Coordinating information security golas and objectives across an enterprise can be difficult. Presentation identifies the challenges and best practices for overcomming them.
3. W Collaborate?
hy
• Cost benefits = reduction of time,
manpower & resources
• Do once, use many
• Improve defences at local sites
• Force multiplier: Army instead of in
individual cyber Samurais
• Achieve higher level of security
5. W
hy?
• Bad guys do it!
• Masters at information collaboration
• Excel at sharing:
– Tools
– Targets
– Vulnerabilities
6. Cultural Challenge
• “Need to know” is in our DNA
• “Need to share” contradicts our most
basic professional instincts
• How do we transition from a
professional culture of “need to know”
to one of “need to share”?
7. Cultural
• We fail to recognize the intrinsic value
of data.
• Data is the oil of the information age
• Any device that processes, stores or
transmits data = target for cyber
criminals
10. Cultural
• A fundamental shift has occurred
• The game changes when adding,
modifying or deleting data can result
in cash.
• A 21st century gold rush is underway
• And everyone wants a stake
11. Cultural Challenge
• We fail to understand the
interconnectedness of all things
• We see IT security as the security of
computers, laptops, mobile devices
• In fact, everything is a computer
• Everything is connected to everything
• = Expanding domain for cyber security
12. CUL URAL
T
• Copiers, faxes & scanners
• PABX, telephones & voice mail
• HVAC, UPS & fire suppressions
systems
• CCTV, card access & alarm systems
• Anyone connected to your network and
all of their devices
13. OL M
D ODE
L
• All IT expected to support business =
servers, O/S/ applications, desktop,
mobile devices + security
• Business requests IT services =
security comes back with a list of no’s
• Businesses don’t comply with policies
they don’t understand
• Only way forward = collaboration
14. K
nowledge Challenges
•
•
•
•
•
•
Lack common goals & objectives
Not my job syndrome
Lack commonality of purpose
What are we trying to protect?
Physical assets vs. informational assets
Physical assets only require physical
security controls
16. K
nowledge Challenges
• What are the devices that give access to
those assets?
• What are the threats to those devices?
• What are the vulnerabilities?
• What is an anomaly?
• What needs reporting?
• Reputation: breach = failure
18. Challenges Summary
Why?
Recognizing the benefits
Cultural:
Recognizing “need to share” trumps “need to know”
Recognizing the intrinsic value of data
Recognizing the interconnectedness of things
Correct myopic vision
Knowledge:
Understanding what are we trying to protect?
Recognizing the protection of physical assets depend on the protection
of networks - shared purpose
Threats / Vulnerabilities / Methodologies/ Anomalies
Dissemination
Site-specific threats
Reporting
Information flows
19. Information Sources
Assets / Threats / Vulnerabilities / Anomalies
Interior:
Site stakeholder
Site security stakeholder
Site employees
Exterior:
All 3rd party suppliers
Law Enforcement
Threat service (CERT)
20. Activities?
Policy drill down (mandating interdisciplinary collaboration)
Subscription to threat services
Common asset language
Expand security testing scope
360° training programs
Centralized reporting
Threat analysis
Bulletins – actionable information: threats & vulnerabilities
Scalable distributed messaging
3rd party service level agreement audits
360° feedback
21. New M
odel Needed
Real-time information sharing
model elements:
Protection Goals
Collection
Management (analysis)
Dissemination
Multi-directional
Information flows
All stakeholders
(interior /exterior)
24. M
odel Objective
Model must be designed to enhance timely sharing
of relevant security threat and vulnerability
information.
For this enhancement to take place we must
identify and breakdown the barriers that block
vertical and horizontal communication within and
between stakeholders.
25. B P
est ractices Summary
Threat information sources (internal & external)
Drill down of IT security policies and procedures to address all computerized
equipment
Establish common denominator language
Training, Training & Training
“Real time” model for
Protection goals
Information collection
Information management (analysis & applicability)
Information dissemination
= HIGHER LEVEL SECURITY
BUT IT’S GOING TO TAKE COORDINATION
26. A DIF E NT P RSP CT
F RE
E
E IVE
26 Dover Street
L
ondon
United K
ingdom
W 4L
1S Y
+44 (0)20 3586 1025
www.riskfactory.com