Identify Control
Gaps
Identify Security
Risk
Prioritize
Security Gaps
Secure Create Security
Solution Sets
Deploy Solutions
Monitor
Solutions
Crown Jewels Project
18ITAR CM.01.2014
Define
Discover
Baseline
Analyze
Secure
Application
Risk Survey
Responses &
Scoring
Required
Controls
Controls
Assessment
Risk
Analysis
Solutions
Development
Key Project Artifacts – Largely
aided by automation (surveys,
tools)
Crown Jewels Project Results
19Parsons Proprietary
Identification of Corporate “Crown Jewels”
Determination of Crown Jewel Risk
Limitation of Assessment to Most Impactful
Elements
Creation of Security Controls Plan with Most
Significant Risk Reduction
Less Work – More Results
Overview
Threat Update
Response - Spot Solutions
Crown Jewels Approach
Summary and Discussion
20
Applying Crown Jewel Lessons
21Parsons ProprietaryITAR CM.01.2014
Define
Discover
Baseline
Analyze
Secure
Next Week
• Identify Organization’s Security Assessment
Plan
• Self vs. Third Party
• Frequency
• Rigor / Technique (tests vs. assessments)
• Determine Adequacy of Plan
Applying Crown Jewel Lessons
22Parsons ProprietaryITAR CM.01.2014
Define
Discover
Baseline
Analyze
Secure
Within 1 Month
• Identify and Review Contractual and Legal
Security Requirements
• Review Latest Security Assessment Reports
• Identify Business Process Owners
Within 3 Months
• Conduct Crown Jewels Project
• Apply Lessons Learned
Thank You
Contacts
 Doug Landoll, CEO Lantego
• (512) 633-8405
• dlandoll@lantego.com
 Slides
• Slideshare
23
Parsons ProprietaryITAR CM.01.2014
Project Challenges
24Parsons ProprietaryITAR CM.01.2014
Define
Discover
Baseline
Analyze
Secure
1. Common Organizational Definition
of “Crown Jewels”
2. Identification of Business
Processes
3. Identification of Business / Systems
Owners
4. Identifying a Business Champion

More Related Content

What's hot

Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Donald E. Hester
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?PECB
 
VAPT Services by prime
VAPT Services by primeVAPT Services by prime
VAPT Services by primePrime Infoserv
 
Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?IBM Security
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
8. operations security
8. operations security8. operations security
8. operations security7wounders
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentalsCloudflare
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Cyber Security Maturity Assessment
 Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity AssessmentDoreen Loeber
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 

What's hot (20)

Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
information security management
information security managementinformation security management
information security management
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?
 
VAPT Services by prime
VAPT Services by primeVAPT Services by prime
VAPT Services by prime
 
Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and Standards
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
 
8. operations security
8. operations security8. operations security
8. operations security
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentals
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
Cyber Security Maturity Assessment
 Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity Assessment
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 

Similar to Finding and Protecting Your Organizations Crown Jewels

Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...SurfWatch Labs
 
Cyber Attack Survival
Cyber Attack SurvivalCyber Attack Survival
Cyber Attack SurvivalSkoda Minotti
 
Threat Detection as presented at the 2016 DGI Cyber security Conference
Threat Detection as presented at the 2016 DGI Cyber security ConferenceThreat Detection as presented at the 2016 DGI Cyber security Conference
Threat Detection as presented at the 2016 DGI Cyber security ConferenceSolarWinds
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesUlf Mattsson
 
The Rise of Ransomware As a Service
The Rise of Ransomware As a ServiceThe Rise of Ransomware As a Service
The Rise of Ransomware As a ServiceVeriato
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsSolarWinds
 
Threat Based Risk Assessment
Threat Based Risk AssessmentThreat Based Risk Assessment
Threat Based Risk AssessmentMichael Lines
 
2015 Energy Industry Cybersecurity Research Update
2015 Energy Industry Cybersecurity Research Update2015 Energy Industry Cybersecurity Research Update
2015 Energy Industry Cybersecurity Research UpdateGridCyberSec
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]APNIC
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareCloudera, Inc.
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionIvanti
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for CybersecurityShawn Tuma
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119David Doughty
 
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...SolarWinds
 
Protect & Defend Your Critical Infrastructure
Protect & Defend Your Critical InfrastructureProtect & Defend Your Critical Infrastructure
Protect & Defend Your Critical InfrastructureQ1 Labs
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsPriyanka Aash
 
Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...IT Governance Ltd
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghEndpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghNapier University
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackAujas
 

Similar to Finding and Protecting Your Organizations Crown Jewels (20)

Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
 
Cyber Attack Survival
Cyber Attack SurvivalCyber Attack Survival
Cyber Attack Survival
 
Threat Detection as presented at the 2016 DGI Cyber security Conference
Threat Detection as presented at the 2016 DGI Cyber security ConferenceThreat Detection as presented at the 2016 DGI Cyber security Conference
Threat Detection as presented at the 2016 DGI Cyber security Conference
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best Practices
 
The Rise of Ransomware As a Service
The Rise of Ransomware As a ServiceThe Rise of Ransomware As a Service
The Rise of Ransomware As a Service
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
 
Threat Based Risk Assessment
Threat Based Risk AssessmentThreat Based Risk Assessment
Threat Based Risk Assessment
 
2015 Energy Industry Cybersecurity Research Update
2015 Energy Industry Cybersecurity Research Update2015 Energy Industry Cybersecurity Research Update
2015 Energy Industry Cybersecurity Research Update
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119
 
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
 
Protect & Defend Your Critical Infrastructure
Protect & Defend Your Critical InfrastructureProtect & Defend Your Critical Infrastructure
Protect & Defend Your Critical Infrastructure
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five Controls
 
Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghEndpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
 

Recently uploaded

Slicing Work on Business Agility Meetup Berlin
Slicing Work on Business Agility Meetup BerlinSlicing Work on Business Agility Meetup Berlin
Slicing Work on Business Agility Meetup BerlinAnton Skornyakov
 
Mihir Menda - Member of Supervisory Board at RMZ
Mihir Menda - Member of Supervisory Board at RMZMihir Menda - Member of Supervisory Board at RMZ
Mihir Menda - Member of Supervisory Board at RMZKanakChauhan5
 
PDT 88 - 4 million seed - Seed - Protecto.pdf
PDT 88 - 4 million seed - Seed - Protecto.pdfPDT 88 - 4 million seed - Seed - Protecto.pdf
PDT 88 - 4 million seed - Seed - Protecto.pdfHajeJanKamps
 
TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...
TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...
TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...TalentView
 
Intellectual Property Licensing Examples
Intellectual Property Licensing ExamplesIntellectual Property Licensing Examples
Intellectual Property Licensing Examplesamberjiles31
 
Chicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdf
Chicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdfChicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdf
Chicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdfSourav Sikder
 
7movierulz.uk
7movierulz.uk7movierulz.uk
7movierulz.ukaroemirsr
 
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...IMARC Group
 
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...Khaled Al Awadi
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access
 
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...AustraliaChapterIIBA
 
Team B Mind Map for Organizational Chg..
Team B Mind Map for Organizational Chg..Team B Mind Map for Organizational Chg..
Team B Mind Map for Organizational Chg..dlewis191
 
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptxHELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptxHelene Heckrotte
 
Lecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb toLecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb toumarfarooquejamali32
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access
 
Upgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking ApplicationsUpgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking ApplicationsIntellect Design Arena Ltd
 
Plano de marketing- inglês em formato ppt
Plano de marketing- inglês  em formato pptPlano de marketing- inglês  em formato ppt
Plano de marketing- inglês em formato pptElizangelaSoaresdaCo
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access
 

Recently uploaded (20)

Slicing Work on Business Agility Meetup Berlin
Slicing Work on Business Agility Meetup BerlinSlicing Work on Business Agility Meetup Berlin
Slicing Work on Business Agility Meetup Berlin
 
Investment Opportunity for Thailand's Automotive & EV Industries
Investment Opportunity for Thailand's Automotive & EV IndustriesInvestment Opportunity for Thailand's Automotive & EV Industries
Investment Opportunity for Thailand's Automotive & EV Industries
 
Mihir Menda - Member of Supervisory Board at RMZ
Mihir Menda - Member of Supervisory Board at RMZMihir Menda - Member of Supervisory Board at RMZ
Mihir Menda - Member of Supervisory Board at RMZ
 
PDT 88 - 4 million seed - Seed - Protecto.pdf
PDT 88 - 4 million seed - Seed - Protecto.pdfPDT 88 - 4 million seed - Seed - Protecto.pdf
PDT 88 - 4 million seed - Seed - Protecto.pdf
 
TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...
TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...
TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...
 
Intellectual Property Licensing Examples
Intellectual Property Licensing ExamplesIntellectual Property Licensing Examples
Intellectual Property Licensing Examples
 
Chicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdf
Chicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdfChicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdf
Chicago Medical Malpractice Lawyer Chicago Medical Malpractice Lawyer.pdf
 
7movierulz.uk
7movierulz.uk7movierulz.uk
7movierulz.uk
 
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
 
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...NewBase  25 March  2024  Energy News issue - 1710 by Khaled Al Awadi_compress...
NewBase 25 March 2024 Energy News issue - 1710 by Khaled Al Awadi_compress...
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024
 
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
 
Team B Mind Map for Organizational Chg..
Team B Mind Map for Organizational Chg..Team B Mind Map for Organizational Chg..
Team B Mind Map for Organizational Chg..
 
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptxHELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
 
Lecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb toLecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb to
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024
 
Upgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking ApplicationsUpgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking Applications
 
Plano de marketing- inglês em formato ppt
Plano de marketing- inglês  em formato pptPlano de marketing- inglês  em formato ppt
Plano de marketing- inglês em formato ppt
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024
 

Finding and Protecting Your Organizations Crown Jewels

  • 1. Finding and Protecting Your Organization’s Crown Jewels Doug Landoll , CEO Lantego
  • 2. Background 2 • 25+ Years Experience in Information Security • Led Professional Service Organizations for Several Large Consultancies • Assessed and Built Information Security Programs for Federal Agencies, State Agencies, Universities, Hospitals, Major Retailers, and Internet Companies. • Prepared over 2000+ students for security certifications • Developed RIOT Data Gathering Method for Risk Assessment • Revised Security Policy Development Approaches
  • 4. Overview Threat Update Response - Spot Solutions Crown Jewels Approach Summary and Discussion 4
  • 6. Information Security Breaches 2013-2015 6 Symantec Internet Security Threat Report, April 2016
  • 7. Information Security Breaches 2013-2015 7 Symantec Internet Security Threat Report, April 2016
  • 8. Overview Threat Update Response - Spot Solutions Crown Jewels Approach Summary and Discussion 8
  • 9. Information Security Breach Response Detection Initial Assessment Triage Escalation Analysis Recovery Post- Incident 9Parsons ProprietaryITAR CM.01.2014 Many Breaches Go Undiscovered / Unreported Detecting intrusions and breaches 64% - percentage of organizations that took greater than 90 days to detect a breach 243 days – median number of days that attackers were present on a victim network before detection 86% of breaches were reported by an external party (U.S. Justice Dept notified Target)
  • 10. Information Security Breach Response Detection Analysis Impact Analysis Response Activities Initial Recovery Recovery Post- Incident 10Parsons ProprietaryITAR CM.01.2014 Incident Response Mistakes: - Under-scoping incident - Improperly staffed response - Legal Missteps
  • 11. Information Security Breach Response Detection Analysis Recovery Impact Mitigation Eradication Recovery Post- Incident 11Parsons ProprietaryITAR CM.01.2014 Incident Recovery Mistakes: - Communication Errors - Incomplete Mitigation / Eradication
  • 12. Information Security Breach Response Detection Analysis Recovery Post- Incident Root Cause Analysis Incident Costing Prevention Activities 12Parsons ProprietaryITAR CM.01.2014 Post-Incident Response Mistakes: - Lack / Improper Root Cause Analysis - Incomplete Costing (e.g., operational, fines) - Effective Prevention
  • 13. Typical Responses  Spot Solutions – • Security Awareness • System Hardening / Patching • Access Control • Network / System Monitoring • Vulnerability Scanning / Penetration Testing • Secure Development • Email Filtering • Boundary Defense 13Parsons ProprietaryITAR CM.01.2014
  • 14. Overview Threat Update Response - Spot Solutions Crown Jewels Approach Summary and Discussion 14
  • 15. Crown Jewel Approach 15Parsons ProprietaryITAR CM.01.2014 Threats Impact Most Critical Data & Systems All System Threats + Unique threats + Targeted attacks Catastrophic Impact • upon system loss • upon data loss
  • 16. Crown Jewels 16Parsons ProprietaryITAR CM.01.2014 Volume Impact Most Critical Data & Systems For most organizations – 0.01% - 2.0% of total sensitive data Represents up to 70% of sensitive data value Source: U.S. President’s 2006 Economic Report to Congress
  • 17. Crown Jewels Project 17ITAR CM.01.2014 Define For Each Business Unit: Identify Critical Systems Define Critical Data Discover For Each Crown Jewel: Identify Lifecycle, Environment, and Flows Identify System & Environment Controls Baseline For Each Crown Jewel: Identify Requirements Assess Control Effectiveness Analyze Identify Control Gaps Identify Security Risk Prioritize Security Gaps Secure Create Security Solution Sets Deploy Solutions Monitor Solutions
  • 18. Crown Jewels Project 18ITAR CM.01.2014 Define Discover Baseline Analyze Secure Application Risk Survey Responses & Scoring Required Controls Controls Assessment Risk Analysis Solutions Development Key Project Artifacts – Largely aided by automation (surveys, tools)
  • 19. Crown Jewels Project Results 19Parsons Proprietary Identification of Corporate “Crown Jewels” Determination of Crown Jewel Risk Limitation of Assessment to Most Impactful Elements Creation of Security Controls Plan with Most Significant Risk Reduction Less Work – More Results
  • 20. Overview Threat Update Response - Spot Solutions Crown Jewels Approach Summary and Discussion 20
  • 21. Applying Crown Jewel Lessons 21Parsons ProprietaryITAR CM.01.2014 Define Discover Baseline Analyze Secure Next Week • Identify Organization’s Security Assessment Plan • Self vs. Third Party • Frequency • Rigor / Technique (tests vs. assessments) • Determine Adequacy of Plan
  • 22. Applying Crown Jewel Lessons 22Parsons ProprietaryITAR CM.01.2014 Define Discover Baseline Analyze Secure Within 1 Month • Identify and Review Contractual and Legal Security Requirements • Review Latest Security Assessment Reports • Identify Business Process Owners Within 3 Months • Conduct Crown Jewels Project • Apply Lessons Learned
  • 23. Thank You Contacts  Doug Landoll, CEO Lantego • (512) 633-8405 • dlandoll@lantego.com  Slides • Slideshare 23 Parsons ProprietaryITAR CM.01.2014
  • 24. Project Challenges 24Parsons ProprietaryITAR CM.01.2014 Define Discover Baseline Analyze Secure 1. Common Organizational Definition of “Crown Jewels” 2. Identification of Business Processes 3. Identification of Business / Systems Owners 4. Identifying a Business Champion