(SACON) Wayne Tufek - chapter one - situational awareness
•
1 like•1,491 views
SACON session by Wayne Tufek on Enterprise Security Architecture
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to (SACON) Wayne Tufek - chapter one - situational awareness
Similar to (SACON) Wayne Tufek - chapter one - situational awareness (20)
More from Priyanka Aash
More from Priyanka Aash (20)
Recently uploaded
Recently uploaded (20)
(SACON) Wayne Tufek - chapter one - situational awareness
- 2. SACON Sensitivity: Confidential AGENDA 1. Situational Awareness 2. Kill Chain 3. SABSA 4. Industry Reports 5. Att&ck framework 6. Dwell Time 7. Zero Trust 8. Putting it Together
- 3. SACON Sensitivity: Confidential objectives 1. List the tools and techniques available to design a pragmatic and practical security architecture 2. Describe and apply a methodology to select the right controls to address their key risks 3. To understand the key controls that make up basic cyber security hygiene
- 5. SACON Sensitivity: Confidential What is security architecture? • A Security Architecture is a cohesive security design, which addresses the requirements (e.g. authentication, authorisation, etc.) – and in particular the risks of a particular environment/scenario, and specifies what security controls are to be applied where. • Security architecture is a unified security design that addresses the necessities and potential risks involved in a certain scenario or environment. It also specifies when and where to apply security controls. The design process is generally reproducible. • Traditionally, security architecture consists of some preventive, detective and corrective controls that are implemented to protect the enterprise infrastructure and applications..
- 20. SACON Sensitivity: Confidential SITUATIONAL AWARENESS • Situation awareness is your mental picture of what is going on around you. It involves picking up information and cues from the environment, putting those pieces of information together so you can develop a good idea of what is going on, and then using it to predict what might happen next. • Source: • http://theconversation.com/how-situation-awareness-could-save- your-life-96032
- 21. SACON Sensitivity: Confidential Know yourself • What do I have that is of value to an attacker? • Who is likely to attack me? • What methods are they likely to use? • How do I protect my assets, detect, respond to and recover from these attack attacks?
- 23. SACON Sensitivity: Confidential SITUATIONAL AWARENESS • To achieve cyber situational awareness, security leaders need to understand four key things: • Business Mission, Goals and Objectives – What’s most important, now and into the future, for organisational success? • Information Assets– What are our most critical assets and resources, and which of them are within my scope to protect? • Technology Setup– What does my network look like? Where is my data? What applications are running? And who has access to critical resources? • Threats– What external cyber threat actors are motivated to steal the data within my network? What are the most likely vectors they will use to achieve their objectives?
- 25. SACON Sensitivity: Confidential Threat agent Risk assessment • The underlying concept for the Threat Agent Risk Assessment (TARA) methodology is to narrow down the focus by taking into consideration the people behind the attacks. Knowing your attacker, their objectives, and the likely methods they will employ, gives a tremendously powerful picture of what should be prioritized, based upon known vulnerabilities, controls, and exposures. • What are your organisation’s most critical exposures? • One way to analyse information security risk • Takes into account the current state of security controls • All information security risk originates with threat actors Source: https://itpeernetwork.intel.com/whitepaper-prioritizing-information-security-risks-with-threat- agent-risk-assessment/
- 28. SACON Sensitivity: Confidential Threat agent Risk assessment 1. What is the purpose of TARA? 2. Why should my organisation incorporate TARA? 3. What are the primary benefits of TARA? • Greatly distilling the cloud of potential attacks, down to a manageable list of likely attacks • Improving the quality of risk and control evaluations, to better understand the value of security investments • Communicating risks and recommendations to management and non-security audiences TARA is highly customizable by the user and can help provide relevant information necessary for management to make good security decisions. 4. Is TARA a tool, application, device, or checklist? • TARA is a way of analysing risks (risk of loss) based upon the relationship between attacker’s capability and desire to cause loss, the applicable vulnerabilities, controls, and the residual exposures. The method can be incorporated into risk analysis tools, applications, and processes. 5. How can I use TARA to communicate risks to non-security audiences? • TARA results in an easily understandable story of risk. Even non-security audiences have readily embraced the outputs of TARA as it helps them to understand the sometimes vast and complex world of security risks. •
- 31. SACON Sensitivity: Confidential Threat agent Risk assessment • Threat Agent Library (TAL) • Common Exposure Library (CEL) • Methods and Objectives Library (MOL)
- 37. SACON Sensitivity: Confidential Threat agent Risk assessment Internal External Employees Cyber criminals Contractors Organised crime Vendors Novice hackers Business partners Activists/Hacktivists Nation states Malware/virus writers Thieves
- 38. SACON Sensitivity: Confidential Threat agent Risk assessment • Privileged insider threat profile Factor Value Motive Personal or financial gain Primary intent Steal corporate IP Sponsorship Acts individually Preferred general target characteristics Valuable corporate IP and customer data Preferred targets Systems where they have privileged access Capability Technically proficient Personal risk tolerance Low. They do not want to be caught Concern for collateral damage High
- 39. SACON Sensitivity: Confidential Threat agent Risk assessment • EXERCISE • Government Sponsored: These groups are well funded and often build sophisticated, targeted attacks. They are typically motivated by political, economic, technical, or military agendas. They are often looking for competitive information, resources or users that can be exploited for espionage purposes. • Organized Crime: Most often, these cybercriminals engage in targeted attacks driven by profits. They are typically either looking for the personally identifiable information (PII) of your customers or employees, such as social security numbers, health records, credit cards, and banking information, or to hijack and ransom critical digital resources.
- 47. SACON Sensitivity: Confidential PA S S I O N • I N T E G R I T Y • E X P E R I E N C E • R E S U LT S